Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

CPU usage through the roof. Possible rootkit?


  • This topic is locked This topic is locked
4 replies to this topic

#1 kurokun

kurokun

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:17 AM

Posted 13 April 2015 - 11:19 PM

So my manager has a work laptop that the office uses as a whole. I got on it today to find thirteen error messages saying Twain.dll Client's 32-Bit Thunking Server had quit working. I open up Windows Task Manager and see that several background proscesses were running amuck. I'm no IT expert but something seems wrong with the computer. I ran a scan with AVG 2015 and it removed 13 trojans, which has certainly helped, but I want to make sure the device is entirely clean. I have ran Farbar Recovery Scan Tool. Logs are posted below. Thanks for your prompt attention.

 

kurokun

 

********************************************************************************************************************************************************************************

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-04-2015
Ran by Alison (administrator) on ALISON-PC on 13-04-2015 23:08:20
Running from C:\Users\Alison\Downloads
Loaded Profiles: Alison (Available profiles: Alison)
Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Realtek Semiconductor) C:\Windows\RTKAUDIOSERVICE.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio64.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VAIOCareService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
(Spotify Ltd) C:\Users\Alison\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe
(SAMSUNG Electornics Co., Ltd.) C:\Users\Alison\AppData\Roaming\Verizon\UA_ar\UA.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(RealNetworks, Inc.) C:\Program Files (x86)\real\realplayer\Update\realsched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCsystray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Windows\RAVCpl64.exe [6453760 2008-10-17] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2008-10-17] (Realtek Semiconductor Corp.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\real\realplayer\update\realsched.exe [296056 2011-12-07] (RealNetworks, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3723728 2015-03-25] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\VESWinlogon-x32: VESWinlogon.dll [X]
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-2073754521-2913423827-1216251937-1000\...\Run: [Google Update] => C:\Users\Alison\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-18] (Google Inc.)
HKU\S-1-5-21-2073754521-2913423827-1216251937-1000\...\Run: [Spotify Web Helper] => C:\Users\Alison\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-04-09] (Spotify Ltd)
HKU\S-1-5-21-2073754521-2913423827-1216251937-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7806232 2015-03-26] (SUPERAntiSpyware)
HKU\S-1-5-21-2073754521-2913423827-1216251937-1000\...\Run: [HP Officejet Pro 8610 (NET)] => C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe [3485728 2013-09-11] (Hewlett-Packard Co.)
HKU\S-1-5-21-2073754521-2913423827-1216251937-1000\...\Run: [Spotify] => C:\Users\Alison\AppData\Roaming\Spotify\Spotify.exe [7112248 2015-04-09] (Spotify Ltd)
HKU\S-1-5-21-2073754521-2913423827-1216251937-1000\...\Policies\Explorer: [TaskbarNoNotification] 1
HKU\S-1-5-21-2073754521-2913423827-1216251937-1000\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-2073754521-2913423827-1216251937-1000\...\MountPoints2: {0858ffcf-4d05-11e3-bc4d-00214fb77054} - G:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-2073754521-2913423827-1216251937-1000\...\MountPoints2: {76a3625b-3de5-11df-bf4c-806e6f6e6963} - G:\Seagate\Installer\InstallSeagateManager.exe
HKU\S-1-5-21-2073754521-2913423827-1216251937-1000\...\MountPoints2: {f5449894-3dcc-11df-80a5-806e6f6e6963} - F:\Setup.exe
HKU\S-1-5-21-2073754521-2913423827-1216251937-1000\...\MountPoints2: {fd58a25f-7e86-11e3-94f5-00214fb77054} - G:\VZW_Software_upgrade_assistant.exe
Startup: C:\Users\Alison\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
Startup: C:\Users\Alison\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android – Samsung.lnk
ShortcutTarget: Verizon Wireless Software Utility Application for Android – Samsung.lnk -> C:\Users\Alison\AppData\Roaming\Verizon\UA_ar\UA.exe (SAMSUNG Electornics Co., Ltd.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=SNYR&bmod=SNYR
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=SNYR&bmod=SNYR
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=SNYR&bmod=SNYR
HKU\S-1-5-21-2073754521-2913423827-1216251937-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=SNYR&bmod=SNYR
SearchScopes: HKLM-x32 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNYR
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNYR
SearchScopes: HKU\S-1-5-21-2073754521-2913423827-1216251937-1000 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNYR_enUS373
SearchScopes: HKU\S-1-5-21-2073754521-2913423827-1216251937-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNYR_enUS373
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-02] (Google Inc.)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2011-12-07] (RealPlayer)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-05-20] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-02] (Google Inc.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-05-30] (Skype Technologies S.A.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-05-20] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-02] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-02] (Google Inc.)
Toolbar: HKU\S-1-5-21-2073754521-2913423827-1216251937-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-02] (Google Inc.)
Handler-x32: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll [2008-09-11] (Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll [2009-11-08] (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-05-30] (Skype Technologies S.A.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.25 205.171.2.25

FireFox:
========
FF ProfilePath: C:\Users\Alison\AppData\Roaming\Mozilla\Firefox\Profiles\781ck56n.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-05-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-05-20] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2010-12-30] (Pando Networks)
FF Plugin-x32: @real.com/nppl3260;version=15.0.0.198 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2011-12-07] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.0.198 -> c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll [2011-12-07] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.0.198 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2011-12-07] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.0.198 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2011-12-07] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=15.0.0.198 -> c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll [2011-12-07] (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2073754521-2913423827-1216251937-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Alison\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-03-26] (Google)
FF Plugin HKU\S-1-5-21-2073754521-2913423827-1216251937-1000: @talk.google.com/O1DPlugin -> C:\Users\Alison\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-03-26] (Google)
FF Plugin HKU\S-1-5-21-2073754521-2913423827-1216251937-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Alison\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin HKU\S-1-5-21-2073754521-2913423827-1216251937-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Alison\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin HKU\S-1-5-21-2073754521-2913423827-1216251937-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2010-12-30] (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll [2011-12-07] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprjplug.dll [2011-12-07] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpjplug.dll [2011-12-07] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Alison\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-03-26] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Alison\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-03-26] (Google)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-03-26]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-04-01]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-12-07]

Chrome:
=======
CHR HomePage: Default -> hxxp://yahoo.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Alison\AppData\Local\Google\Chrome\Application\41.0.2272.118\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Alison\AppData\Local\Google\Chrome\Application\41.0.2272.118\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Alison\AppData\Local\Google\Chrome\Application\41.0.2272.118\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Skype Click to Call) - C:\Users\Alison\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.10.0.9560_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.240.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U24) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer™ HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (RealNetworks™ Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: C:\Users\Alison\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Alison\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-15]
CHR Extension: (Google Search) - C:\Users\Alison\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-15]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Alison\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2010-08-21]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Alison\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12]
CHR Extension: (Skype Click to Call) - C:\Users\Alison\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-06-19]
CHR Extension: (Google Wallet) - C:\Users\Alison\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\Alison\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-15]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-12-07]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-05-30]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-09-05] (SUPERAntiSpyware.com)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3416016 2015-03-25] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [309232 2015-03-25] (AVG Technologies CZ, s.r.o.)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
S3 MSCSPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [53248 2008-05-20] (Sony Corporation) [File not signed]
S3 PACSPTISVR; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [53248 2008-05-20] (Sony Corporation) [File not signed]
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [24576 2008-09-11] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2008-08-08] (Intuit Inc.) [File not signed]
R2 RtkAudioService; C:\Windows\RtkAudioService.exe [134656 2008-10-17] (Realtek Semiconductor) [File not signed]
S3 SampleCollector; C:\Program Files\Sony\VAIO Care\collsvc.exe [167424 2009-09-16] (Intel Corporation) [File not signed]
S3 SOHCImp; C:\Program Files (x86)\Sony\VAIO Media plus\SOHCImp.exe [103712 2008-10-21] (Sony Corporation)
S3 SOHDms; C:\Program Files (x86)\Sony\VAIO Media plus\SOHDms.exe [353568 2008-10-21] (Sony Corporation)
S3 SOHDs; C:\Program Files (x86)\Sony\VAIO Media plus\SOHDs.exe [62752 2008-10-21] (Sony Corporation)
S3 SPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe [77824 2008-05-20] (Sony Corporation) [File not signed]
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [73728 2008-09-08] (Sony Corporation) [File not signed]
R2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [446464 2008-09-03] (Sony Corporation) [File not signed]
R3 Vcsw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [279848 2008-09-08] (Sony Corporation)
R2 VzCdbSvc; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [192512 2008-09-08] (Sony Corporation) [File not signed]
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2008-04-24] (ArcSoft, Inc.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [281056 2015-03-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [341472 2015-02-03] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [133088 2015-02-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [284128 2015-02-25] (AVG Technologies CZ, s.r.o.)
S3 copperhd; C:\Windows\System32\drivers\copperhd.sys [13824 2006-05-24] (Razer (Asia-Pacific) Pte Ltd)
S1 DMICall; C:\Windows\SysWOW64\DRIVERS\DMICall.sys [10216 2008-08-22] (Sony Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-04-13] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation)
R2 risdptsk; C:\Windows\System32\DRIVERS\risdsn64.sys [76288 2008-10-22] (REDC)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 igfx; system32\DRIVERS\igdkmd64.sys [X]
S3 IntcHdmiAddService; system32\drivers\IntcHdmi.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-13 23:08 - 2015-04-13 23:09 - 00027365 _____ () C:\Users\Alison\Downloads\FRST.txt
2015-04-13 22:29 - 2015-04-13 23:08 - 00000000 ____D () C:\FRST
2015-04-13 22:27 - 2015-04-13 22:27 - 02096640 _____ (Farbar) C:\Users\Alison\Downloads\FRST64.exe
2015-04-13 21:39 - 2015-04-13 21:39 - 00000000 ____D () C:\ProgramData\IsolatedStorage
2015-04-13 21:38 - 2015-04-13 21:38 - 00001887 _____ () C:\Users\Alison\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileHippo App Manager.lnk
2015-04-13 21:38 - 2015-04-13 21:38 - 00000000 ____D () C:\Program Files (x86)\FileHippo.com
2015-04-13 21:36 - 2015-04-13 21:36 - 00849352 _____ () C:\Users\Alison\Downloads\AppManagerSetup_1.47.exe
2015-04-13 21:29 - 2015-04-13 21:29 - 00000000 ____D () C:\Users\Alison\AppData\Roaming\AVG2015
2015-04-13 21:28 - 2015-04-13 22:00 - 00000000 ____D () C:\ProgramData\AVG2015
2015-04-13 21:28 - 2015-04-13 21:28 - 00000872 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2015-04-13 21:28 - 2015-04-13 21:28 - 00000000 ___HD () C:\$AVG
2015-04-13 21:28 - 2015-04-13 21:28 - 00000000 ____D () C:\Users\Alison\AppData\Roaming\TuneUp Software
2015-04-13 21:28 - 2015-04-13 21:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-04-13 21:26 - 2015-04-13 21:26 - 00000000 ____D () C:\Program Files (x86)\AVG
2015-04-13 21:20 - 2015-04-13 21:22 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-13 21:20 - 2015-04-13 21:20 - 00000941 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-13 21:20 - 2015-04-13 21:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-13 21:20 - 2015-04-13 21:20 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-13 21:20 - 2015-04-13 21:20 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-13 21:20 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-13 21:20 - 2015-03-17 06:15 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-13 21:20 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-13 21:18 - 2015-04-13 22:03 - 00000000 ____D () C:\Users\Alison\AppData\Local\Avg2015
2015-04-13 21:18 - 2015-04-13 22:03 - 00000000 ____D () C:\ProgramData\MFAData
2015-04-13 21:18 - 2015-04-13 21:18 - 00000000 ____D () C:\Users\Alison\AppData\Local\MFAData
2015-04-13 21:17 - 2015-04-13 21:18 - 04818760 _____ (AVG Technologies) C:\Users\Alison\Downloads\avg_free_stb_all_5863p1_177.exe
2015-04-13 21:16 - 2015-04-13 21:19 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Alison\Downloads\mbam-setup-2.1.4.1018.exe
2015-04-13 10:48 - 2015-04-13 10:48 - 00000285 _____ () C:\Users\Alison\AppData\Roaming\jyhbjui8afd
2015-04-13 10:22 - 2015-04-13 10:22 - 00035840 _____ () C:\Users\Alison\AppData\Roaming\The Notorious B.I.G. - Ready To Die.cue
2015-04-11 18:19 - 2015-04-11 18:19 - 00273600 _____ () C:\Windows\Minidump\Mini041115-01.dmp
2015-04-10 14:45 - 2015-04-10 14:45 - 00231424 _____ () C:\Users\Alison\AppData\Roaming\ase260-emp.rar
2015-04-10 14:45 - 2015-04-10 14:45 - 00000344 _____ () C:\Users\Alison\AppData\Roaming\njyhik9iaa
2015-04-09 16:19 - 2015-04-09 16:20 - 00273600 _____ () C:\Windows\Minidump\Mini040915-02.dmp
2015-04-09 15:25 - 2015-04-11 18:19 - 554683707 _____ () C:\Windows\MEMORY.DMP
2015-04-09 15:25 - 2015-04-09 15:25 - 00273600 _____ () C:\Windows\Minidump\Mini040915-01.dmp
2015-04-09 11:42 - 2015-04-09 11:42 - 00080384 _____ () C:\Users\Alison\Desktop\Payroll (1).xls
2015-04-09 11:08 - 2015-04-09 11:08 - 00088576 _____ () C:\Users\Alison\Downloads\Payroll 3.21.15.xls
2015-04-09 11:04 - 2015-04-09 11:04 - 00015568 _____ () C:\Users\Alison\Downloads\admin review 4.3 (8).xlsx
2015-04-09 11:02 - 2015-04-09 11:02 - 00087552 _____ () C:\Users\Alison\Downloads\WEEK ENDING 3.28.2015.xls
2015-04-09 10:59 - 2015-04-09 11:39 - 00080384 _____ () C:\Users\Alison\Downloads\Payroll (1).xls
2015-04-08 18:38 - 2015-04-08 18:42 - 00000000 ____D () C:\Users\Alison\AppData\Roaming\Local Store
2015-04-08 11:37 - 2015-04-08 11:37 - 00231424 _____ () C:\Users\Alison\AppData\Roaming\gfvid-fa-xvid.avi
2015-04-08 11:37 - 2015-04-08 11:37 - 00000235 _____ () C:\Users\Alison\AppData\Roaming\nyjuikoitg
2015-04-07 08:54 - 2015-04-07 08:54 - 00035840 _____ () C:\Users\Alison\AppData\Roaming\DELPHI~1.cab
2015-04-07 08:54 - 2015-04-07 08:54 - 00000208 _____ () C:\Users\Alison\AppData\Roaming\jhuikloyhj
2015-04-03 14:15 - 2015-04-07 19:32 - 00035328 _____ () C:\Users\Alison\Downloads\Chapman Org Recruiting_exapmple.xls
2015-04-03 14:07 - 2015-04-03 17:15 - 00073216 _____ () C:\Users\Alison\Downloads\FORMULA TO HAVE 2ND INTERVIEWS.xls
2015-04-02 11:58 - 2015-04-02 11:58 - 00154624 _____ () C:\Users\Alison\Downloads\TOM 3_31_2015.xls
2015-04-01 12:00 - 2015-04-01 16:51 - 00013960 _____ () C:\Users\Alison\Downloads\Admin Log 4.4.15 (3).xlsx
2015-04-01 10:07 - 2015-04-01 10:07 - 00013921 _____ () C:\Users\Alison\Downloads\Admin Log 4.4.15 (2).xlsx
2015-03-30 16:42 - 2015-03-30 16:42 - 00013921 _____ () C:\Users\Alison\Documents\Admin Log 4.4.15.xlsx
2015-03-30 16:17 - 2015-03-30 16:17 - 00014193 _____ () C:\Users\Alison\Downloads\Admin Log 4.4.15 (1).xlsx
2015-03-30 15:09 - 2015-03-30 16:28 - 00013921 _____ () C:\Users\Alison\Downloads\Admin Log 4.4.15.xlsx
2015-03-30 11:51 - 2015-03-30 11:51 - 00000145 _____ () C:\Users\Alison\Downloads\linda bailey 6affadfc-b14c-41ab-bd00-34e7f95213da.txt
2015-03-27 13:51 - 2015-03-27 13:51 - 00017699 _____ () C:\Users\Alison\Desktop\How to Enter Recruiting Stats into Merlin.xlsx
2015-03-26 21:29 - 2015-04-13 21:55 - 00005284 _____ () C:\Windows\PFRO.log
2015-03-26 20:19 - 2015-03-26 20:19 - 00000000 ____D () C:\Users\Alison\AppData\Local\Steam
2015-03-26 10:26 - 2015-04-13 23:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-25 11:21 - 2015-03-25 11:21 - 00281056 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2015-03-24 21:49 - 2015-03-24 21:49 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2015-03-24 21:48 - 2015-03-31 22:21 - 00000000 ____D () C:\Users\Alison\AppData\Roaming\HpUpdate
2015-03-24 21:48 - 2015-03-24 21:48 - 00003532 _____ () C:\Windows\System32\Tasks\HPCustParticipation HP Officejet Pro 8610
2015-03-24 21:48 - 2015-03-24 21:48 - 00002103 _____ () C:\Users\Public\Desktop\HP Officejet Pro 8610.lnk
2015-03-24 21:48 - 2015-03-24 21:48 - 00001055 _____ () C:\Users\Public\Desktop\Shop for Supplies - HP Officejet Pro 8610.lnk
2015-03-24 21:48 - 2015-03-24 21:48 - 00000797 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
2015-03-24 21:48 - 2015-03-24 21:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-03-24 21:48 - 2013-09-11 08:07 - 00762400 ____N (Hewlett-Packard Co.) C:\Windows\system32\HPDiscoPM7112.dll
2015-03-24 21:46 - 2015-03-24 21:49 - 00000000 ____D () C:\Program Files (x86)\HP
2015-03-24 21:46 - 2015-03-24 21:46 - 00000000 ____D () C:\ProgramData\HP
2015-03-24 21:45 - 2015-03-24 21:45 - 00000057 _____ () C:\ProgramData\Ament.ini
2015-03-24 21:41 - 2015-03-25 10:00 - 00000000 ____D () C:\Users\Alison\AppData\Local\HP
2015-03-23 09:56 - 2015-03-26 20:23 - 00000000 ____D () C:\Users\Alison\Documents\Leader Binder
2015-03-16 21:01 - 2015-03-16 21:01 - 00243368 _____ () C:\Users\Alison\Downloads\Firefox Setup Stub 36.0.1.exe
2015-03-16 17:56 - 2015-03-16 17:58 - 00010116 _____ () C:\Users\Alison\Documents\Office Jobs.xlsx

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-13 22:43 - 2010-04-08 10:29 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-13 22:41 - 2012-09-17 07:18 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-13 22:20 - 2010-08-21 20:56 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2073754521-2913423827-1216251937-1000UA.job
2015-04-13 22:14 - 2006-11-02 07:46 - 00763650 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-13 22:01 - 2011-09-23 22:48 - 00000000 ____D () C:\Users\Alison\AppData\Local\Spotify
2015-04-13 21:59 - 2011-09-23 22:48 - 00000000 ____D () C:\Users\Alison\AppData\Roaming\Spotify
2015-04-13 21:57 - 2010-04-08 10:29 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-13 21:56 - 2006-11-02 10:22 - 00004016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-13 21:56 - 2006-11-02 10:22 - 00004016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-13 21:55 - 2006-11-02 10:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-13 18:21 - 2012-01-26 00:58 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-04-13 17:20 - 2010-08-21 20:56 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2073754521-2913423827-1216251937-1000Core.job
2015-04-13 01:44 - 2013-02-14 11:21 - 01260345 _____ () C:\Windows\WindowsUpdate.log
2015-04-12 14:38 - 2015-01-15 10:20 - 00000000 ____D () C:\Users\Alison\Desktop\Jimmy Blackburn Stuff
2015-04-11 18:19 - 2013-02-20 10:24 - 00000000 ____D () C:\Windows\Minidump
2015-04-09 10:16 - 2008-10-30 21:17 - 00000012 _____ () C:\Windows\bthservsdp.dat
2015-04-09 10:16 - 2006-11-02 10:42 - 00032568 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-08 03:21 - 2010-04-08 23:49 - 00000000 ____D () C:\Users\Alison\AppData\Roaming\Mozilla
2015-04-07 19:16 - 2013-02-04 20:14 - 00000000 ____D () C:\Users\Alison\Desktop\Cydcor docs
2015-04-06 20:57 - 2013-12-05 20:11 - 00033636 _____ () C:\Users\Alison\Downloads\loas master copy (4).xlsx
2015-04-03 12:24 - 2010-08-21 20:57 - 00002086 _____ () C:\Users\Alison\Desktop\Google Chrome.lnk
2015-03-27 15:48 - 2013-02-27 20:22 - 00000000 ____D () C:\Users\Alison\Desktop\Fios
2015-03-26 21:29 - 2014-05-20 09:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-26 20:25 - 2010-09-25 13:47 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-03-24 21:48 - 2010-04-01 14:32 - 00000000 ____D () C:\Users\Alison
2015-03-24 21:46 - 2013-02-04 11:19 - 00000000 ____D () C:\Program Files\HP
2015-03-16 21:06 - 2014-05-20 09:57 - 00000900 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-16 21:06 - 2014-05-20 09:57 - 00000888 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk

==================== Files in the root of some directories =======

2015-04-13 10:19 - 2015-04-13 10:19 - 0231424 _____ () C:\Users\Alison\AppData\Roaming\03 - Eminem - Guilty Conscience (feat. Dr. Dre).mp3
2015-04-07 09:27 - 2015-04-07 09:27 - 0231424 _____ () C:\Users\Alison\AppData\Roaming\09 This Must Be the Place (Naive Melody).mp3
2015-04-13 10:48 - 2015-04-13 10:48 - 0035840 _____ () C:\Users\Alison\AppData\Roaming\1. Black Out Days.mp3
2015-04-10 14:45 - 2015-04-10 14:45 - 0231424 _____ () C:\Users\Alison\AppData\Roaming\ase260-emp.rar
2010-07-04 18:03 - 2011-01-29 13:08 - 0000173 _____ () C:\Users\Alison\AppData\Roaming\D2Info0
2015-04-07 08:54 - 2015-04-07 08:54 - 0035840 _____ () C:\Users\Alison\AppData\Roaming\DELPHI~1.cab
2010-07-04 18:03 - 2011-01-29 13:06 - 0000008 _____ () C:\Users\Alison\AppData\Roaming\DofusAppId0_1
2010-07-04 18:03 - 2011-01-29 13:05 - 0000008 _____ () C:\Users\Alison\AppData\Roaming\DofusAppId0_2
2010-07-04 18:20 - 2011-01-29 13:09 - 0000008 _____ () C:\Users\Alison\AppData\Roaming\DofusAppId0_3
2010-07-04 19:58 - 2010-08-21 23:57 - 0000008 _____ () C:\Users\Alison\AppData\Roaming\DofusAppId0_4
2010-07-05 12:13 - 2010-08-21 23:57 - 0000008 _____ () C:\Users\Alison\AppData\Roaming\DofusAppId0_5
2010-07-05 18:54 - 2010-08-22 00:58 - 0000008 _____ () C:\Users\Alison\AppData\Roaming\DofusAppId0_6
2015-04-08 11:37 - 2015-04-08 11:37 - 0231424 _____ () C:\Users\Alison\AppData\Roaming\gfvid-fa-xvid.avi
2015-04-07 08:54 - 2015-04-07 08:54 - 0000208 _____ () C:\Users\Alison\AppData\Roaming\jhuikloyhj
2015-04-13 10:48 - 2015-04-13 10:48 - 0000285 _____ () C:\Users\Alison\AppData\Roaming\jyhbjui8afd
2015-04-10 14:45 - 2015-04-10 14:45 - 0000344 _____ () C:\Users\Alison\AppData\Roaming\njyhik9iaa
2015-04-08 11:37 - 2015-04-08 11:37 - 0000235 _____ () C:\Users\Alison\AppData\Roaming\nyjuikoitg
2015-04-09 17:08 - 2015-04-09 17:08 - 0231424 _____ () C:\Users\Alison\AppData\Roaming\Soundgarden - Superunknown - 15 - Like Suicide.mp3
2015-04-13 10:22 - 2015-04-13 10:22 - 0035840 _____ () C:\Users\Alison\AppData\Roaming\The Notorious B.I.G. - Ready To Die.cue
2014-06-03 09:03 - 2014-06-03 09:03 - 0000000 _____ () C:\Users\Alison\AppData\Roaming\wklnhst.dat
2010-04-28 02:00 - 2015-01-25 09:37 - 0007052 _____ () C:\Users\Alison\AppData\Local\d3d9caps.dat
2010-04-01 17:42 - 2012-03-31 07:54 - 0008540 _____ () C:\Users\Alison\AppData\Local\d3d9caps64.dat
2010-04-01 17:42 - 2010-02-18 15:01 - 0010752 _____ () C:\Users\Alison\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-10-01 23:52 - 2010-10-01 23:53 - 0439260 _____ () C:\Users\Alison\AppData\Local\dd_vcredistMSI1391.txt
2011-09-23 22:55 - 2011-09-23 22:55 - 0359196 _____ () C:\Users\Alison\AppData\Local\dd_vcredistMSI5D05.txt
2010-10-01 23:52 - 2010-10-01 23:53 - 0214690 _____ () C:\Users\Alison\AppData\Local\dd_vcredistUI1391.txt
2011-09-23 22:55 - 2011-09-23 22:55 - 0012602 _____ () C:\Users\Alison\AppData\Local\dd_vcredistUI5D05.txt
2010-04-01 17:42 - 2010-03-04 22:02 - 0000036 _____ () C:\Users\Alison\AppData\Local\housecall.guid.cache
2014-12-09 12:30 - 2014-12-09 12:30 - 0000000 _____ () C:\Users\Alison\AppData\Local\{C21993B2-A15D-48F6-9DA3-28A7A1894F45}
2015-03-24 21:45 - 2015-03-24 21:45 - 0000057 _____ () C:\ProgramData\Ament.ini

Some content of TEMP:
====================
C:\Users\Alison\AppData\Local\Temp\KB00136485.exe
C:\Users\Daniel\AppData\Local\Temp\eauninstall.exe
C:\Users\Daniel\AppData\Local\Temp\The Battle for Middle-earth II_uninst.exe
C:\Users\Daniel\AppData\Local\Temp\_is856A.exe
C:\Users\Daniel\AppData\Local\Temp\_isAFF1.exe
C:\Users\Daniel\AppData\Local\Temp\_isB0F0.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-13 22:09

==================== End Of Log ============================

 

 

********************************************************************************************************************************************************************************

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-04-2015
Ran by Alison at 2015-04-13 23:10:06
Running from C:\Users\Alison\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.0.3.13070 - Adobe Systems Inc.)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Alps Pointing-device for VAIO (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version:  - )
ArcSoft Magic-i Visual Effects 2 (HKLM-x32\...\{7BB90344-0647-468E-925A-7F69F7983421}) (Version: 2.0.1.39 - ArcSoft)
ArcSoft WebCam Companion 2 (HKLM-x32\...\{9973498D-EA29-4A68-BE0B-C88D6E03E928}) (Version:  - ArcSoft)
ATI Catalyst Install Manager (HKLM\...\{42CC891B-454A-AB88-3E31-5703A4CAA5C5}) (Version: 3.0.710.0 - ATI Technologies, Inc.)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5863 - AVG Technologies)
AVG 2015 (Version: 15.0.4331 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5863 - AVG Technologies) Hidden
ccc-core-static (x32 Version: 2009.0515.32.42252 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Click to Disc (HKLM-x32\...\{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}) (Version: 1.2.52.09250 - Sony Corporation)
Click to Disc (x32 Version: 1.2.52.09250 - Sony Corporation) Hidden
Click to Disc Editor (HKLM-x32\...\InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}) (Version: 1.2.51 - Sony Corporation)
Click to Disc Editor (x32 Version: 1.2.51 - Sony Corporation) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Curse Client (HKU\S-1-5-21-2073754521-2913423827-1216251937-1000\...\090215de958f1060) (Version: 4.0.1.286 - Curse)
Dolby Control Center (HKLM\...\{D035FBF6-FDEF-487D-89CA-6F9DD07B783F}) (Version: 1.2.0702 - Dolby)
FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version:  - FileHippo.com)
Google Chrome (HKU\S-1-5-21-2073754521-2913423827-1216251937-1000\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{A7365B85-57D8-39EA-BB3E-D20137E92369}) (Version: 5.41.0.0 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
HDAUDIO SoftV92 Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200) (Version:  - )
HP Officejet Pro 8610 Basic Device Software (HKLM\...\{3082CB96-66E8-456D-8326-118A4F5DC0C6}) (Version: 32.0.90.45518 - Hewlett-Packard Co.)
HP Officejet Pro 8610 Help (HKLM-x32\...\{F9569D00-4576-46C8-B6C7-207A4FD39745}) (Version: 32.0.0 - Hewlett Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Impulse (HKLM-x32\...\Impulse) (Version: 1.0 - Stardock)
Impulse (x32 Version: 1.0 - Stardock Corporation) Hidden
Intel® PROSet/Wireless WiFi Software (HKLM\...\{72EEB695-388B-4835-8EA6-0C04545B06B9}) (Version: 12.04.3000 - Intel Corporation)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Java™ SE Runtime Environment 6 (HKLM-x32\...\{3248F0A8-6813-11D6-A77B-00B0D0160000}) (Version: 1.6.0.0 - Sun Microsystems, Inc.)
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
League of Legends (x32 Version: 1.3 - Riot Games) Hidden
Magic: The Gathering — Duels of the Planeswalkers 2012 (HKLM-x32\...\Steam App 49470) (Version:  - )
MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version:  - )
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{67E03279-F703-408F-B4BF-46B5FC8D70CD}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 36.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0.4 (x86 en-US)) (Version: 36.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Music Transfer (HKLM-x32\...\{CE2121C6-C94D-4A73-8EA4-6943F33EE335}) (Version: 1.2.00.17290 - Sony Corporation)
Octoshape add-in for Adobe Flash Player (HKU\S-1-5-21-2073754521-2913423827-1216251937-1000\...\Octoshape add-in for Adobe Flash Player) (Version:  - )
OpenMG Secure Module 5.1.00 (HKLM-x32\...\InstallShield_{C1083DBC-C541-4E8C-91EA-D92397AB9A2C}) (Version: 5.1.00.05200 - Sony Corporation)
OpenMG Secure Module 5.1.00 (x32 Version: 5.1.00.05200 - Sony Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 8.3.1.9 - Electronic Arts, Inc.)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.3.5.2 - Pando Networks Inc.)
Primo (x32 Version: 1.00.0000 - Your Company Name) Hidden
Product Improvement Study for HP Officejet Pro 8610 (HKLM\...\{1A57F90C-DAC0-44A5-8726-46C008DE69C8}) (Version: 32.0.90.45518 - Hewlett-Packard Co.)
QuickBooks Simple Start 2009 (HKLM-x32\...\{9A2F0810-3619-4E86-9072-973FBE1679C5}) (Version: 19.0.4001.703 - Intuit Inc.)
Razer Copperhead (HKLM-x32\...\{28A946E1-E83B-4662-BC7C-23451851489E}) (Version: 5.01 -  Razer USA Ltd.)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 15.0) (Version:  - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 2.62 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Regi (Version: 1.00.0000 - InterVideo Inc.) Hidden
Roxio Easy Media Creator 10 LJ (HKLM-x32\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.1 - Roxio)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.9.0 - SAMSUNG Electronics Co., Ltd.)
Setting Utility Series (HKLM-x32\...\{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}) (Version: 4.2.0.10150 - Sony Corporation)
Sid Meier's Civilization V (HKLM-x32\...\Civilization V) (Version:  - 2K Games, Inc.)
Skins (x32 Version: 2009.0515.32.42252 - ATI) Hidden
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.0.10201 - Skype Technologies S.A.)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Sony Download Taxi 1.5.0.0 (HKLM-x32\...\{B2B30EC0-FB6A-43BB-9B38-0C3B32D75B40}_is1) (Version:  - Sony Corporation)
Sony Picture Utility (HKLM-x32\...\{D5068583-D569-468B-9755-5FBF5848F46F}) (Version: 3.3.01.09300 - Sony Corporation)
Sony Video Shared Library (HKLM-x32\...\{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}) (Version: 3.5.00 - Sony Corporation)
Spotify (HKU\S-1-5-21-2073754521-2913423827-1216251937-1000\...\Spotify) (Version: 1.0.3.101.gbfa97dfe - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1032 - SUPERAntiSpyware.com)
SupportSoft Assisted Service (HKLM-x32\...\{5A3F6A80-7913-475E-8B96-477A952CFA43}) (Version: 15 - SupportSoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VAIO BD Menu Data (HKLM-x32\...\{DF0415CC-0563-407F-B560-9B7F277122C5}) (Version: 1.2.00.06090 - Sony Corporation)
VAIO Care (HKLM-x32\...\{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}) (Version: 5.1.0.13200 - Sony Corporation)
VAIO Care (x32 Version: 5.1.0.13200 - Sony Corporation) Hidden
VAIO Content Folder Setting (HKLM-x32\...\{23825B69-36DF-4DAD-9CFD-118D11D80F16}) (Version: 2.1.0.08260 - Sony Corporation)
VAIO Content Folder Watcher (HKLM-x32\...\{327B75F0-92AF-420A-988F-FA596A218E0B}) (Version: 1.0.01.09030 - Sony Corporation)
VAIO Content Folder Watcher (x32 Version: 1.0.01.09030 - Sony Corporation) Hidden
VAIO Content Metadata Intelligent Analyzing Manager (HKLM-x32\...\{ECB5774A-A39B-4419-A7D3-92F49C0FCAB3}) (Version: 3.3.0.10012 - Sony Corporation)
VAIO Content Metadata Intelligent Analyzing Manager (x32 Version: 3.3.0.10012 - Sony Corporation) Hidden
VAIO Content Metadata Manager Setting (HKLM-x32\...\{EADE97A7-E7AA-43FD-A042-92A68E0187A6}) (Version: 3.3.0.09300 - Sony Corporation)
VAIO Content Metadata Manager Setting (x32 Version: 3.3.0.09300 - Sony Corporation) Hidden
VAIO Content Metadata XML Interface Library (HKLM-x32\...\{E3453B1B-C91B-4C48-B046-8DF635DD46F2}) (Version: 3.3.0.09182 - Sony Corporation)
VAIO Content Metadata XML Interface Library (x32 Version: 3.3.0.09182 - Sony Corporation) Hidden
VAIO Control Center (HKLM-x32\...\{72042FA6-5609-489F-A8EA-3C2DD650F667}) (Version: 3.2.0.09120 - Sony Corporation)
VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.0.04.01170 - Sony Corporation)
VAIO DVD Menu Data Basic (HKLM-x32\...\{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}) (Version: 1.0.00.08130 - Sony Corporation)
VAIO Entertainment Platform (HKLM-x32\...\{6B1F20F2-6321-4669-A58C-33DF8E7517FF}) (Version: 3.2.3.10070 - Sony Corporation)
VAIO Entertainment Platform (x32 Version: 3.2.3.10070 - Sony Corporation) Hidden
VAIO Event Service (HKLM-x32\...\{C7477742-DDB4-43E5-AC8D-0259E1E661B1}) (Version: 4.2.0.10172 - Sony Corporation)
VAIO Help and Support (HKLM-x32\...\{D47FE987-EA3D-424B-9886-B752501D7CE7}) (Version: 7.00.1023.FW - Sony Corporation)
VAIO Launcher (HKLM-x32\...\{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}) (Version: 2.2.0.09090 - Sony Corporation)
VAIO Media plus (HKLM-x32\...\{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}) (Version: 1.2.0.10230 - Sony Corporation)
VAIO Media plus (x32 Version: 1.2.0.10230 - Sony Corporation) Hidden
VAIO Media plus Opening Movie (HKLM-x32\...\{6BF03C88-C06A-48DC-B9A1-FE72B24E5FA9}) (Version: 1.2.0.09050 - Sony Corporation)
VAIO Movie Story (HKLM-x32\...\{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}) (Version: 1.3.01.08060 - Sony Corporation)
VAIO Movie Story (x32 Version: 1.3.01.08060 - Sony Corporation) Hidden
VAIO Movie Story Template Data (HKLM-x32\...\{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}) (Version: 1.3.00.06120 - Sony Corporation)
VAIO MusicBox (HKLM-x32\...\{4EA55D20-27FB-45D7-8726-147E8A5F6C62}) (Version: 2.1.1.09160 - Sony Corporation)
VAIO MusicBox Sample Music (HKLM-x32\...\{98FC7A64-774B-49B5-B046-4B4EBC053FA9}) (Version: 1.1.00.14140 - Sony Corporation)
VAIO My Memory Center (HKLM-x32\...\{72B5983C-80C7-4225-BA72-E92AE1D59C62}) (Version: 2.00.1029 - Sony)
VAIO OOBE and Welcome Center (HKLM-x32\...\{1B500D37-E7CF-480B-8054-8A563594EC4E}) (Version: 7.00.1022.US - Sony Corporation)
VAIO Original Function Setting (HKLM-x32\...\{A63E7492-A0BC-4BB9-89A7-352965222380}) (Version: 1.5.00.08150 - Sony Corporation)
VAIO Power Management (HKLM-x32\...\{5F5867F0-2D23-4338-A206-01A76C823924}) (Version: 3.2.0.10200 - Sony Corporation)
VAIO Presentation Support (HKLM-x32\...\{2018C019-30D9-4240-8C01-0865C10DCF5A}) (Version: 1.1.0.08250 - Sony Corporation)
VAIO Startup Assistant (HKLM-x32\...\{DFD0E9A9-F24A-492B-8975-8C938E32408F}) (Version: 4.00.1030 - Sony)
VAIO Survey (HKLM-x32\...\{34B37A74-125E-4406-87BA-E4BD3D097AE5}) (Version: 6.00.0722 - Sony Corporation)
VAIO Update 4 (HKLM-x32\...\{83CDA18E-0BF3-4ACA-872C-B4CDABF2360E}) (Version: 4.0.0.08280 - Sony Corporation)
VAIO Wallpaper Contents (HKLM-x32\...\{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}) (Version: 1.3.0.10310 - Sony Corporation)
VAIO Wireless Wizard (HKLM-x32\...\{BCED773C-99EE-48DD-8915-25733F69F0A8}) (Version: 2.00.1013 - Sony)
Verizon Wireless Software Utility Application for Android - Samsung (HKLM-x32\...\{041E914E-7B73-4E8B-967F-B7FFC527FF80}) (Version: 2.14.0106 - Samsung Electronics Co., Ltd.)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WIDCOMM Bluetooth Software 6.2.0.5800 (HKLM\...\{E464702F-5433-46EC-8F65-159276C0A54F}) (Version: 6.2.0.5800 - Broadcom Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinDVD BD for VAIO (HKLM-x32\...\InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}) (Version: 8.0-B20.169 - InterVideo Inc.)
WinDVD BD for VAIO (x32 Version: 8.0-B20.169 - InterVideo Inc.) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2073754521-2913423827-1216251937-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Alison\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2073754521-2913423827-1216251937-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Alison\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2073754521-2913423827-1216251937-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Alison\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2073754521-2913423827-1216251937-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Alison\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2073754521-2913423827-1216251937-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Alison\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2073754521-2913423827-1216251937-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\Alison\AppData\Local\Google\Chrome\Application\41.0.2272.118\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2073754521-2913423827-1216251937-1000_Classes\CLSID\{87212e28-32e2-415f-a404-bed106e51921}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2073754521-2913423827-1216251937-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Alison\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2073754521-2913423827-1216251937-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Alison\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2073754521-2913423827-1216251937-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Alison\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2073754521-2913423827-1216251937-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Alison\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2073754521-2913423827-1216251937-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Alison\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2073754521-2913423827-1216251937-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Alison\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 07:34 - 2006-09-18 16:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0EEA925D-9B08-409D-A1B4-8AD69B30D09E} - System32\Tasks\VAIO Care => C:\Program Files\Sony\VAIO Care\VCsystray.exe [2009-12-04] (Sony Corporation)
Task: {1715ABD0-BFF1-4E6C-A1A0-2BF4650C6985} - System32\Tasks\VAIO Care Service => C:\Program Files\Sony\VAIO Care\VAIOCareService.exe [2009-12-04] (Sony Corporation)
Task: {2C7179E8-B618-4B1D-9432-622CE333CD7A} - System32\Tasks\{3F6500A7-40DD-45D0-8C32-BC15A44794C2} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Blizzard Entertainment\StarCraft II\Uninstall.exe"
Task: {421BDD1B-19B8-4A08-A8EE-F001ED1C95DF} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2073754521-2913423827-1216251937-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2011-11-08] (RealNetworks, Inc.)
Task: {4D10579F-894C-41BB-927C-EF60870E5DD2} - System32\Tasks\{24E4D98E-4B4A-4CB3-AAE2-E582585025C9} => pcalua.exe -a C:\SonySupport\2010-04-01\04.49PM\ITAOTH-00215761-1060.EXE -d C:\SonySupport\2010-04-01\04.49PM
Task: {6207F368-9565-40A9-AF14-D73573BBE735} - System32\Tasks\SONY\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe [2008-08-28] (Sony Corporation)
Task: {71AFA5BD-6AF1-4A04-BD0D-F386F2A4295F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2073754521-2913423827-1216251937-1000UA => C:\Users\Alison\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {8733FBF0-8FA7-41C7-B66F-C9A9F57D85CE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {9D749AA6-A08C-4E49-AA9A-2E31C2649615} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2073754521-2913423827-1216251937-1000Core => C:\Users\Alison\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {A7AB108A-E765-439D-AAE0-10D4C13DD0B1} - System32\Tasks\{0FA9B045-1D7D-4134-BAB0-83E82422B73D} => pcalua.exe -a "C:\Program Files (x86)\Steam\steam.exe" -c steam://uninstall/630
Task: {A955315E-F2F5-4850-ABE3-F93CE95C3D4D} - System32\Tasks\SONY\VAIO Wallpaper Setting Tool\VAIO Wallpaper Setting Tool => C:\Program Files (x86)\Sony\VAIO Wallpaper Setting Tool\VWSet.exe [2008-06-27] (Sony Corporation)
Task: {AC138FCA-9FEF-4BE7-91BD-AA934DBAE40B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {AF2CD98E-0CB2-4053-AD6A-D77ADF0F9F6E} - System32\Tasks\{63238E04-D74A-4695-B521-9FEDC0A27707} => pcalua.exe -a C:\SonySupport\2010-04-01\04.49PM\SOASUS-00209813-1020.EXE -d C:\SonySupport\2010-04-01\04.49PM
Task: {BBD51FAA-283B-4F1A-8705-047981C43349} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2073754521-2913423827-1216251937-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2011-11-08] (RealNetworks, Inc.)
Task: {D0B0EE0C-40FF-45C8-BAF0-4ECB8DA3DA1D} - System32\Tasks\{03B4ACC0-1DBA-47F4-B7C6-064C6D0AF9E0} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-05-08] (Skype Technologies S.A.)
Task: {D6FC68BA-D502-4493-ACFA-09840BF82F3E} - System32\Tasks\HPCustParticipation HP Officejet Pro 8610 => C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPCustPartic.exe [2013-09-11] (Hewlett-Packard Co.)
Task: {D8F8EC0D-4F29-4161-BEC7-D2B91FD4E376} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)
Task: {FA255F96-2956-4E42-894D-1A7B76E94BEE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2073754521-2913423827-1216251937-1000Core.job => C:\Users\Alison\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2073754521-2913423827-1216251937-1000UA.job => C:\Users\Alison\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2007-09-06 09:27 - 2007-09-06 09:27 - 01331712 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2009-05-21 13:48 - 2009-05-21 13:48 - 00335360 _____ () C:\Program Files\Intel\WiFi\bin\IWMSPROV.DLL
2008-10-30 21:55 - 2009-05-14 21:22 - 00120320 _____ () C:\Windows\system32\atitmm64.dll
2010-04-01 16:06 - 2008-10-17 20:19 - 00010752 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESBasePS.dll
2010-04-01 16:06 - 2008-10-17 20:19 - 00009728 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSubPS.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2073754521-2913423827-1216251937-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Alison\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
DNS Servers: 192.168.0.1 - 205.171.3.25

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: YahooAUService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk => C:\Windows\pss\QuickBooks Update Agent.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Alison^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip => C:\Windows\pss\CurseClientStartup.ccip.Startup
MSCONFIG\startupfolder: C:^Users^Alison^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Impulse Now.lnk => C:\Windows\pss\Impulse Now.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Alison^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk => C:\Windows\pss\MagicDisc.lnk.Startup
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AML => "C:\Program Files (x86)\Sony\VAIO Launcher\AML.exe" InitApp
MSCONFIG\startupreg: Apoint => C:\Program Files\Apoint\Apoint.exe
MSCONFIG\startupreg: CardScanAgent => "C:\Program Files (x86)\CardScan\CardScan\CardScanAgent.exe"
MSCONFIG\startupreg: Google Update => "C:\Users\Alison\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: Intuit SyncManager => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe  startup
MSCONFIG\startupreg: ISBMgr.exe => "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: OneCareUI => "C:\Program Files (x86)\Microsoft Windows OneCare Live\winssnotify.exe"
MSCONFIG\startupreg: SpybotSD TeaTimer => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\real\realplayer\update\realsched.exe"  -osboot
MSCONFIG\startupreg: Unattend0000000001{E6D24D4E-644E-43D2-9333-3E7879127D0E} => %PROGRAMFILES%\Sony\First Experience\VAIOWelcome.exe
MSCONFIG\startupreg: VAIORegistration => "C:\Program Files\Sony\First Experience\WelcomeLauncher.exe"
MSCONFIG\startupreg: VAIOSurvey => "C:\Program Files (x86)\Sony\VAIO Survey\VAIO Sat Survey.exe"
MSCONFIG\startupreg: VWLASU => "C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe"
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
MSCONFIG\startupreg: WindowsWelcomeCenter => rundll32.exe oobefldr.dll,ShowWelcomeCenter

==================== Accounts: =============================

Administrator (S-1-5-21-2073754521-2913423827-1216251937-500 - Administrator - Disabled)
Alison (S-1-5-21-2073754521-2913423827-1216251937-1000 - Administrator - Enabled) => C:\Users\Alison
Guest (S-1-5-21-2073754521-2913423827-1216251937-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/13/2015 09:58:06 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/13/2015 09:58:06 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/13/2015 09:58:06 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/13/2015 09:58:06 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/13/2015 09:56:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/13/2015 09:56:11 PM) (Source: VzCdbSvc) (EventID: 7) (User: )
Description: Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error code = 0x80042019)

Error: (04/13/2015 09:55:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application EvtEng.exe, version 12.4.3.0, time stamp 0x4a15df82, faulting module EvtEng.exe, version 12.4.3.0, time stamp 0x4a15df82, exception code 0x40000015, fault offset 0x000000000009a3ce,
process id 0x864, application start time 0xEvtEng.exe0.

Error: (04/13/2015 09:36:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application twunk_32.exe, version 1.7.1.0, time stamp 0x4549b6e1, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x0697a994,
process id 0x1a04, application start time 0xtwunk_32.exe0.

Error: (04/13/2015 09:11:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application twunk_32.exe, version 1.7.1.0, time stamp 0x4549b6e1, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x04db2994,
process id 0x3ffc, application start time 0xtwunk_32.exe0.

Error: (04/13/2015 09:09:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application twunk_32.exe, version 1.7.1.0, time stamp 0x4549b6e1, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x052942d4,
process id 0x1840, application start time 0xtwunk_32.exe0.


System errors:
=============
Error: (04/13/2015 09:57:06 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)

Error: (04/13/2015 09:56:56 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (04/13/2015 09:56:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Intel® PROSet/Wireless Event Log1

Error: (04/13/2015 09:56:12 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: DMICall

Error: (04/13/2015 09:55:52 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:42:38 PM on 4/13/2015 was unexpected.

Error: (04/13/2015 09:55:41 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\DRIVERS\DMICall.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (04/12/2015 04:56:35 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer DANOFFICEPC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{50D1CCF0-718E-4C39-87EA-039DE22ED008}.
The master browser is stopping or an election is being forced.

Error: (04/12/2015 04:20:33 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer DANOFFICEPC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{50D1CCF0-718E-4C39-87EA-039DE22ED008}.
The master browser is stopping or an election is being forced.

Error: (04/11/2015 06:20:44 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)

Error: (04/11/2015 06:20:43 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2015-04-13 23:09:57.078
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-04-13 23:09:56.781
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-04-13 23:09:56.407
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-04-13 23:09:56.126
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-04-13 23:09:55.705
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-04-13 23:09:55.440
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-04-13 23:09:55.143
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-04-13 23:09:54.878
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-04-13 23:09:54.238
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidsdrivera.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-04-13 23:09:53.973
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidsdrivera.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU P8600 @ 2.40GHz
Percentage of memory in use: 62%
Total physical RAM: 4062.12 MB
Available physical RAM: 1517.43 MB
Total Pagefile: 8329.5 MB
Available Pagefile: 6122.46 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:286.79 GB) (Free:175.73 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive f: (HP OJ8610) (CDROM) (Total:0.31 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 63E859F7)
Partition 1: (Not Active) - (Size=11.3 GB) - (Type=27)
Partition 2: (Active) - (Size=286.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================



BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:07:17 AM

Posted 16 April 2015 - 08:02 PM

hi kurokun,

 

Iam shelf life and will try to help you. TWAIN.dll refers to a imaging device like a scanner or camera. (Technology Without a Intresting Name). But that should be the least of your worries.

We can get a closer look for any potential malware if you want. Normally workplaces have there own people that take care of these things (IT). That must not be the case for your place? Post back if you want to proceed and we can see if its all cleaned up.

 


How Can I Reduce My Risk to Malware?


#3 kurokun

kurokun
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:17 AM

Posted 16 April 2015 - 10:44 PM

So after this post things went really really bad. I got blue screen of death and then it shut down, booted back up, and system repair launched saying it couldn't fix the problem. I ran bootrec.exe from the command prompt and it told me that Windows is no longer on the device so its pretty dead. I'm going to buy a liscence and basically start from scratch. Thanks so much though!

#4 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:07:17 AM

Posted 17 April 2015 - 01:14 PM

Ok. thanks for the update. Good luck.


How Can I Reduce My Risk to Malware?


#5 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:07:17 AM

Posted 04 May 2015 - 05:12 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users