Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Takes over, and tries to get me to install and to call to take overmy computer.


  • This topic is locked This topic is locked
34 replies to this topic

#1 Smilingcrafter

Smilingcrafter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:TX.
  • Local time:07:53 AM

Posted 08 December 2014 - 08:36 PM

I have a Sony Vaio, Intel I 5 3337U cpu.  & 1.8 ghz.  8 gb ram,  Windows 8.1 64 bit operating system.  When online every other click anywhere tries to take me to websites to "update" different apps, usually Flash.  There is also a box that pops up in the lower right corner that gives me a phone number to call to make my computer run faster.  I have run 2 different virus apps but they do not seem to help.  Being online is a horrible frustrating experience, and I am afraid of what these people have already had the opportunity to steal from me.  Please help.

I tried to have a log ready for you but I was unable to get the dds. to work, I received  the message " the program was not intended to run in compatibility mode".  So I tried to run in safe mode and received another different error message.  I am so sorry I could not have ready what you needed to get started, but I will do my very best with your assistance.  Thanks

 



BC AdBot (Login to Remove)

 


#2 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:08:53 AM

Posted 09 December 2014 - 10:44 AM

Hello Smilingcrafter,

Welcome to Bleeping Computer! :welcome:

My name is Cody and I'll be helping you clean up your computer. :)

I will reply to your posts as soon as possible -- typically within 24 hours. In turn, I ask that you please respond within 72 hours. If you know you will be away longer than that, I just ask for notice ahead of time.

Please do note any time differences between us. If I do not respond within 48 hours, feel free to send me a private message.

==========================================================================

Some points for you to keep in mind:

  • Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Do not attach logs or use code boxes, just copy and paste the text.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end with some additional information on how to stay malware-free.
  • Lastly, I would like to remind you that most members here are volunteers, and sometimes "real life" can get in the way of our malware hunt. I will notify you if I know I will need to be away for longer than 48 hours.

==========================================================================

Farbar Recovery Scan Tool (FRST)

  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop.
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should.
  • Double click the icon.
  • Click Yes to the disclaimer.
  • Make sure the Addition.txt box is checked.
  • Click Scan and allow the program to run.
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen.
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#3 Smilingcrafter

Smilingcrafter
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:TX.
  • Local time:07:53 AM

Posted 11 December 2014 - 05:02 PM

Hi Cody,

I appreciate your time & effort to help me.  Please be patient with me, I am backing up my computer & will send what you requested shortly.

Thanks, Cindy



#4 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:08:53 AM

Posted 11 December 2014 - 05:54 PM

No problem. :)


CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#5 Smilingcrafter

Smilingcrafter
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:TX.
  • Local time:07:53 AM

Posted 12 December 2014 - 08:17 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-12-2014 03
Ran by Cynthia (administrator) on VAIO on 12-12-2014 19:13:45
Running from C:\Users\Cynthia\Desktop
Loaded Profile: Cynthia (Available profiles: Cynthia)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files (x86)\Paragon Software\HFS+ for Windows  9.1\apmwinsrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
() C:\Program Files\Smart Menu\WinStartMenuLauncher.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\BCMWLTRY.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\SUSSoundProxy.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient.exe
(Sony Corporation) C:\Program Files\Sony\NFC Connection Utility\NFCConnectionUtility.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv.exe
() C:\Program Files\Sony\VAIO Care\listener.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(www.CloudGuard.me) C:\Program Files (x86)\CloudGuard\CloudGuard.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAdmin.exe
(iolo technologies, LLC) C:\Program Files\Sony\VAIO Care\Iolo\ioloTools.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msosync.exe
(Google Inc.) C:\Users\Cynthia\AppData\Local\Google\Update\GoogleUpdate.exe
(Microsoft Corporation) C:\Windows\System32\wbengine.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\System32\consent.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744 2014-02-19] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3039984 2013-03-13] (Synaptics Incorporated)
HKLM\...\Run: [Bluetooth] => C:\Program Files\WIDCOMM\Bluetooth Software\bttray.exe [534232 2013-09-04] (Broadcom Corporation.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2362392 2013-11-21] (Sony Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [642664 2014-05-26] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863848 2014-05-26] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [30248 2007-01-11] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [46632 2007-01-11] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort11reminder] => C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe [35368 2006-11-16] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2020192 2014-06-25] (Wondershare)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2020192 2014-06-25] (Wondershare)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1065024 2014-05-02] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-12-05] (AVAST Software)
Winlogon\Notify\igfxcui: C:\WINDOWS\SYSTEM32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1646051037-3841336611-3862513586-1001\...\Run: [SkyDrive] => C:\Users\Cynthia\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2014-10-09] (Microsoft Corporation)
HKU\S-1-5-21-1646051037-3841336611-3862513586-1001\...\Run: [Wondershare Helper Compact] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2020192 2014-06-25] (Wondershare)
HKU\S-1-5-21-1646051037-3841336611-3862513586-1001\...\Run: [Google Update] => C:\Users\Cynthia\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-08-06] (Google Inc.)
HKU\S-1-5-21-1646051037-3841336611-3862513586-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MobileGo Service.lnk
ShortcutTarget: MobileGo Service.lnk -> C:\Program Files (x86)\Wondershare\MobileGo for Android\MobileGoService.exe (Wondershare)
Startup: C:\Users\Cynthia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-1646051037-3841336611-3862513586-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/?fr=vmn&type=vmn__webcompa__1_0__ya__hp_WCYID10002_cnet_141203__yaie
HKU\S-1-5-21-1646051037-3841336611-3862513586-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://www.facebook.com/
URLSearchHook: HKU\S-1-5-21-1646051037-3841336611-3862513586-1001 - (No Name) - {b3b5c47e-61f7-4d81-af06-461fc86686ce} - C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12SrcAs.dll (Mindspark)
SearchScopes: HKU\S-1-5-21-1646051037-3841336611-3862513586-1001 -> DefaultScope {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1646051037-3841336611-3862513586-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?pc=COSP&ptag=D120314-AA9FED7399E21497DA0F&form=CONBDF&conlogo=CT3330947&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1646051037-3841336611-3862513586-1001 -> {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = https://www.google.com/search?q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: No Name -> {0214754e-4e7d-4589-829d-e2523e6a3085} ->  No File
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
BHO-x32: No Name -> {65f159fb-5f5e-46f4-b45d-ccfa236d2073} ->  No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 - No Name - {fe6f06fb-0fc0-4499-828f-ee48088f504f} -  No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-1646051037-3841336611-3862513586-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{97930C6F-0AE8-41FD-A743-152661EB5321}: [NameServer] 31.168.224.106,5.135.12.52
Tcpip\..\Interfaces\{D69CBD56-57C9-492A-9753-C88F32F69FB1}: [NameServer] 31.168.224.106,5.135.12.52
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.13.2 -> C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @sony.com/ReaderDesktop -> C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.21.169\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.21.169\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1646051037-3841336611-3862513586-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Cynthia\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-1646051037-3841336611-3862513586-1001: @talk.google.com/O1DPlugin -> C:\Users\Cynthia\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-1646051037-3841336611-3862513586-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Cynthia\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1646051037-3841336611-3862513586-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Cynthia\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Cynthia\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Cynthia\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2014-09-02]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-05]
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/", "hxxp://www.yahoo.com/"
CHR Profile: C:\Users\Cynthia\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Cynthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-05]
CHR Extension: (Google Docs) - C:\Users\Cynthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-05]
CHR Extension: (Google Drive) - C:\Users\Cynthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-05]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Cynthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-06]
CHR Extension: (YouTube) - C:\Users\Cynthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-05]
CHR Extension: (Google Search) - C:\Users\Cynthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-05]
CHR Extension: (Google Sheets) - C:\Users\Cynthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-05]
CHR Extension: (Avast Online Security) - C:\Users\Cynthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-12-05]
CHR Extension: (Google Wallet) - C:\Users\Cynthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-05]
CHR Extension: (Gmail) - C:\Users\Cynthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-05]
CHR HKLM\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - No Path
CHR HKU\S-1-5-21-1646051037-3841336611-3862513586-1001\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - No Path
CHR HKLM-x32\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - No Path
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2014-12-05]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-05]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 apmwinsrv; C:\Program Files (x86)\Paragon Software\HFS+ for Windows  9.1\apmwinsrv.exe [66768 2013-07-26] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-05] (AVAST Software)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2443960 2014-10-30] (Microsoft Corporation)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-19] (Intel Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129824 2013-01-23] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166688 2013-01-23] (Intel Corporation)
S3 NetworkSupport; C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe [629336 2013-09-28] (Sony Corporation)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [481304 2013-11-21] (Sony Corporation)
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [266168 2013-11-19] (Intel Corporation)
S3 Sony SCSI Helper Service; C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe [73728 2012-09-19] (Sony Corporation) [File not signed]
S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-19] (Intel Corporation)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [972000 2013-01-06] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-27] (Sony Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
R2 WinStartMenuLauncher; C:\Program Files\Smart Menu\WinStartMenuLauncher.exe [249432 2014-01-30] ()
R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe [6070272 2013-03-14] (Broadcom Corporation) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 apmwin; C:\Windows\System32\DRIVERS\apmwin.sys [50896 2013-07-26] (Paragon Software Group)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-05] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-05] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-05] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-05] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-05] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-05] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-05] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-05] ()
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7488176 2014-02-01] (Broadcom Corporation)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 fdrawcmd; C:\WINDOWS\system32\drivers\fdrawcmd.sys [33144 2010-04-24] (simonowen.com)
R0 gpt_loader; C:\Windows\System32\DRIVERS\gpt_loader.sys [61136 2013-07-26] (Paragon Software Group)
R3 Hfsplus; C:\Windows\System32\DRIVERS\hfsplus.sys [204496 2013-07-26] (Paragon Software Group)
R2 HfsplusRec; C:\Windows\System32\DRIVERS\hfsplusrec.sys [15568 2013-07-26] (Paragon Software Group)
R0 mounthlp; C:\Windows\System32\DRIVERS\mounthlp.sys [45776 2013-07-26] (Paragon Software Group)
S3 semav6thermal64ro; C:\WINDOWS\system32\drivers\semav6thermal64ro.sys [13792 2014-08-15] ()
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-03-13] (Synaptics Incorporated)
S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
S1 qknfd; system32\drivers\qknfd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-12 19:13 - 2014-12-12 19:14 - 00025237 _____ () C:\Users\Cynthia\Desktop\FRST.txt
2014-12-12 19:13 - 2014-12-12 19:14 - 00000000 ____D () C:\FRST
2014-12-12 19:12 - 2014-12-12 19:12 - 02119680 _____ (Farbar) C:\Users\Cynthia\Desktop\FRST64.exe
2014-12-08 03:37 - 2014-12-08 03:37 - 00688992 _____ (Swearware) C:\Users\Cynthia\Desktop\dds (1).com
2014-12-08 03:16 - 2014-12-08 03:16 - 00688992 _____ (Swearware) C:\Users\Cynthia\Downloads\dds.com
2014-12-05 16:12 - 2014-12-05 16:12 - 00001980 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-12-05 16:12 - 2014-12-05 16:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-12-05 16:11 - 2014-12-05 16:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-12-05 16:11 - 2014-12-05 16:11 - 00000000 ____D () C:\ProgramData\Google
2014-12-05 16:05 - 2014-12-12 19:10 - 00000910 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-05 16:05 - 2014-12-12 16:10 - 00000906 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-05 16:05 - 2014-12-05 16:11 - 01050432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2014-12-05 16:05 - 2014-12-05 16:05 - 00436624 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2014-12-05 16:05 - 2014-12-05 16:05 - 00364512 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-12-05 16:05 - 2014-12-05 16:05 - 00267632 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-12-05 16:05 - 2014-12-05 16:05 - 00116728 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2014-12-05 16:05 - 2014-12-05 16:05 - 00093568 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2014-12-05 16:05 - 2014-12-05 16:05 - 00083280 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2014-12-05 16:05 - 2014-12-05 16:05 - 00065776 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-12-05 16:05 - 2014-12-05 16:05 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-12-05 16:05 - 2014-12-05 16:05 - 00029208 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-12-05 16:05 - 2014-12-05 16:05 - 00003882 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-12-05 16:05 - 2014-12-05 16:05 - 00003646 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-12-05 14:44 - 2014-12-05 14:44 - 00789947 _____ () C:\Users\Cynthia\Downloads\830santa_for_name.zip
2014-12-02 23:20 - 2014-12-02 23:20 - 00098508 _____ () C:\ProgramData\1417583909.bdinstall.bin
2014-12-02 23:18 - 2014-12-02 23:18 - 00037671 _____ () C:\ProgramData\1417583907.bdinstall.bin
2014-12-02 22:40 - 2014-12-02 23:32 - 00000000 ____D () C:\searchplugins
2014-12-02 22:40 - 2014-12-02 22:40 - 00004688 _____ () C:\WINDOWS\SysWOW64\LavasoftTcpService.ini
2014-12-02 22:40 - 2014-12-02 22:40 - 00002520 _____ () C:\WINDOWS\SysWOW64\LavasoftTcpServiceOff.ini
2014-12-02 22:40 - 2014-12-02 22:40 - 00002520 _____ () C:\WINDOWS\system32\LavasoftTcpServiceOff.ini
2014-12-02 22:40 - 2014-12-02 22:40 - 00000264 _____ () C:\prefs.js
2014-12-02 22:40 - 2014-12-02 22:40 - 00000000 ____D () C:\Users\Cynthia\AppData\Roaming\LavasoftStatistics
2014-12-02 22:40 - 2014-11-27 10:44 - 00358736 _____ (Lavasoft Limited) C:\WINDOWS\system32\LavasoftTcpService64.dll
2014-12-02 22:40 - 2014-11-27 10:44 - 00312424 _____ (Lavasoft Limited) C:\WINDOWS\SysWOW64\LavasoftTcpService.dll
2014-11-30 23:48 - 2014-12-12 18:48 - 00001770 _____ () C:\WINDOWS\Tasks\bf009d68-0fc2-4de3-9132-cfab1f567ec4-10_user.job
2014-11-30 23:48 - 2014-12-12 17:48 - 00005186 _____ () C:\WINDOWS\Tasks\bf009d68-0fc2-4de3-9132-cfab1f567ec4-11.job
2014-11-30 23:48 - 2014-12-12 17:48 - 00004160 _____ () C:\WINDOWS\Tasks\bf009d68-0fc2-4de3-9132-cfab1f567ec4-4.job
2014-11-30 23:48 - 2014-12-12 17:48 - 00004160 _____ () C:\WINDOWS\Tasks\bf009d68-0fc2-4de3-9132-cfab1f567ec4-3.job
2014-11-30 23:48 - 2014-12-12 17:48 - 00003120 _____ () C:\WINDOWS\Tasks\bf009d68-0fc2-4de3-9132-cfab1f567ec4-1.job
2014-11-30 23:48 - 2014-12-12 17:48 - 00002448 _____ () C:\WINDOWS\Tasks\bf009d68-0fc2-4de3-9132-cfab1f567ec4-5_user.job
2014-11-30 23:48 - 2014-12-12 17:48 - 00002448 _____ () C:\WINDOWS\Tasks\bf009d68-0fc2-4de3-9132-cfab1f567ec4-5.job
2014-11-30 23:48 - 2014-12-08 01:26 - 00000000 ____D () C:\Program Files (x86)\Browser App+ v1
2014-11-30 23:48 - 2014-11-30 23:48 - 00008190 _____ () C:\WINDOWS\System32\Tasks\bf009d68-0fc2-4de3-9132-cfab1f567ec4-11
2014-11-30 23:48 - 2014-11-30 23:48 - 00007164 _____ () C:\WINDOWS\System32\Tasks\bf009d68-0fc2-4de3-9132-cfab1f567ec4-4
2014-11-30 23:48 - 2014-11-30 23:48 - 00007164 _____ () C:\WINDOWS\System32\Tasks\bf009d68-0fc2-4de3-9132-cfab1f567ec4-3
2014-11-30 23:48 - 2014-11-30 23:48 - 00006124 _____ () C:\WINDOWS\System32\Tasks\bf009d68-0fc2-4de3-9132-cfab1f567ec4-1
2014-11-30 23:48 - 2014-11-30 23:48 - 00005452 _____ () C:\WINDOWS\System32\Tasks\bf009d68-0fc2-4de3-9132-cfab1f567ec4-5
2014-11-30 23:48 - 2014-11-30 23:48 - 00000000 ____D () C:\Users\Cynthia\AppData\Local\globalUpdate
2014-11-30 23:48 - 2014-11-30 23:48 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-11-30 23:46 - 2014-11-30 23:51 - 00000000 ____D () C:\Program Files (x86)\CloudGuard
2014-11-30 23:46 - 2014-11-30 23:46 - 00005264 _____ () C:\WINDOWS\System32\Tasks\CloudScout
2014-11-26 09:22 - 2014-11-09 17:19 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2014-11-26 09:22 - 2014-11-09 17:19 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2014-11-26 09:22 - 2014-11-09 17:18 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2014-11-26 09:22 - 2014-11-09 17:18 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2014-11-18 20:45 - 2014-11-18 20:45 - 00000000 ____D () C:\Users\Cynthia\AppData\Local\MyScrapNook_12
2014-11-18 20:45 - 2014-11-18 20:45 - 00000000 ____D () C:\Program Files (x86)\MyScrapNook_12
2014-11-17 21:20 - 2014-11-17 21:20 - 00000218 _____ () C:\Users\Cynthia\AppData\Local\recently-used.xbel
2014-11-17 10:03 - 2014-11-17 10:03 - 00000000 __SHD () C:\Users\Cynthia\AppData\Local\EmieBrowserModeList
2014-11-12 08:12 - 2014-09-27 01:13 - 00104336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2014-11-12 08:12 - 2014-09-26 23:24 - 00088800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2014-11-12 08:12 - 2014-09-26 21:38 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2014-11-12 08:12 - 2014-09-26 21:30 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2014-11-12 08:12 - 2014-09-26 21:17 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2014-11-12 08:11 - 2014-10-09 19:58 - 00177472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2014-11-12 08:11 - 2014-10-09 19:58 - 00027456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys
2014-11-12 08:11 - 2014-10-09 19:44 - 00563976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-11-12 08:11 - 2014-10-08 01:37 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-11-12 08:11 - 2014-10-08 01:37 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2014-11-12 08:11 - 2014-10-08 01:34 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2014-11-12 08:11 - 2014-10-08 01:24 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rfxvmt.dll
2014-11-12 08:11 - 2014-10-08 00:56 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-11-12 08:11 - 2014-10-08 00:51 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2014-11-12 08:11 - 2014-10-08 00:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2014-11-12 08:11 - 2014-10-08 00:18 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-11-12 08:11 - 2014-10-08 00:17 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-11-12 08:11 - 2014-10-07 23:23 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2014-11-12 08:09 - 2014-10-17 01:01 - 00789184 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2014-11-12 08:09 - 2014-10-17 00:58 - 00602768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2014-11-12 08:08 - 2014-10-18 00:38 - 03557376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-11-12 08:08 - 2014-10-12 20:33 - 00116032 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2014-11-12 08:08 - 2014-10-10 18:58 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2014-11-12 08:08 - 2014-10-10 18:53 - 03607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2014-11-12 08:08 - 2014-10-08 01:30 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2014-11-12 08:08 - 2014-10-08 01:09 - 00428032 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll
2014-11-12 08:08 - 2014-10-08 00:27 - 00325120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msihnd.dll
2014-11-12 08:08 - 2014-10-07 23:32 - 02773504 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-11-12 08:08 - 2014-10-07 23:19 - 02459136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-11-12 06:11 - 2014-10-18 03:55 - 00055776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-11-12 06:11 - 2014-10-18 02:09 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-11-12 06:11 - 2014-10-18 02:09 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2014-11-12 06:11 - 2014-10-18 01:25 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2014-11-12 06:11 - 2014-10-18 00:50 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2014-11-12 06:11 - 2014-10-18 00:27 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-11-12 06:11 - 2014-10-18 00:26 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-11-12 06:11 - 2014-10-18 00:23 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-11-12 06:11 - 2014-10-18 00:23 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-11-12 06:11 - 2014-10-18 00:21 - 00894976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-11-12 06:11 - 2014-10-18 00:20 - 01714176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-11-12 06:11 - 2014-10-18 00:14 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-11-12 06:11 - 2014-10-18 00:14 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-11-12 06:11 - 2014-10-18 00:12 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-11-12 06:11 - 2014-10-18 00:11 - 00723968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-11-12 06:10 - 2014-09-21 22:38 - 01519488 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2014-11-12 06:10 - 2014-09-21 21:06 - 00258368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2014-11-12 06:10 - 2014-09-21 21:06 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2014-11-12 06:10 - 2014-09-21 20:49 - 00035320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2014-11-12 06:10 - 2014-09-18 18:16 - 01346048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2014-11-12 06:10 - 2014-09-02 16:08 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll
2014-11-12 06:10 - 2014-09-02 16:08 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll
2014-11-12 06:09 - 2014-10-30 23:28 - 25110016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-11-12 06:08 - 2014-10-30 21:42 - 19781632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-11-12 06:07 - 2014-10-30 23:05 - 02884096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-11-12 06:07 - 2014-10-30 22:53 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2014-11-12 06:07 - 2014-10-30 22:51 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-11-12 06:07 - 2014-10-30 22:50 - 06040064 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-11-12 06:07 - 2014-10-30 22:50 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-11-12 06:07 - 2014-10-30 22:15 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2014-11-12 06:07 - 2014-10-30 22:05 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-11-12 06:07 - 2014-10-30 21:59 - 14390272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-11-12 06:07 - 2014-10-30 21:45 - 02365440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-11-12 06:07 - 2014-10-30 21:44 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-11-12 06:07 - 2014-10-30 21:32 - 01550336 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-11-12 06:07 - 2014-10-30 21:18 - 02277376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-11-12 06:07 - 2014-10-30 21:12 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-11-12 06:07 - 2014-10-30 21:11 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-11-12 06:07 - 2014-10-30 20:46 - 04298240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-11-12 06:07 - 2014-10-30 20:46 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2014-11-12 06:07 - 2014-10-30 20:40 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-11-12 06:07 - 2014-10-30 20:30 - 12819456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-11-12 06:07 - 2014-10-30 20:17 - 01892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-11-12 06:07 - 2014-10-30 20:13 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-11-12 06:06 - 2014-11-04 17:38 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-11-12 06:06 - 2014-11-03 18:10 - 00304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2014-11-12 06:06 - 2014-10-30 23:12 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wextract.exe
2014-11-12 06:06 - 2014-10-30 23:12 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshta.exe
2014-11-12 06:06 - 2014-10-30 23:10 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iexpress.exe
2014-11-12 06:06 - 2014-10-30 23:09 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\pngfilt.dll
2014-11-12 06:06 - 2014-10-30 23:08 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedssync.exe
2014-11-12 06:06 - 2014-10-30 23:06 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-11-12 06:06 - 2014-10-30 23:06 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2014-11-12 06:06 - 2014-10-30 23:06 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-11-12 06:06 - 2014-10-30 23:06 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-11-12 06:06 - 2014-10-30 23:05 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-11-12 06:06 - 2014-10-30 23:04 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-11-12 06:06 - 2014-10-30 22:57 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-11-12 06:06 - 2014-10-30 22:56 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-11-12 06:06 - 2014-10-30 22:54 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\IEAdvpack.dll
2014-11-12 06:06 - 2014-10-30 22:53 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2014-11-12 06:06 - 2014-10-30 22:52 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2014-11-12 06:06 - 2014-10-30 22:51 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-11-12 06:06 - 2014-10-30 22:51 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-11-12 06:06 - 2014-10-30 22:49 - 00537088 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-11-12 06:06 - 2014-10-30 22:40 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
2014-11-12 06:06 - 2014-10-30 22:38 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-11-12 06:06 - 2014-10-30 22:30 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-11-12 06:06 - 2014-10-30 22:29 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2014-11-12 06:06 - 2014-10-30 22:29 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2014-11-12 06:06 - 2014-10-30 22:28 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2014-11-12 06:06 - 2014-10-30 22:25 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-11-12 06:06 - 2014-10-30 22:24 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-11-12 06:06 - 2014-10-30 22:24 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-11-12 06:06 - 2014-10-30 22:24 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2014-11-12 06:06 - 2014-10-30 22:23 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-11-12 06:06 - 2014-10-30 22:21 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-11-12 06:06 - 2014-10-30 22:19 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2014-11-12 06:06 - 2014-10-30 22:08 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2014-11-12 06:06 - 2014-10-30 22:06 - 00372736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-11-12 06:06 - 2014-10-30 22:05 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-11-12 06:06 - 2014-10-30 22:03 - 02124288 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-11-12 06:06 - 2014-10-30 21:42 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\imgutil.dll
2014-11-12 06:06 - 2014-10-30 21:28 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wextract.exe
2014-11-12 06:06 - 2014-10-30 21:28 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshta.exe
2014-11-12 06:06 - 2014-10-30 21:27 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iexpress.exe
2014-11-12 06:06 - 2014-10-30 21:26 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pngfilt.dll
2014-11-12 06:06 - 2014-10-30 21:25 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedssync.exe
2014-11-12 06:06 - 2014-10-30 21:24 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-11-12 06:06 - 2014-10-30 21:24 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\url.dll
2014-11-12 06:06 - 2014-10-30 21:24 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-11-12 06:06 - 2014-10-30 21:23 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2014-11-12 06:06 - 2014-10-30 21:23 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-11-12 06:06 - 2014-10-30 21:22 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-11-12 06:06 - 2014-10-30 21:20 - 00799232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-11-12 06:06 - 2014-10-30 21:16 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-11-12 06:06 - 2014-10-30 21:15 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-11-12 06:06 - 2014-10-30 21:14 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IEAdvpack.dll
2014-11-12 06:06 - 2014-10-30 21:13 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2014-11-12 06:06 - 2014-10-30 21:13 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2014-11-12 06:06 - 2014-10-30 21:12 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-11-12 06:06 - 2014-10-30 21:03 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\licmgr10.dll
2014-11-12 06:06 - 2014-10-30 21:02 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-11-12 06:06 - 2014-10-30 20:57 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 06:06 - 2014-10-30 20:56 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inseng.dll
2014-11-12 06:06 - 2014-10-30 20:56 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2014-11-12 06:06 - 2014-10-30 20:56 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2014-11-12 06:06 - 2014-10-30 20:53 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-11-12 06:06 - 2014-10-30 20:53 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedsbs.dll
2014-11-12 06:06 - 2014-10-30 20:52 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-11-12 06:06 - 2014-10-30 20:51 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2014-11-12 06:06 - 2014-10-30 20:50 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-11-12 06:06 - 2014-10-30 20:48 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\occache.dll
2014-11-12 06:06 - 2014-10-30 20:42 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2014-11-12 06:06 - 2014-10-30 20:40 - 00325632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-11-12 06:06 - 2014-10-30 20:39 - 02051072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-11-12 06:06 - 2014-10-30 20:26 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-11-12 06:06 - 2014-10-30 20:24 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imgutil.dll
2014-11-12 06:06 - 2014-10-30 20:11 - 00708096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-11-12 06:06 - 2014-08-22 23:18 - 02149376 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2014-11-12 06:06 - 2014-08-22 23:03 - 01346048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2014-11-12 06:05 - 2014-10-22 23:48 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll
2014-11-12 06:05 - 2014-10-22 23:05 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\packager.dll
2014-11-12 06:05 - 2014-10-07 00:28 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2014-11-12 06:05 - 2014-10-07 00:27 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2014-11-12 06:05 - 2014-10-07 00:27 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2014-11-12 06:05 - 2014-10-07 00:27 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2014-11-12 06:05 - 2014-10-07 00:27 - 00108432 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2014-11-12 06:05 - 2014-10-06 21:34 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2014-11-12 06:05 - 2014-10-06 21:34 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2014-11-12 06:05 - 2014-10-06 21:33 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2014-11-12 06:05 - 2014-10-06 21:30 - 04182016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-11-12 06:05 - 2014-10-06 19:54 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2014-11-12 06:05 - 2014-10-06 19:46 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2014-11-12 06:05 - 2014-09-10 00:25 - 00474432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2014-11-12 06:05 - 2014-09-07 21:07 - 02497344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-11-12 06:05 - 2014-09-07 21:07 - 00428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-11-12 06:05 - 2014-09-07 16:08 - 00389176 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-11-12 06:05 - 2014-09-04 16:30 - 00822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2014-11-12 06:05 - 2014-09-04 16:21 - 01053184 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2014-11-12 06:05 - 2014-09-03 21:05 - 00836176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2014-11-12 06:05 - 2014-09-03 20:22 - 00670384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2014-11-12 06:05 - 2014-09-03 19:01 - 00448512 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2014-11-12 06:05 - 2014-09-03 18:32 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2014-11-12 06:05 - 2014-08-30 18:17 - 00148800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2014-11-12 06:05 - 2014-08-30 18:15 - 21197152 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-11-12 06:05 - 2014-08-30 16:59 - 18723112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-11-12 06:05 - 2014-08-30 16:05 - 00615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSCOMEX.dll
2014-11-12 06:05 - 2014-08-30 15:58 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSAPI.dll
2014-11-12 06:05 - 2014-08-30 15:04 - 00941568 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2014-11-12 06:05 - 2014-08-30 14:53 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FXSAPI.dll
2014-11-12 06:05 - 2014-08-30 14:17 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2014-11-12 06:05 - 2014-08-27 20:55 - 07484224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2014-11-12 06:05 - 2014-08-27 18:21 - 02480128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2014-11-12 06:05 - 2014-08-27 18:06 - 02030592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2014-11-12 06:05 - 2014-08-22 23:14 - 13424128 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-11-12 06:05 - 2014-08-22 23:04 - 11820544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-11-12 06:05 - 2014-08-22 22:50 - 02714112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2014-11-12 06:05 - 2014-08-01 18:51 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2014-11-12 06:05 - 2014-08-01 18:35 - 00485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-12 19:14 - 2014-07-17 11:30 - 00004964 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for VAIO-Cynthia Vaio
2014-12-12 19:11 - 2014-06-15 19:11 - 00000929 _____ () C:\WINDOWS\Tasks\EPSON XP-810 Series Update {9A45D5AB-18C2-43C2-91FD-558A2B0CFF49}.job
2014-12-12 19:11 - 2014-06-15 19:11 - 00000743 _____ () C:\WINDOWS\Tasks\EPSON XP-810 Series Invitation {9A45D5AB-18C2-43C2-91FD-558A2B0CFF49}.job
2014-12-12 19:00 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-12-12 18:58 - 2014-08-06 17:53 - 00000926 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1646051037-3841336611-3862513586-1001UA.job
2014-12-12 18:58 - 2014-08-06 17:53 - 00000874 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1646051037-3841336611-3862513586-1001Core.job
2014-12-12 18:52 - 2014-01-27 12:52 - 00000929 _____ () C:\WINDOWS\Tasks\EPSON XP-810 Series Update {07EDD1FB-F7A0-432B-9266-0B24DCBFA9F6}.job
2014-12-12 18:52 - 2014-01-27 12:52 - 00000743 _____ () C:\WINDOWS\Tasks\EPSON XP-810 Series Invitation {07EDD1FB-F7A0-432B-9266-0B24DCBFA9F6}.job
2014-12-12 18:21 - 2014-01-25 22:21 - 00000951 _____ () C:\WINDOWS\Tasks\EPSON XP-810 Series Update {A4C205CC-95FE-42E9-A744-2341E58BADA2}.job
2014-12-12 18:21 - 2014-01-25 22:21 - 00000765 _____ () C:\WINDOWS\Tasks\EPSON XP-810 Series Invitation {A4C205CC-95FE-42E9-A744-2341E58BADA2}.job
2014-12-12 14:34 - 2014-01-27 05:02 - 01772646 _____ () C:\WINDOWS\WindowsUpdate.log
2014-12-12 12:43 - 2012-07-26 01:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-12-12 12:00 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-12-12 04:09 - 2014-01-26 01:26 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-12-12 04:04 - 2014-01-26 01:26 - 112710672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-12-12 04:04 - 2013-08-22 07:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-12-12 04:01 - 2014-01-25 19:23 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1646051037-3841336611-3862513586-1001
2014-12-12 02:21 - 2013-11-14 01:28 - 00865408 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-12-11 22:24 - 2014-07-24 09:14 - 00000000 __RDO () C:\Users\Cynthia\SkyDrive
2014-12-11 22:24 - 2014-01-27 04:46 - 00000000 ____D () C:\Users\Cynthia
2014-12-11 22:19 - 2013-08-22 08:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-11 12:10 - 2013-08-22 08:46 - 00294365 _____ () C:\WINDOWS\setupact.log
2014-12-08 18:30 - 2013-08-22 07:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-12-08 03:40 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\registration
2014-12-05 20:14 - 2013-11-14 01:20 - 00196832 _____ () C:\WINDOWS\PFRO.log
2014-12-05 19:44 - 2014-02-21 10:25 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2014-12-05 19:44 - 2014-02-21 10:25 - 00000000 ____D () C:\Users\Cynthia\AppData\Roaming\AVAST Software
2014-12-05 19:44 - 2014-02-01 15:13 - 00000000 ____D () C:\Users\Cynthia\AppData\Local\Google
2014-12-05 16:11 - 2014-02-01 15:13 - 00000000 ____D () C:\Program Files\Google
2014-12-05 16:11 - 2014-02-01 15:13 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-05 15:47 - 2014-02-21 10:24 - 00000000 ____D () C:\Program Files\AVAST Software
2014-12-05 15:47 - 2014-02-21 10:23 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-12-04 18:31 - 2014-02-06 22:45 - 00000000 ____D () C:\Users\Cynthia\Documents\My PSP Files
2014-12-03 13:03 - 2013-06-10 19:38 - 00000000 ____D () C:\ProgramData\Sony Corporation
2014-12-03 12:58 - 2014-01-26 16:57 - 00000000 ____D () C:\Update
2014-12-03 12:58 - 2013-06-10 19:14 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Sony Corporation
2014-12-03 12:58 - 2013-06-10 19:14 - 00000000 ____D () C:\Program Files (x86)\Sony
2014-12-03 12:58 - 2013-06-10 19:04 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-03 09:19 - 2014-07-14 18:43 - 00000000 ____D () C:\ProgramData\CeoauppSecanneeRi
2014-12-02 11:44 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-11-26 21:36 - 2014-01-25 19:16 - 00000000 ____D () C:\Users\Cynthia\AppData\Local\Packages
2014-11-25 07:16 - 2014-01-26 17:55 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-11-24 12:53 - 2014-02-16 21:47 - 00000000 ____D () C:\Users\Cynthia\Documents\Resume
2014-11-17 17:39 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-11-17 09:58 - 2013-08-22 08:44 - 00566928 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-11-17 09:53 - 2014-07-17 10:35 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-11-17 09:53 - 2013-08-22 09:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-11-17 09:53 - 2013-08-22 09:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2014-11-17 09:53 - 2013-08-22 09:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-17 09:53 - 2013-08-22 09:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-17 09:53 - 2013-08-22 09:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-11-17 09:53 - 2013-08-22 09:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-11-14 22:57 - 2014-03-01 14:35 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-14 22:57 - 2013-06-10 19:13 - 00000000 ____D () C:\Program Files (x86)\Java
2014-11-14 22:28 - 2014-10-02 07:54 - 00272296 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-11-14 22:28 - 2014-10-02 07:54 - 00176552 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-11-14 22:28 - 2014-10-02 07:54 - 00176552 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-11-14 22:28 - 2014-10-02 07:54 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
 
Some content of TEMP:
====================
C:\Users\Cynthia\AppData\Local\Temp\f12f8602-cfda-427f-9512-5b5c4b0e7a69.exe
C:\Users\Cynthia\AppData\Local\Temp\GLF315A.EXE
C:\Users\Cynthia\AppData\Local\Temp\GLF32C2.EXE
C:\Users\Cynthia\AppData\Local\Temp\GLF3E6E.EXE
C:\Users\Cynthia\AppData\Local\Temp\GLF40EF.EXE
C:\Users\Cynthia\AppData\Local\Temp\GLF5477.EXE
C:\Users\Cynthia\AppData\Local\Temp\GLF5727.EXE
C:\Users\Cynthia\AppData\Local\Temp\GLF6409.EXE
C:\Users\Cynthia\AppData\Local\Temp\GLF6717.EXE
C:\Users\Cynthia\AppData\Local\Temp\GLF9C9C.EXE
C:\Users\Cynthia\AppData\Local\Temp\GLFA325.EXE
C:\Users\Cynthia\AppData\Local\Temp\GLFD68B.EXE
C:\Users\Cynthia\AppData\Local\Temp\GLFDA83.EXE
C:\Users\Cynthia\AppData\Local\Temp\GLFEE17.EXE
C:\Users\Cynthia\AppData\Local\Temp\GLFF7DC.EXE
C:\Users\Cynthia\AppData\Local\Temp\ICReinstall_ZipOpenerSetup.exe
C:\Users\Cynthia\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
C:\Users\Cynthia\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Cynthia\AppData\Local\Temp\optprosetup.exe
C:\Users\Cynthia\AppData\Local\Temp\PicasaCD.exe
C:\Users\Cynthia\AppData\Local\Temp\Smart Menu x64.exe
C:\Users\Cynthia\AppData\Local\Temp\SpOrder.dll
C:\Users\Cynthia\AppData\Local\Temp\_is3B81.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-08 06:34
 
==================== End Of Log ============================


#6 Smilingcrafter

Smilingcrafter
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:TX.
  • Local time:07:53 AM

Posted 12 December 2014 - 08:19 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-12-2014 03
Ran by Cynthia at 2014-12-12 19:14:36
Running from C:\Users\Cynthia\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
ACID Music Studio 9.0 (HKLM-x32\...\{78EB80B0-18A0-11E2-9761-F04DA23A5C58}) (Version: 9.0.35 - Sony)
Adobe Reader XI (11.0.09)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
ArtRage Studio (HKLM-x32\...\{5A9FE63F-F201-4D55-9F5F-06DDB239AC4F}) (Version: 3.5.5 - Ambient Design)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Browser App+ v1 (HKLM-x32\...\Browser App+ v1) (Version: 1.35.11.26 - App)
CeoauppSecanneeRi (HKLM-x32\...\{80E8B0A0-117D-1402-7CDE-688156237115}) (Version:  - CoupScanner) <==== ATTENTION
CloudScout Parental Control (HKLM-x32\...\CloudGuard) (Version: 1.10 - CloudGuard.me) <==== ATTENTION
Corel Paint Shop Pro X (HKLM-x32\...\{1A15507A-8551-4626-915D-3D5FA095CC1B}) (Version: 10.01 - Corel Inc)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.2529 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.6426.52 - CyberLink Corp.)
Duplicate Cleaner Free 3.2.3 (HKLM-x32\...\Duplicate Cleaner Free) (Version: 3.2.3 - DigitalVolcano Software Ltd) <==== ATTENTION
DVD Architect Studio 5.0 (HKLM-x32\...\{3822E74F-08F8-11E3-99EE-F04DA23A5C58}) (Version: 5.0.186 - Sony)
Embird 2013 (64-bit) (HKLM\...\Embird 2013 (64-bit)) (Version: Embird 2013 Build 10.3 (64-bit) - © 1997-2013 BALARAD, s.r.o.)
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.1.1 - SEIKO EPSON CORPORATION)
EPSON Connect version 1.0 (HKLM-x32\...\EPSON Connect_is1) (Version: 1.0 - Epson America Inc.)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.6.3.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{0F13C24A-FFE2-4CD0-8E0B-DC804E0A0E0B}) (Version: 3.10.0035 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{896667C8-53F8-47B8-B6B0-B113B10F05BC}) (Version: 1.20.0000 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.51.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )
Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.33.00 - SEIKO EPSON CORPORATION)
EPSON Remote Print Uninstall (HKLM\...\EPSON Remote Print) (Version:  - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON XP-810 Series Printer Uninstall (HKLM\...\EPSON XP-810 Series) (Version:  - SEIKO EPSON Corporation)
EPSON XP-810 User’s Guide version 1.0 (HKLM-x32\...\UsersGuideEPSON XP-810 User’s Guide_is1) (Version: 1.0 - )
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
ESDL (x32 Version: 1.0.0 - Sony Corporation) Hidden
Fdrawcmd.sys 1.0.1.11 (HKLM-x32\...\fdrawcmd) (Version: 1.0.1.11 - Simon Owen)
FDUx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
Inkscape 0.48.4 (HKLM-x32\...\Inkscape) (Version: 0.48.4 - )
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3379 - Intel Corporation)
Intel® PROSet/Wireless NFC Software (HKLM\...\Intel® PROSet/Wireless NFC Software) (Version: 1.1.1.003 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iZotope Audio Enhancer (HKLM-x32\...\iZotope Audio Enhancer_is1) (Version: 1.00 - iZotope, Inc.)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
MergeModule_x64 (Version: 8.0.00 - Sony Corporation) Hidden
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4667.1002 - Microsoft Corporation)
Microsoft Office Home and Business 2013 - en-us (HKLM\...\HomeBusinessRetail - en-us) (Version: 15.0.4667.1002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1646051037-3841336611-3862513586-1001\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Movie Studio Platinum 12.0 (64-bit) (HKLM\...\{1C8AC59F-6464-11E2-A0C0-F04DA23A5C58}) (Version: 12.0.756 - Sony)
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
NFC Connection Utility (HKLM\...\{F3FC1B12-45AA-4ACE-AD9F-DFD87BE9457E}) (Version: 1.0.0.14100 - Sony Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
PaperPort Image Printer (HKLM\...\{D16193A3-921A-4134-B381-597C8F4B8EBD}) (Version: 1.00.0000 - Nuance Communications, Inc.)
Paragon HFS+ for Windows™ 9.1 (HKLM-x32\...\{456534C0-51E7-11DF-B336-005056C00008}) (Version: 1.00 - Paragon Software)
PDF reDirect (remove only) (HKLM-x32\...\PDF reDirect) (Version: v2.5.2 - EXP Systems LLC)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PlayMemories Home (HKLM-x32\...\{4C93E894-BE17-463B-A789-4CAB706987A0}) (Version: 8.0.21.11211 - Sony Corporation)
Print Artist 22 Platinum (HKLM-x32\...\{59716973-C123-4B46-B44B-36FCD9CEB8A3}) (Version: 22.0.0.30 - Nova Development)
Reader for PC (HKLM-x32\...\{25340F94-F74E-4CCF-ABDF-ECBCF03911BE}) (Version: 2.0.00.07121 - Sony Corporation)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.28145 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.10.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7177 - Realtek Semiconductor Corp.)
Remote Keyboard (x32 Version: 1.2.0.09270 - Sony Corporation) Hidden
Restore (x32 Version: 1.0.0 - Sony Corporation) Hidden
ScanSoft PaperPort 11 (HKLM-x32\...\{02E73E50-6513-4802-8600-B5A5BA185BE3}) (Version: 11.1.0000 - Nuance Communications, Inc.)
ScanSoft PDF Create! 4 (HKLM\...\{33307810-2945-4F3F-8FEA-0BF522AEFCA7}) (Version: 4.01.0069 - Nuance Communications, Inc.)
SignCut (remove only) (HKLM-x32\...\SignCut) (Version:  - )
Smart Menu (HKU\.DEFAULT\...\Smart Menu) (Version: 4.8 - Smart Menu)
Smart Menu (HKU\S-1-5-21-1646051037-3841336611-3862513586-1001\...\Smart Menu) (Version: 4.1 - Smart Menu)
Software Updater (HKLM-x32\...\{C09D747A-BD47-42A9-915E-CEB6B1BB7C11}) (Version: 4.2.7 - SEIKO EPSON CORPORATION)
SOHLib for PlayMemories Home (Version: 1.0.1.11110 - Sony Corporation) Hidden
Sound Forge Audio Studio 10.0 (HKLM-x32\...\{BC208D90-4643-11E3-987B-F04DA23A5C58}) (Version: 10.0.252 - Sony)
SSLx64 (Version: 1.0.0 - Sony Corporation ) Hidden
SSLx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.4.0.1 - Synaptics Incorporated)
VAIO - Remote Keyboard (HKLM-x32\...\{7396FB15-9AB4-4B78-BDD8-24A9C15D2C65}) (Version: 1.2.0.09270 - Sony Corporation)
VAIO - Remote Keyboard with PlayStation®3 (HKLM-x32\...\{E682702C-609C-4017-99E7-3129C163955F}) (Version: 1.2.1.05220 - Sony Corporation)
VAIO - Xperia Link (HKLM-x32\...\{D91558BF-D1F3-411F-AEFE-8774CB406512}) (Version: 1.3.2.07020 - Sony Corporation)
VAIO BIOS Data Transfer Utility (x32 Version: 1.0.0.02050 - Sony Corporation) Hidden
VAIO Care (HKLM\...\{1C22618A-FEFA-4F20-B67D-F1311E6804AC}) (Version: 8.4.1.07026 - Sony Corporation)
VAIO Care Hardware Diagnostics Plugin (HKLM-x32\...\{EC153498-00E1-4C9C-89BE-81527C6750BE}) (Version: 4.11.1.11210 - Sony Corporation)
VAIO Care Recovery (HKLM\...\{15B9204E-BA09-485E-8F2C-094AC0077664}) (Version: 1.1.2.13230 - Sony Corporation)
VAIO Control Center (HKLM-x32\...\{8E797841-A110-41FD-B17A-3ABC0641187A}) (Version: 6.2.1.03250 - Sony Corporation)
VAIO CPU Fan Diagnostic (HKLM-x32\...\{BCE6E3D7-B565-4E1B-AC77-F780666A35FB}) (Version: 1.2.0.03050 - Sony Corporation)
VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.11.0.13250 - Sony Corporation)
VAIO Gesture Control (HKLM-x32\...\{692955F2-DE9F-4078-8FAA-858D6F3A1776}) (Version: 2.2.0.01230 - Sony Corporation)
VAIO Gesture Control (x32 Version: 2.2.0.01230 - Sony Corporation) Hidden
VAIO Health Report (HKLM-x32\...\VAIO Health Report1.0) (Version: 1.0 - Sony Electronics)
VAIO Image Optimizer (HKLM-x32\...\InstallShield_{5597C927-029A-46A7-A0C0-8DABD9891A50}) (Version: 3.3.00.10220 - Sony Corporation)
VAIO Image Optimizer (x32 Version: 3.1.00.14260 - Sony Corporation) Hidden
VAIO Improvement (HKLM-x32\...\{3A26D9BD-0F73-432D-B522-2BA18138F7EF}) (Version: 2.2.0.01240 - Sony Corporation)
VAIO Media Server Settings (HKLM\...\{62A172B2-550E-499D-9A82-5190D18390AA}) (Version: 1.1.0.02220 - Sony Corporation)
VAIO Movie Creator (HKLM-x32\...\InstallShield_{C2CC5822-32E6-4D21-88EA-DE8CED09EE2F}) (Version: 4.3.01.11140 - Sony Corporation)
VAIO Movie Creator (x32 Version: 4.1.01.15140 - Sony Corporation) Hidden
VAIO Sample Music (HKLM-x32\...\{FBEE3D44-0933-4B84-BB6A-49957F89187F}) (Version: 1.0.0.03051 - Sony Corporation)
VAIO Touch Search (HKLM\...\{F792DDDD-71C8-419E-AE05-46B0CDB1BEC8}) (Version: 1.1.0.1511 - Sony Corporation)
VAIO Transfer Support (HKLM-x32\...\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}) (Version: 1.9.0.11060 - Sony Corporation)
VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 7.0.0.14270 - Sony Corporation)
VCCx64 (Version: 1.0.0 - Sony Corporation) Hidden
VCCx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VHD (x32 Version: 1.0.0 - Sony Corporation) Hidden
VIx64 (Version: 1.0.0 - Sony Corporation) Hidden
VIx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VPMx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSSTx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden
VWSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.7850 - Broadcom Corporation)
Wondershare MobileGo for Android ( Version 5.0.0 ) (HKLM-x32\...\{1E04C795-7359-4E05-8A0E-5644F777AA08}_is1) (Version: 5.0.0 - Wondershare)
XperiaLinkx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1646051037-3841336611-3862513586-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Cynthia\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1646051037-3841336611-3862513586-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Cynthia\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1646051037-3841336611-3862513586-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Cynthia\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll (Microsoft Corporation)
 
==================== Restore Points  =========================
 
03-12-2014 04:33:21 AA11
05-12-2014 21:47:42 avast! antivirus system restore point
12-12-2014 05:41:22 Windows Backup
13-12-2014 01:07:46 Windows Backup
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 07:25 - 2013-08-22 07:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0029EF8D-677A-44A9-9218-FB418EC6AB0D} - System32\Tasks\Sony Corporation\VAIO Care\ActiveStatusCollect => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-07-02] (Sony Corporation)
Task: {01359595-EAA7-4D69-AFBF-823CEDBF131F} - System32\Tasks\Sony Corporation\VAIO Care\UploadPOT => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-07-02] (Sony Corporation)
Task: {02F4AF5B-35B1-4545-BE4A-822523F8140A} - System32\Tasks\Sony Corporation\VAIO Care\UpdateSolution => C:\Program Files\Sony\VAIO Care\Solution.Updater.exe [2014-06-25] (Sony Corporation)
Task: {04FB3B64-0F95-417D-B9B1-43FCDC7C6C4A} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-10-22] (Microsoft Corporation)
Task: {0611B817-CAAE-41B5-B6DE-D7593D2B0874} - System32\Tasks\Sony Corporation\VAIO Gesture Control\VCGULogonTask => C:\Program Files (x86)\Sony\VAIO Camera Gesture Utility\VCGU.exe [2013-01-23] (Sony Corporation)
Task: {075A14A8-A378-40AA-98F9-9256D9EDFACB} - System32\Tasks\Sony Corporation\Sony Home Network Library\SOHLib SOHDms => C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2013-11-07] (Sony Corporation)
Task: {0E7F1B66-81EB-4E0B-8F3C-C3DC712B2891} - System32\Tasks\Sony Corporation\NFC Connection Utility\NFC Logon Start => C:\Program Files\Sony\NFC Connection Utility\NFCConnectionUtility.exe [2014-02-11] (Sony Corporation)
Task: {13B2236E-24F6-470A-BF8C-5A43F2003E02} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-10-07] (Microsoft Corporation)
Task: {18711C6A-1EFE-42D9-8A33-2D9D159EEB45} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-03-13] (Synaptics Incorporated)
Task: {2D15AAC7-B981-4855-BA40-C8EC719B1300} - System32\Tasks\{84E64D86-F7B9-472B-AD75-4F47E485F18A} => pcalua.exe -a D:\setup.exe -d D:\
Task: {3C093B6A-BE24-4BFE-A247-CF0786160B34} - System32\Tasks\Sony Corporation\VAIO Control Center\VAIOControlCenterSystem => C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe [2013-02-20] (Sony Corporation)
Task: {3D660E0A-A0F4-4108-B0A8-742449FF84FA} - System32\Tasks\USER_ESRV_SVC => Wscript.exe //B //NoLogo "C:\Program Files\Sony\VAIO Care\ESRV\task.vbs"
Task: {43593874-2750-4D59-9D12-8BE68FBA88A0} - System32\Tasks\EPSON XP-810 Series Invitation {9A45D5AB-18C2-43C2-91FD-558A2B0CFF49} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLOE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {46176867-07C0-455F-82C3-8FA5D55068C5} - System32\Tasks\Sony Corporation\VAIO Care\GetPOTInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-07-02] (Sony Corporation)
Task: {4893228E-81A8-4200-B25A-7E2F9FDA27FF} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Month => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2013-02-02] (Sony Corporation)
Task: {491665B9-2593-4481-97DD-448C34AF6B2F} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-12-12] (Microsoft Corporation)
Task: {53003768-AE2B-4EB4-8936-AB368BAF10CC} - System32\Tasks\Sony Corporation\VAIO Update\Launch Application => C:\Program Files\SONY\VAIO Update\ShellExeProxy.exe [2014-01-27] (Sony Corporation)
Task: {58433393-AEAE-476B-8334-BD0D428BA424} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-07-24] (CyberLink Corp.)
Task: {5DBE815A-1B0D-4929-8290-E7F84F083B59} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-05] (Google Inc.)
Task: {5E1CD2A7-6CFB-4925-9349-E117A15CCD81} - System32\Tasks\VAIO Health Report => C:\Program Files (x86)\Sony\VAIO Health Report\VAIOHealthReport.exe [2013-06-20] (Sony Electronics)
Task: {6232E2DC-B422-4EFB-BEF3-4AD171F3F760} - System32\Tasks\EPSON XP-810 Series Invitation {07EDD1FB-F7A0-432B-9266-0B24DCBFA9F6} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLOE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {6241F5B4-AADB-43CA-AEDA-828139ADDD95} - System32\Tasks\Digital Sites => C:\Users\Cynthia\AppData\Roaming\DIGITA~2\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {6625B4E2-FBB4-4929-B7B8-AE93C17409D0} - System32\Tasks\EPSON XP-810 Series Update {A4C205CC-95FE-42E9-A744-2341E58BADA2} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLOE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {6898365B-1161-4F57-8E72-D60B978A17CD} - System32\Tasks\{D4F62907-0D41-44F5-B7EC-57AF22800C05} => pcalua.exe -a D:\setup\autorun\autorun.exe -d D:\
Task: {6DF1A32C-AE18-433B-9FC3-9283DE2BBE1D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-05] (AVAST Software)
Task: {6DFEDF1D-6F19-4AB4-8565-C52571617613} - System32\Tasks\bf009d68-0fc2-4de3-9132-cfab1f567ec4-3 => C:\Program Files (x86)\Browser App+ v1\bf009d68-0fc2-4de3-9132-cfab1f567ec4-3.exe <==== ATTENTION
Task: {757E67CC-17D4-4967-9D61-21D08DFC766C} - System32\Tasks\bf009d68-0fc2-4de3-9132-cfab1f567ec4-1 => C:\Program Files (x86)\Browser App+ v1\Browser App+ v1-codedownloader.exe <==== ATTENTION
Task: {7D1636C1-004E-4C0D-93A7-47C9BC329B40} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-07-02] (Sony Corporation)
Task: {7D587DB8-84C6-4EF1-9DC1-D2376B43C6D6} - System32\Tasks\bf009d68-0fc2-4de3-9132-cfab1f567ec4-11 => C:\Program Files (x86)\Browser App+ v1\bf009d68-0fc2-4de3-9132-cfab1f567ec4-11.exe <==== ATTENTION
Task: {83F3B9CC-168C-4C68-8329-4FDF55D2B3A4} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-07-02] (Sony Corporation)
Task: {8A264E1E-86D9-4CEF-98E8-FE91D865B6DB} - System32\Tasks\EPSON XP-810 Series Update {9A45D5AB-18C2-43C2-91FD-558A2B0CFF49} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLOE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {92E9E640-34A7-4E5D-9167-440F32F360C0} - System32\Tasks\Sony Corporation\VAIO Care\VCRLog => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-07-02] (Sony Corporation)
Task: {9EB3024C-7611-4D57-8A64-DE21EDCE16E9} - System32\Tasks\Sony Corporation\VAIO Control Center\VAIOControlCenterUser => C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe [2013-02-20] (Sony Corporation)
Task: {ADDA4944-8E05-4FB4-A38D-8A1D0C70269C} - System32\Tasks\bf009d68-0fc2-4de3-9132-cfab1f567ec4-5 => C:\Program Files (x86)\Browser App+ v1\bf009d68-0fc2-4de3-9132-cfab1f567ec4-5.exe <==== ATTENTION
Task: {AE728FA2-CE74-4638-BAAB-28D9D8430756} - System32\Tasks\bf009d68-0fc2-4de3-9132-cfab1f567ec4-5_user => C:\Program Files (x86)\Browser App+ v1\bf009d68-0fc2-4de3-9132-cfab1f567ec4-5.exe <==== ATTENTION
Task: {B8CDE09F-D666-4579-A585-038EFE018282} - System32\Tasks\Sony Corporation\VAIO Care\UpdateContacts => %ProgramData%\Sony Corporation\VAIO Care\UpdateContacts.exe
Task: {BB791F10-7DE9-44F6-B0AC-D9AA77CB3DD5} - System32\Tasks\Sony Corporation\VAIO Care\VCSelfHeal => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-07-02] (Sony Corporation)
Task: {BC75A14B-522D-409E-9466-5D89874BCC6F} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\viuploader.exe [2013-01-24] (Sony Corporation)
Task: {BE855172-5C73-4559-A306-7646B93D9447} - System32\Tasks\EPSON XP-810 Series Update {07EDD1FB-F7A0-432B-9266-0B24DCBFA9F6} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLOE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {BF65AAF3-C8E1-43DA-BD15-A59F878680FA} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1646051037-3841336611-3862513586-1001 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe
Task: {BF85C521-76E8-4B1F-BB7F-AD042AD1848E} - System32\Tasks\Sony Corporation\VAIO Control Center\NetworkSetting\NetworkSetting Logon Start => C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient
Task: {C4501B2F-FD90-4B51-A474-F28A0E77220D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1646051037-3841336611-3862513586-1001Core => C:\Users\Cynthia\AppData\Local\Google\Update\GoogleUpdate.exe [2014-08-06] (Google Inc.)
Task: {CA2E8228-9BAF-4330-B45C-9FDAF2971D8E} - System32\Tasks\EPSON XP-810 Series Invitation {A4C205CC-95FE-42E9-A744-2341E58BADA2} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLOE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {CA9D697B-BF77-4DC3-8A43-10A39DEF5296} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Daily => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2013-02-02] (Sony Corporation)
Task: {CC1B2218-7E1E-46C3-9719-5E1057D4A996} - System32\Tasks\Microsoft Office 15 Sync Maintenance for VAIO-Cynthia Vaio => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-09-23] (Microsoft Corporation)
Task: {CDA98A84-7E1A-464F-9C04-8E54F3C48DFE} - System32\Tasks\Sony Corporation\Xperia Link\Xperia Link Logon Start => C:\Program Files (x86)\Sony\Xperia Link\Xperia Link.exe [2014-07-03] (Sony Corporation)
Task: {D08AD00F-9BCD-44F5-A388-198185C0C72E} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-07-02] (Sony Corporation)
Task: {DF12D04F-D4DE-41E0-8698-BBBD1A613EF6} - System32\Tasks\Sony Corporation\VAIO Care\DeployCRMflag => C:\Program Files\Sony\VAIO Care\DeployCRMflag.exe [2014-01-16] (Sony Corporation)
Task: {DF904FD4-3AA1-4AF7-BA46-3D4FAF39DE96} - System32\Tasks\Sony Corporation\VAIO Care\CheckSystemInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-07-02] (Sony Corporation)
Task: {E0DE88EA-2062-43BE-85B1-3F8413D881D6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1646051037-3841336611-3862513586-1001UA => C:\Users\Cynthia\AppData\Local\Google\Update\GoogleUpdate.exe [2014-08-06] (Google Inc.)
Task: {E40E787B-F45A-4440-A68E-18CA39D92EC2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-05] (Google Inc.)
Task: {E50B1872-AE2D-4610-8C54-816CF4C458CC} - System32\Tasks\bf009d68-0fc2-4de3-9132-cfab1f567ec4-10_user => C:\Program Files (x86)\Browser App+ v1\bf009d68-0fc2-4de3-9132-cfab1f567ec4-10.exe [2014-11-30] (App) <==== ATTENTION
Task: {E7DFFC8E-479D-4BC1-87C6-32EDC4488589} - System32\Tasks\bf009d68-0fc2-4de3-9132-cfab1f567ec4-4 => C:\Program Files (x86)\Browser App+ v1\bf009d68-0fc2-4de3-9132-cfab1f567ec4-4.exe <==== ATTENTION
Task: {E95AEC1E-7186-44C6-860F-4D3A3FBE6380} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-07-02] (Sony Corporation)
Task: {EA05B0E6-8C53-41C4-AC9D-8800C719EFEB} - System32\Tasks\CloudScout => C:\Program Files (x86)\CloudGuard\CloudGuard.exe [2014-10-25] (www.CloudGuard.me) <==== ATTENTION
Task: {EE93B8CC-CADE-4600-81D6-F0E49AE99630} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2014-02-28] (Sony Corporation)
Task: {F330B8D3-ECF7-47C6-A092-DC74755FD4B1} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2014-02-27] (Sony Corporation)
Task: C:\WINDOWS\Tasks\bf009d68-0fc2-4de3-9132-cfab1f567ec4-1.job => C:\Program Files (x86)\Browser App+ v1\Browser App+ v1-codedownloader.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\bf009d68-0fc2-4de3-9132-cfab1f567ec4-10_user.job => C:\Program Files (x86)\Browser App+ v1\bf009d68-0fc2-4de3-9132-cfab1f567ec4-10.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\bf009d68-0fc2-4de3-9132-cfab1f567ec4-11.job => C:\Program Files (x86)\Browser App+ v1\bf009d68-0fc2-4de3-9132-cfab1f567ec4-11.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\bf009d68-0fc2-4de3-9132-cfab1f567ec4-3.job => C:\Program Files (x86)\Browser App+ v1\bf009d68-0fc2-4de3-9132-cfab1f567ec4-3.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\bf009d68-0fc2-4de3-9132-cfab1f567ec4-4.job => C:\Program Files (x86)\Browser App+ v1\bf009d68-0fc2-4de3-9132-cfab1f567ec4-4.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\bf009d68-0fc2-4de3-9132-cfab1f567ec4-5.job => C:\Program Files (x86)\Browser App+ v1\bf009d68-0fc2-4de3-9132-cfab1f567ec4-5.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\bf009d68-0fc2-4de3-9132-cfab1f567ec4-5_user.job => C:\Program Files (x86)\Browser App+ v1\bf009d68-0fc2-4de3-9132-cfab1f567ec4-5.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Digital Sites.job => C:\Users\Cynthia\AppData\Roaming\DIGITA~2\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\EPSON XP-810 Series Invitation {07EDD1FB-F7A0-432B-9266-0B24DCBFA9F6}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLOE.EXE
Task: C:\WINDOWS\Tasks\EPSON XP-810 Series Invitation {9A45D5AB-18C2-43C2-91FD-558A2B0CFF49}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLOE.EXE
Task: C:\WINDOWS\Tasks\EPSON XP-810 Series Invitation {A4C205CC-95FE-42E9-A744-2341E58BADA2}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLOE.EXE
Task: C:\WINDOWS\Tasks\EPSON XP-810 Series Update {07EDD1FB-F7A0-432B-9266-0B24DCBFA9F6}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLOE.EXE
Task: C:\WINDOWS\Tasks\EPSON XP-810 Series Update {9A45D5AB-18C2-43C2-91FD-558A2B0CFF49}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLOE.EXE
Task: C:\WINDOWS\Tasks\EPSON XP-810 Series Update {A4C205CC-95FE-42E9-A744-2341E58BADA2}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLOE.EXE
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1646051037-3841336611-3862513586-1001Core.job => C:\Users\Cynthia\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1646051037-3841336611-3862513586-1001UA.job => C:\Users\Cynthia\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
 
==================== Loaded Modules (whitelisted) =============
 
2010-06-06 08:20 - 2010-06-06 08:20 - 00065344 _____ () C:\WINDOWS\System32\PDFreDirectMon64.dll
2013-07-26 01:31 - 2013-07-26 01:31 - 00066768 _____ () C:\Program Files (x86)\Paragon Software\HFS+ for Windows  9.1\apmwinsrv.exe
2014-03-30 09:39 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-01-30 10:37 - 2014-01-30 10:37 - 00249432 _____ () C:\Program Files\Smart Menu\WinStartMenuLauncher.exe
2014-11-25 07:14 - 2014-09-23 07:36 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-11-19 09:21 - 2013-11-19 09:21 - 00062464 _____ () C:\Program Files\Sony\VAIO Care\listener.exe
2014-12-11 15:12 - 2014-12-11 15:12 - 02905600 _____ () C:\Program Files\AVAST Software\Avast\defs\14121100\algo.dll
2014-12-12 18:23 - 2014-12-12 18:23 - 02905600 _____ () C:\Program Files\AVAST Software\Avast\defs\14121201\algo.dll
2014-12-05 16:05 - 2014-12-05 16:05 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-06-10 19:03 - 2013-01-23 03:26 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2013-11-19 09:21 - 2013-11-19 09:21 - 00347136 _____ () C:\Program Files\Sony\VAIO Care\Iolo\vosges.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\Cynthia\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Cynthia\Downloads\inkscape-0.48.4-1-win32.exe:BDU
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\StartupFolder: => "MobileGo Service.lnk"
HKLM\...\StartupApproved\Run: => "Bluetooth"
HKLM\...\StartupApproved\Run: => "Broadcom Wireless Manager UI"
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "EEventManager"
HKLM\...\StartupApproved\Run32: => "FUFAXRCV"
HKLM\...\StartupApproved\Run32: => "FUFAXSTM"
HKLM\...\StartupApproved\Run32: => "PMBVolumeWatcher"
HKLM\...\StartupApproved\Run32: => "IndexSearch"
HKLM\...\StartupApproved\Run32: => "PaperPort PTD"
HKLM\...\StartupApproved\Run32: => "SSBkgdUpdate"
HKLM\...\StartupApproved\Run32: => "PPort11reminder"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "My Scrap Nook Search Scope Monitor"
HKLM\...\StartupApproved\Run32: => "My Scrap Nook AppIntegrator 64-bit"
HKLM\...\StartupApproved\Run32: => "My Scrap Nook AppIntegrator 32-bit"
HKLM\...\StartupApproved\Run32: => "My Scrap Nook EPM Support"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact"
HKU\S-1-5-21-1646051037-3841336611-3862513586-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-1646051037-3841336611-3862513586-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000000"
HKU\S-1-5-21-1646051037-3841336611-3862513586-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000001"
HKU\S-1-5-21-1646051037-3841336611-3862513586-1001\...\StartupApproved\Run: => "swg"
HKU\S-1-5-21-1646051037-3841336611-3862513586-1001\...\StartupApproved\Run: => "SkyDrive"
HKU\S-1-5-21-1646051037-3841336611-3862513586-1001\...\StartupApproved\Run: => "Google+ Auto Backup"
HKU\S-1-5-21-1646051037-3841336611-3862513586-1001\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-1646051037-3841336611-3862513586-1001\...\StartupApproved\Run: => "Wondershare Helper Compact"
HKU\S-1-5-21-1646051037-3841336611-3862513586-1001\...\StartupApproved\Run: => "Web Companion"
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-1646051037-3841336611-3862513586-500 - Administrator - Disabled)
Cynthia (S-1-5-21-1646051037-3841336611-3862513586-1001 - Administrator - Enabled) => C:\Users\Cynthia
Guest (S-1-5-21-1646051037-3841336611-3862513586-501 - Limited - Disabled)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/12/2014 07:08:45 PM) (Source: Microsoft-Windows-Backup) (EventID: 517) (User: NT AUTHORITY)
Description: The backup operation that started at '2014-12-13T01:07:46.211667800Z' has failed with following error code '0x807800c5' (%%2155348165). Please review the event details for a solution, and then rerun the backup operation once the issue is resolved.
 
Error: (12/12/2014 07:08:45 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.
 
System Error:
The parameter is incorrect.
.
 
Error: (12/12/2014 07:07:46 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.
 
System Error:
The parameter is incorrect.
.
 
Error: (12/12/2014 07:07:45 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.
 
System Error:
The parameter is incorrect.
.
 
Error: (12/12/2014 07:07:44 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.
 
System Error:
The parameter is incorrect.
.
 
Error: (12/12/2014 07:07:26 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.
 
System Error:
The parameter is incorrect.
.
 
Error: (12/12/2014 09:39:16 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 196c
 
Start Time: 01d0162113b7fad9
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: 0697cd03-8215-11e4-beb1-3c07716e4a24
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (12/12/2014 08:51:17 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: VAIO)
Description: Activation of app ABC.ABCNews_x0jz7fs5f51ac!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (12/12/2014 08:40:05 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 138c
 
Start Time: 01d01618b0e8a793
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: a96bbc03-820c-11e4-beb1-3c07716e4a24
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (12/12/2014 08:40:05 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1a04
 
Start Time: 01d01618b0e8a793
 
Termination Time: 4294967295
 
Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe
 
Report Id: a96e1e6a-820c-11e4-beb1-3c07716e4a24
 
Faulting package full name: ABC.ABCNews_1.0.0.1541_neutral__x0jz7fs5f51ac
 
Faulting package-relative application ID: App
 
 
System errors:
=============
Error: (12/12/2014 07:02:22 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error: (12/11/2014 11:35:48 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the apmwinsrv service.
 
Error: (12/11/2014 11:35:18 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the apmwinsrv service.
 
Error: (12/11/2014 11:01:52 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error: (12/11/2014 10:31:15 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Intel® Management and Security Application User Notification Service service hung on starting.
 
Error: (12/11/2014 10:29:03 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Intel® System Behavior Tracker Collector Service service hung on starting.
 
Error: (12/11/2014 10:24:21 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Energy Server Service service hung on starting.
 
Error: (12/11/2014 10:22:24 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
 
Error: (12/11/2014 10:18:17 PM) (Source: Microsoft-Windows-HAL) (EventID: 13) (User: NT AUTHORITY)
Description: The system watchdog timer was triggered.
 
Error: (12/11/2014 10:19:10 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:28:22 PM on ‎12/‎11/‎2014 was unexpected.
 
 
Microsoft Office Sessions:
=========================
Error: (12/12/2014 07:08:45 PM) (Source: Microsoft-Windows-Backup) (EventID: 517) (User: NT AUTHORITY)
Description: 2014-12-13T01:07:46.211667800Z0x807800c5%%2155348165
 
Error: (12/12/2014 07:08:45 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.
 
System Error:
The parameter is incorrect.
 
Error: (12/12/2014 07:07:46 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.
 
System Error:
The parameter is incorrect.
 
Error: (12/12/2014 07:07:45 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.
 
System Error:
The parameter is incorrect.
 
Error: (12/12/2014 07:07:44 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.
 
System Error:
The parameter is incorrect.
 
Error: (12/12/2014 07:07:26 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.
 
System Error:
The parameter is incorrect.
 
Error: (12/12/2014 09:39:16 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20689196c01d0162113b7fad94294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe0697cd03-8215-11e4-beb1-3c07716e4a24microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
Error: (12/12/2014 08:51:17 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: VAIO)
Description: ABC.ABCNews_x0jz7fs5f51ac!App-2144927142
 
Error: (12/12/2014 08:40:05 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20689138c01d01618b0e8a7934294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exea96bbc03-820c-11e4-beb1-3c07716e4a24microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
Error: (12/12/2014 08:40:05 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.163841a0401d01618b0e8a7934294967295C:\WINDOWS\system32\backgroundTaskHost.exea96e1e6a-820c-11e4-beb1-3c07716e4a24ABC.ABCNews_1.0.0.1541_neutral__x0jz7fs5f51acApp
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-07-20 23:54:27.721
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-07-20 23:54:10.423
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-07-20 23:28:14.853
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-07-20 23:25:56.075
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-07-20 23:25:24.155
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-07-20 23:24:08.382
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-07-20 23:23:09.197
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3337U CPU @ 1.80GHz
Percentage of memory in use: 35%
Total physical RAM: 8070.8 MB
Available physical RAM: 5243.6 MB
Total Pagefile: 9670.8 MB
Available Pagefile: 6952.65 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:666.79 GB) (Free:390.64 GB) NTFS
Drive e: (External Hard Drive) (Fixed) (Total:931.19 GB) (Free:278.35 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 183465C1)
 
Partition: GPT Partition Type.
 
========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================


#7 Smilingcrafter

Smilingcrafter
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:TX.
  • Local time:07:53 AM

Posted 12 December 2014 - 08:31 PM

Everytime I tried to do a image backup I received an error.



#8 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:08:53 AM

Posted 12 December 2014 - 08:42 PM

Everytime I tried to do a image backup I received an error.

For right now I recommend manually copying files you wish to backup over to an external harddrive or other external storage medium.

 

If you really want to make an image of your machine (this includes the infection currently on your system) you can use an application like Macrium Reflect Free. I personally use Clonezilla for my image backups, but it can be a bit intimidating for some people.

 

Please allow me some time to analyze your logs and get our next steps approved by an instructor. :santa:


Edited by TheShooter93, 12 December 2014 - 08:42 PM.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#9 Smilingcrafter

Smilingcrafter
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:TX.
  • Local time:07:53 AM

Posted 13 December 2014 - 04:19 AM

Ok, I am good.  Just copied over important files.  You are right no need in making image of infected files.  Thanks.  



#10 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:08:53 AM

Posted 14 December 2014 - 10:37 AM

Hello SmilingCrafter,
 
Please do the following.   :)
 
=========================================================
 
Uninstall Programs Using Programs and Features

  • Press and hold the Windows key + R on your keyboard.
  • In the Run box type appwiz.cpl and hit Enter.
  • Select the following programs and click Uninstall.
    • Browser App+ v1
    • CeoauppSecanneeRi
    • CloudScout Parental Control
    • Duplicate Cleaner Free 3.2.3
  • Reboot your computer.

=========================================================

AdwCleaner by Xplode - Delete Adware

  • Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • A logfile should automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt if needed.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#11 Smilingcrafter

Smilingcrafter
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:TX.
  • Local time:07:53 AM

Posted 14 December 2014 - 02:59 PM

Cody,
The first two programs on the list you gave me to uninstall, 
  • Browser App+ v1
  • CeoauppSecanneeRi
 will not uninstall.  They both give an error msg. that says "there was error uninstalling the app. it may have been previously uninstalled, do I want to remove it from the uninstall list".
Also I forgot to tell you because I didn't know if it was malware or virus related but, my keyboard will only work in safe mode.  I have to use the screen keyboard.
 
The following is the log you requested:
 
# AdwCleaner v4.105 - Report created 14/12/2014 at 13:37:08
# Updated 08/12/2014 by Xplode
# Database : 2014-12-08.2 [Local]
# Operating System : Windows 8.1  (64 bits)
# Username : Cynthia - VAIO
# Running from : C:\Users\Cynthia\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
Service Found : qknfd
 
***** [ Files / Folders ] *****
 
Folder Found : C:\Program Files (x86)\ApptoU
Folder Found : C:\Program Files (x86)\globalUpdate
Folder Found : C:\Program Files (x86)\MyScrapNook_12
Folder Found : C:\ProgramData\374311380 
Folder Found : C:\ProgramData\39bb0d6539a36d7d
Folder Found : C:\ProgramData\ApptoU
Folder Found : C:\ProgramData\CeoauppSecanneeRi
Folder Found : C:\ProgramData\Fast And Safe
Folder Found : C:\ProgramData\iolo
Folder Found : C:\Users\Cynthia\AppData\Local\globalUpdate
Folder Found : C:\Users\Cynthia\AppData\Local\MyScrapNook_12
Folder Found : C:\Users\Cynthia\AppData\Local\Temp\CloudGuard
Folder Found : C:\Users\Cynthia\AppData\LocalLow\MyScrapNook_12
Folder Found : C:\Users\Cynthia\AppData\Roaming\DigitalSites
Folder Found : C:\Users\Cynthia\AppData\Roaming\iolo
Folder Found : C:\Users\Cynthia\Documents\Optimizer Pro
 
***** [ Scheduled Tasks ] *****
 
Task Found : Digital Sites
Task Found : bf009d68-0fc2-4de3-9132-cfab1f567ec4-1
Task Found : bf009d68-0fc2-4de3-9132-cfab1f567ec4-10_user
Task Found : bf009d68-0fc2-4de3-9132-cfab1f567ec4-11
Task Found : bf009d68-0fc2-4de3-9132-cfab1f567ec4-3
Task Found : bf009d68-0fc2-4de3-9132-cfab1f567ec4-4
Task Found : bf009d68-0fc2-4de3-9132-cfab1f567ec4-5
Task Found : bf009d68-0fc2-4de3-9132-cfab1f567ec4-5_user
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKCU\Software\AppDataLow\Software\adawarebp
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\dsiteproducts
Key Found : HKCU\Software\GlobalUpdate
Key Found : HKCU\Software\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\InstalledBrowserExtensions
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : [x64] HKCU\Software\APN PIP
Key Found : [x64] HKCU\Software\dsiteproducts
Key Found : [x64] HKCU\Software\GlobalUpdate
Key Found : [x64] HKCU\Software\InstallCore
Key Found : [x64] HKCU\Software\InstalledBrowserExtensions
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Found : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Found : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Found : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4C0961A5-3F88-4055-A100-106AFEC2CF9E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5BC4D4DF-CE7A-4582-835E-56860B14462E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{716E5A46-C344-4D13-99DB-BDCE7466B8A2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
Key Found : HKLM\SOFTWARE\Classes\Interface\{82024F98-F9FB-47F4-860F-887E41883C9D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AE88B8C3-41A9-4BB6-B12D-BDA9219E58FB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C9E2A578-FDDF-4214-8DB0-0F33E3421553}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E70EAE41-BB5A-440E-BF6E-BE2A280FD49C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Found : HKLM\SOFTWARE\CLASSES\MyScrapNook_12.ToolbarProtector
Key Found : HKLM\SOFTWARE\CLASSES\MyScrapNook_12.ToolbarProtector.1
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C260ADF2-154F-4227-9C73-651E25F22CBB}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{FAE20193-DC28-4E42-8D12-DB0C2C898B11}
Key Found : HKLM\SOFTWARE\GlobalUpdate
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Key Found : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{82024F98-F9FB-47F4-860F-887E41883C9D}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E70EAE41-BB5A-440E-BF6E-BE2A280FD49C}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0214754E-4E7D-4589-829D-E2523E6A3085}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{65F159FB-5F5E-46F4-B45D-CCFA236D2073}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{80E8B0A0-117D-1402-7CDE-688156237115}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{80E8B0A0-117D-1402-7CDE-688156237115}
Key Found : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Key Found : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0961A5-3F88-4055-A100-106AFEC2CF9E}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{5BC4D4DF-CE7A-4582-835E-56860B14462E}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{716E5A46-C344-4D13-99DB-BDCE7466B8A2}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{82024F98-F9FB-47F4-860F-887E41883C9D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{AE88B8C3-41A9-4BB6-B12D-BDA9219E58FB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C9E2A578-FDDF-4214-8DB0-0F33E3421553}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E70EAE41-BB5A-440E-BF6E-BE2A280FD49C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Found : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd
Key Found : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B3B5C47E-61F7-4D81-AF06-461FC86686CE}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{FE6F06FB-0FC0-4499-828F-EE48088F504F
 
 
 
 
-\\ Google Chrome v39.0.2171.71
 
 
*************************
 
AdwCleaner[R0].txt - [12841 octets] - [14/12/2014 13:37:08]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [12902 octets] ##########


#12 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:08:53 AM

Posted 15 December 2014 - 01:06 PM

Hi Smilingcrafter,
 
I'll be throwing a lot at you in this post, so please take your time with it and let me know if you have any questions.
 
If one particular scan does not work go on to the next one.
 
-----
 
As for your keyboard, hopefully this will be fixed as we remove malware from your system. If it is not we will address it separately once your machine is clean. Cleaning the machine first removes the possibility of an infection being responsible for the behavior.
 
============================================

:step1: Uninstalling Programs Using Revo Uninstaller Free
 
Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.

Please note there is a chance when you look for this program to uninstall through Revo it might not be listed because of a previous uninstall. If that is the case simply stop and let me know.

  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on the listed program(s), or anything similar, to remove it (if it exists)
Browser App+ v1
CeoauppSecanneeRi
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next.
  • Check the items in bold only on the list then click Delete. You may have to expand some folders by clicking the "+" mark.
  • When prompted click on Yes and then on Next.
  • Click on Select all then click Delete
  • When prompted select Yes then Next
  • Once done click Finish.

============================================

:step2: AdwCleaner by Xplode - Delete Adware

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Clean.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

============================================

:step3: Malwarebytes Antimalware
 
GUZVCQN.jpg Please download Malwarebytes Anti-Malware to your desktop.

  • Right-click and Run as Administrator mbam-setup.exe and follow the prompts to install the program.
  • At the end, remove the checkmark next to Enable free trial of Malwarebytes Anti-Malware Premium and keep the checkmark next to Launch Malwarebytes Anti-Malware, then click Finish.
  • Once launched it will automatically scan for updates. If an update is found, it will download and install the latest version.
  • Once the program has loaded, click the Scan tab at the top.
  • Select Threat Scan and click Scan Now >>.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.

============================================
 
:step4: Farbar Recovery Scan Tool (FRST)

  • Launch FRST.
  • Click the Scan button.
  • A new FRST.txt log will be produced. Include the contents of this log in your next post.

============================================
 
What I'd like to see in your next post:   :thumbup2:

  • Confirmation on Revo Uninstaller successfully uninstalled the problem software.
  • AdwCleaner log.
  • MBAM log.
  • Fresh FRST log.

Edited by TheShooter93, 15 December 2014 - 07:12 PM.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#13 Smilingcrafter

Smilingcrafter
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:TX.
  • Local time:07:53 AM

Posted 15 December 2014 - 07:10 PM

Good news, the 2 other apps appear to be uninstalled.  Yay!!!

 

# AdwCleaner v4.105 - Report created 15/12/2014 at 18:02:06
# Updated 08/12/2014 by Xplode
# Database : 2014-12-13.4 [Live]
# Operating System : Windows 8.1  (64 bits)
# Username : Cynthia - VAIO
# Running from : C:\Users\Cynthia\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\iolo
Folder Deleted : C:\Users\Cynthia\AppData\Roaming\iolo
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17416
 
 
-\\ Google Chrome v39.0.2171.71
 
 
*************************
 
AdwCleaner[R0].txt - [13376 octets] - [15/12/2014 16:50:10]
AdwCleaner[R1].txt - [931 octets] - [15/12/2014 17:55:26]
AdwCleaner[R2].txt - [990 octets] - [15/12/2014 18:00:37]
AdwCleaner[S0].txt - [13323 octets] - [15/12/2014 16:52:55]
AdwCleaner[S1].txt - [916 octets] - [15/12/2014 18:02:06]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [975 octets] ##########
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 12/15/2014
Scan Time: 5:01:06 PM
Logfile: MAM log.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2014.12.15.05
Rootkit Database: v2014.12.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Cynthia
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 365018
Time Elapsed: 14 min, 48 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 61
PUP.Optional.MyScrapNook.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{0a4d512d-697e-4ad5-872d-5a9941af6ebb}, , [1b0680e3b0cc82b406b94fbba45f48b8], 
PUP.Optional.MyScrapNook.A, HKLM\SOFTWARE\CLASSES\MyScrapNook_12.SettingsPlugin.1, , [1b0680e3b0cc82b406b94fbba45f48b8], 
PUP.Optional.MyScrapNook.A, HKLM\SOFTWARE\CLASSES\MyScrapNook_12.SettingsPlugin, , [1b0680e3b0cc82b406b94fbba45f48b8], 
PUP.Optional.MyScrapNook.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\MyScrapNook_12.SettingsPlugin, , [1b0680e3b0cc82b406b94fbba45f48b8], 
PUP.Optional.MyScrapNook.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\MyScrapNook_12.SettingsPlugin.1, , [1b0680e3b0cc82b406b94fbba45f48b8], 
PUP.Optional.MyScrapNook.A, HKU\S-1-5-21-1646051037-3841336611-3862513586-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{0A4D512D-697E-4AD5-872D-5A9941AF6EBB}, , [1b0680e3b0cc82b406b94fbba45f48b8], 
PUP.Optional.MyScrapNook.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{0A4D512D-697E-4AD5-872D-5A9941AF6EBB}, , [1b0680e3b0cc82b406b94fbba45f48b8], 
PUP.Optional.MyScrapNook.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{508c38b8-e848-49eb-9f84-ab81ddad2b58}, , [8c950e5597e56dc9596733d7ad5640c0], 
PUP.Optional.MyScrapNook.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{0fa48495-56eb-4eba-be5f-183846983a48}, , [8c950e5597e56dc9596733d7ad5640c0], 
PUP.Optional.MyScrapNook.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{098E4E5F-7877-4EBE-9A51-49CDEFBED242}, , [8c950e5597e56dc9596733d7ad5640c0], 
PUP.Optional.MyScrapNook.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{191EA747-1B0F-4895-8A45-B96A9EE15E28}, , [8c950e5597e56dc9596733d7ad5640c0], 
PUP.Optional.MyScrapNook.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{3F210473-F79B-48AA-B4B0-78872B5B4541}, , [8c950e5597e56dc9596733d7ad5640c0], 
PUP.Optional.MyScrapNook.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{A3BD0431-C030-45BF-915D-01C8E8AF05D7}, , [8c950e5597e56dc9596733d7ad5640c0], 
PUP.Optional.MyScrapNook.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{098E4E5F-7877-4EBE-9A51-49CDEFBED242}, , [8c950e5597e56dc9596733d7ad5640c0], 
PUP.Optional.MyScrapNook.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{191EA747-1B0F-4895-8A45-B96A9EE15E28}, , [8c950e5597e56dc9596733d7ad5640c0], 
PUP.Optional.MyScrapNook.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3F210473-F79B-48AA-B4B0-78872B5B4541}, , [8c950e5597e56dc9596733d7ad5640c0], 
PUP.Optional.MyScrapNook.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A3BD0431-C030-45BF-915D-01C8E8AF05D7}, , [8c950e5597e56dc9596733d7ad5640c0], 
PUP.Optional.MyScrapNook.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{0fa48495-56eb-4eba-be5f-183846983a48}, , [8c950e5597e56dc9596733d7ad5640c0], 
PUP.Optional.MyScrapNook.A, HKLM\SOFTWARE\CLASSES\MyScrapNook_12.PseudoTransparentPlugin.1, , [8c950e5597e56dc9596733d7ad5640c0], 
PUP.Optional.MyScrapNook.A, HKLM\SOFTWARE\CLASSES\MyScrapNook_12.PseudoTransparentPlugin, , [8c950e5597e56dc9596733d7ad5640c0], 
PUP.Optional.MyScrapNook.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\MyScrapNook_12.PseudoTransparentPlugin, , [8c950e5597e56dc9596733d7ad5640c0], 
PUP.Optional.MyScrapNook.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\MyScrapNook_12.PseudoTransparentPlugin.1, , [8c950e5597e56dc9596733d7ad5640c0], 
PUP.Optional.MyScrapNook.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{508C38B8-E848-49EB-9F84-AB81DDAD2B58}, , [8c950e5597e56dc9596733d7ad5640c0], 
PUP.Optional.MyScrapNook.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{bb2e53cf-c096-40b0-a485-03134f164470}, , [a37e2b38f8842a0c14af20eac43fc53b], 
PUP.Optional.MyScrapNook.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BB2E53CF-C096-40B0-A485-03134F164470}, , [a37e2b38f8842a0c14af20eac43fc53b], 
PUP.Optional.MyScrapNook.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{049BCB76-CEF4-43C9-9F4D-4539C7DE9742}, , [81a0d78c3f3da09615afcb3faf54eb15], 
PUP.Optional.MyScrapNook.A, HKLM\SOFTWARE\CLASSES\TypeLib\{C260ADF2-154F-4227-9C73-651E25F22CBB}, , [9c85ec770c70cc6a844065a5f80baf51], 
PUP.Optional.MyScrapNook.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{049BCB76-CEF4-43C9-9F4D-4539C7DE9742}, , [9c85ec770c70cc6a844065a5f80baf51], 
PUP.Optional.MyScrapNook.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TypeLib\{C260ADF2-154F-4227-9C73-651E25F22CBB}, , [79a8570c4f2d8ea8556f28e22cd72dd3], 
PUP.Optional.Mindspark.A, HKLM\SOFTWARE\CLASSES\MyScrapNook_12.FeedManager, , [8b96372ca7d5fa3c7d87ec97fd0645bb], 
PUP.Optional.Mindspark.A, HKLM\SOFTWARE\CLASSES\MyScrapNook_12.FeedManager.1, , [b46dc69de99342f4f0142162699a1be5], 
PUP.Optional.Mindspark.A, HKLM\SOFTWARE\CLASSES\MyScrapNook_12.HTMLMenu, , [9b860162c3b9ba7ce321e79c60a3728e], 
PUP.Optional.Mindspark.A, HKLM\SOFTWARE\CLASSES\MyScrapNook_12.HTMLMenu.1, , [cf525b089ddfb97dec18265daa598a76], 
PUP.Optional.Mindspark.A, HKLM\SOFTWARE\CLASSES\MyScrapNook_12.HTMLPanel, , [fd242043097372c49470651e3ec58779], 
PUP.Optional.Mindspark.A, HKLM\SOFTWARE\CLASSES\MyScrapNook_12.HTMLPanel.1, , [2ef3293aa1dbbd798a7ae1a223e0dd23], 
PUP.Optional.Mindspark.A, HKLM\SOFTWARE\CLASSES\MyScrapNook_12.MultipleButton, , [22ff3231126ac670669e0f74db283ac6], 
PUP.Optional.Mindspark.A, HKLM\SOFTWARE\CLASSES\MyScrapNook_12.MultipleButton.1, , [150c83e0a4d8ed4922e2e59e9c6708f8], 
PUP.Optional.Mindspark.A, HKLM\SOFTWARE\CLASSES\MyScrapNook_12.ScriptButton, , [74ad7de6710b37ff81831d6620e3956b], 
PUP.Optional.Mindspark.A, HKLM\SOFTWARE\CLASSES\MyScrapNook_12.ScriptButton.1, , [cd54412273095ed88480028130d303fd], 
PUP.Optional.Mindspark.A, HKLM\SOFTWARE\CLASSES\MyScrapNook_12.ThirdPartyInstaller, , [2ef369faf18b43f39f65a9da44bf20e0], 
PUP.Optional.Mindspark.A, HKLM\SOFTWARE\CLASSES\MyScrapNook_12.ThirdPartyInstaller.1, , [071a0162f48886b0659f5a2915ee0bf5], 
PUP.Optional.Mindspark.A, HKLM\SOFTWARE\WOW6432NODE\MyScrapNook_12, , [7ea3fc679ddf261019effb88e91a7d83], 
PUP.Optional.Mindspark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\MyScrapNook_12.FeedManager, , [7aa764ff245882b4d72d780beb1854ac], 
PUP.Optional.Mindspark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\MyScrapNook_12.FeedManager.1, , [26fb79eab5c7bf7759ab5b28798a34cc], 
PUP.Optional.Mindspark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\MyScrapNook_12.HTMLMenu, , [00216df6a9d32e08b35198ebb152946c], 
PUP.Optional.Mindspark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\MyScrapNook_12.HTMLMenu.1, , [ef322b389ae22214be46f88b7a89c937], 
PUP.Optional.Mindspark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\MyScrapNook_12.HTMLPanel, , [d8491b48f98386b0e51f0e75030053ad], 
PUP.Optional.Mindspark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\MyScrapNook_12.HTMLPanel.1, , [33eeaeb5215bb482fd07b8cb6c975aa6], 
PUP.Optional.Mindspark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\MyScrapNook_12.MultipleButton, , [b36ee87b0a72ed4900047112e71c7987], 
PUP.Optional.Mindspark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\MyScrapNook_12.MultipleButton.1, , [c75abea57dff60d66a9a0c77a06336ca], 
PUP.Optional.Mindspark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\MyScrapNook_12.ScriptButton, , [22ff055e6d0f0036768e305338cbbd43], 
PUP.Optional.Mindspark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\MyScrapNook_12.ScriptButton.1, , [210077ec33492214857f8bf8f0134ab6], 
PUP.Optional.Mindspark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\MyScrapNook_12.ThirdPartyInstaller, , [b76a2043f4889c9a90747e05e61dab55], 
PUP.Optional.Mindspark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\MyScrapNook_12.ThirdPartyInstaller.1, , [26fbb4af7408af87f60e087bb54e6d93], 
PUP.Optional.Quiknowledge.A, HKLM\SOFTWARE\WOW6432NODE\QUIKNOWLEDGE, , [d54cdf84a8d4ea4ceeb03357e51e26da], 
PUP.Optional.BrowserApp.A, HKU\S-1-5-21-1646051037-3841336611-3862513586-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Browser App+ v1, , [de43d68d3b4174c24659173d46bd2ed2], 
PUP.Optional.Mindspark.A, HKU\S-1-5-21-1646051037-3841336611-3862513586-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MyScrapNook_12, , [5ac7a1c2bac234024eb70f74ab58f30d], 
PUP.Optional.BrowserApp.A, HKU\S-1-5-21-1646051037-3841336611-3862513586-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Browser App+ v1, , [928f372c1864b1852d73f262699a09f7], 
PUP.Optional.MindSpark.A, HKU\S-1-5-21-1646051037-3841336611-3862513586-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\MyScrapNook_12, , [10114f148eeef2442280d6a2e320cf31], 
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, , [cb56e57e017bf442e20e67cf04ffa858], 
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, , [cb56e57e017bf442e20e67cf04ffa858], 
 
Registry Values: 1
PUP.Optional.Quiknowledge.A, HKLM\SOFTWARE\WOW6432NODE\QUIKNOWLEDGE|ie-ver, 11.0.9600.17107, , [d54cdf84a8d4ea4ceeb03357e51e26da]
 
Registry Data: 2
Trojan.DNSChanger, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{97930C6F-0AE8-41FD-A743-152661EB5321}|NameServer, 31.168.224.106,5.135.12.52, Good: (), Bad: (31.168.224.106,5.135.12.52),,[51d0e380f3896bcb8f1982f07e87639d]
Trojan.DNSChanger, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{D69CBD56-57C9-492A-9753-C88F32F69FB1}|NameServer, 31.168.224.106,5.135.12.52, Good: (), Bad: (31.168.224.106,5.135.12.52),,[fe230b583f3dcb6bcfd9e88ac441c23e]
 
Folders: 5
PUP.Optional.MindSpark.A, C:\Users\Cynthia\AppData\LocalLow\MyScrapNook_12EI, , [bd64f96aafcdd6604c9b2805b74c32ce], 
PUP.Optional.MindSpark.A, C:\Users\Cynthia\AppData\LocalLow\MyScrapNook_12EI\Installr, , [bd64f96aafcdd6604c9b2805b74c32ce], 
PUP.Optional.MindSpark.A, C:\Users\Cynthia\AppData\LocalLow\MyScrapNook_12EI\Installr\Cache, , [bd64f96aafcdd6604c9b2805b74c32ce], 
PUP.Optional.GlobalUpdate.A, C:\Users\Cynthia\AppData\Local\Temp\comh.62558, , [cb56e57e017bf442e20e67cf04ffa858], 
PUP.Optional.BrowserApp.A, C:\Program Files (x86)\Browser App+ v1, , [c8597fe447359f97455fc48859aadc24], 
 
Files: 23
PUP.Optional.BrowserApp.A, C:\Program Files (x86)\Browser App+ v1\bf009d68-0fc2-4de3-9132-cfab1f567ec4-10.exe, , [f928481ba8d4db5bbb3b9014a263e719], 
PUP.Optional.CrossRider.A, C:\Users\Cynthia\AppData\Local\Temp\A55Btmp\setup.exe, , [ec35dd86e795c37338da6a7456abb64a], 
PUP.Optional.CloudScout.A, C:\Users\Cynthia\AppData\Local\Temp\A55Dtmp\cloudscout.exe, , [ad74234095e750e6bd4d36c445bc5ea2], 
PUP.Optional.DeskTopDock.A, C:\Users\Cynthia\AppData\Local\Temp\A56Etmp\setup.exe, , [67ba491a7507b77fe68efdf3a06149b7], 
PUP.Optional.UTop.A, C:\Users\Cynthia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_utop.it_0.localstorage, , [dd44273c82fa2b0b71a889c87c8719e7], 
PUP.Optional.UTop.A, C:\Users\Cynthia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_utop.it_0.localstorage-journal, , [031e8bd80478f93da178cf82e81bcc34], 
PUP.Optional.Vitruvian.A, C:\Users\Cynthia\AppData\Local\Temp\vitruvian-installer-install-v0001, , [d8498ad9b7c59e98654452809272df21], 
PUP.Optional.Vitruvian.A, C:\Users\Cynthia\AppData\Local\Temp\vitruvian-installer-processes-v0001, , [65bc0c57f28adc5acddcd9f919eb738d], 
PUP.Optional.Vitruvian.A, C:\Users\Cynthia\AppData\Local\Temp\vitruvian-installer-softwareregkeys-v0001, , [bd64580b8fede2541e8befe3ce36a15f], 
PUP.Optional.Vitruvian.A, C:\Users\Cynthia\AppData\Local\Temp\vitruvian-installer-uninstall-v0001, , [df428ed59ddf270fa009a62ccf35d22e], 
PUP.Optional.MindSpark.A, C:\Users\Cynthia\AppData\LocalLow\MyScrapNook_12EI\Installr\Cache\077865DA.exe, , [bd64f96aafcdd6604c9b2805b74c32ce], 
PUP.Optional.MindSpark.A, C:\Users\Cynthia\AppData\LocalLow\MyScrapNook_12EI\Installr\Cache\files.ini, , [bd64f96aafcdd6604c9b2805b74c32ce], 
PUP.Optional.GlobalUpdate.A, C:\Users\Cynthia\AppData\Local\Temp\comh.62558\GoogleCrashHandler.exe, , [cb56e57e017bf442e20e67cf04ffa858], 
PUP.Optional.GlobalUpdate.A, C:\Users\Cynthia\AppData\Local\Temp\comh.62558\GoogleUpdate.exe, , [cb56e57e017bf442e20e67cf04ffa858], 
PUP.Optional.GlobalUpdate.A, C:\Users\Cynthia\AppData\Local\Temp\comh.62558\GoogleUpdateBroker.exe, , [cb56e57e017bf442e20e67cf04ffa858], 
PUP.Optional.GlobalUpdate.A, C:\Users\Cynthia\AppData\Local\Temp\comh.62558\GoogleUpdateHelper.msi, , [cb56e57e017bf442e20e67cf04ffa858], 
PUP.Optional.GlobalUpdate.A, C:\Users\Cynthia\AppData\Local\Temp\comh.62558\GoogleUpdateOnDemand.exe, , [cb56e57e017bf442e20e67cf04ffa858], 
PUP.Optional.GlobalUpdate.A, C:\Users\Cynthia\AppData\Local\Temp\comh.62558\goopdate.dll, , [cb56e57e017bf442e20e67cf04ffa858], 
PUP.Optional.GlobalUpdate.A, C:\Users\Cynthia\AppData\Local\Temp\comh.62558\goopdateres_en.dll, , [cb56e57e017bf442e20e67cf04ffa858], 
PUP.Optional.GlobalUpdate.A, C:\Users\Cynthia\AppData\Local\Temp\comh.62558\npGoogleUpdate4.dll, , [cb56e57e017bf442e20e67cf04ffa858], 
PUP.Optional.GlobalUpdate.A, C:\Users\Cynthia\AppData\Local\Temp\comh.62558\psmachine.dll, , [cb56e57e017bf442e20e67cf04ffa858], 
PUP.Optional.GlobalUpdate.A, C:\Users\Cynthia\AppData\Local\Temp\comh.62558\psuser.dll, , [cb56e57e017bf442e20e67cf04ffa858], 
PUP.Optional.BrowserApp.A, C:\Program Files (x86)\Browser App+ v1\1293297481.mxaddon, , [c8597fe447359f97455fc48859aadc24], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-12-2014 01
Ran by Cynthia (administrator) on VAIO on 15-12-2014 17:42:44
Running from C:\Users\Cynthia\Desktop
Loaded Profile: Cynthia (Available profiles: Cynthia)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files (x86)\Paragon Software\HFS+ for Windows  9.1\apmwinsrv.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
() C:\Program Files\Smart Menu\WinStartMenuLauncher.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\BCMWLTRY.EXE
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\SUSSoundProxy.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Sony Corporation) C:\Program Files\Sony\NFC Connection Utility\NFCConnectionUtility.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
() C:\Program Files\Sony\VAIO Care\listener.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Microsoft Corporation) C:\Windows\System32\backgroundTaskHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744 2014-02-19] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3039984 2013-03-13] (Synaptics Incorporated)
HKLM\...\Run: [Bluetooth] => C:\Program Files\WIDCOMM\Bluetooth Software\bttray.exe [534232 2013-09-04] (Broadcom Corporation.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2362392 2013-11-21] (Sony Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [642664 2014-05-26] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863848 2014-05-26] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [30248 2007-01-11] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [46632 2007-01-11] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort11reminder] => C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe [35368 2006-11-16] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2020192 2014-06-25] (Wondershare)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2020192 2014-06-25] (Wondershare)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1065024 2014-05-02] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2014-12-12] (AVAST Software)
Winlogon\Notify\igfxcui: C:\WINDOWS\SYSTEM32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1646051037-3841336611-3862513586-1001\...\Run: [SkyDrive] => C:\Users\Cynthia\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2014-10-09] (Microsoft Corporation)
HKU\S-1-5-21-1646051037-3841336611-3862513586-1001\...\Run: [Wondershare Helper Compact] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2020192 2014-06-25] (Wondershare)
HKU\S-1-5-21-1646051037-3841336611-3862513586-1001\...\Run: [Google Update] => C:\Users\Cynthia\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-08-06] (Google Inc.)
HKU\S-1-5-21-1646051037-3841336611-3862513586-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MobileGo Service.lnk
ShortcutTarget: MobileGo Service.lnk -> C:\Program Files (x86)\Wondershare\MobileGo for Android\MobileGoService.exe (Wondershare)
Startup: C:\Users\Cynthia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-1646051037-3841336611-3862513586-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/?fr=vmn&type=vmn__webcompa__1_0__ya__hp_WCYID10002_cnet_141203__yaie
HKU\S-1-5-21-1646051037-3841336611-3862513586-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://www.facebook.com/
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1646051037-3841336611-3862513586-1001 -> {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = https://www.google.com/search?q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-1646051037-3841336611-3862513586-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.13.2 -> C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @sony.com/ReaderDesktop -> C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.21.169\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.21.169\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1646051037-3841336611-3862513586-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Cynthia\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-1646051037-3841336611-3862513586-1001: @talk.google.com/O1DPlugin -> C:\Users\Cynthia\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-1646051037-3841336611-3862513586-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Cynthia\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1646051037-3841336611-3862513586-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Cynthia\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Cynthia\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Cynthia\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2014-09-02]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-05]
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/", "hxxp://www.yahoo.com/"
CHR Profile: C:\Users\Cynthia\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Cynthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-05]
CHR Extension: (Google Docs) - C:\Users\Cynthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-05]
CHR Extension: (Google Drive) - C:\Users\Cynthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-05]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Cynthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-06]
CHR Extension: (YouTube) - C:\Users\Cynthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-05]
CHR Extension: (Google Search) - C:\Users\Cynthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-05]
CHR Extension: (Google Sheets) - C:\Users\Cynthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-05]
CHR Extension: (Avast Online Security) - C:\Users\Cynthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-12-05]
CHR Extension: (Google Wallet) - C:\Users\Cynthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-05]
CHR Extension: (Gmail) - C:\Users\Cynthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-05]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-05]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 apmwinsrv; C:\Program Files (x86)\Paragon Software\HFS+ for Windows  9.1\apmwinsrv.exe [66768 2013-07-26] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-05] (AVAST Software)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2443960 2014-10-30] (Microsoft Corporation)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-19] (Intel Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129824 2013-01-23] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166688 2013-01-23] (Intel Corporation)
S3 NetworkSupport; C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe [629336 2013-09-28] (Sony Corporation)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [481304 2013-11-21] (Sony Corporation)
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [266168 2013-11-19] (Intel Corporation)
S3 Sony SCSI Helper Service; C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe [73728 2012-09-19] (Sony Corporation) [File not signed]
S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-19] (Intel Corporation)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [972000 2013-01-06] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-27] (Sony Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
R2 WinStartMenuLauncher; C:\Program Files\Smart Menu\WinStartMenuLauncher.exe [249432 2014-01-30] ()
R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe [6070272 2013-03-14] (Broadcom Corporation) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 apmwin; C:\Windows\System32\DRIVERS\apmwin.sys [50896 2013-07-26] (Paragon Software Group)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-05] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-05] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-05] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-05] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-05] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-05] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-05] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-05] ()
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7488176 2014-02-01] (Broadcom Corporation)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 fdrawcmd; C:\WINDOWS\system32\drivers\fdrawcmd.sys [33144 2010-04-24] (simonowen.com)
R0 gpt_loader; C:\Windows\System32\DRIVERS\gpt_loader.sys [61136 2013-07-26] (Paragon Software Group)
S3 Hfsplus; C:\Windows\System32\DRIVERS\hfsplus.sys [204496 2013-07-26] (Paragon Software Group)
R2 HfsplusRec; C:\Windows\System32\DRIVERS\hfsplusrec.sys [15568 2013-07-26] (Paragon Software Group)
R0 mounthlp; C:\Windows\System32\DRIVERS\mounthlp.sys [45776 2013-07-26] (Paragon Software Group)
S3 semav6thermal64ro; C:\WINDOWS\system32\drivers\semav6thermal64ro.sys [13792 2014-08-15] ()
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-03-13] (Synaptics Incorporated)
S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-15 17:42 - 2014-12-15 17:42 - 00000000 ____D () C:\Users\Cynthia\Desktop\FRST-OlderVersion
2014-12-15 16:58 - 2014-12-15 16:59 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-12-15 16:58 - 2014-12-15 16:58 - 00001118 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-15 16:58 - 2014-12-15 16:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-15 16:58 - 2014-12-15 16:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-15 16:58 - 2014-12-15 16:58 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-15 16:58 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-12-15 16:58 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-12-15 16:58 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-12-15 16:50 - 2014-12-15 16:52 - 00000000 ____D () C:\AdwCleaner
2014-12-15 16:49 - 2014-12-15 16:49 - 02166272 _____ () C:\Users\Cynthia\Desktop\AdwCleaner.exe
2014-12-15 16:38 - 2014-12-15 16:39 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Cynthia\Desktop\mbam-setup-2.0.4.1028.exe
2014-12-15 16:27 - 2014-12-15 16:27 - 00001284 _____ () C:\Users\Cynthia\Desktop\Revo Uninstaller.lnk
2014-12-15 16:27 - 2014-12-15 16:27 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-12-15 16:25 - 2014-12-15 16:25 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Cynthia\Desktop\revosetup.exe
2014-12-13 03:24 - 2014-12-13 03:24 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2014-12-12 19:14 - 2014-12-12 19:15 - 00046559 _____ () C:\Users\Cynthia\Desktop\Addition.txt
2014-12-12 19:13 - 2014-12-15 17:42 - 00022731 _____ () C:\Users\Cynthia\Desktop\FRST.txt
2014-12-12 19:13 - 2014-12-15 17:42 - 00000000 ____D () C:\FRST
2014-12-12 19:12 - 2014-12-15 17:42 - 02119168 _____ (Farbar) C:\Users\Cynthia\Desktop\FRST64.exe
2014-12-11 22:50 - 2014-11-09 20:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll
2014-12-11 22:50 - 2014-11-09 19:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll
2014-12-11 22:50 - 2014-10-30 16:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2014-12-11 22:50 - 2014-10-30 16:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2014-12-11 22:46 - 2014-10-30 17:39 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2014-12-11 22:46 - 2014-10-30 17:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2014-12-10 05:39 - 2014-12-03 17:37 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-12-10 05:39 - 2014-12-03 17:09 - 00830464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2014-12-10 05:39 - 2014-12-02 17:09 - 01083392 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-12-10 05:39 - 2014-12-02 17:09 - 00740864 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2014-12-10 05:39 - 2014-12-02 17:09 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2014-12-10 05:39 - 2014-12-02 17:09 - 00396288 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-12-10 05:39 - 2014-12-02 17:09 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2014-12-10 05:39 - 2014-11-21 21:13 - 25059840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-12-10 05:39 - 2014-11-21 20:34 - 06039552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-12-10 05:39 - 2014-11-21 20:22 - 19749376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-12-10 05:39 - 2014-11-21 19:43 - 14412800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-12-10 05:39 - 2014-11-21 19:28 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-12-10 05:39 - 2014-11-21 19:13 - 12836864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-12-10 05:38 - 2014-11-21 20:50 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-12-10 05:38 - 2014-11-21 20:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-12-10 05:38 - 2014-11-21 20:49 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-12-10 05:38 - 2014-11-21 20:48 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-12-10 05:38 - 2014-11-21 20:35 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-12-10 05:38 - 2014-11-21 20:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-12-10 05:38 - 2014-11-21 20:07 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-12-10 05:38 - 2014-11-21 20:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2014-12-10 05:38 - 2014-11-21 20:06 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-12-10 05:38 - 2014-11-21 20:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-12-10 05:38 - 2014-11-21 20:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-12-10 05:38 - 2014-11-21 20:01 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-12-10 05:38 - 2014-11-21 19:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2014-12-10 05:38 - 2014-11-21 19:55 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-12-10 05:38 - 2014-11-21 19:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2014-12-10 05:38 - 2014-11-21 19:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-12-10 05:38 - 2014-11-21 19:49 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-12-10 05:38 - 2014-11-21 19:49 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-12-10 05:38 - 2014-11-21 19:46 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-12-10 05:38 - 2014-11-21 19:35 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-12-10 05:38 - 2014-11-21 19:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2014-12-10 05:38 - 2014-11-21 19:33 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-12-10 05:38 - 2014-11-21 19:29 - 04299264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-12-10 05:38 - 2014-11-21 19:29 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2014-12-10 05:38 - 2014-11-21 19:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2014-12-10 05:38 - 2014-11-21 19:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-12-10 05:38 - 2014-11-21 19:23 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-12-10 05:38 - 2014-11-21 19:22 - 02052096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-12-10 05:38 - 2014-11-21 19:15 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-12-10 05:38 - 2014-11-21 19:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-12-10 05:38 - 2014-11-21 19:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-12-10 05:38 - 2014-11-21 18:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-12-10 05:38 - 2014-11-21 18:54 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-12-10 05:37 - 2014-11-06 22:16 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2014-12-10 05:37 - 2014-11-06 21:26 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2014-12-10 05:37 - 2014-10-31 17:57 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-12-10 05:37 - 2014-10-31 17:47 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-12-10 05:37 - 2014-10-12 20:43 - 00238912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2014-12-10 05:37 - 2014-10-12 20:43 - 00153920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2014-12-10 05:37 - 2014-10-12 20:43 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2014-12-10 05:37 - 2014-10-12 20:43 - 00039744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2014-12-08 03:16 - 2014-12-08 03:16 - 00688992 _____ (Swearware) C:\Users\Cynthia\Downloads\dds.com
2014-12-05 16:12 - 2014-12-05 16:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-12-05 16:11 - 2014-12-05 16:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-12-05 16:11 - 2014-12-05 16:11 - 00000000 ____D () C:\ProgramData\Google
2014-12-05 16:05 - 2014-12-15 17:27 - 00000906 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-05 16:05 - 2014-12-15 17:10 - 00000910 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-05 16:05 - 2014-12-05 16:11 - 01050432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2014-12-05 16:05 - 2014-12-05 16:05 - 00436624 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2014-12-05 16:05 - 2014-12-05 16:05 - 00364512 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-12-05 16:05 - 2014-12-05 16:05 - 00267632 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-12-05 16:05 - 2014-12-05 16:05 - 00116728 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2014-12-05 16:05 - 2014-12-05 16:05 - 00093568 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2014-12-05 16:05 - 2014-12-05 16:05 - 00083280 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2014-12-05 16:05 - 2014-12-05 16:05 - 00065776 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-12-05 16:05 - 2014-12-05 16:05 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-12-05 16:05 - 2014-12-05 16:05 - 00029208 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-12-05 16:05 - 2014-12-05 16:05 - 00003882 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-12-05 16:05 - 2014-12-05 16:05 - 00003646 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-12-05 14:44 - 2014-12-05 14:44 - 00789947 _____ () C:\Users\Cynthia\Downloads\830santa_for_name.zip
2014-12-02 23:20 - 2014-12-02 23:20 - 00098508 _____ () C:\ProgramData\1417583909.bdinstall.bin
2014-12-02 23:18 - 2014-12-02 23:18 - 00037671 _____ () C:\ProgramData\1417583907.bdinstall.bin
2014-12-02 22:40 - 2014-12-02 23:32 - 00000000 ____D () C:\searchplugins
2014-12-02 22:40 - 2014-12-02 22:40 - 00004688 _____ () C:\WINDOWS\SysWOW64\LavasoftTcpService.ini
2014-12-02 22:40 - 2014-12-02 22:40 - 00002520 _____ () C:\WINDOWS\SysWOW64\LavasoftTcpServiceOff.ini
2014-12-02 22:40 - 2014-12-02 22:40 - 00002520 _____ () C:\WINDOWS\system32\LavasoftTcpServiceOff.ini
2014-12-02 22:40 - 2014-12-02 22:40 - 00000264 _____ () C:\prefs.js
2014-12-02 22:40 - 2014-12-02 22:40 - 00000000 ____D () C:\Users\Cynthia\AppData\Roaming\LavasoftStatistics
2014-12-02 22:40 - 2014-11-27 10:44 - 00358736 _____ (Lavasoft Limited) C:\WINDOWS\system32\LavasoftTcpService64.dll
2014-12-02 22:40 - 2014-11-27 10:44 - 00312424 _____ (Lavasoft Limited) C:\WINDOWS\SysWOW64\LavasoftTcpService.dll
2014-11-26 09:22 - 2014-11-09 17:19 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2014-11-26 09:22 - 2014-11-09 17:19 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2014-11-26 09:22 - 2014-11-09 17:18 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2014-11-26 09:22 - 2014-11-09 17:18 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2014-11-17 21:20 - 2014-11-17 21:20 - 00000218 _____ () C:\Users\Cynthia\AppData\Local\recently-used.xbel
2014-11-17 10:03 - 2014-11-17 10:03 - 00000000 __SHD () C:\Users\Cynthia\AppData\Local\EmieBrowserModeList
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-15 17:40 - 2014-07-17 11:30 - 00004966 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for VAIO-Cynthia Vaio
2014-12-15 17:34 - 2013-11-14 01:28 - 00865408 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-12-15 17:32 - 2014-01-25 19:23 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1646051037-3841336611-3862513586-1001
2014-12-15 17:29 - 2014-01-27 05:02 - 01201953 _____ () C:\WINDOWS\WindowsUpdate.log
2014-12-15 17:28 - 2014-07-24 09:14 - 00000000 __RDO () C:\Users\Cynthia\SkyDrive
2014-12-15 17:27 - 2013-08-22 08:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-15 17:26 - 2013-11-14 01:20 - 00205882 _____ () C:\WINDOWS\PFRO.log
2014-12-15 17:26 - 2013-08-22 07:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-12-15 17:21 - 2014-01-25 22:21 - 00000951 _____ () C:\WINDOWS\Tasks\EPSON XP-810 Series Update {A4C205CC-95FE-42E9-A744-2341E58BADA2}.job
2014-12-15 17:21 - 2014-01-25 22:21 - 00000765 _____ () C:\WINDOWS\Tasks\EPSON XP-810 Series Invitation {A4C205CC-95FE-42E9-A744-2341E58BADA2}.job
2014-12-15 17:11 - 2014-06-15 19:11 - 00000929 _____ () C:\WINDOWS\Tasks\EPSON XP-810 Series Update {9A45D5AB-18C2-43C2-91FD-558A2B0CFF49}.job
2014-12-15 17:11 - 2014-06-15 19:11 - 00000743 _____ () C:\WINDOWS\Tasks\EPSON XP-810 Series Invitation {9A45D5AB-18C2-43C2-91FD-558A2B0CFF49}.job
2014-12-15 17:00 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-12-15 16:58 - 2014-08-06 17:53 - 00000926 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1646051037-3841336611-3862513586-1001UA.job
2014-12-15 16:52 - 2014-08-06 17:53 - 00000874 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1646051037-3841336611-3862513586-1001Core.job
2014-12-15 16:52 - 2014-01-27 12:52 - 00000929 _____ () C:\WINDOWS\Tasks\EPSON XP-810 Series Update {07EDD1FB-F7A0-432B-9266-0B24DCBFA9F6}.job
2014-12-15 16:52 - 2014-01-27 12:52 - 00000743 _____ () C:\WINDOWS\Tasks\EPSON XP-810 Series Invitation {07EDD1FB-F7A0-432B-9266-0B24DCBFA9F6}.job
2014-12-15 04:00 - 2014-01-25 19:16 - 00000000 ____D () C:\Users\Cynthia\AppData\Local\Packages
2014-12-15 01:57 - 2014-02-16 21:47 - 00000000 ____D () C:\Users\Cynthia\Documents\Resume
2014-12-15 01:44 - 2012-07-26 01:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-12-14 22:47 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-12-14 13:29 - 2014-03-16 12:40 - 00000000 ____D () C:\Users\Cynthia\AppData\Roaming\DigitalVolcano
2014-12-13 04:01 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-12-13 03:24 - 2014-07-17 10:35 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-12-13 03:24 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS
2014-12-13 03:24 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS
2014-12-13 03:24 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-12-13 03:24 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\AppCompat
2014-12-12 04:09 - 2014-01-26 01:26 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-12-12 04:04 - 2014-01-26 01:26 - 112710672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-12-12 04:04 - 2013-08-22 07:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-12-11 22:24 - 2014-01-27 04:46 - 00000000 ____D () C:\Users\Cynthia
2014-12-11 12:10 - 2013-08-22 08:46 - 00294365 _____ () C:\WINDOWS\setupact.log
2014-12-08 03:40 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\registration
2014-12-05 19:44 - 2014-02-21 10:25 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2014-12-05 19:44 - 2014-02-21 10:25 - 00000000 ____D () C:\Users\Cynthia\AppData\Roaming\AVAST Software
2014-12-05 19:44 - 2014-02-01 15:13 - 00000000 ____D () C:\Users\Cynthia\AppData\Local\Google
2014-12-05 16:11 - 2014-02-01 15:13 - 00000000 ____D () C:\Program Files\Google
2014-12-05 16:11 - 2014-02-01 15:13 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-05 15:47 - 2014-02-21 10:24 - 00000000 ____D () C:\Program Files\AVAST Software
2014-12-05 15:47 - 2014-02-21 10:23 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-12-04 18:31 - 2014-02-06 22:45 - 00000000 ____D () C:\Users\Cynthia\Documents\My PSP Files
2014-12-03 13:03 - 2013-06-10 19:38 - 00000000 ____D () C:\ProgramData\Sony Corporation
2014-12-03 12:58 - 2014-01-26 16:57 - 00000000 ____D () C:\Update
2014-12-03 12:58 - 2013-06-10 19:14 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Sony Corporation
2014-12-03 12:58 - 2013-06-10 19:14 - 00000000 ____D () C:\Program Files (x86)\Sony
2014-12-03 12:58 - 2013-06-10 19:04 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-02 11:44 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-11-25 07:16 - 2014-01-26 17:55 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-11-17 09:58 - 2013-08-22 08:44 - 00566928 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-11-17 09:53 - 2013-08-22 09:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-11-17 09:53 - 2013-08-22 09:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2014-11-17 09:53 - 2013-08-22 09:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-17 09:53 - 2013-08-22 09:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-17 09:53 - 2013-08-22 09:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-11-17 09:53 - 2013-08-22 09:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
 
Some content of TEMP:
====================
C:\Users\Cynthia\AppData\Local\Temp\f12f8602-cfda-427f-9512-5b5c4b0e7a69.exe
C:\Users\Cynthia\AppData\Local\Temp\GLF315A.EXE
C:\Users\Cynthia\AppData\Local\Temp\GLF32C2.EXE
C:\Users\Cynthia\AppData\Local\Temp\GLF3E6E.EXE
C:\Users\Cynthia\AppData\Local\Temp\GLF40EF.EXE
C:\Users\Cynthia\AppData\Local\Temp\GLF5477.EXE
C:\Users\Cynthia\AppData\Local\Temp\GLF5727.EXE
C:\Users\Cynthia\AppData\Local\Temp\GLF6409.EXE
C:\Users\Cynthia\AppData\Local\Temp\GLF6717.EXE
C:\Users\Cynthia\AppData\Local\Temp\GLF9C9C.EXE
C:\Users\Cynthia\AppData\Local\Temp\GLFA325.EXE
C:\Users\Cynthia\AppData\Local\Temp\GLFD68B.EXE
C:\Users\Cynthia\AppData\Local\Temp\GLFDA83.EXE
C:\Users\Cynthia\AppData\Local\Temp\GLFEE17.EXE
C:\Users\Cynthia\AppData\Local\Temp\GLFF7DC.EXE
C:\Users\Cynthia\AppData\Local\Temp\ICReinstall_ZipOpenerSetup.exe
C:\Users\Cynthia\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
C:\Users\Cynthia\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Cynthia\AppData\Local\Temp\optprosetup.exe
C:\Users\Cynthia\AppData\Local\Temp\PicasaCD.exe
C:\Users\Cynthia\AppData\Local\Temp\Quarantine.exe
C:\Users\Cynthia\AppData\Local\Temp\Smart Menu x64.exe
C:\Users\Cynthia\AppData\Local\Temp\SpOrder.dll
C:\Users\Cynthia\AppData\Local\Temp\sqlite3.dll
C:\Users\Cynthia\AppData\Local\Temp\_is3B81.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-08 06:34
 
==================== End Of Log ============================


#14 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:08:53 AM

Posted 16 December 2014 - 03:38 PM

Hi SmilingCrafter,
 
Looks like those scans all went through OK!    :thumbup2: 
 
Just a few more entries to take care of below - we're almost there.   :)
 
==========================================================================

:step1: Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1646051037-3841336611-3862513586-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/?fr=vmn&type=vmn__webcompa__1_0__ya__hp_WCYID10002_cnet_141203__yaie
EmptyTemp:
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.

==========================================================================

:step2: ESET Online Scanner

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.

  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:

settings.png

  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.

Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif

 

==========================================================================

 

:step3: Farbar Recovery Scan Tool (FRST) With Addition.txt

  • Launch FRST.
  • Check the Addition.txt radio button.
  • Click the Scan button.
  • A new FRST.txt log and Addition.txt log will be produced. Include the contents of this log in your next post.

Edited by TheShooter93, 16 December 2014 - 03:38 PM.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#15 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:08:53 AM

Posted 18 December 2014 - 02:45 PM

Copied over from our private message:

 

Please try submitting each log in individual posts to your thread.


CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users