Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unsure if my pc is completely cleared of problems


  • This topic is locked This topic is locked
27 replies to this topic

#1 tiki01-

tiki01-

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:32 AM

Posted 14 March 2015 - 11:26 PM

I ran spybot scan and let the program ran its fix but it says some of the dectected items could not be fix. I proceeded to the quarantine to try "manually removing" them although im actually oblivious to what im doing, sorry. Below is copy paste hijackthis log, i have also attached the log file incase needed. thanks

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 11:26:35 AM, on 15-Mar-15
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17689)
CHROME: 41.0.2272.89
FIREFOX: 36.0.1 (x86 en-US)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Spybot - Search & Destroy 2\SDWelcome.exe
C:\Users\melanie mok\Desktop\HijackThis.exe

O1 - Hosts: ::1 localhost
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: (no name) - !{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\melanie mok\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [Spybot-S&D Cleaning] "C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.pps.tv
O15 - Trusted Zone: http://*.ppstream.com
O15 - Trusted Zone: http://*.webscache.com
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O15 - ESC Trusted Zone: http://*.pps.tv
O15 - ESC Trusted Zone: http://*.ppstream.com
O15 - ESC Trusted Zone: http://*.webscache.com
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs:     
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - Avast Software s.r.o. - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Avast Software - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
O23 - Service: BackupService - ArcSoft, Inc. - C:\Users\melanie mok\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe
O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDms.exe
O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDs.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe (file missing)
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8571 bytes
 

Attached Files



BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:32 PM

Posted 15 March 2015 - 11:17 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 tiki01-

tiki01-
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:32 AM

Posted 15 March 2015 - 11:48 AM

Edit: thanks for taking interest. Below are the copy paste of the two report. :bounce:

 

 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by melanie mok (administrator) on VAIO on 16-03-2015 00:37:03
Running from C:\Users\melanie mok\Desktop
Loaded Profiles: melanie mok (Available profiles: melanie mok)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Sony Corporation) C:\Program Files\Sony\ISB Utility\ISBMgr.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(ArcSoft, Inc.) C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1295656 2008-07-04] (Synaptics, Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6111232 2008-06-23] (Realtek Semiconductor)
HKLM\...\Run: [ISBMgr.exe] => C:\Program Files\Sony\ISB Utility\ISBMgr.exe [317280 2008-04-04] (Sony Corporation)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2015-03-14] (Avast Software s.r.o.)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
Winlogon\Notify\VESWinlogon: C:\Windows\system32\VESWinlogon.dll (Sony Corporation)
HKU\S-1-5-21-2912928045-2303475615-2363683268-1003\...\Run: [Google Update] => C:\Users\melanie mok\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-03-21] (Google Inc.)
HKU\S-1-5-21-2912928045-2303475615-2363683268-1003\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [26232152 2015-02-19] (Google)
HKU\S-1-5-21-2912928045-2303475615-2363683268-1003\...\Run: [Spybot-S&D Cleaning] => C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-2912928045-2303475615-2363683268-1003\...\MountPoints2: {75fae55c-52b7-11e0-860f-00214f54fe48} - G:\Windows\CHECK\DriveNavigator.exe
HKU\S-1-5-21-2912928045-2303475615-2363683268-1003\...\MountPoints2: {a942d495-5f6a-11e0-8988-001dba012e36} - I:\AutoRun.exe
HKU\S-1-5-21-2912928045-2303475615-2363683268-1003\...\MountPoints2: {a942d4a2-5f6a-11e0-8988-001dba012e36} - G:\AutoRun.exe
Startup: C:\Users\melanie mok\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Thunderbird.lnk
ShortcutTarget: Mozilla Thunderbird.lnk -> C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKLM -> DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL =
SearchScopes: HKLM -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3106777
BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll [2012-02-14] (Sun Microsystems, Inc.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-03-04] (Avast Software s.r.o.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-02-14] (Sun Microsystems, Inc.)
Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} -  No File
Toolbar: HKLM - No Name - !{EEE6C35B-6118-11DC-9C72-001320C79847} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.3

FireFox:
========
FF ProfilePath: C:\Users\melanie mok\AppData\Roaming\Mozilla\Firefox\Profiles\dkqlhdqz.default
FF Homepage: hxxp://www.bing.com/
FF Keyword.URL: hxxp://dts.search-results.com/sr?src=ffb&appid=282&systemid=406&sr=0&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-14] ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2012-02-14] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=1.1.9 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2011-04-12] (the VideoLAN Team)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2912928045-2303475615-2363683268-1003: @tools.google.com/Google Update;version=3 -> C:\Users\melanie mok\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-2912928045-2303475615-2363683268-1003: @tools.google.com/Google Update;version=9 -> C:\Users\melanie mok\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF SearchPlugin: C:\Users\melanie mok\AppData\Roaming\Mozilla\Firefox\Profiles\dkqlhdqz.default\searchplugins\mozilla-support.xml [2015-03-12]
FF Extension: EPUBReader - C:\Users\melanie mok\AppData\Roaming\Mozilla\Firefox\Profiles\dkqlhdqz.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2015-03-01]
FF Extension: FoxTrick - C:\Users\melanie mok\AppData\Roaming\Mozilla\Firefox\Profiles\dkqlhdqz.default\Extensions\{9d1f059c-cada-4111-9696-41a62d64e3ba} [2015-03-15]
FF Extension: 1-Click YouTube Video Downloader - C:\Users\melanie mok\AppData\Roaming\Mozilla\Firefox\Profiles\dkqlhdqz.default\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2015-03-01]
FF Extension: Adblock Plus - C:\Users\melanie mok\AppData\Roaming\Mozilla\Firefox\Profiles\dkqlhdqz.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-03-01]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-03-04]

Chrome:
=======
CHR HomePage: Default ->
CHR StartupUrls: Default -> "hxxp://www.google.com.my/"
CHR DefaultSearchKeyword: Default -> askws
CHR DefaultSearchURL: Default -> http://search.tb.ask.com/search/GGmain.jhtml?searchfor={searchTerms}&st=kwd&ptb=6F0A96A8-1833-42DA-8F60-F623EDFD7B7E&n=780c22fc&ind=2014061308&p2=^Z8^xdm021^YYA^my&si=CNT05PPw9r4CFdQVjgodPocAGA
CHR DefaultSuggestURL: Default -> http://ssmsp.ask.com/query?q={searchTerms}&li=ff&sstype=prefix
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\melanie mok\AppData\Local\Google\Chrome\Application\40.0.2214.115\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\melanie mok\AppData\Local\Google\Chrome\Application\40.0.2214.115\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\melanie mok\AppData\Local\Google\Chrome\Application\40.0.2214.115\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.320.1) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java™ Platform SE 6 U32) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Nitro PDF Plug-In) - C:\Program Files\Nitro PDF\Reader 2\npnitromozilla.dll No File
CHR Plugin: (VLC Multimedia Plug-in) - C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
CHR Plugin: (Windows Live聶 Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Profile: C:\Users\melanie mok\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\melanie mok\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-05]
CHR Extension: (YouTube) - C:\Users\melanie mok\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-07-13]
CHR Extension: (Adblock Plus) - C:\Users\melanie mok\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-07-02]
CHR Extension: (Google Search) - C:\Users\melanie mok\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-07-13]
CHR Extension: (Google Wallet) - C:\Users\melanie mok\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-09]
CHR Extension: (Gmail) - C:\Users\melanie mok\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-07-13]
CHR HKLM\...\Chrome\Extension: [cgpnojibjokpoghebklhkdeijehkohhb] - C:\Users\MELANI~1\AppData\Local\Temp\tbch.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-04]
CHR HKLM\...\Chrome\Extension: [mpieaakhacmfleokhjcjnpcnmnmpfkid] - C:\Program Files\fbphotozoom\fbphotozoom16.crx [2012-04-17]
CHR HKU\S-1-5-21-2912928045-2303475615-2363683268-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\MELANI~1\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-03-14]
CHR HKU\S-1-5-21-2912928045-2303475615-2363683268-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome - C:\Users\melanie mok\AppData\Local\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-03-04] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3205216 2015-03-04] (Avast Software)
S2 BackupService; C:\Users\melanie mok\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe [83512 2010-07-02] (ArcSoft, Inc.)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2011-03-20] (Macrovision Europe Ltd.) [File not signed]
S3 MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [53248 2008-05-20] (Sony Corporation) [File not signed]
S3 PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [53248 2008-05-20] (Sony Corporation) [File not signed]
S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 SOHCImp; C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe [103712 2008-05-21] (Sony Corporation)
S3 SOHDms; C:\Program Files\Sony\VAIO Media plus\SOHDms.exe [353568 2008-05-21] (Sony Corporation)
S3 SOHDs; C:\Program Files\Sony\VAIO Media plus\SOHDs.exe [62752 2008-05-21] (Sony Corporation)
S3 SPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [77824 2008-05-20] (Sony Corporation) [File not signed]
R2 uCamMonitor; C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe [104960 2008-03-26] (ArcSoft, Inc.)
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [73728 2008-05-23] (Sony Corporation) [File not signed]
R2 VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [182112 2008-07-16] (Sony Corporation)
R2 VCFw; C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [415744 2008-06-20] (Sony Corporation) [File not signed]
R3 Vcsw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [279848 2008-06-19] (Sony Corporation)
R2 VzCdbSvc; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [192512 2008-05-23] (Sony Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S3 VcmXmlIfHelper; "C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [17408 2008-01-31] (ArcSoft, Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-03-04] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [73440 2015-03-04] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-03-04] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-03-04] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [788272 2015-03-04] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427480 2015-03-04] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [106912 2015-03-04] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206976 2015-03-04] ()
S4 RsFx0105; C:\Windows\System32\DRIVERS\RsFx0105.sys [238696 2011-09-22] (Microsoft Corporation)
S3 taphss; C:\Windows\System32\DRIVERS\taphss.sys [32768 2010-09-23] (AnchorFree Inc)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [41984 2011-02-18] (Apple, Inc.) [File not signed]
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220240 2015-03-04] (Avast Software)
S3 btwaudio; system32\drivers\btwaudio.sys [X]
S3 btwavdt; system32\drivers\btwavdt.sys [X]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]
S3 btwrchid; system32\DRIVERS\btwrchid.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-16 00:35 - 2015-03-16 00:37 - 00021492 _____ () C:\Users\melanie mok\Desktop\FRST.txt
2015-03-16 00:35 - 2015-03-16 00:37 - 00000000 ____D () C:\FRST
2015-03-16 00:34 - 2015-03-16 00:34 - 01135104 _____ (Farbar) C:\Users\melanie mok\Desktop\FRST.exe
2015-03-15 11:26 - 2015-03-15 11:26 - 00008572 _____ () C:\Users\melanie mok\Desktop\hijackthis.log
2015-03-15 11:17 - 2015-03-15 11:17 - 00000000 ____D () C:\Qoobox
2015-03-15 11:15 - 2015-03-15 11:15 - 00000000 ____D () C:\Windows\erdnt
2015-03-15 09:25 - 2015-03-15 09:54 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2015-03-15 09:25 - 2015-03-15 09:25 - 00002095 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-03-15 09:25 - 2015-03-15 09:25 - 00002083 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-03-15 09:25 - 2015-03-15 09:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-03-15 09:25 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2015-03-15 08:17 - 2015-03-15 11:07 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-03-15 08:17 - 2015-03-15 09:25 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy
2015-03-15 08:12 - 2015-03-15 08:12 - 00388608 _____ (Trend Micro Inc.) C:\Users\melanie mok\Desktop\HijackThis.exe
2015-03-15 08:07 - 2015-03-15 11:14 - 05615380 _____ (Swearware) C:\Users\melanie mok\Downloads\ComboFix.exe
2015-03-14 22:05 - 2015-03-15 17:26 - 00000000 ___RD () C:\Users\melanie mok\Google Drive
2015-03-14 22:03 - 2015-03-14 22:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-03-14 00:59 - 2015-03-14 00:59 - 00000000 ____D () C:\Users\melanie mok\AppData\Roaming\Thunderbird
2015-03-14 00:59 - 2015-03-14 00:59 - 00000000 ____D () C:\Users\melanie mok\AppData\Local\Thunderbird
2015-03-14 00:57 - 2015-03-14 00:57 - 00002008 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2015-03-14 00:56 - 2015-03-14 00:56 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2015-03-13 18:37 - 2015-01-31 11:33 - 02744320 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-13 18:37 - 2015-01-31 11:33 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-03-13 18:37 - 2015-01-31 08:48 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-13 18:37 - 2014-12-12 01:47 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-03-13 08:18 - 2015-03-04 18:55 - 00291312 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-03-12 19:15 - 2014-09-05 09:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-03-12 08:05 - 2015-03-12 08:05 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-11 22:54 - 2013-10-02 08:42 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2015-03-11 22:54 - 2013-10-02 08:32 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2015-03-11 22:54 - 2013-10-02 08:30 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2015-03-11 22:54 - 2013-10-02 08:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2015-03-11 22:54 - 2013-10-02 08:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2015-03-11 22:54 - 2013-10-02 07:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-03-11 22:54 - 2013-10-02 07:45 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2015-03-11 22:54 - 2013-10-02 07:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-03-11 22:54 - 2013-10-02 06:53 - 00350208 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-03-11 22:54 - 2013-10-02 06:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2015-03-11 22:54 - 2012-08-23 22:44 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2015-03-11 22:54 - 2012-08-23 19:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2015-03-11 22:51 - 2011-09-22 17:18 - 00089960 _____ (Microsoft Corporation) C:\Windows\system32\SQSRVRES.DLL
2015-03-11 22:51 - 2011-09-22 17:18 - 00073064 _____ (Microsoft Corporation) C:\Windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
2015-03-11 21:26 - 2015-02-24 10:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-11 21:26 - 2015-02-21 08:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 21:26 - 2015-02-21 08:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 21:26 - 2015-02-21 08:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 21:26 - 2015-02-21 08:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 21:26 - 2015-02-21 07:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 21:26 - 2015-02-20 10:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 21:26 - 2015-02-20 10:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-11 21:26 - 2015-02-20 10:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 21:26 - 2015-02-20 10:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-11 21:26 - 2015-02-20 10:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-11 21:26 - 2015-02-20 10:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-11 21:26 - 2015-02-20 10:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 21:26 - 2015-02-20 10:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 21:26 - 2015-02-20 10:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-11 21:26 - 2015-02-20 09:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-11 21:26 - 2015-02-20 09:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-11 21:26 - 2015-02-20 09:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 21:26 - 2015-02-20 09:56 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-11 21:26 - 2015-02-20 09:50 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-11 21:26 - 2015-02-20 09:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-11 21:26 - 2015-02-20 09:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-11 21:26 - 2015-02-20 09:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 21:26 - 2015-02-20 09:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 21:26 - 2015-02-20 09:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 21:26 - 2015-02-20 09:24 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-11 21:26 - 2015-02-20 09:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-11 21:26 - 2015-02-20 09:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 21:26 - 2015-02-20 08:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 21:26 - 2015-02-20 08:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-11 21:24 - 2015-02-26 11:11 - 02381312 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 21:24 - 2015-02-20 12:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-11 21:24 - 2015-02-20 12:13 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 21:24 - 2015-02-20 12:13 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-11 21:24 - 2015-02-20 12:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-11 21:24 - 2015-02-20 11:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 21:24 - 2015-02-13 13:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 21:24 - 2015-02-03 11:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 21:24 - 2015-01-17 10:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 21:23 - 2015-03-06 13:15 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-11 21:23 - 2015-03-06 13:15 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-11 21:23 - 2015-03-06 13:10 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-11 21:23 - 2015-03-06 13:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-11 21:23 - 2015-03-06 13:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-11 21:23 - 2015-03-06 13:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 21:23 - 2015-03-06 13:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-11 21:23 - 2015-03-06 13:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-11 21:23 - 2015-03-06 13:10 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-11 21:23 - 2015-03-06 13:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-11 21:23 - 2015-03-06 13:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-11 21:23 - 2015-03-06 13:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-11 21:23 - 2015-03-06 13:10 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-11 21:23 - 2015-03-06 13:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-11 21:23 - 2015-03-06 13:09 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-11 21:23 - 2015-03-06 13:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-11 21:23 - 2015-03-06 13:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-11 21:23 - 2015-03-06 13:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-11 21:21 - 2015-02-04 10:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 21:12 - 2015-02-03 11:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 21:11 - 2015-02-03 11:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-03-11 21:11 - 2015-02-03 11:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 21:11 - 2015-02-03 11:16 - 00078784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-11 21:11 - 2015-02-03 11:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-11 21:11 - 2015-02-03 11:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-11 21:11 - 2015-02-03 11:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-11 21:11 - 2015-02-03 11:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-11 21:11 - 2015-02-03 11:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-11 21:11 - 2015-02-03 11:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-11 21:11 - 2015-02-03 11:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-11 21:11 - 2015-02-03 11:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-11 21:11 - 2015-02-03 11:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-11 21:11 - 2015-02-03 11:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-11 21:11 - 2015-02-03 11:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-11 21:11 - 2015-02-03 11:12 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-11 21:11 - 2015-02-03 11:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-11 21:11 - 2015-02-03 11:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-11 21:11 - 2015-02-03 11:12 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-11 21:11 - 2015-02-03 11:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-11 21:11 - 2015-02-03 11:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-11 21:11 - 2015-02-03 11:12 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-11 21:11 - 2015-02-03 11:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-11 21:11 - 2015-02-03 11:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-11 21:11 - 2015-02-03 11:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-11 21:11 - 2015-02-03 11:12 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-11 21:11 - 2015-02-03 11:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-11 21:11 - 2015-02-03 11:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-11 21:11 - 2015-02-03 11:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-11 21:11 - 2015-02-03 11:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-11 21:11 - 2015-02-03 11:12 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-11 21:11 - 2015-02-03 11:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-11 21:11 - 2015-02-03 11:12 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-11 21:11 - 2015-02-03 11:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-11 21:11 - 2015-02-03 11:12 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-11 21:11 - 2015-02-03 11:12 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-11 21:11 - 2015-02-03 11:12 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-11 21:11 - 2015-02-03 11:12 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-11 21:11 - 2015-02-03 11:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-11 21:11 - 2015-02-03 11:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-11 21:11 - 2015-02-03 11:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-11 21:11 - 2015-02-03 11:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-11 21:11 - 2015-02-03 11:11 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-11 21:11 - 2015-02-03 11:11 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-11 21:11 - 2015-02-03 11:11 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-11 21:11 - 2015-02-03 11:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-11 21:11 - 2015-02-03 11:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-11 21:11 - 2015-02-03 11:11 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-11 21:11 - 2015-02-03 11:11 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-11 21:11 - 2015-02-03 11:11 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-11 21:11 - 2015-02-03 11:10 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-11 21:11 - 2015-02-03 11:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-11 21:11 - 2015-02-03 11:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-11 21:11 - 2015-02-03 11:00 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-11 21:11 - 2015-02-03 10:26 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-11 21:11 - 2015-01-31 07:56 - 00370488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-11 21:11 - 2014-11-01 06:22 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-10 00:20 - 2015-03-10 00:20 - 00000000 ____D () C:\Users\melanie mok\Documents\Adobe
2015-03-10 00:20 - 2015-03-10 00:20 - 00000000 ____D () C:\ProgramData\FLEXnet
2015-03-09 22:18 - 2015-03-15 17:25 - 00025216 _____ () C:\Windows\setupact.log
2015-03-09 22:18 - 2015-03-09 22:18 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-09 22:17 - 2015-03-13 18:24 - 00007670 _____ () C:\Windows\PFRO.log
2015-03-06 08:02 - 2015-03-06 08:02 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-03-05 23:49 - 2015-03-05 23:49 - 00000000 ____D () C:\Windows\pss
2015-03-05 22:52 - 2015-03-05 22:52 - 00366194 _____ () C:\Users\melanie mok\Documents\cc_20150305_225229.reg
2015-03-04 19:18 - 2015-03-04 19:18 - 00000000 ____D () C:\Users\melanie mok\AppData\Roaming\Dropbox
2015-03-04 19:16 - 2015-03-04 19:16 - 00000000 ____D () C:\Users\melanie mok\AppData\Roaming\AVAST Software
2015-03-04 18:57 - 2015-03-04 18:57 - 00000000 ____D () C:\Windows\system32\vbox
2015-03-04 18:56 - 2015-03-04 18:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-03-04 18:55 - 2015-03-04 18:55 - 00788272 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-03-04 18:55 - 2015-03-04 18:55 - 00427480 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-03-04 18:55 - 2015-03-04 18:55 - 00206976 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-03-04 18:55 - 2015-03-04 18:55 - 00106912 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-03-04 18:55 - 2015-03-04 18:55 - 00081728 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-03-04 18:55 - 2015-03-04 18:55 - 00073440 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-03-04 18:55 - 2015-03-04 18:55 - 00049904 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-03-04 18:55 - 2015-03-04 18:55 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-03-04 18:55 - 2015-03-04 18:55 - 00024144 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-03-04 18:49 - 2015-03-04 18:49 - 00000000 ____D () C:\Program Files\AVAST Software
2015-03-04 18:46 - 2015-03-04 18:47 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-03-01 18:59 - 2015-03-01 19:00 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-02-28 00:44 - 2015-02-28 00:44 - 00000000 ____D () C:\Users\melanie mok\AppData\Local\Macromedia
2015-02-28 00:29 - 2015-03-14 08:40 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-02-28 00:29 - 2015-02-28 00:29 - 00001081 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-28 00:29 - 2015-02-28 00:29 - 00000000 ____D () C:\ProgramData\Mozilla
2015-02-26 10:21 - 2015-01-09 10:48 - 00635904 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-26 10:21 - 2015-01-09 10:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-26 10:21 - 2015-01-09 10:48 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-25 12:35 - 2015-01-09 07:44 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-17 16:04 - 2015-02-17 16:04 - 01202848 _____ (Microsoft Corporation) C:\Windows\system32\FM20.DLL

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-16 00:20 - 2012-07-13 11:46 - 00000932 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2912928045-2303475615-2363683268-1003UA.job
2015-03-16 00:00 - 2012-04-14 11:35 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-15 23:48 - 2011-03-21 10:49 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-15 21:53 - 2011-03-20 03:14 - 01328997 _____ () C:\Windows\WindowsUpdate.log
2015-03-15 21:52 - 2011-03-21 10:49 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-15 17:35 - 2011-03-20 02:47 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-15 17:35 - 2011-03-20 02:47 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-15 17:25 - 2009-07-14 12:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-15 10:20 - 2012-07-13 11:46 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2912928045-2303475615-2363683268-1003Core.job
2015-03-15 09:22 - 2008-07-23 05:56 - 00000000 ____D () C:\Program Files\Common Files\Sony Shared
2015-03-15 09:22 - 2008-07-23 04:15 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-03-15 08:36 - 2008-07-23 05:58 - 00000000 ____D () C:\Program Files\Sony
2015-03-14 22:05 - 2011-03-20 02:48 - 00000000 ____D () C:\Users\melanie mok
2015-03-14 22:03 - 2011-03-21 10:49 - 00000000 ____D () C:\Program Files\Google
2015-03-14 22:03 - 2011-03-20 14:12 - 00000000 ____D () C:\Users\melanie mok\AppData\Local\Google
2015-03-14 14:14 - 2014-07-02 00:20 - 01241088 ___SH () C:\Users\melanie mok\Downloads\Thumbs.db
2015-03-14 09:25 - 2011-03-20 04:05 - 00000000 ____D () C:\Users\melanie mok\AppData\Local\Adobe
2015-03-14 09:20 - 2012-04-14 11:35 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-03-14 09:20 - 2011-05-26 13:24 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-03-14 00:11 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\wfp
2015-03-14 00:11 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\registration
2015-03-13 23:56 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2015-03-13 21:15 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\rescache
2015-03-12 19:39 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-03-12 19:27 - 2011-03-20 09:37 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2015-03-12 07:30 - 2009-07-14 10:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-11 22:51 - 2011-05-25 14:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008
2015-03-11 22:51 - 2011-03-20 03:24 - 00794586 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-11 22:50 - 2011-03-20 09:34 - 00000000 ____D () C:\Program Files\Microsoft.NET
2015-03-11 22:20 - 2009-07-14 12:33 - 00420544 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-11 21:58 - 2011-03-20 09:31 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-11 21:55 - 2013-08-17 23:18 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-11 21:46 - 2011-03-23 13:32 - 119837696 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-11 21:21 - 2008-07-23 05:59 - 00000000 ____D () C:\ProgramData\Sony Corporation
2015-03-10 08:29 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\zh-TW
2015-03-10 08:29 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\zh-CN
2015-03-10 08:29 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\sv-SE
2015-03-10 08:29 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\ru-RU
2015-03-10 08:29 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\pt-BR
2015-03-10 08:29 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\pl-PL
2015-03-10 08:29 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\nl-NL
2015-03-10 08:29 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\nb-NO
2015-03-10 08:29 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\ko-KR
2015-03-10 08:29 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\ja-JP
2015-03-10 08:29 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\it-IT
2015-03-10 08:29 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\fr-FR
2015-03-10 08:29 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\fi-FI
2015-03-10 08:29 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\de-DE
2015-03-10 07:42 - 2011-03-20 04:02 - 00116096 _____ () C:\Users\melanie mok\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-10 07:40 - 2011-03-20 00:03 - 00000000 ____D () C:\Program Files\7-Zip
2015-03-10 00:27 - 2011-03-20 09:47 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-03-10 00:25 - 2011-03-20 00:43 - 00000000 ____D () C:\Users\melanie mok\AppData\Roaming\Adobe
2015-03-10 00:21 - 2011-03-19 23:43 - 00000000 ____D () C:\Users\melanie mok\AppData\Roaming\Sony Corporation
2015-03-10 00:19 - 2011-03-20 09:44 - 00000000 ____D () C:\Program Files\Adobe
2015-03-09 08:32 - 2012-04-22 22:24 - 00000000 ____D () C:\Users\melanie mok\Documents\WebCam Media
2015-03-09 08:32 - 2011-12-18 05:08 - 01336832 ___SH () C:\Users\melanie mok\Documents\Thumbs.db
2015-03-09 08:02 - 2011-08-21 19:30 - 00000000 ____D () C:\Users\melanie mok\AppData\Roaming\NJStar
2015-03-06 07:47 - 2011-03-20 10:02 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Audio Suite
2015-03-01 18:59 - 2011-03-20 09:47 - 00000000 ____D () C:\ProgramData\Adobe
2015-03-01 15:15 - 2011-08-15 00:11 - 00000000 ____D () C:\Users\melanie mok\AppData\Roaming\Media Player Classic
2015-02-28 00:33 - 2011-05-26 13:07 - 00000000 ____D () C:\Users\melanie mok\AppData\Roaming\Mozilla
2015-02-28 00:33 - 2011-05-26 13:07 - 00000000 ____D () C:\Users\melanie mok\AppData\Local\Mozilla
2015-02-27 20:05 - 2012-02-23 22:28 - 00000000 ____D () C:\eclipse
2015-02-26 14:43 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\tracing
2015-02-24 03:23 - 2011-03-20 03:37 - 00246920 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2011-08-03 14:14 - 2014-09-01 13:45 - 0154112 _____ () C:\Users\melanie mok\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-10-29 22:12 - 2011-10-29 22:12 - 0000017 _____ () C:\Users\melanie mok\AppData\Local\resmon.resmoncfg
2011-08-04 22:08 - 2011-08-04 22:08 - 0000000 _____ () C:\Users\melanie mok\AppData\Local\{ABB31BE8-6147-41EB-8118-A320C2A812AF}
2011-03-21 01:24 - 2011-03-21 01:24 - 0000056 ____H () C:\ProgramData\ezsidmv.dat

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-13 21:07

==================== End Of Log ============================

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by melanie mok at 2015-03-16 00:38:45
Running from C:\Users\melanie mok\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2007 Microsoft Office system (HKLM\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
ArcSoft Magic-i Visual Effects (HKLM\...\{7BB90344-0647-468E-925A-7F69F7983421}) (Version:  - ArcSoft)
ArcSoft WebCam Companion 2 (HKLM\...\{9973498D-EA29-4A68-BE0B-C88D6E03E928}) (Version:  - ArcSoft)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.2.2214 - AVAST Software)
Business Contact Manager for Outlook 2007 SP2 (HKLM\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation)
Business Contact Manager for Outlook 2007 SP2 (Version: 3.0.8619.1 - Microsoft Corporation) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.08 - Piriform)
Click to Disc (HKLM\...\{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}) (Version: 1.2.00.06190 - Sony Corporation)
Click to Disc (Version: 1.2.00.06190 - Sony Corporation) Hidden
Click to Disc Editor (HKLM\...\InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}) (Version: 1.2.00 - Sony Corporation)
Click to Disc Editor (Version: 1.2.00 - Sony Corporation) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dolby Control Center (HKLM\...\{F485E43D-18B1-4B40-AF4B-EDA78E91DA80}) (Version: 1.1.0402 - Dolby)
GDR 5520 for SQL Server 2008 (KB2977321) (HKLM\...\KB2977321) (Version: 10.3.5520.0 - Microsoft Corporation)
Google Chrome (HKU\S-1-5-21-2912928045-2303475615-2363683268-1003\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.)
Google Drive (HKLM\...\{6C36881B-0E51-4231-9D02-BF2149664D34}) (Version: 1.20.8672.3137 - Google, Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_104D1700) (Version:  - )
iLivid (Version: 1.92.0.121952 - Bandoo Media Inc.) Hidden <==== ATTENTION
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Java DB 10.6.2.1 (HKLM\...\{73EC658D-A1C6-40CA-8E86-E05821BAACE7}) (Version: 10.6.2.1 - Oracle)
Java™ 6 Update 32 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216032FF}) (Version: 6.0.320 - Oracle)
Java™ 6 Update 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160060}) (Version: 1.6.0.60 - Sun Microsystems, Inc.)
Java™ SE Development Kit 6 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0160000}) (Version: 1.6.0.0 - Sun Microsystems, Inc.)
Java™ SE Development Kit 6 Update 32 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0160320}) (Version: 1.6.0.320 - Oracle)
Java™ SE Runtime Environment 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160000}) (Version: 1.6.0.0 - Sun Microsystems, Inc.)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Codec Pack 7.5.0 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 7.5.0 - )
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 (HKLM\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{83298573-A6B6-42AB-A234-FE91CA2859C0}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{5D60AB1A-2409-4829-83D4-0972856D885A}) (Version: 10.3.5520.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{50A0893D-47D8-48E0-A7E8-44BCD7E4422E}) (Version: 9.00.2047.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Express - ENU (HKLM\...\Microsoft Visual C++ 2010 Express - ENU) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (HKLM\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 36.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 36.0.1 (x86 en-US)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 31.5.0 - Mozilla)
Mozilla Thunderbird 31.5.0 (x86 en-US) (HKLM\...\Mozilla Thunderbird 31.5.0 (x86 en-US)) (Version: 31.5.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Music Transfer (HKLM\...\{CE2121C6-C94D-4A73-8EA4-6943F33EE335}) (Version: 1.2.00.17290 - Sony Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
OpenMG Secure Module 5.1.00 (HKLM\...\InstallShield_{C1083DBC-C541-4E8C-91EA-D92397AB9A2C}) (Version: 5.1.00.05200 - Sony Corporation)
OpenMG Secure Module 5.1.00 (Version: 5.1.00.05200 - Sony Corporation) Hidden
Primo (Version: 1.00.0000 - Your Company Name) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - Realtek Semiconductor Corp.)
Roxio Easy Media Creator 10 LJ (HKLM\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.1 - Roxio)
Service Pack 3 for SQL Server 2008 (KB2546951) (HKLM\...\KB2546951) (Version: 10.3.5500.0 - Microsoft Corporation)
Setting Utility Series (HKLM\...\{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}) (Version: 4.1.00.07170 - Sony Corporation)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SonicStage Mastering Studio Audio Filter (HKLM\...\{DF7DB916-90E5-40F2-9010-B8125EB5FD6F}) (Version: 2.5 - Sony Corporation)
SonicStage Mastering Studio Audio Filter Custom Preset (HKLM\...\{EC37A846-53AC-4DA7-98FA-76A4E74AA900}) (Version: 2.5 - Sony Corporation)
SonicStage Mastering Studio Plugins (HKLM\...\{9C1C8A04-F8CA-4472-A92D-4288CE32DE86}) (Version: 2.5 - Sony Corporation)
Sony Picture Utility (HKLM\...\{D5068583-D569-468B-9755-5FBF5848F46F}) (Version: 3.2.02.06170 - Sony Corporation)
Sony Video Shared Library (HKLM\...\{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}) (Version: 3.4.00 - Sony Corporation)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Sql Server Customer Experience Improvement Program (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
SweetIM for Messenger 3.6 (HKLM\...\{B85C4CB2-B352-4BD8-818C-BCE353599107}) (Version: 3.6.0007 - SweetIM Technologies Ltd.) <==== ATTENTION
SweetPacks Toolbar for Internet Explorer 4.4 (HKLM\...\{2F603A45-D956-496B-81B5-50D782424976}) (Version: 4.4.0001 - SweetIM Technologies Ltd.) <==== ATTENTION
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.1.16.0 - Synaptics)
System Requirements Lab (HKLM\...\SystemRequirementsLab) (Version:  - )
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VAIO Control Center (HKLM\...\{72042FA6-5609-489F-A8EA-3C2DD650F667}) (Version: 3.1.00.07110 - Sony Corporation)
VAIO Data Restore Tool (HKLM\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.0.04.01170 - Sony Corporation)
VAIO DVD Menu Data Basic (HKLM\...\{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}) (Version: 1.0.00.08130 - Sony Corporation)
VAIO Edit Components 6.4 (HKLM\...\{B7C03E84-AF46-42F4-809D-D4127D9086D0}) (Version: 6.4 - Sony Corporation)
VAIO Entertainment Platform (HKLM\...\{6B1F20F2-6321-4669-A58C-33DF8E7517FF}) (Version: 3.2.00.06200 - Sony Corporation)
VAIO Entertainment Platform (Version: 3.2.00.06200 - Sony Corporation) Hidden
VAIO Event Service (HKLM\...\{C7477742-DDB4-43E5-AC8D-0259E1E661B1}) (Version: 4.1.00.07150 - Sony Corporation)
VAIO Launcher (HKLM\...\{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}) (Version: 2.1.00.06130 - Sony Corporation)
VAIO Manual (HKLM\...\{AA171A69-F942-40DA-AE3A-EA91026A1CAE}) (Version: 2.4.00.06190 - Sony Corporation)
VAIO Media plus (HKLM\...\{1316AEF2-E086-46C7-B1FB-8C9A39A2ABF9}) (Version: 1.1.00.05240 - Sony Corporation)
VAIO Media plus (Version: 1.1.00.05240 - Sony Corporation) Hidden
VAIO Movie Story (HKLM\...\{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}) (Version: 1.3.00.06240 - Sony Corporation)
VAIO Movie Story (Version: 1.3.00.06240 - Sony Corporation) Hidden
VAIO Movie Story Template Data (HKLM\...\{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}) (Version: 1.3.00.06120 - Sony Corporation)
VAIO Original Function Setting (HKLM\...\{A63E7492-A0BC-4BB9-89A7-352965222380}) (Version: 1.4.00.04230 - Sony Corporation)
VLC media player 1.1.9 (HKLM\...\VLC media player) (Version: 1.1.9 - VideoLAN)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2912928045-2303475615-2363683268-1003_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\melanie mok\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2912928045-2303475615-2363683268-1003_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\melanie mok\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2912928045-2303475615-2363683268-1003_Classes\CLSID\{22E4AC92-9181-95C8-89DC-58C7EC9821E9}\InprocServer32 -> %CommonProgramFiles%\Microsoft Shared\Ink\InkObj.dll No File
CustomCLSID: HKU\S-1-5-21-2912928045-2303475615-2363683268-1003_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\melanie mok\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2912928045-2303475615-2363683268-1003_Classes\CLSID\{486B32F5-5BED-1246-6E52-E690C2234016}\InprocServer32 -> %CommonProgramFiles%\Microsoft Shared\Ink\InkObj.dll No File
CustomCLSID: HKU\S-1-5-21-2912928045-2303475615-2363683268-1003_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\melanie mok\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2912928045-2303475615-2363683268-1003_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\melanie mok\AppData\Local\Google\Chrome\Application\41.0.2272.89\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2912928045-2303475615-2363683268-1003_Classes\CLSID\{64B6795C-C444-33E7-94E6-8AF6A04A3A93}\InprocServer32 -> %CommonProgramFiles%\Microsoft Shared\Ink\InkObj.dll No File
CustomCLSID: HKU\S-1-5-21-2912928045-2303475615-2363683268-1003_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\melanie mok\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2912928045-2303475615-2363683268-1003_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\melanie mok\AppData\Local\Google\Update\1.3.26.9\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2912928045-2303475615-2363683268-1003_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\melanie mok\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2912928045-2303475615-2363683268-1003_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\melanie mok\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2912928045-2303475615-2363683268-1003_Classes\CLSID\{E6C6A337-33F8-732D-144F-4D6F0138EBA6}\InprocServer32 -> %CommonProgramFiles%\Microsoft Shared\Ink\InkObj.dll No File
CustomCLSID: HKU\S-1-5-21-2912928045-2303475615-2363683268-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\melanie mok\AppData\Local\Google\Update\1.3.26.9\psuser.dll (Google Inc.)

==================== Restore Points  =========================

01-03-2015 18:56:34 Windows Update
03-03-2015 18:51:39 Windows Defender Checkpoint
04-03-2015 18:49:36 avast! antivirus system restore point
05-03-2015 07:16:22 Windows Defender Checkpoint
05-03-2015 23:40:33 Windows Backup
06-03-2015 07:45:02 Removed SonicStage Mastering Studio
06-03-2015 17:52:26 Windows Update
08-03-2015 19:02:01 Windows Backup
09-03-2015 08:01:19 已除去 WinDVD
09-03-2015 08:02:31 已除去 WinDVD
10-03-2015 00:23:00 Removed Adobe Premiere Elements 4.0.
10-03-2015 07:47:55 Removed VAIO Content Folder Setting
10-03-2015 07:48:22 Removed Bonjour
10-03-2015 07:51:55 Removed VAIO Update 4
10-03-2015 08:22:46 Removed VAIO Wallpaper Contents
10-03-2015 08:23:47 Removed VAIO Smart Network
10-03-2015 08:26:30 Removed WIDCOMM Bluetooth Software 6.2.0.4100
11-03-2015 21:04:52 Windows Update
11-03-2015 21:21:25 Removed VAIO Power Management
11-03-2015 21:25:14 Removed VAIO MusicBox
11-03-2015 21:26:53 Removed VAIO Sample Music
11-03-2015 21:29:33 Windows Update
11-03-2015 22:41:48 Windows Update
12-03-2015 07:23:55 Windows Update
12-03-2015 19:23:45 Windows Update
12-03-2015 21:45:28 Windows Update
13-03-2015 08:15:48 avast! antivirus system restore point
13-03-2015 19:46:29 Windows Update
15-03-2015 08:30:57 Removed VAIO Content Metadata Intelligent Analyzing Manager
15-03-2015 08:35:23 Removed VAIO Content Metadata Manager Setting
15-03-2015 09:21:07 Removed VAIO Content Metadata XML Interface Library
15-03-2015 21:53:47 Windows Backup

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 18:23 - 2006-09-19 05:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0511ACAB-A55D-4152-AC04-7A660F377F05} - System32\Tasks\SONY\Prepare your VAIO\Prepare your VAIO => C:\Program Files\Sony\Prepare your VAIO\PYV.exe [2008-06-20] (Sony Corporation)
Task: {1228DDFE-1CAF-4BC1-AFFD-909CB0614E90} - System32\Tasks\{96E009A6-C07C-4C66-A099-FDEF9882548D} => pcalua.exe -a "C:\Users\melanie mok\AppData\Local\Temp\wzb2af\Animal Paradise Tycoon\Animal Paradise Tycoon.part01.exe" -d "C:\Users\melanie mok\Downloads"
Task: {172D0F7F-7913-44E3-B0B1-EC490FFF6AE7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-14] (Adobe Systems Incorporated)
Task: {517D4FDC-F082-4838-B149-C5B3F7D09BED} - System32\Tasks\{74996059-645D-4DC7-8085-EA6A4435CE8D} => Chrome.exe http://ui.skype.com/ui/0/5.5.0.113/en/abandoninstall?page=tsPlugin&amp;installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:notoffered;ienotdefaultbrowser2
Task: {561375CB-FF5A-417B-B297-BA73DE149581} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs
Task: {8993B80C-3FC4-4864-BFFB-63263CD2AA61} - System32\Tasks\{DB2944FE-B09D-4927-9BF0-9DF500D54934} => C:\Program Files\Skype\\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {8CF9E3A3-1A25-4A9A-A279-166477D6CF99} - System32\Tasks\{6D4F6EC0-0588-477E-86CD-4F1B67121F34} => pcalua.exe -a C:\Windows\UN091222.EXE -c /UNINST
Task: {90EA784D-1620-4E32-94AA-7E8DB0172F4A} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-03-04] (Avast Software s.r.o.)
Task: {96997B1A-11B7-4F86-B593-092B665BE5F4} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {9F3AF3CE-75A3-40C6-AF60-5766F04513F5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-26] (Google Inc.)
Task: {A8554712-857E-4652-9047-DB8820405549} - System32\Tasks\{EA2D36D4-A488-4770-83D4-8DA74F2107C8} => pcalua.exe -a I:\DriveNavi.EXE -d I:\
Task: {AFE8B0A0-BA40-4082-9411-B6D045770119} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-26] (Google Inc.)
Task: {C1ED7951-339C-4B3E-9B34-0830ECBBBAC2} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {C3147978-340B-4DC6-BCEA-F807DE0ED6B5} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {D0D39D2E-852A-455D-882C-63CFFF20E033} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2912928045-2303475615-2363683268-1003UA => C:\Users\melanie mok\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-21] (Google Inc.)
Task: {D355F389-579F-473F-B66A-C82BB938997C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2912928045-2303475615-2363683268-1003Core => C:\Users\melanie mok\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-21] (Google Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2912928045-2303475615-2363683268-1003Core.job => C:\Users\melanie mok\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2912928045-2303475615-2363683268-1003UA.job => C:\Users\melanie mok\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2015-03-04 18:55 - 2015-03-04 18:55 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-03-04 18:55 - 2015-03-04 18:55 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-03-15 07:52 - 2015-03-15 07:52 - 02922496 _____ () C:\Program Files\AVAST Software\Avast\defs\15031401\algo.dll
2015-03-15 17:29 - 2015-03-15 17:29 - 02922496 _____ () C:\Program Files\AVAST Software\Avast\defs\15031500\algo.dll
2015-03-15 09:25 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-03-15 09:25 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2015-03-04 18:55 - 2015-03-04 18:55 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-03-15 09:25 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2008-07-23 05:59 - 2008-07-16 09:04 - 00010752 _____ () C:\Program Files\Sony\VAIO Event Service\VESBasePS.dll
2008-07-23 05:59 - 2008-07-16 09:04 - 00009728 _____ () C:\Program Files\Sony\VAIO Event Service\VESMgrSubPS.dll
2015-03-15 17:25 - 2015-03-15 17:25 - 00098816 _____ () C:\Users\melanie mok\AppData\Local\Temp\_MEI26882\win32api.pyd
2015-03-15 17:25 - 2015-03-15 17:25 - 00110080 _____ () C:\Users\melanie mok\AppData\Local\Temp\_MEI26882\pywintypes27.dll
2015-03-15 17:25 - 2015-03-15 17:25 - 00364544 _____ () C:\Users\melanie mok\AppData\Local\Temp\_MEI26882\pythoncom27.dll
2015-03-15 17:25 - 2015-03-15 17:25 - 00045568 _____ () C:\Users\melanie mok\AppData\Local\Temp\_MEI26882\_socket.pyd
2015-03-15 17:25 - 2015-03-15 17:25 - 01161216 _____ () C:\Users\melanie mok\AppData\Local\Temp\_MEI26882\_ssl.pyd
2015-03-15 17:25 - 2015-03-15 17:25 - 00320512 _____ () C:\Users\melanie mok\AppData\Local\Temp\_MEI26882\win32com.shell.shell.pyd
2015-03-15 17:25 - 2015-03-15 17:25 - 00713216 _____ () C:\Users\melanie mok\AppData\Local\Temp\_MEI26882\_hashlib.pyd
2015-03-15 17:25 - 2015-03-15 17:25 - 01175040 _____ () C:\Users\melanie mok\AppData\Local\Temp\_MEI26882\wx._core_.pyd
2015-03-15 17:25 - 2015-03-15 17:25 - 00805888 _____ () C:\Users\melanie mok\AppData\Local\Temp\_MEI26882\wx._gdi_.pyd
2015-03-15 17:25 - 2015-03-15 17:25 - 00811008 _____ () C:\Users\melanie mok\AppData\Local\Temp\_MEI26882\wx._windows_.pyd
2015-03-15 17:25 - 2015-03-15 17:25 - 01062400 _____ () C:\Users\melanie mok\AppData\Local\Temp\_MEI26882\wx._controls_.pyd
2015-03-15 17:25 - 2015-03-15 17:25 - 00735232 _____ () C:\Users\melanie mok\AppData\Local\Temp\_MEI26882\wx._misc_.pyd
2015-03-15 17:25 - 2015-03-15 17:25 - 00682496 _____ () C:\Users\melanie mok\AppData\Local\Temp\_MEI26882\pysqlite2._sqlite.pyd
2015-03-15 17:25 - 2015-03-15 17:25 - 00128512 _____ () C:\Users\melanie mok\AppData\Local\Temp\_MEI26882\_elementtree.pyd
2015-03-15 17:25 - 2015-03-15 17:25 - 00127488 _____ () C:\Users\melanie mok\AppData\Local\Temp\_MEI26882\pyexpat.pyd
2015-03-15 17:25 - 2015-03-15 17:25 - 00087552 _____ () C:\Users\melanie mok\AppData\Local\Temp\_MEI26882\_ctypes.pyd
2015-03-15 17:25 - 2015-03-15 17:25 - 00119808 _____ () C:\Users\melanie mok\AppData\Local\Temp\_MEI26882\win32file.pyd
2015-03-15 17:25 - 2015-03-15 17:25 - 00108544 _____ () C:\Users\melanie mok\AppData\Local\Temp\_MEI26882\win32security.pyd
2015-03-15 17:25 - 2015-03-15 17:25 - 00007168 _____ () C:\Users\melanie mok\AppData\Local\Temp\_MEI26882\hashobjs_ext.pyd
2015-03-15 17:25 - 2015-03-15 17:25 - 00167936 _____ () C:\Users\melanie mok\AppData\Local\Temp\_MEI26882\win32gui.pyd
2015-03-15 17:25 - 2015-03-15 17:25 - 00018432 _____ () C:\Users\melanie mok\AppData\Local\Temp\_MEI26882\win32event.pyd
2015-03-15 17:25 - 2015-03-15 17:25 - 00038912 _____ () C:\Users\melanie mok\AppData\Local\Temp\_MEI26882\win32inet.pyd
2015-03-15 17:25 - 2015-03-15 17:25 - 00011264 _____ () C:\Users\melanie mok\AppData\Local\Temp\_MEI26882\win32crypt.pyd
2015-03-15 17:25 - 2015-03-15 17:25 - 00070656 _____ () C:\Users\melanie mok\AppData\Local\Temp\_MEI26882\wx._html2.pyd
2015-03-15 17:25 - 2015-03-15 17:25 - 00027136 _____ () C:\Users\melanie mok\AppData\Local\Temp\_MEI26882\_multiprocessing.pyd
2015-03-15 17:25 - 2015-03-15 17:25 - 00020480 _____ () C:\Users\melanie mok\AppData\Local\Temp\_MEI26882\_yappi.pyd
2015-03-15 17:25 - 2015-03-15 17:25 - 00035840 _____ () C:\Users\melanie mok\AppData\Local\Temp\_MEI26882\win32process.pyd
2015-03-15 17:25 - 2015-03-15 17:25 - 00686080 _____ () C:\Users\melanie mok\AppData\Local\Temp\_MEI26882\unicodedata.pyd
2015-03-15 17:25 - 2015-03-15 17:25 - 00122368 _____ () C:\Users\melanie mok\AppData\Local\Temp\_MEI26882\wx._wizard.pyd
2015-03-15 17:25 - 2015-03-15 17:25 - 00024064 _____ () C:\Users\melanie mok\AppData\Local\Temp\_MEI26882\win32pipe.pyd
2015-03-15 17:25 - 2015-03-15 17:25 - 00010240 _____ () C:\Users\melanie mok\AppData\Local\Temp\_MEI26882\select.pyd
2015-03-15 17:25 - 2015-03-15 17:25 - 00025600 _____ () C:\Users\melanie mok\AppData\Local\Temp\_MEI26882\win32pdh.pyd
2015-03-15 17:25 - 2015-03-15 17:25 - 00525640 _____ () C:\Users\melanie mok\AppData\Local\Temp\_MEI26882\windows._lib_cacheinvalidation.pyd
2015-03-15 17:25 - 2015-03-15 17:25 - 00017408 _____ () C:\Users\melanie mok\AppData\Local\Temp\_MEI26882\win32profile.pyd
2015-03-15 17:25 - 2015-03-15 17:25 - 00022528 _____ () C:\Users\melanie mok\AppData\Local\Temp\_MEI26882\win32ts.pyd
2015-03-15 17:25 - 2015-03-15 17:25 - 00078336 _____ () C:\Users\melanie mok\AppData\Local\Temp\_MEI26882\wx._animate.pyd
2015-03-04 18:55 - 2015-03-04 18:55 - 01359872 _____ () C:\Program Files\AVAST Software\Avast\libglesv2.dll
2015-03-04 18:55 - 2015-03-04 18:55 - 00212992 _____ () C:\Program Files\AVAST Software\Avast\libegl.dll
2015-03-14 00:56 - 2015-02-23 17:26 - 03348080 _____ () C:\Program Files\Mozilla Thunderbird\mozjs.dll
2015-03-14 00:56 - 2015-02-23 17:26 - 00158832 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAP32V60.dll
2015-03-14 00:56 - 2015-02-23 17:26 - 00023152 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAPPR32V60.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2912928045-2303475615-2363683268-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\melanie mok\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 192.168.0.3

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: SweetIM => C:\Program Files\SweetIM\Messenger\SweetIM.exe

==================== Accounts: =============================

Administrator (S-1-5-21-2912928045-2303475615-2363683268-500 - Administrator - Disabled)
Guest (S-1-5-21-2912928045-2303475615-2363683268-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2912928045-2303475615-2363683268-1010 - Limited - Enabled)
melanie mok (S-1-5-21-2912928045-2303475615-2363683268-1003 - Administrator - Enabled) => C:\Users\melanie mok

==================== Faulty Device Manager Devices =============

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Hands-free Audio
Description: Bluetooth Hands-free Audio
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: btwaudio
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

Name: Bluetooth Remote Control
Description: Bluetooth Remote Control
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Broadcom Corp.
Service: btwavdt
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Remote Control
Description: Bluetooth Remote Control
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Broadcom Corp.
Service: btwavdt
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Remote Control
Description: Bluetooth Remote Control
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Broadcom Corp.
Service: btwavdt
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth L2CAP Interface
Description: Bluetooth L2CAP Interface
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Broadcom Corp.
Service: btwl2cap
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

Name: Bluetooth Remote Control
Description: Bluetooth Remote Control
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: Broadcom
Service: btwrchid
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/16/2015 00:36:51 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST.exe version 11.3.2015.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 15f8

Start Time: 01d05f3dfb6745dd

Termination Time: 0

Application Path: C:\Users\melanie mok\Desktop\FRST.exe

Report Id: 60b8fd52-cb31-11e4-bbf9-00214f54fe48

Error: (03/15/2015 05:27:53 PM) (Source: VzCdbSvc) (EventID: 7) (User: )
Description: Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error code = 0x80042019)

Error: (03/15/2015 05:26:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/15/2015 08:30:44 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {93b564f0-431c-4cae-a4f1-21dfd817512b}

Error: (03/15/2015 07:50:24 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/15/2015 07:50:11 AM) (Source: VzCdbSvc) (EventID: 7) (User: )
Description: Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error code = 0x80042019)

Error: (03/14/2015 08:58:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/14/2015 08:58:17 PM) (Source: VzCdbSvc) (EventID: 7) (User: )
Description: Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error code = 0x80042019)

Error: (03/14/2015 08:43:31 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/14/2015 08:43:25 AM) (Source: VzCdbSvc) (EventID: 7) (User: )
Description: Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error code = 0x80042019)


System errors:
=============
Error: (03/15/2015 05:27:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
%%1053

Error: (03/15/2015 05:27:22 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

Error: (03/15/2015 05:25:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
%%1053

Error: (03/15/2015 05:25:54 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

Error: (03/15/2015 05:25:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BackupService service failed to start due to the following error:
%%193

Error: (03/15/2015 05:25:07 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The NVIDIA Display Driver Service service depends the following service: nvlddmkm. This service might not be installed.

Error: (03/15/2015 07:51:53 AM) (Source: Microsoft-Windows-Application-Experience) (EventID: 205) (User: NT AUTHORITY)
Description: The Program Compatibility Assistant service failed to perform the phase two initialization.

Error: (03/15/2015 07:49:25 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BackupService service failed to start due to the following error:
%%193

Error: (03/15/2015 07:49:20 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The NVIDIA Display Driver Service service depends the following service: nvlddmkm. This service might not be installed.

Error: (03/14/2015 08:57:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BackupService service failed to start due to the following error:
%%193


Microsoft Office Sessions:
=========================
Error: (08/21/2011 10:16:45 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 361 seconds with 120 seconds of active time.  This session ended with a crash.


==================== Memory info ===========================

Processor: Intel® Pentium® Dual CPU T3400 @ 2.16GHz
Percentage of memory in use: 71%
Total physical RAM: 1914.98 MB
Available physical RAM: 546.2 MB
Total Pagefile: 3829.96 MB
Available Pagefile: 1848.26 MB
Total Virtual: 2047.88 MB
Available Virtual: 1910.63 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:182.04 GB) (Free:62.85 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive h: () (Fixed) (Total:40.18 GB) (Free:35.18 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: E257050B)
Partition 1: (Not Active) - (Size=10.7 GB) - (Type=27)
Partition 2: (Active) - (Size=182 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=40.2 GB) - (Type=07 NTFS)

==================== End Of Log ============================


Edited by tiki01-, 15 March 2015 - 11:55 AM.


#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:32 PM

Posted 15 March 2015 - 11:54 AM

Step 1

Please uninstall some programs:

  • Windows 7w7.png: Click on the Start Menu button, open Control Panel and click Uninstall a program.
  • Search and select the following programs one by one and click on Uninstall: iLivid, SweetIM for Messenger 3.6, SweetPacks Toolbar for Internet Explorer 4.
  • Reboot your computer.

Step 2

Please download adwcleaner.png AdwCleaner (by Xplode) and save it to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.

Step 3

Please download and install mbam.pngMalwarebytes Anti-Malware

  • Please open Malwarebytes Anti-Malware.
  • Please update the database by clicking on the "Update Now" button.
  • Following the update and click "Settings" [1] and go to "Detection and Protection" [2]
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard [3], then click on Scan Now [4] to start the scan.
    :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt so that you can decide what you want to do. I suggest "Quarantine All" [5]. Then click the button: Apply Actions. [6]
  • A window with an option to view the detailed log will appear.
    mbamlog.png
  • Click on "View detailed log".
  • After viewing the results, please click on the "Copy to Clipboard" button and then OK.
  • Return to our forum. Paste your log into your next reply.

mbameng.gif

Step 4

frst.pngfrstscan.png

Start FRST with administator privileges.

  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

Edited by deeprybka, 15 March 2015 - 11:55 AM.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 tiki01-

tiki01-
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:32 AM

Posted 15 March 2015 - 12:19 PM

I tried uninstalling SweetIM for Messenger 3.6, SweetPacks Toolbar for Internet Explorer 4 But both says the computer could not locate the files. I could not find iLivid to uninstall at Uninstall a program  also.

 

by the way, Is there a way i could attach my screenshot on to this post so you could see the messages prompted when i tried to uninstall?



#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:32 PM

Posted 15 March 2015 - 12:21 PM

Please proceed with step 2.


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 tiki01-

tiki01-
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:32 AM

Posted 16 March 2015 - 10:51 AM

# AdwCleaner v4.112 - Logfile created 16/03/2015 at 23:28:04
# Updated 09/03/2015 by Xplode
# Database : 2015-03-15.1 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x86)
# Username : melanie mok - VAIO
# Running from : C:\Users\melanie mok\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\fbphotozoom
Folder Deleted : C:\Program Files\Trymedia
Folder Deleted : C:\Users\melanie mok\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\melanie mok\AppData\Local\OpenCandy
Folder Deleted : C:\Users\melanie mok\AppData\Local\PackageAware
Folder Deleted : C:\Users\melanie mok\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\melanie mok\AppData\LocalLow\searchquband
Folder Deleted : C:\Users\melanie mok\AppData\Roaming\OpenCandy
File Deleted : C:\Users\melanie mok\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_lyrics.wikia.com_0.localstorage-journal
File Deleted : C:\Users\melanie mok\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
File Deleted : C:\Users\melanie mok\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage-journal
File Deleted : C:\Users\melanie mok\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_allin1convert.dl.tb.ask.com_0.localstorage-journal
File Deleted : C:\Users\melanie mok\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.ak.facebook.com_0.localstorage-journal
File Deleted : C:\Users\melanie mok\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.metrolyrics.com_0.localstorage-journal

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\bho_project.bho_object
Key Deleted : HKLM\SOFTWARE\Classes\bho_project.bho_object.1
Key Deleted : HKLM\SOFTWARE\Classes\ilivid
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SweetIM
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3106777
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{186E19A3-B909-4F48-B687-BB81EB8BC7CE}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [!{EEE6C35B-6118-11DC-9C72-001320C79847}]
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\searchqutoolbar
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\ilivid
Key Deleted : HKLM\SOFTWARE\Iminent
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Key Deleted : HKLM\SOFTWARE\Trymedia Systems
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F603A45-D956-496B-81B5-50D782424976}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A81A974F-8A22-43E6-9243-5198FF758DA1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B85C4CB2-B352-4BD8-818C-BCE353599107}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75D5168E5E176C24981B4E5DBD991078
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2BC4C58B253B8DB418C8CB3E35951970
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\54A306F2659DB694185B057D28249467
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\2B1E51D87B2D71A44BB42DDD5E894160
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\2BC4C58B253B8DB418C8CB3E35951970
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\54A306F2659DB694185B057D28249467
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\2B1E51D87B2D71A44BB42DDD5E894160
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\2BC4C58B253B8DB418C8CB3E35951970
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\54A306F2659DB694185B057D28249467
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17689


-\\ Mozilla Firefox v36.0.1 (x86 en-US)

[dkqlhdqz.default\prefs.js] - Line Deleted : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&appid=282&systemid=406&sr=0&q=");

-\\ Google Chrome v

[C:\Users\melanie mok\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.tb.ask.com/search/GGmain.jhtml?searchfor={searchTerms}&st=kwd&ptb=6F0A96A8-1833-42DA-8F60-F623EDFD7B7E&n=780c22fc&ind=2014061308&p2=^Z8^xdm021^YYA^my&si=CNT05PPw9r4CFdQVjgodPocAGA
[C:\Users\melanie mok\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.tb.ask.com/search/GGmain.jhtml?searchfor={searchTerms}&st=kwd&ptb=6F0A96A8-1833-42DA-8F60-F623EDFD7B7E&n=780c22fc&ind=2014061308&p2=^Z8^xdm021^YYA^my&si=CNT05PPw9r4CFdQVjgodPocAGA

*************************

AdwCleaner[R0].txt - [6572 bytes] - [16/03/2015 23:03:58]
AdwCleaner[R1].txt - [6631 bytes] - [16/03/2015 23:16:14]
AdwCleaner[S0].txt - [6693 bytes] - [16/03/2015 23:28:04]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6752  bytes] ##########
 



#8 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:32 PM

Posted 16 March 2015 - 11:01 AM

:thumbup2:


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#9 tiki01-

tiki01-
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:32 AM

Posted 16 March 2015 - 07:19 PM

The log i showed you is actually step 2.

 

ive proceeded to step 3 early morning and the computer frozed. this same thing happened twice even before i told you guys of this issue. I was also using Malwarebytes Anti-Malware at that time. i had to uninstall it thinking it was not-helping. it always froze after the detection of the #37th virus/malware.

 

I am not sure if the viruses is really gone.



#10 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:32 PM

Posted 17 March 2015 - 03:16 AM

OK,
please try MBAR instead of MBAM:

Step 1

Download mbar.PNGMalwarebytes Anti-Rootkit to your Desktop.
  • Double-click "mbar.exe" to start the tool.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder and paste the content of the following files in your next reply:
    • "mbar-log-{date} (xx-xx-xx).txt"
    • "system-log.txt"
mbar.gif
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#11 tiki01-

tiki01-
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:32 AM

Posted 17 March 2015 - 09:48 AM

Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.03.17.04
  rootkit: v2015.02.25.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.17691
melanie mok :: VAIO [administrator]

17-Mar-15 9:59:18 PM
mbar-log-2015-03-17 (21-59-18).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 331105
Time elapsed: 30 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.1.1004

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x86

Account is Administrative

Internet Explorer version: 11.0.9600.17691

Java version: 1.6.0_32

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, H:\ DRIVE_FIXED
CPU speed: 2.161000 GHz
Memory total: 2008002560, free: 922791936

Downloaded database version: v2015.03.17.04
Downloaded database version: v2015.02.25.01
Downloaded database version: v2015.03.09.01
=======================================
Initializing...
------------ Kernel report ------------
     03/17/2015 21:58:58
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\halmacpi.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\vmbus.sys
\SystemRoot\system32\drivers\winhv.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\PxHelp20.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\System32\Drivers\aswVmm.sys
\SystemRoot\System32\Drivers\aswRvrt.sys
\SystemRoot\system32\drivers\cdrom.sys
\SystemRoot\system32\drivers\aswSnx.sys
\SystemRoot\system32\drivers\aswSP.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\aswRdr2.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\system32\DRIVERS\DMICall.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\igdkmd32.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\yk62x86.sys
\SystemRoot\system32\DRIVERS\athr.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\drivers\1394ohci.sys
\SystemRoot\system32\DRIVERS\risdptsk.sys
\SystemRoot\system32\DRIVERS\rimsptsk.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\SFEP.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHDA.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\HSXHWAZL.sys
\SystemRoot\system32\DRIVERS\HSX_DPV.sys
\SystemRoot\system32\DRIVERS\HSX_CNXT.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\ArcSoftKsUFilter.sys
\SystemRoot\system32\drivers\hidusb.sys
\SystemRoot\system32\drivers\HIDCLASS.SYS
\SystemRoot\system32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\system32\drivers\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\system32\DRIVERS\bthmodem.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\aswMonFlt.sys
\SystemRoot\system32\drivers\aswStm.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\aswHwid.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys
\SystemRoot\system32\DRIVERS\xaudio.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!

Scan started
Database versions:
  main:    v2015.03.17.04
  rootkit: v2015.02.25.01

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff868a42e0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff868a5020, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff868a42e0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff85eb0848, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff863d6028, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: E257050B

Partition information:

    Partition 0 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 22358016

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 22360064  Numsec = 381773824
    Partition file system is NTFS
    Partition is bootable

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 404133888  Numsec = 84258816

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 250059350016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffffffff8726eac8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff872d5340, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff8726eac8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff872d5660, DeviceName: \Device\00000071\, DriverName: \Driver\risdptsk\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xffffffff8726c660, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8726c340, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff8726c660, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff87316028, DeviceName: \Device\00000072\, DriverName: \Driver\rimsptsk\
------------ End ----------
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-22360064-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
 



#12 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:32 PM

Posted 17 March 2015 - 11:39 AM

OK, please proceed with step 4.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#13 tiki01-

tiki01-
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:32 AM

Posted 17 March 2015 - 06:08 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by melanie mok (administrator) on VAIO on 18-03-2015 07:03:12
Running from C:\Users\melanie mok\Desktop
Loaded Profiles: melanie mok (Available profiles: melanie mok)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Sony Corporation) C:\Program Files\Sony\ISB Utility\ISBMgr.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(ArcSoft, Inc.) C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Sony Corporation) C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1295656 2008-07-04] (Synaptics, Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6111232 2008-06-23] (Realtek Semiconductor)
HKLM\...\Run: [ISBMgr.exe] => C:\Program Files\Sony\ISB Utility\ISBMgr.exe [317280 2008-04-04] (Sony Corporation)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2015-03-14] (Avast Software s.r.o.)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\RunOnce: [20150107] => C:\Program Files\AVAST Software\Avast\setup\emupdate\cc57a939-661b-4494-9881-8e02d7e059d8.exe [183232 2015-03-18] (AVAST Software)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
Winlogon\Notify\VESWinlogon: C:\Windows\system32\VESWinlogon.dll (Sony Corporation)
HKU\S-1-5-21-2912928045-2303475615-2363683268-1003\...\Run: [Google Update] => C:\Users\melanie mok\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-03-21] (Google Inc.)
HKU\S-1-5-21-2912928045-2303475615-2363683268-1003\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [26232152 2015-02-19] (Google)
HKU\S-1-5-21-2912928045-2303475615-2363683268-1003\...\Run: [Spybot-S&D Cleaning] => C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-2912928045-2303475615-2363683268-1003\...\MountPoints2: {75fae55c-52b7-11e0-860f-00214f54fe48} - G:\Windows\CHECK\DriveNavigator.exe
HKU\S-1-5-21-2912928045-2303475615-2363683268-1003\...\MountPoints2: {a942d495-5f6a-11e0-8988-001dba012e36} - I:\AutoRun.exe
HKU\S-1-5-21-2912928045-2303475615-2363683268-1003\...\MountPoints2: {a942d4a2-5f6a-11e0-8988-001dba012e36} - G:\AutoRun.exe
Startup: C:\Users\melanie mok\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Thunderbird.lnk
ShortcutTarget: Mozilla Thunderbird.lnk -> C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll [2012-02-14] (Sun Microsystems, Inc.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-03-04] (Avast Software s.r.o.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-02-14] (Sun Microsystems, Inc.)
Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.3

FireFox:
========
FF ProfilePath: C:\Users\melanie mok\AppData\Roaming\Mozilla\Firefox\Profiles\dkqlhdqz.default
FF Homepage: hxxp://www.bing.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-14] ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2012-02-14] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=1.1.9 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2011-04-12] (the VideoLAN Team)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2912928045-2303475615-2363683268-1003: @tools.google.com/Google Update;version=3 -> C:\Users\melanie mok\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-2912928045-2303475615-2363683268-1003: @tools.google.com/Google Update;version=9 -> C:\Users\melanie mok\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF SearchPlugin: C:\Users\melanie mok\AppData\Roaming\Mozilla\Firefox\Profiles\dkqlhdqz.default\searchplugins\mozilla-support.xml [2015-03-12]
FF Extension: EPUBReader - C:\Users\melanie mok\AppData\Roaming\Mozilla\Firefox\Profiles\dkqlhdqz.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2015-03-01]
FF Extension: FoxTrick - C:\Users\melanie mok\AppData\Roaming\Mozilla\Firefox\Profiles\dkqlhdqz.default\Extensions\{9d1f059c-cada-4111-9696-41a62d64e3ba} [2015-03-15]
FF Extension: 1-Click YouTube Video Downloader - C:\Users\melanie mok\AppData\Roaming\Mozilla\Firefox\Profiles\dkqlhdqz.default\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2015-03-01]
FF Extension: Adblock Plus - C:\Users\melanie mok\AppData\Roaming\Mozilla\Firefox\Profiles\dkqlhdqz.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-03-01]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-03-04]

Chrome:
=======
CHR HomePage: Default ->
CHR StartupUrls: Default -> "hxxp://www.google.com.my/"
CHR DefaultSearchKeyword: Default -> askws
CHR DefaultSearchURL: Default -> http://search.tb.ask.com/search/GGmain.jhtml?searchfor={searchTerms}&st=kwd&ptb=6F0A96A8-1833-42DA-8F60-F623EDFD7B7E&n=780c22fc&ind=2014061308&p2=^Z8^xdm021^YYA^my&si=CNT05PPw9r4CFdQVjgodPocAGA
CHR DefaultSuggestURL: Default -> http://ssmsp.ask.com/query?q={searchTerms}&li=ff&sstype=prefix
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\melanie mok\AppData\Local\Google\Chrome\Application\40.0.2214.115\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\melanie mok\AppData\Local\Google\Chrome\Application\40.0.2214.115\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\melanie mok\AppData\Local\Google\Chrome\Application\40.0.2214.115\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.320.1) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java™ Platform SE 6 U32) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Nitro PDF Plug-In) - C:\Program Files\Nitro PDF\Reader 2\npnitromozilla.dll No File
CHR Plugin: (VLC Multimedia Plug-in) - C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
CHR Plugin: (Windows Live聶 Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Profile: C:\Users\melanie mok\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\melanie mok\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-05]
CHR Extension: (YouTube) - C:\Users\melanie mok\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-07-13]
CHR Extension: (Adblock Plus) - C:\Users\melanie mok\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-07-02]
CHR Extension: (Google Search) - C:\Users\melanie mok\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-07-13]
CHR Extension: (Google Wallet) - C:\Users\melanie mok\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-09]
CHR Extension: (Gmail) - C:\Users\melanie mok\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-07-13]
CHR HKLM\...\Chrome\Extension: [cgpnojibjokpoghebklhkdeijehkohhb] - C:\Users\MELANI~1\AppData\Local\Temp\tbch.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-04]
CHR HKLM\...\Chrome\Extension: [mpieaakhacmfleokhjcjnpcnmnmpfkid] - C:\Program Files\fbphotozoom\fbphotozoom16.crx [Not Found]
CHR HKU\S-1-5-21-2912928045-2303475615-2363683268-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\MELANI~1\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-03-14]
CHR HKU\S-1-5-21-2912928045-2303475615-2363683268-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome - C:\Users\melanie mok\AppData\Local\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-03-04] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3205216 2015-03-04] (Avast Software)
S2 BackupService; C:\Users\melanie mok\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe [83512 2010-07-02] (ArcSoft, Inc.)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2011-03-20] (Macrovision Europe Ltd.) [File not signed]
S3 MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [53248 2008-05-20] (Sony Corporation) [File not signed]
S3 PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [53248 2008-05-20] (Sony Corporation) [File not signed]
S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 SOHCImp; C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe [103712 2008-05-21] (Sony Corporation)
S3 SOHDms; C:\Program Files\Sony\VAIO Media plus\SOHDms.exe [353568 2008-05-21] (Sony Corporation)
S3 SOHDs; C:\Program Files\Sony\VAIO Media plus\SOHDs.exe [62752 2008-05-21] (Sony Corporation)
S3 SPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [77824 2008-05-20] (Sony Corporation) [File not signed]
R2 uCamMonitor; C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe [104960 2008-03-26] (ArcSoft, Inc.)
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [73728 2008-05-23] (Sony Corporation) [File not signed]
R2 VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [182112 2008-07-16] (Sony Corporation)
R2 VCFw; C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [415744 2008-06-20] (Sony Corporation) [File not signed]
R3 Vcsw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [279848 2008-06-19] (Sony Corporation)
R2 VzCdbSvc; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [192512 2008-05-23] (Sony Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S3 VcmXmlIfHelper; "C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [17408 2008-01-31] (ArcSoft, Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-03-04] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [73440 2015-03-04] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-03-04] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-03-04] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [788272 2015-03-04] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427480 2015-03-04] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [106912 2015-03-04] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206976 2015-03-04] ()
S4 RsFx0105; C:\Windows\System32\DRIVERS\RsFx0105.sys [238696 2011-09-22] (Microsoft Corporation)
S3 taphss; C:\Windows\System32\DRIVERS\taphss.sys [32768 2010-09-23] (AnchorFree Inc)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [41984 2011-02-18] (Apple, Inc.) [File not signed]
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220240 2015-03-04] (Avast Software)
S3 btwaudio; system32\drivers\btwaudio.sys [X]
S3 btwavdt; system32\drivers\btwavdt.sys [X]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]
S3 btwrchid; system32\DRIVERS\btwrchid.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-17 21:58 - 2015-03-17 22:45 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-03-17 21:23 - 2015-03-17 22:45 - 00000000 ____D () C:\Users\melanie mok\Desktop\mbar
2015-03-17 21:01 - 2015-03-17 21:08 - 16502728 _____ (Malwarebytes Corp.) C:\Users\melanie mok\Desktop\mbar-1.09.1.1004.exe
2015-03-17 07:18 - 2015-03-17 21:58 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-17 07:18 - 2015-03-17 21:23 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-17 07:18 - 2015-03-17 07:18 - 00001024 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-17 07:18 - 2015-03-17 07:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-17 07:18 - 2015-03-17 07:18 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-03-17 07:18 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-17 07:18 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-16 23:51 - 2015-03-17 00:08 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\melanie mok\Desktop\mbam-setup-2.0.4.1028.exe
2015-03-16 23:03 - 2015-03-16 23:28 - 00000000 ____D () C:\AdwCleaner
2015-03-16 22:56 - 2015-03-16 22:58 - 02171392 _____ () C:\Users\melanie mok\Desktop\AdwCleaner.exe
2015-03-16 00:38 - 2015-03-18 07:01 - 00029631 _____ () C:\Users\melanie mok\Desktop\Addition.txt
2015-03-16 00:35 - 2015-03-18 07:03 - 00021486 _____ () C:\Users\melanie mok\Desktop\FRST.txt
2015-03-16 00:35 - 2015-03-18 07:03 - 00000000 ____D () C:\FRST
2015-03-16 00:34 - 2015-03-16 00:34 - 01135104 _____ (Farbar) C:\Users\melanie mok\Desktop\FRST.exe
2015-03-15 11:26 - 2015-03-15 11:26 - 00008572 _____ () C:\Users\melanie mok\Desktop\hijackthis.log
2015-03-15 11:17 - 2015-03-15 11:17 - 00000000 ____D () C:\Qoobox
2015-03-15 11:15 - 2015-03-15 11:15 - 00000000 ____D () C:\Windows\erdnt
2015-03-15 09:25 - 2015-03-15 09:54 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2015-03-15 09:25 - 2015-03-15 09:25 - 00002095 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-03-15 09:25 - 2015-03-15 09:25 - 00002083 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-03-15 09:25 - 2015-03-15 09:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-03-15 09:25 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2015-03-15 08:17 - 2015-03-15 11:07 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-03-15 08:17 - 2015-03-15 09:25 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy
2015-03-15 08:12 - 2015-03-15 08:12 - 00388608 _____ (Trend Micro Inc.) C:\Users\melanie mok\Desktop\HijackThis.exe
2015-03-15 08:07 - 2015-03-15 11:14 - 05615380 _____ (Swearware) C:\Users\melanie mok\Downloads\ComboFix.exe
2015-03-14 22:05 - 2015-03-18 06:47 - 00000000 ___RD () C:\Users\melanie mok\Google Drive
2015-03-14 22:03 - 2015-03-14 22:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-03-14 00:59 - 2015-03-14 00:59 - 00000000 ____D () C:\Users\melanie mok\AppData\Roaming\Thunderbird
2015-03-14 00:59 - 2015-03-14 00:59 - 00000000 ____D () C:\Users\melanie mok\AppData\Local\Thunderbird
2015-03-14 00:57 - 2015-03-14 00:57 - 00002008 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2015-03-14 00:56 - 2015-03-14 00:56 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2015-03-13 18:37 - 2015-01-31 11:33 - 02744320 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-13 18:37 - 2015-01-31 11:33 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-03-13 18:37 - 2015-01-31 08:48 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-13 18:37 - 2014-12-12 01:47 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-03-13 08:18 - 2015-03-04 18:55 - 00291312 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-03-12 19:15 - 2014-09-05 09:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-03-12 08:05 - 2015-03-12 08:05 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-11 22:54 - 2013-10-02 08:42 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2015-03-11 22:54 - 2013-10-02 08:32 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2015-03-11 22:54 - 2013-10-02 08:30 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2015-03-11 22:54 - 2013-10-02 08:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2015-03-11 22:54 - 2013-10-02 08:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2015-03-11 22:54 - 2013-10-02 07:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-03-11 22:54 - 2013-10-02 07:45 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2015-03-11 22:54 - 2013-10-02 07:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-03-11 22:54 - 2013-10-02 06:53 - 00350208 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-03-11 22:54 - 2013-10-02 06:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2015-03-11 22:54 - 2012-08-23 22:44 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2015-03-11 22:54 - 2012-08-23 19:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2015-03-11 22:51 - 2011-09-22 17:18 - 00089960 _____ (Microsoft Corporation) C:\Windows\system32\SQSRVRES.DLL
2015-03-11 22:51 - 2011-09-22 17:18 - 00073064 _____ (Microsoft Corporation) C:\Windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
2015-03-11 21:26 - 2015-02-24 10:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-11 21:26 - 2015-02-21 08:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 21:26 - 2015-02-21 08:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 21:26 - 2015-02-21 08:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 21:26 - 2015-02-21 08:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 21:26 - 2015-02-21 07:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 21:26 - 2015-02-20 10:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 21:26 - 2015-02-20 10:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-11 21:26 - 2015-02-20 10:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 21:26 - 2015-02-20 10:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-11 21:26 - 2015-02-20 10:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-11 21:26 - 2015-02-20 10:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-11 21:26 - 2015-02-20 10:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 21:26 - 2015-02-20 10:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 21:26 - 2015-02-20 10:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-11 21:26 - 2015-02-20 09:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-11 21:26 - 2015-02-20 09:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-11 21:26 - 2015-02-20 09:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 21:26 - 2015-02-20 09:56 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-11 21:26 - 2015-02-20 09:50 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-11 21:26 - 2015-02-20 09:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-11 21:26 - 2015-02-20 09:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-11 21:26 - 2015-02-20 09:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 21:26 - 2015-02-20 09:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 21:26 - 2015-02-20 09:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 21:26 - 2015-02-20 09:24 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-11 21:26 - 2015-02-20 09:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-11 21:26 - 2015-02-20 09:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 21:26 - 2015-02-20 08:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 21:26 - 2015-02-20 08:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-11 21:24 - 2015-02-26 11:11 - 02381312 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 21:24 - 2015-02-20 12:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-11 21:24 - 2015-02-20 12:13 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 21:24 - 2015-02-20 12:13 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-11 21:24 - 2015-02-20 12:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-11 21:24 - 2015-02-20 11:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 21:24 - 2015-02-13 13:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 21:24 - 2015-02-03 11:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 21:24 - 2015-01-17 10:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 21:23 - 2015-03-06 13:15 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-11 21:23 - 2015-03-06 13:15 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-11 21:23 - 2015-03-06 13:10 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-11 21:23 - 2015-03-06 13:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-11 21:23 - 2015-03-06 13:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-11 21:23 - 2015-03-06 13:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 21:23 - 2015-03-06 13:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-11 21:23 - 2015-03-06 13:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-11 21:23 - 2015-03-06 13:10 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-11 21:23 - 2015-03-06 13:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-11 21:23 - 2015-03-06 13:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-11 21:23 - 2015-03-06 13:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-11 21:23 - 2015-03-06 13:10 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-11 21:23 - 2015-03-06 13:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-11 21:23 - 2015-03-06 13:09 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-11 21:23 - 2015-03-06 13:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-11 21:23 - 2015-03-06 13:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-11 21:23 - 2015-03-06 13:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-11 21:21 - 2015-02-04 10:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 21:12 - 2015-02-03 11:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 21:11 - 2015-02-03 11:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-03-11 21:11 - 2015-02-03 11:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 21:11 - 2015-02-03 11:16 - 00078784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-11 21:11 - 2015-02-03 11:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-11 21:11 - 2015-02-03 11:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-11 21:11 - 2015-02-03 11:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-11 21:11 - 2015-02-03 11:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-11 21:11 - 2015-02-03 11:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-11 21:11 - 2015-02-03 11:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-11 21:11 - 2015-02-03 11:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-11 21:11 - 2015-02-03 11:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-11 21:11 - 2015-02-03 11:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-11 21:11 - 2015-02-03 11:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-11 21:11 - 2015-02-03 11:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-11 21:11 - 2015-02-03 11:12 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-11 21:11 - 2015-02-03 11:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-11 21:11 - 2015-02-03 11:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-11 21:11 - 2015-02-03 11:12 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-11 21:11 - 2015-02-03 11:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-11 21:11 - 2015-02-03 11:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-11 21:11 - 2015-02-03 11:12 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-11 21:11 - 2015-02-03 11:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-11 21:11 - 2015-02-03 11:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-11 21:11 - 2015-02-03 11:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-11 21:11 - 2015-02-03 11:12 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-11 21:11 - 2015-02-03 11:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-11 21:11 - 2015-02-03 11:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-11 21:11 - 2015-02-03 11:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-11 21:11 - 2015-02-03 11:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-11 21:11 - 2015-02-03 11:12 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-11 21:11 - 2015-02-03 11:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-11 21:11 - 2015-02-03 11:12 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-11 21:11 - 2015-02-03 11:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-11 21:11 - 2015-02-03 11:12 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-11 21:11 - 2015-02-03 11:12 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-11 21:11 - 2015-02-03 11:12 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-11 21:11 - 2015-02-03 11:12 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-11 21:11 - 2015-02-03 11:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-11 21:11 - 2015-02-03 11:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-11 21:11 - 2015-02-03 11:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-11 21:11 - 2015-02-03 11:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-11 21:11 - 2015-02-03 11:11 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-11 21:11 - 2015-02-03 11:11 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-11 21:11 - 2015-02-03 11:11 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-11 21:11 - 2015-02-03 11:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-11 21:11 - 2015-02-03 11:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-11 21:11 - 2015-02-03 11:11 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-11 21:11 - 2015-02-03 11:11 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-11 21:11 - 2015-02-03 11:11 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-11 21:11 - 2015-02-03 11:10 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-11 21:11 - 2015-02-03 11:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-11 21:11 - 2015-02-03 11:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-11 21:11 - 2015-02-03 11:00 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-11 21:11 - 2015-02-03 10:26 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-11 21:11 - 2015-01-31 07:56 - 00370488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-11 21:11 - 2014-11-01 06:22 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-10 00:20 - 2015-03-10 00:20 - 00000000 ____D () C:\Users\melanie mok\Documents\Adobe
2015-03-10 00:20 - 2015-03-10 00:20 - 00000000 ____D () C:\ProgramData\FLEXnet
2015-03-09 22:18 - 2015-03-18 06:45 - 00031996 _____ () C:\Windows\setupact.log
2015-03-09 22:18 - 2015-03-09 22:18 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-09 22:17 - 2015-03-17 08:04 - 00008026 _____ () C:\Windows\PFRO.log
2015-03-06 08:02 - 2015-03-06 08:02 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-03-05 23:49 - 2015-03-05 23:49 - 00000000 ____D () C:\Windows\pss
2015-03-05 22:52 - 2015-03-05 22:52 - 00366194 _____ () C:\Users\melanie mok\Documents\cc_20150305_225229.reg
2015-03-04 19:18 - 2015-03-04 19:18 - 00000000 ____D () C:\Users\melanie mok\AppData\Roaming\Dropbox
2015-03-04 19:16 - 2015-03-04 19:16 - 00000000 ____D () C:\Users\melanie mok\AppData\Roaming\AVAST Software
2015-03-04 18:57 - 2015-03-04 18:57 - 00000000 ____D () C:\Windows\system32\vbox
2015-03-04 18:56 - 2015-03-04 18:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-03-04 18:55 - 2015-03-04 18:55 - 00788272 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-03-04 18:55 - 2015-03-04 18:55 - 00427480 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-03-04 18:55 - 2015-03-04 18:55 - 00206976 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-03-04 18:55 - 2015-03-04 18:55 - 00106912 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-03-04 18:55 - 2015-03-04 18:55 - 00081728 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-03-04 18:55 - 2015-03-04 18:55 - 00073440 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-03-04 18:55 - 2015-03-04 18:55 - 00049904 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-03-04 18:55 - 2015-03-04 18:55 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-03-04 18:55 - 2015-03-04 18:55 - 00024144 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-03-04 18:49 - 2015-03-04 18:49 - 00000000 ____D () C:\Program Files\AVAST Software
2015-03-04 18:46 - 2015-03-04 18:47 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-03-01 18:59 - 2015-03-01 19:00 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-02-28 00:44 - 2015-02-28 00:44 - 00000000 ____D () C:\Users\melanie mok\AppData\Local\Macromedia
2015-02-28 00:29 - 2015-03-14 08:40 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-02-28 00:29 - 2015-02-28 00:29 - 00001081 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-28 00:29 - 2015-02-28 00:29 - 00000000 ____D () C:\ProgramData\Mozilla
2015-02-26 10:21 - 2015-01-09 10:48 - 00635904 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-26 10:21 - 2015-01-09 10:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-26 10:21 - 2015-01-09 10:48 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-25 12:35 - 2015-01-09 07:44 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-17 16:04 - 2015-02-17 16:04 - 01202848 _____ (Microsoft Corporation) C:\Windows\system32\FM20.DLL

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-18 07:00 - 2012-04-14 11:35 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-18 06:58 - 2011-03-20 02:47 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-18 06:58 - 2011-03-20 02:47 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-18 06:53 - 2011-03-20 03:14 - 01406730 _____ () C:\Windows\WindowsUpdate.log
2015-03-18 06:48 - 2011-03-21 10:49 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-18 06:45 - 2011-03-21 10:49 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-18 06:45 - 2009-07-14 12:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-17 23:20 - 2012-07-13 11:46 - 00000932 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2912928045-2303475615-2363683268-1003UA.job
2015-03-15 10:20 - 2012-07-13 11:46 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2912928045-2303475615-2363683268-1003Core.job
2015-03-15 09:22 - 2008-07-23 05:56 - 00000000 ____D () C:\Program Files\Common Files\Sony Shared
2015-03-15 09:22 - 2008-07-23 04:15 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-03-15 08:36 - 2008-07-23 05:58 - 00000000 ____D () C:\Program Files\Sony
2015-03-14 22:05 - 2011-03-20 02:48 - 00000000 ____D () C:\Users\melanie mok
2015-03-14 22:03 - 2011-03-21 10:49 - 00000000 ____D () C:\Program Files\Google
2015-03-14 22:03 - 2011-03-20 14:12 - 00000000 ____D () C:\Users\melanie mok\AppData\Local\Google
2015-03-14 14:14 - 2014-07-02 00:20 - 01241088 ___SH () C:\Users\melanie mok\Downloads\Thumbs.db
2015-03-14 09:25 - 2011-03-20 04:05 - 00000000 ____D () C:\Users\melanie mok\AppData\Local\Adobe
2015-03-14 09:20 - 2012-04-14 11:35 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-03-14 09:20 - 2011-05-26 13:24 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-03-14 00:11 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\wfp
2015-03-14 00:11 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\registration
2015-03-13 23:56 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2015-03-13 21:15 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\rescache
2015-03-12 19:39 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-03-12 19:27 - 2011-03-20 09:37 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2015-03-12 07:30 - 2009-07-14 10:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-11 22:51 - 2011-05-25 14:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008
2015-03-11 22:51 - 2011-03-20 03:24 - 00794586 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-11 22:50 - 2011-03-20 09:34 - 00000000 ____D () C:\Program Files\Microsoft.NET
2015-03-11 22:20 - 2009-07-14 12:33 - 00420544 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-11 21:58 - 2011-03-20 09:31 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-11 21:55 - 2013-08-17 23:18 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-11 21:46 - 2011-03-23 13:32 - 119837696 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-11 21:21 - 2008-07-23 05:59 - 00000000 ____D () C:\ProgramData\Sony Corporation
2015-03-10 08:29 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\zh-TW
2015-03-10 08:29 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\zh-CN
2015-03-10 08:29 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\sv-SE
2015-03-10 08:29 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\ru-RU
2015-03-10 08:29 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\pt-BR
2015-03-10 08:29 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\pl-PL
2015-03-10 08:29 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\nl-NL
2015-03-10 08:29 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\nb-NO
2015-03-10 08:29 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\ko-KR
2015-03-10 08:29 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\ja-JP
2015-03-10 08:29 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\it-IT
2015-03-10 08:29 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\fr-FR
2015-03-10 08:29 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\fi-FI
2015-03-10 08:29 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\de-DE
2015-03-10 07:42 - 2011-03-20 04:02 - 00116096 _____ () C:\Users\melanie mok\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-10 07:40 - 2011-03-20 00:03 - 00000000 ____D () C:\Program Files\7-Zip
2015-03-10 00:27 - 2011-03-20 09:47 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-03-10 00:25 - 2011-03-20 00:43 - 00000000 ____D () C:\Users\melanie mok\AppData\Roaming\Adobe
2015-03-10 00:21 - 2011-03-19 23:43 - 00000000 ____D () C:\Users\melanie mok\AppData\Roaming\Sony Corporation
2015-03-10 00:19 - 2011-03-20 09:44 - 00000000 ____D () C:\Program Files\Adobe
2015-03-09 08:32 - 2012-04-22 22:24 - 00000000 ____D () C:\Users\melanie mok\Documents\WebCam Media
2015-03-09 08:32 - 2011-12-18 05:08 - 01336832 ___SH () C:\Users\melanie mok\Documents\Thumbs.db
2015-03-09 08:02 - 2011-08-21 19:30 - 00000000 ____D () C:\Users\melanie mok\AppData\Roaming\NJStar
2015-03-06 07:47 - 2011-03-20 10:02 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Audio Suite
2015-03-01 18:59 - 2011-03-20 09:47 - 00000000 ____D () C:\ProgramData\Adobe
2015-03-01 15:15 - 2011-08-15 00:11 - 00000000 ____D () C:\Users\melanie mok\AppData\Roaming\Media Player Classic
2015-02-28 00:33 - 2011-05-26 13:07 - 00000000 ____D () C:\Users\melanie mok\AppData\Roaming\Mozilla
2015-02-28 00:33 - 2011-05-26 13:07 - 00000000 ____D () C:\Users\melanie mok\AppData\Local\Mozilla
2015-02-27 20:05 - 2012-02-23 22:28 - 00000000 ____D () C:\eclipse
2015-02-26 14:43 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\tracing
2015-02-24 03:23 - 2011-03-20 03:37 - 00246920 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2011-08-03 14:14 - 2014-09-01 13:45 - 0154112 _____ () C:\Users\melanie mok\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-10-29 22:12 - 2011-10-29 22:12 - 0000017 _____ () C:\Users\melanie mok\AppData\Local\resmon.resmoncfg
2011-08-04 22:08 - 2011-08-04 22:08 - 0000000 _____ () C:\Users\melanie mok\AppData\Local\{ABB31BE8-6147-41EB-8118-A320C2A812AF}
2011-03-21 01:24 - 2011-03-21 01:24 - 0000056 ____H () C:\ProgramData\ezsidmv.dat

Some content of TEMP:
====================
C:\Users\melanie mok\AppData\Local\Temp\Quarantine.exe
C:\Users\melanie mok\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-13 21:07

==================== End Of Log ============================


Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by melanie mok at 2015-03-18 07:04:44
Running from C:\Users\melanie mok\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2007 Microsoft Office system (HKLM\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
ArcSoft Magic-i Visual Effects (HKLM\...\{7BB90344-0647-468E-925A-7F69F7983421}) (Version:  - ArcSoft)
ArcSoft WebCam Companion 2 (HKLM\...\{9973498D-EA29-4A68-BE0B-C88D6E03E928}) (Version:  - ArcSoft)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.2.2214 - AVAST Software)
Business Contact Manager for Outlook 2007 SP2 (HKLM\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation)
Business Contact Manager for Outlook 2007 SP2 (Version: 3.0.8619.1 - Microsoft Corporation) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.08 - Piriform)
Click to Disc (HKLM\...\{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}) (Version: 1.2.00.06190 - Sony Corporation)
Click to Disc (Version: 1.2.00.06190 - Sony Corporation) Hidden
Click to Disc Editor (HKLM\...\InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}) (Version: 1.2.00 - Sony Corporation)
Click to Disc Editor (Version: 1.2.00 - Sony Corporation) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dolby Control Center (HKLM\...\{F485E43D-18B1-4B40-AF4B-EDA78E91DA80}) (Version: 1.1.0402 - Dolby)
GDR 5520 for SQL Server 2008 (KB2977321) (HKLM\...\KB2977321) (Version: 10.3.5520.0 - Microsoft Corporation)
Google Chrome (HKU\S-1-5-21-2912928045-2303475615-2363683268-1003\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.)
Google Drive (HKLM\...\{6C36881B-0E51-4231-9D02-BF2149664D34}) (Version: 1.20.8672.3137 - Google, Inc.)
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_104D1700) (Version:  - )
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Java DB 10.6.2.1 (HKLM\...\{73EC658D-A1C6-40CA-8E86-E05821BAACE7}) (Version: 10.6.2.1 - Oracle)
Java™ 6 Update 32 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216032FF}) (Version: 6.0.320 - Oracle)
Java™ 6 Update 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160060}) (Version: 1.6.0.60 - Sun Microsystems, Inc.)
Java™ SE Development Kit 6 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0160000}) (Version: 1.6.0.0 - Sun Microsystems, Inc.)
Java™ SE Development Kit 6 Update 32 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0160320}) (Version: 1.6.0.320 - Oracle)
Java™ SE Runtime Environment 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160000}) (Version: 1.6.0.0 - Sun Microsystems, Inc.)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Codec Pack 7.5.0 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 7.5.0 - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 (HKLM\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{83298573-A6B6-42AB-A234-FE91CA2859C0}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{5D60AB1A-2409-4829-83D4-0972856D885A}) (Version: 10.3.5520.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{50A0893D-47D8-48E0-A7E8-44BCD7E4422E}) (Version: 9.00.2047.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Express - ENU (HKLM\...\Microsoft Visual C++ 2010 Express - ENU) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (HKLM\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 36.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 36.0.1 (x86 en-US)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 31.5.0 - Mozilla)
Mozilla Thunderbird 31.5.0 (x86 en-US) (HKLM\...\Mozilla Thunderbird 31.5.0 (x86 en-US)) (Version: 31.5.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Music Transfer (HKLM\...\{CE2121C6-C94D-4A73-8EA4-6943F33EE335}) (Version: 1.2.00.17290 - Sony Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
OpenMG Secure Module 5.1.00 (HKLM\...\InstallShield_{C1083DBC-C541-4E8C-91EA-D92397AB9A2C}) (Version: 5.1.00.05200 - Sony Corporation)
OpenMG Secure Module 5.1.00 (Version: 5.1.00.05200 - Sony Corporation) Hidden
Primo (Version: 1.00.0000 - Your Company Name) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - Realtek Semiconductor Corp.)
Roxio Easy Media Creator 10 LJ (HKLM\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.1 - Roxio)
Service Pack 3 for SQL Server 2008 (KB2546951) (HKLM\...\KB2546951) (Version: 10.3.5500.0 - Microsoft Corporation)
Setting Utility Series (HKLM\...\{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}) (Version: 4.1.00.07170 - Sony Corporation)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SonicStage Mastering Studio Audio Filter (HKLM\...\{DF7DB916-90E5-40F2-9010-B8125EB5FD6F}) (Version: 2.5 - Sony Corporation)
SonicStage Mastering Studio Audio Filter Custom Preset (HKLM\...\{EC37A846-53AC-4DA7-98FA-76A4E74AA900}) (Version: 2.5 - Sony Corporation)
SonicStage Mastering Studio Plugins (HKLM\...\{9C1C8A04-F8CA-4472-A92D-4288CE32DE86}) (Version: 2.5 - Sony Corporation)
Sony Picture Utility (HKLM\...\{D5068583-D569-468B-9755-5FBF5848F46F}) (Version: 3.2.02.06170 - Sony Corporation)
Sony Video Shared Library (HKLM\...\{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}) (Version: 3.4.00 - Sony Corporation)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Sql Server Customer Experience Improvement Program (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.1.16.0 - Synaptics)
System Requirements Lab (HKLM\...\SystemRequirementsLab) (Version:  - )
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VAIO Control Center (HKLM\...\{72042FA6-5609-489F-A8EA-3C2DD650F667}) (Version: 3.1.00.07110 - Sony Corporation)
VAIO Data Restore Tool (HKLM\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.0.04.01170 - Sony Corporation)
VAIO DVD Menu Data Basic (HKLM\...\{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}) (Version: 1.0.00.08130 - Sony Corporation)
VAIO Edit Components 6.4 (HKLM\...\{B7C03E84-AF46-42F4-809D-D4127D9086D0}) (Version: 6.4 - Sony Corporation)
VAIO Entertainment Platform (HKLM\...\{6B1F20F2-6321-4669-A58C-33DF8E7517FF}) (Version: 3.2.00.06200 - Sony Corporation)
VAIO Entertainment Platform (Version: 3.2.00.06200 - Sony Corporation) Hidden
VAIO Event Service (HKLM\...\{C7477742-DDB4-43E5-AC8D-0259E1E661B1}) (Version: 4.1.00.07150 - Sony Corporation)
VAIO Launcher (HKLM\...\{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}) (Version: 2.1.00.06130 - Sony Corporation)
VAIO Manual (HKLM\...\{AA171A69-F942-40DA-AE3A-EA91026A1CAE}) (Version: 2.4.00.06190 - Sony Corporation)
VAIO Media plus (HKLM\...\{1316AEF2-E086-46C7-B1FB-8C9A39A2ABF9}) (Version: 1.1.00.05240 - Sony Corporation)
VAIO Media plus (Version: 1.1.00.05240 - Sony Corporation) Hidden
VAIO Movie Story (HKLM\...\{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}) (Version: 1.3.00.06240 - Sony Corporation)
VAIO Movie Story (Version: 1.3.00.06240 - Sony Corporation) Hidden
VAIO Movie Story Template Data (HKLM\...\{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}) (Version: 1.3.00.06120 - Sony Corporation)
VAIO Original Function Setting (HKLM\...\{A63E7492-A0BC-4BB9-89A7-352965222380}) (Version: 1.4.00.04230 - Sony Corporation)
VLC media player 1.1.9 (HKLM\...\VLC media player) (Version: 1.1.9 - VideoLAN)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2912928045-2303475615-2363683268-1003_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\melanie mok\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2912928045-2303475615-2363683268-1003_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\melanie mok\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2912928045-2303475615-2363683268-1003_Classes\CLSID\{22E4AC92-9181-95C8-89DC-58C7EC9821E9}\InprocServer32 -> %CommonProgramFiles%\Microsoft Shared\Ink\InkObj.dll No File
CustomCLSID: HKU\S-1-5-21-2912928045-2303475615-2363683268-1003_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\melanie mok\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2912928045-2303475615-2363683268-1003_Classes\CLSID\{486B32F5-5BED-1246-6E52-E690C2234016}\InprocServer32 -> %CommonProgramFiles%\Microsoft Shared\Ink\InkObj.dll No File
CustomCLSID: HKU\S-1-5-21-2912928045-2303475615-2363683268-1003_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\melanie mok\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2912928045-2303475615-2363683268-1003_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\melanie mok\AppData\Local\Google\Chrome\Application\41.0.2272.89\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2912928045-2303475615-2363683268-1003_Classes\CLSID\{64B6795C-C444-33E7-94E6-8AF6A04A3A93}\InprocServer32 -> %CommonProgramFiles%\Microsoft Shared\Ink\InkObj.dll No File
CustomCLSID: HKU\S-1-5-21-2912928045-2303475615-2363683268-1003_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\melanie mok\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2912928045-2303475615-2363683268-1003_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\melanie mok\AppData\Local\Google\Update\1.3.26.9\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2912928045-2303475615-2363683268-1003_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\melanie mok\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2912928045-2303475615-2363683268-1003_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\melanie mok\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2912928045-2303475615-2363683268-1003_Classes\CLSID\{E6C6A337-33F8-732D-144F-4D6F0138EBA6}\InprocServer32 -> %CommonProgramFiles%\Microsoft Shared\Ink\InkObj.dll No File
CustomCLSID: HKU\S-1-5-21-2912928045-2303475615-2363683268-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\melanie mok\AppData\Local\Google\Update\1.3.26.9\psuser.dll (Google Inc.)

==================== Restore Points  =========================

01-03-2015 18:56:34 Windows Update
03-03-2015 18:51:39 Windows Defender Checkpoint
04-03-2015 18:49:36 avast! antivirus system restore point
05-03-2015 07:16:22 Windows Defender Checkpoint
05-03-2015 23:40:33 Windows Backup
06-03-2015 07:45:02 Removed SonicStage Mastering Studio
06-03-2015 17:52:26 Windows Update
08-03-2015 19:02:01 Windows Backup
09-03-2015 08:01:19 已除去 WinDVD
09-03-2015 08:02:31 已除去 WinDVD
10-03-2015 00:23:00 Removed Adobe Premiere Elements 4.0.
10-03-2015 07:47:55 Removed VAIO Content Folder Setting
10-03-2015 07:48:22 Removed Bonjour
10-03-2015 07:51:55 Removed VAIO Update 4
10-03-2015 08:22:46 Removed VAIO Wallpaper Contents
10-03-2015 08:23:47 Removed VAIO Smart Network
10-03-2015 08:26:30 Removed WIDCOMM Bluetooth Software 6.2.0.4100
11-03-2015 21:04:52 Windows Update
11-03-2015 21:21:25 Removed VAIO Power Management
11-03-2015 21:25:14 Removed VAIO MusicBox
11-03-2015 21:26:53 Removed VAIO Sample Music
11-03-2015 21:29:33 Windows Update
11-03-2015 22:41:48 Windows Update
12-03-2015 07:23:55 Windows Update
12-03-2015 19:23:45 Windows Update
12-03-2015 21:45:28 Windows Update
13-03-2015 08:15:48 avast! antivirus system restore point
13-03-2015 19:46:29 Windows Update
15-03-2015 08:30:57 Removed VAIO Content Metadata Intelligent Analyzing Manager
15-03-2015 08:35:23 Removed VAIO Content Metadata Manager Setting
15-03-2015 09:21:07 Removed VAIO Content Metadata XML Interface Library
15-03-2015 21:53:47 Windows Backup
17-03-2015 21:14:09 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 18:23 - 2006-09-19 05:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0511ACAB-A55D-4152-AC04-7A660F377F05} - System32\Tasks\SONY\Prepare your VAIO\Prepare your VAIO => C:\Program Files\Sony\Prepare your VAIO\PYV.exe [2008-06-20] (Sony Corporation)
Task: {1228DDFE-1CAF-4BC1-AFFD-909CB0614E90} - System32\Tasks\{96E009A6-C07C-4C66-A099-FDEF9882548D} => pcalua.exe -a "C:\Users\melanie mok\AppData\Local\Temp\wzb2af\Animal Paradise Tycoon\Animal Paradise Tycoon.part01.exe" -d "C:\Users\melanie mok\Downloads"
Task: {172D0F7F-7913-44E3-B0B1-EC490FFF6AE7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-14] (Adobe Systems Incorporated)
Task: {517D4FDC-F082-4838-B149-C5B3F7D09BED} - System32\Tasks\{74996059-645D-4DC7-8085-EA6A4435CE8D} => Chrome.exe http://ui.skype.com/ui/0/5.5.0.113/en/abandoninstall?page=tsPlugin&amp;installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:notoffered;ienotdefaultbrowser2
Task: {561375CB-FF5A-417B-B297-BA73DE149581} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs
Task: {8993B80C-3FC4-4864-BFFB-63263CD2AA61} - System32\Tasks\{DB2944FE-B09D-4927-9BF0-9DF500D54934} => C:\Program Files\Skype\\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {8CF9E3A3-1A25-4A9A-A279-166477D6CF99} - System32\Tasks\{6D4F6EC0-0588-477E-86CD-4F1B67121F34} => pcalua.exe -a C:\Windows\UN091222.EXE -c /UNINST
Task: {90EA784D-1620-4E32-94AA-7E8DB0172F4A} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-03-04] (Avast Software s.r.o.)
Task: {96997B1A-11B7-4F86-B593-092B665BE5F4} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {9F3AF3CE-75A3-40C6-AF60-5766F04513F5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-26] (Google Inc.)
Task: {A8554712-857E-4652-9047-DB8820405549} - System32\Tasks\{EA2D36D4-A488-4770-83D4-8DA74F2107C8} => pcalua.exe -a I:\DriveNavi.EXE -d I:\
Task: {AFE8B0A0-BA40-4082-9411-B6D045770119} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-26] (Google Inc.)
Task: {C1ED7951-339C-4B3E-9B34-0830ECBBBAC2} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {C3147978-340B-4DC6-BCEA-F807DE0ED6B5} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {D0D39D2E-852A-455D-882C-63CFFF20E033} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2912928045-2303475615-2363683268-1003UA => C:\Users\melanie mok\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-21] (Google Inc.)
Task: {D355F389-579F-473F-B66A-C82BB938997C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2912928045-2303475615-2363683268-1003Core => C:\Users\melanie mok\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-21] (Google Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2912928045-2303475615-2363683268-1003Core.job => C:\Users\melanie mok\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2912928045-2303475615-2363683268-1003UA.job => C:\Users\melanie mok\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2015-03-04 18:55 - 2015-03-04 18:55 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-03-04 18:55 - 2015-03-04 18:55 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-03-17 20:56 - 2015-03-17 20:56 - 02922496 _____ () C:\Program Files\AVAST Software\Avast\defs\15031700\algo.dll
2015-03-18 06:51 - 2015-03-18 06:51 - 02922496 _____ () C:\Program Files\AVAST Software\Avast\defs\15031701\algo.dll
2015-03-04 18:55 - 2015-03-04 18:55 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-03-15 09:25 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-03-15 09:25 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2015-03-15 09:25 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-03-14 00:56 - 2015-02-23 17:26 - 03348080 _____ () C:\Program Files\Mozilla Thunderbird\mozjs.dll
2015-03-14 00:56 - 2015-02-23 17:26 - 00158832 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAP32V60.dll
2015-03-14 00:56 - 2015-02-23 17:26 - 00023152 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAPPR32V60.dll
2008-07-23 05:59 - 2008-07-16 09:04 - 00010752 _____ () C:\Program Files\Sony\VAIO Event Service\VESBasePS.dll
2008-07-23 05:59 - 2008-07-16 09:04 - 00009728 _____ () C:\Program Files\Sony\VAIO Event Service\VESMgrSubPS.dll
2015-03-18 06:45 - 2015-03-18 06:45 - 00098816 _____ () C:\Users\melanie mok\AppData\Local\Temp\_MEI26402\win32api.pyd
2015-03-18 06:45 - 2015-03-18 06:45 - 00110080 _____ () C:\Users\melanie mok\AppData\Local\Temp\_MEI26402\pywintypes27.dll
2015-03-18 06:45 - 2015-03-18 06:45 - 00364544 _____ () C:\Users\melanie mok\AppData\Local\Temp\_MEI26402\pythoncom27.dll
2015-03-18 06:45 - 2015-03-18 06:45 - 00045568 _____ () C:\Users\melanie mok\AppData\Local\Temp\_MEI26402\_socket.pyd
2015-03-18 06:45 - 2015-03-18 06:45 - 01161216 _____ () C:\Users\melanie mok\AppData\Local\Temp\_MEI26402\_ssl.pyd
2015-03-18 06:45 - 2015-03-18 06:45 - 00320512 _____ () C:\Users\melanie mok\AppData\Local\Temp\_MEI26402\win32com.shell.shell.pyd
2015-03-18 06:45 - 2015-03-18 06:45 - 00713216 _____ () C:\Users\melanie mok\AppData\Local\Temp\_MEI26402\_hashlib.pyd
2015-03-18 06:45 - 2015-03-18 06:45 - 01175040 _____ () C:\Users\melanie mok\AppData\Local\Temp\_MEI26402\wx._core_.pyd
2015-03-18 06:45 - 2015-03-18 06:45 - 00805888 _____ () C:\Users\melanie mok\AppData\Local\Temp\_MEI26402\wx._gdi_.pyd
2015-03-18 06:45 - 2015-03-18 06:45 - 00811008 _____ () C:\Users\melanie mok\AppData\Local\Temp\_MEI26402\wx._windows_.pyd
2015-03-18 06:45 - 2015-03-18 06:45 - 01062400 _____ () C:\Users\melanie mok\AppData\Local\Temp\_MEI26402\wx._controls_.pyd
2015-03-18 06:45 - 2015-03-18 06:45 - 00735232 _____ () C:\Users\melanie mok\AppData\Local\Temp\_MEI26402\wx._misc_.pyd
2015-03-18 06:45 - 2015-03-18 06:45 - 00682496 _____ () C:\Users\melanie mok\AppData\Local\Temp\_MEI26402\pysqlite2._sqlite.pyd
2015-03-18 06:45 - 2015-03-18 06:45 - 00128512 _____ () C:\Users\melanie mok\AppData\Local\Temp\_MEI26402\_elementtree.pyd
2015-03-18 06:45 - 2015-03-18 06:45 - 00127488 _____ () C:\Users\melanie mok\AppData\Local\Temp\_MEI26402\pyexpat.pyd
2015-03-18 06:45 - 2015-03-18 06:45 - 00087552 _____ () C:\Users\melanie mok\AppData\Local\Temp\_MEI26402\_ctypes.pyd
2015-03-18 06:45 - 2015-03-18 06:45 - 00119808 _____ () C:\Users\melanie mok\AppData\Local\Temp\_MEI26402\win32file.pyd
2015-03-18 06:45 - 2015-03-18 06:45 - 00108544 _____ () C:\Users\melanie mok\AppData\Local\Temp\_MEI26402\win32security.pyd
2015-03-18 06:45 - 2015-03-18 06:45 - 00007168 _____ () C:\Users\melanie mok\AppData\Local\Temp\_MEI26402\hashobjs_ext.pyd
2015-03-18 06:45 - 2015-03-18 06:45 - 00167936 _____ () C:\Users\melanie mok\AppData\Local\Temp\_MEI26402\win32gui.pyd
2015-03-18 06:45 - 2015-03-18 06:45 - 00018432 _____ () C:\Users\melanie mok\AppData\Local\Temp\_MEI26402\win32event.pyd
2015-03-18 06:45 - 2015-03-18 06:45 - 00038912 _____ () C:\Users\melanie mok\AppData\Local\Temp\_MEI26402\win32inet.pyd
2015-03-18 06:45 - 2015-03-18 06:45 - 00011264 _____ () C:\Users\melanie mok\AppData\Local\Temp\_MEI26402\win32crypt.pyd
2015-03-18 06:45 - 2015-03-18 06:45 - 00070656 _____ () C:\Users\melanie mok\AppData\Local\Temp\_MEI26402\wx._html2.pyd
2015-03-18 06:45 - 2015-03-18 06:45 - 00027136 _____ () C:\Users\melanie mok\AppData\Local\Temp\_MEI26402\_multiprocessing.pyd
2015-03-18 06:45 - 2015-03-18 06:45 - 00020480 _____ () C:\Users\melanie mok\AppData\Local\Temp\_MEI26402\_yappi.pyd
2015-03-18 06:45 - 2015-03-18 06:45 - 00035840 _____ () C:\Users\melanie mok\AppData\Local\Temp\_MEI26402\win32process.pyd
2015-03-18 06:45 - 2015-03-18 06:45 - 00686080 _____ () C:\Users\melanie mok\AppData\Local\Temp\_MEI26402\unicodedata.pyd
2015-03-18 06:45 - 2015-03-18 06:45 - 00122368 _____ () C:\Users\melanie mok\AppData\Local\Temp\_MEI26402\wx._wizard.pyd
2015-03-18 06:45 - 2015-03-18 06:45 - 00024064 _____ () C:\Users\melanie mok\AppData\Local\Temp\_MEI26402\win32pipe.pyd
2015-03-18 06:45 - 2015-03-18 06:45 - 00010240 _____ () C:\Users\melanie mok\AppData\Local\Temp\_MEI26402\select.pyd
2015-03-18 06:45 - 2015-03-18 06:45 - 00025600 _____ () C:\Users\melanie mok\AppData\Local\Temp\_MEI26402\win32pdh.pyd
2015-03-18 06:45 - 2015-03-18 06:45 - 00525640 _____ () C:\Users\melanie mok\AppData\Local\Temp\_MEI26402\windows._lib_cacheinvalidation.pyd
2015-03-18 06:45 - 2015-03-18 06:45 - 00017408 _____ () C:\Users\melanie mok\AppData\Local\Temp\_MEI26402\win32profile.pyd
2015-03-18 06:45 - 2015-03-18 06:45 - 00022528 _____ () C:\Users\melanie mok\AppData\Local\Temp\_MEI26402\win32ts.pyd
2015-03-18 06:45 - 2015-03-18 06:45 - 00078336 _____ () C:\Users\melanie mok\AppData\Local\Temp\_MEI26402\wx._animate.pyd
2015-03-04 18:55 - 2015-03-04 18:55 - 01359872 _____ () C:\Program Files\AVAST Software\Avast\libglesv2.dll
2015-03-04 18:55 - 2015-03-04 18:55 - 00212992 _____ () C:\Program Files\AVAST Software\Avast\libegl.dll
2015-03-14 09:20 - 2015-03-14 09:20 - 16858288 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_134.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2912928045-2303475615-2363683268-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\melanie mok\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 192.168.0.3

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

==================== Accounts: =============================

Administrator (S-1-5-21-2912928045-2303475615-2363683268-500 - Administrator - Disabled)
Guest (S-1-5-21-2912928045-2303475615-2363683268-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2912928045-2303475615-2363683268-1010 - Limited - Enabled)
melanie mok (S-1-5-21-2912928045-2303475615-2363683268-1003 - Administrator - Enabled) => C:\Users\melanie mok

==================== Faulty Device Manager Devices =============

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Hands-free Audio
Description: Bluetooth Hands-free Audio
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: btwaudio
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

Name: Bluetooth Remote Control
Description: Bluetooth Remote Control
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Broadcom Corp.
Service: btwavdt
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Remote Control
Description: Bluetooth Remote Control
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Broadcom Corp.
Service: btwavdt
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Remote Control
Description: Bluetooth Remote Control
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Broadcom Corp.
Service: btwavdt
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth L2CAP Interface
Description: Bluetooth L2CAP Interface
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Broadcom Corp.
Service: btwl2cap
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

Name: Bluetooth Remote Control
Description: Bluetooth Remote Control
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: Broadcom
Service: btwrchid
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/18/2015 06:57:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FRST.exe, version: 11.3.2015.0, time stamp: 0x5500117c
Faulting module name: FRST.exe, version: 11.3.2015.0, time stamp: 0x5500117c
Exception code: 0xc0000005
Fault offset: 0x0001f09e
Faulting process id: 0x13e0
Faulting application start time: 0xFRST.exe0
Faulting application path: FRST.exe1
Faulting module path: FRST.exe2
Report Id: FRST.exe3

Error: (03/18/2015 06:47:28 AM) (Source: VzCdbSvc) (EventID: 7) (User: )
Description: Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error code = 0x80042019)

Error: (03/18/2015 06:46:46 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/17/2015 08:57:44 PM) (Source: VzCdbSvc) (EventID: 7) (User: )
Description: Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error code = 0x80042019)

Error: (03/17/2015 08:56:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/17/2015 08:08:30 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/17/2015 08:08:05 AM) (Source: VzCdbSvc) (EventID: 7) (User: )
Description: Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error code = 0x80042019)

Error: (03/16/2015 11:33:34 PM) (Source: VzCdbSvc) (EventID: 7) (User: )
Description: Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error code = 0x80042019)

Error: (03/16/2015 11:32:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/16/2015 08:06:35 PM) (Source: VzCdbSvc) (EventID: 7) (User: )
Description: Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error code = 0x80042019)


System errors:
=============
Error: (03/18/2015 06:52:16 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (03/18/2015 06:50:12 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (03/18/2015 06:47:23 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
%%1053

Error: (03/18/2015 06:47:22 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

Error: (03/18/2015 06:46:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
%%1053

Error: (03/18/2015 06:46:16 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

Error: (03/18/2015 06:45:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SQL Server (SQLEXPRESS) service failed to start due to the following error:
%%1053

Error: (03/18/2015 06:45:42 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the SQL Server (SQLEXPRESS) service to connect.

Error: (03/18/2015 06:45:11 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BackupService service failed to start due to the following error:
%%193

Error: (03/18/2015 06:45:07 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The NVIDIA Display Driver Service service depends the following service: nvlddmkm. This service might not be installed.


Microsoft Office Sessions:
=========================
Error: (08/21/2011 10:16:45 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 361 seconds with 120 seconds of active time.  This session ended with a crash.


==================== Memory info ===========================

Processor: Intel® Pentium® Dual CPU T3400 @ 2.16GHz
Percentage of memory in use: 81%
Total physical RAM: 1914.98 MB
Available physical RAM: 353.98 MB
Total Pagefile: 3829.96 MB
Available Pagefile: 1856.26 MB
Total Virtual: 2047.88 MB
Available Virtual: 1910.62 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:182.04 GB) (Free:61.46 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive h: () (Fixed) (Total:40.18 GB) (Free:35.18 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: E257050B)
Partition 1: (Not Active) - (Size=10.7 GB) - (Type=27)
Partition 2: (Active) - (Size=182 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=40.2 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#14 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:32 PM

Posted 17 March 2015 - 06:09 PM

Let's do a final check up:

Step 1


Don't remove on your own anything that HitmanPro detects!
This scanner, as it is a really good for checking, has been known for deleting files instead of curing them, which in some cases may render the machine unbootable.
Any removals will be done manually after careful analysis of the scan results!


Please download hitmanpro_32.pngHitmanPro 32-bit / HitmanPro 64-bit by SurfRight and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
  • Right-click onhitmanpro.pngicon and select admin.PNGRun as Administrator to start the tool.
  • If the program won't run please run it while holding down the left CTRL key until it's loaded!
  • Click on the Next button (1). You must agree with the terms of EULA (2 - if asked).
  • Check the box beside "No, I only want to perform a one-time scan to check this computer" and click on the Next button. (3)
  • The program will start to scan the computer. It would only take several minutes.
  • When the scan is done click on Save Log (4) and close HitmanPro! (5)
  • Copy and paste the content of the log file in your next reply.
hitman.gif


Step 2

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:
settings.png
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.
esetlog.png
Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif

lesestoff.png

Can you please tell me which problems still persist now?
How is the computer running

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#15 tiki01-

tiki01-
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:32 AM

Posted 17 March 2015 - 06:45 PM

HitmanPro 3.7.9.238
www.hitmanpro.com

   Computer name . . . . : VAIO
   Windows . . . . . . . : 6.1.1.7601.X86/2
   User name . . . . . . : vaio\melanie mok
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2015-03-18 07:30:11
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 13m 9s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 4

   Objects scanned . . . : 1,377,634
   Files scanned . . . . : 45,338
   Remnants scanned  . . : 353,839 files / 978,457 keys

Suspicious files ____________________________________________________________

   C:\Users\melanie mok\Desktop\FRST.exe
      Size . . . . . . . : 1,135,104 bytes
      Age  . . . . . . . : 2.3 days (2015-03-16 00:34:21)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 27600BC2D6D1CBBD1FA5BB7A9157ACCCF3A068A6800ED4B6DC50D24A747F6CAB
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      References
         HKU\S-1-5-21-2912928045-2303475615-2363683268-1003\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Users\melanie mok\Desktop\FRST.exe


Potential Unwanted Programs _________________________________________________

   HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0\ (Sweetpacks)

Cookies _____________________________________________________________________

   C:\Users\melanie mok\AppData\Roaming\Mozilla\Firefox\Profiles\dkqlhdqz.default\cookies.sqlite:doubleclick.net
 




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users