Solved Virus/Malware Removal

Java13 · Jul 20, 2015

Hello! Lately my computer has been running terribly slow. I thought it was just bad internet but it's also running extremely slow when I'm clicking the start menu or the file manager or things like that. It would not take me to the task manager on ctr alt delete, so I perused some threads on this site, and after checking the path and system root, I've determined there must be a virus. I have run my anti virus software (VIPRE, up to date) multiple times and the problem is still not fixed.

Heres the logs that were generated. They are quite long so of course I'm worried it must be something really bad.

I noticed that I have not updated windows (in Lord knows how long) and so I'm thinking I'll start with that. I only just noticed it when I was running this scan so I figured I'd wait and see if anyone could help explain to me what all this means and what I can do to fix it.

Any help would be so greatly appreciated!

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-07-2015
Ran by Elizabeth (administrator) on ELIZABETH-VAIO on 20-07-2015 21:15:32
Running from C:\Users\Elizabeth\Downloads
Loaded Profiles: Elizabeth (Available Profiles: Elizabeth)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Boot Manager\ActiveDelayDeviceService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(GFI Software Development Ltd.) C:\Program Files (x86)\GFI\LanGuard 11 Agent\lnssatt.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(ThreatTrack Security, Inc.) C:\Program Files (x86)\VIPRE\SBPIMSvc.exe
(Hewlett-Packard) C:\Program Files (x86)\ExamSoft\SofTest 11.0\Examsoft.ShieldRunner.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Examsoft Worldwide Inc.) C:\Program Files (x86)\ExamSoft\SofTest 11.0\Examsoft.SoftShield.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(Western Digital) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital ) C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Western Digital ) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Google Inc.) C:\Users\Elizabeth\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIGBA.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\pnamain.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Ask) C:\Program Files (x86)\Ask.com\Updater\Updater.exe
(ThreatTrack Security, Inc.) C:\Program Files (x86)\VIPRE\SBAMTray.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
(ThreatTrack Security, Inc.) C:\Program Files (x86)\VIPRE\SBAMSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
() C:\Program Files\Sony\VAIO Care\esrv\esrv.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
() C:\Program Files (x86)\Sony\Keyboard Shortcuts\KeyboardShortcuts.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
() C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Digital Delivery Networks, Inc.) C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
(Sony of America Corporation) C:\Program Files\Sony\VAIO Care\listener.exe
(Digital Delivery Networks, Inc.) C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Google Inc.) C:\Users\Elizabeth\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Elizabeth\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Elizabeth\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Elizabeth\AppData\Local\Google\Chrome\Application\chrome.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-I Visual Effects 2\uCamMonitor.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Improvement\vim.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Improvement\vim.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAdmin.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfica32.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Users\Elizabeth\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-02-20] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-02-20] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2884880 2012-03-19] (Synaptics Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [506712 2011-02-03] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-09] (Intel Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [60552 2011-09-20] (Sony Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] => c:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [693608 2012-02-21] (Sony Corporation)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5235608 2012-04-30] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [ROC_ROC_JULY_P1] => "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
HKLM-x32\...\Run: [ApnUpdater] => C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1561768 2012-05-04] (Ask)
HKLM-x32\...\Run: [SBAMTray] => C:\Program Files (x86)\VIPRE\SBAMTray.exe [3216272 2013-09-05] (ThreatTrack Security, Inc.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [380088 2012-07-27] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [976320 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [847872 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2041430264-2399561070-413413978-1000\...\Run: [Google Update] => C:\Users\Elizabeth\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-06-18] (Google Inc.)
HKU\S-1-5-21-2041430264-2399561070-413413978-1000\...\Run: [MusicManager] => C:\Users\Elizabeth\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7646208 2015-05-29] (Google Inc.)
HKU\S-1-5-21-2041430264-2399561070-413413978-1000\...\Run: [GoogleChromeAutoLaunch_BC42A7D22EA4C9EEEC843EF2870E3FB5] => C:\Users\Elizabeth\AppData\Local\Google\Chrome\Application\chrome.exe [813896 2015-07-13] (Google Inc.)
HKU\S-1-5-21-2041430264-2399561070-413413978-1000\...\Run: [EPSON WorkForce 630 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGBA.EXE [224768 2010-01-12] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2041430264-2399561070-413413978-1000\...\Run: [WorkForce 630(Network)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGBA.EXE [224768 2010-01-12] (SEIKO EPSON CORPORATION)
AppInit_DLLs-x32: C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll => C:\Program Files (x86)\Citrix\ICA Client\RSHook.dll [257208 2012-07-27] (Citrix Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Receiver.lnk [2014-06-29]
ShortcutTarget: Receiver.lnk -> C:\Windows\Installer\{961882FF-663F-47D2-8588-C9943C5E6A26}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe ()
Startup: C:\Users\Elizabeth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2013-01-14]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2041430264-2399561070-413413978-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sony.msn.com
HKU\S-1-5-21-2041430264-2399561070-413413978-1000\Software\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://sony.msn.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.funmoods.com/results.p...BtCtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1076241928
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.funmoods.com/results.p...BtCtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1076241928
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.funmoods.com/results.p...BtCtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1076241928
SearchScopes: HKLM-x32 -> Backup.Old.DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.funmoods.com/results.p...BtCtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1076241928
SearchScopes: HKLM-x32 -> {5D60AD9C-0AA9-5572-367C-60A381D2B97C} URL = http://www.bing.com/search?q={searchTerms}&form=SNYVDF&pc=MASA&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2041430264-2399561070-413413978-1000 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://isearch.avg.com/search?cid=...51e9f1f5e&lang=en&ds=ft011&pr=sa&d=2012-08-03 15:16:53&v=12.2.5.32&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2041430264-2399561070-413413978-1000 -> Backup.Old.DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
SearchScopes: HKU\S-1-5-21-2041430264-2399561070-413413978-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.funmoods.com/results.p...BtCtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1076241928
SearchScopes: HKU\S-1-5-21-2041430264-2399561070-413413978-1000 -> {5D60AD9C-0AA9-5572-367C-60A381D2B97C} URL =
SearchScopes: HKU\S-1-5-21-2041430264-2399561070-413413978-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://isearch.avg.com/search?cid=...51e9f1f5e&lang=en&ds=ft011&pr=sa&d=2012-08-03 15:16:53&v=12.2.5.32&sap=dsp&q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-07-04] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-07-04] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Funmoods Helper Object -> {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} -> C:\PROGRA~2\Funmoods\1.5.23.22\bh\escort.dll No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2015-07-04] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: VIPRE Search Guard Helper -> {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} -> C:\Program Files (x86)\VIPRE\VSGN.dll [2013-09-05] ()
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-09-15] (Microsoft Corporation.)
BHO-x32: Tracker Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2012-05-04] (Ask)
BHO-x32: WeCareReminder Class -> {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} -> C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll [2012-07-11] (We-Care.com)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2015-07-04] (Oracle Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-09-15] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Funmoods Toolbar - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\PROGRA~2\Funmoods\1.5.23.22\escorTlbr.dll No File
Toolbar: HKLM-x32 - Tracker Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2012-05-04] (Ask)
Toolbar: HKLM-x32 - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - C:\Program Files (x86)\VIPRE\VSGN.dll [2013-09-05] ()
Toolbar: HKU\S-1-5-21-2041430264-2399561070-413413978-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler-x32: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files (x86)\VIPRE\VSGN.dll [2013-09-05] ()
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{154B617A-3C70-4FE0-B386-C354D40ED8F5}: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-14] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.80.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-07-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.80.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-07-04] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-14] ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2012-07-27] (Citrix Systems, Inc.)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-03-23] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-03-23] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.80.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-07-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.80.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2015-07-04] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @playstation.com/PsndlCheck,version=1.00 -> C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll [2011-08-03] (Sony Computer Entertainment Inc.)
FF Plugin-x32: @sony.com/ReaderDesktop -> C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll [2011-10-07] (Sony Corporation)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files (x86)\Sony\Media Go\npmediago.dll [2011-08-02] (Sony Network Entertainment International LLC)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-04-14] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-04-29] (Adobe Systems Inc.)
FF Plugin HKU\.DEFAULT: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-2041430264-2399561070-413413978-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-2041430264-2399561070-413413978-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Elizabeth\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-2041430264-2399561070-413413978-1000: @talk.google.com/O1DPlugin -> C:\Users\Elizabeth\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-2041430264-2399561070-413413978-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Elizabeth\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-20] (Google Inc.)
FF Plugin HKU\S-1-5-21-2041430264-2399561070-413413978-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Elizabeth\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-20] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Elizabeth\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Elizabeth\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)

Chrome:
=======
CHR Profile: C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Funmoods) - C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh [2014-04-25]
CHR Extension: (AdBlock) - C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-02-02]
CHR Extension: (We-Care Reminder) - C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm [2014-04-25]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-27]
CHR Extension: (Google Wallet) - C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-01]
CHR HKLM\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\ELIZAB~1\AppData\Local\funmoods.crx [2012-07-30]
CHR HKLM\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\ELIZAB~1\AppData\Local\funmoods-speeddial.crx [2012-07-30]
CHR HKU\S-1-5-21-2041430264-2399561070-413413978-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\ELIZAB~1\AppData\Local\funmoods.crx [2012-07-30]
CHR HKU\S-1-5-21-2041430264-2399561070-413413978-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\ELIZAB~1\AppData\Local\funmoods-speeddial.crx [2012-07-30]
CHR HKLM-x32\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\ELIZAB~1\AppData\Local\funmoods.crx [2012-07-30]
CHR HKLM-x32\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\ELIZAB~1\AppData\Local\funmoods-speeddial.crx [2012-07-30]
CHR HKLM-x32\...\Chrome\Extension: [ippkomaaonokjnfjoikaemidanojkfmm] - C:\ProgramData\WeCareReminder\\wecarereminderro.crx [2012-07-11]
StartMenuInternet: Google Chrome - C:\Users\Elizabeth\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 ActiveDelayDeviceService; C:\Program Files (x86)\Sony\VAIO Boot Manager\ActiveDelayDeviceService.exe [78472 2011-09-20] (Sony Corporation)
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe [427432 2013-02-22] ()
R2 gfi_lanss11_attservice; C:\Program Files (x86)\GFI\LanGuard 11 Agent\lnssatt.exe [133496 2012-11-23] (GFI Software Development Ltd.)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [127320 2012-03-23] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [162648 2012-03-23] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2012-07-31] (Hewlett-Packard) [File not signed]
R2 Oasis2Service; C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [61440 2013-07-02] (Digital Delivery Networks, Inc.) [File not signed]
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 PMBDeviceInfoProvider; c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [473960 2012-02-21] (Sony Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2012-07-31] (Hewlett-Packard) [File not signed]
U2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [258048 2013-03-04] (Sony Corporation) [File not signed]
R2 SBAMSvc; C:\Program Files (x86)\VIPRE\SBAMSvc.exe [3937472 2013-09-05] (ThreatTrack Security, Inc.)
R2 SBPIMSvc; C:\Program Files (x86)\VIPRE\SBPIMSvc.exe [176016 2013-09-05] (ThreatTrack Security, Inc.)
R2 SoftshieldService; C:\Program Files (x86)\Examsoft\Softest 11.0\Examsoft.ShieldRunner.exe [67392 2014-06-23] (Hewlett-Packard)
S3 Sony SCSI Helper Service; C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe [73728 2011-09-23] (Sony Corporation) [File not signed]
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-I Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.)
S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe [427432 2013-02-22] ()
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [960160 2011-12-29] (Sony Corporation)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1150368 2012-04-24] (Western Digital )
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [247704 2012-04-11] (Western Digital)
R2 WDRulesService; C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [1177496 2012-04-11] (Western Digital )
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
R2 sbapifs; C:\Windows\System32\DRIVERS\sbapifs.sys [88928 2013-06-18] (ThreatTrack Security, Inc.)
R3 semav6thermal64ro; C:\Windows\system32\drivers\semav6thermal64ro.sys [13792 2012-11-06] ()

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-20 21:15 - 2015-07-20 21:17 - 00034369 _____ C:\Users\Elizabeth\Downloads\FRST.txt
2015-07-20 21:15 - 2015-07-20 21:16 - 00000000 ____D C:\FRST
2015-07-20 21:14 - 2015-07-20 21:15 - 02135552 _____ (Farbar) C:\Users\Elizabeth\Downloads\FRST64.exe
2015-07-20 21:12 - 2015-07-20 21:13 - 00001640 _____ C:\Users\Elizabeth\Downloads\launch (1).ica
2015-07-20 20:05 - 2015-07-20 20:05 - 00007599 _____ C:\Users\Elizabeth\AppData\Local\Resmon.ResmonCfg
2015-07-20 18:08 - 2015-07-20 18:08 - 00000000 ____D C:\Program Files\Common Files\AV
2015-07-04 11:36 - 2015-07-04 11:36 - 00001845 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2015-07-04 11:36 - 2015-07-04 11:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-07-04 11:34 - 2015-07-04 11:34 - 00320424 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2015-07-04 11:34 - 2015-07-04 11:34 - 00189864 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2015-07-04 11:34 - 2015-07-04 11:34 - 00189864 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2015-07-04 11:34 - 2015-07-04 11:34 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-07-04 11:33 - 2015-07-04 11:32 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-07-04 11:33 - 2015-07-04 11:32 - 00176040 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2015-07-04 11:33 - 2015-07-04 11:32 - 00176040 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2015-07-04 11:33 - 2015-07-04 11:32 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-07-04 11:29 - 2015-07-20 18:32 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-06-23 16:33 - 2015-06-23 16:33 - 00001166 _____ C:\Users\Public\Desktop\WorkForce 630 User's Guide.lnk
2015-06-23 16:15 - 2015-06-23 16:15 - 00000930 _____ C:\Users\Public\Desktop\EPSON Scan.lnk
2015-06-23 13:21 - 2015-07-13 23:28 - 00000000 ____D C:\Users\Elizabeth\Documents\M4
2015-06-23 12:04 - 2015-06-23 12:04 - 00000000 ____D C:\Users\Public\Desktop\USMLE FredV2 Step2 Practice CBT
2015-06-23 12:04 - 2015-06-23 12:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\USMLE FredV2 Step2 Practice CBT
2015-06-23 12:02 - 2015-06-23 12:02 - 33143708 _____ C:\Users\Elizabeth\Downloads\Step2Download.zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-20 21:17 - 2012-05-10 13:06 - 01180669 _____ C:\Windows\WindowsUpdate.log
2015-07-20 21:13 - 2009-07-14 00:13 - 00786622 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-20 21:06 - 2010-11-20 22:47 - 00380764 _____ C:\Windows\PFRO.log
2015-07-20 21:06 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-20 21:06 - 2009-07-13 23:51 - 00194842 _____ C:\Windows\setupact.log
2015-07-20 20:34 - 2009-07-13 23:45 - 00020928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-20 20:34 - 2009-07-13 23:45 - 00020928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-20 20:20 - 2012-04-26 07:06 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-20 18:31 - 2013-03-08 20:35 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-07-20 18:26 - 2012-06-18 13:45 - 00000872 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2041430264-2399561070-413413978-1000Core.job
2015-07-20 18:21 - 2012-06-18 13:45 - 00003902 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2041430264-2399561070-413413978-1000UA
2015-07-20 18:21 - 2012-06-18 13:45 - 00003506 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2041430264-2399561070-413413978-1000Core
2015-07-20 18:21 - 2012-06-18 13:45 - 00000924 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2041430264-2399561070-413413978-1000UA.job
2015-07-14 19:20 - 2012-04-26 07:06 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-14 19:20 - 2012-04-26 07:06 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-14 19:20 - 2012-04-26 07:06 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-14 18:44 - 2013-06-20 10:16 - 00002390 _____ C:\Users\Elizabeth\Desktop\Google Chrome.lnk
2015-07-12 16:34 - 2013-12-28 22:46 - 00000000 ____D C:\Users\Elizabeth\Documents\Wedding
2015-07-09 11:49 - 2014-01-28 23:30 - 00000000 ____D C:\temp
2015-07-06 14:20 - 2012-09-13 09:51 - 00000000 ____D C:\Users\Elizabeth\AppData\Roaming\Skype
2015-07-04 13:40 - 2014-02-05 10:53 - 00000000 ____D C:\Users\Elizabeth\AppData\Roaming\VIPRE
2015-07-04 11:37 - 2012-10-16 14:12 - 00000000 ____D C:\Windows\Patches
2015-07-04 11:36 - 2012-11-17 12:49 - 00000000 ____D C:\Program Files (x86)\QuickTime
2015-07-04 11:29 - 2014-04-07 09:30 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2015-07-04 11:24 - 2012-04-26 07:07 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-07-04 11:07 - 2013-03-22 22:18 - 00000000 ____D C:\Users\Elizabeth\AppData\Local\CrashDumps
2015-06-23 16:22 - 2014-06-29 18:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2015-06-23 12:04 - 2014-06-02 15:13 - 00000000 ____D C:\Program Files (x86)\USMLE
2015-06-23 12:04 - 2012-04-26 05:40 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

==================== Files in the root of some directories =======

2013-02-10 16:39 - 2013-02-11 00:48 - 0005632 _____ () C:\Users\Elizabeth\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-07-30 19:58 - 2012-07-30 19:58 - 0384844 _____ () C:\Users\Elizabeth\AppData\Local\funmoods-speeddial.crx
2012-07-30 19:58 - 2012-07-30 19:58 - 0031465 _____ () C:\Users\Elizabeth\AppData\Local\funmoods.crx
2015-07-20 20:05 - 2015-07-20 20:05 - 0007599 _____ () C:\Users\Elizabeth\AppData\Local\Resmon.ResmonCfg
2012-08-01 11:20 - 2012-08-01 11:20 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-07-12 09:29 - 2012-07-12 09:29 - 4534272 _____ () C:\ProgramData\ReadOnlyInstaller.msi
2012-07-30 19:59 - 2012-07-30 19:59 - 0033958 _____ () C:\ProgramData\uninstaller.exe

Files to move or delete:
====================
C:\ProgramData\uninstaller.exe

Some files in TEMP:
====================
C:\Users\Elizabeth\AppData\Local\Temp\20120729103127337jniverify.dll
C:\Users\Elizabeth\AppData\Local\Temp\AskSLib.dll
C:\Users\Elizabeth\AppData\Local\Temp\avguidx.dll
C:\Users\Elizabeth\AppData\Local\Temp\COMAP.EXE
C:\Users\Elizabeth\AppData\Local\Temp\CommonInstaller.exe
C:\Users\Elizabeth\AppData\Local\Temp\GLF524.EXE
C:\Users\Elizabeth\AppData\Local\Temp\GLF5C5.EXE
C:\Users\Elizabeth\AppData\Local\Temp\GLF84B0.EXE
C:\Users\Elizabeth\AppData\Local\Temp\GLF8EDE.EXE
C:\Users\Elizabeth\AppData\Local\Temp\GLF920C.EXE
C:\Users\Elizabeth\AppData\Local\Temp\GLF9393.EXE
C:\Users\Elizabeth\AppData\Local\Temp\GLF9B3C.EXE
C:\Users\Elizabeth\AppData\Local\Temp\GLF9F04.EXE
C:\Users\Elizabeth\AppData\Local\Temp\GLFB908.EXE
C:\Users\Elizabeth\AppData\Local\Temp\GLFBD5D.EXE
C:\Users\Elizabeth\AppData\Local\Temp\GLFC0AB.EXE
C:\Users\Elizabeth\AppData\Local\Temp\GLFC879.EXE
C:\Users\Elizabeth\AppData\Local\Temp\GLFE10.EXE
C:\Users\Elizabeth\AppData\Local\Temp\GLFFC9B.EXE
C:\Users\Elizabeth\AppData\Local\Temp\MachineIdCreator.exe
C:\Users\Elizabeth\AppData\Local\Temp\oi_{D6FC9ABD-17CF-4145-80AE-2EECCC406C8B}.exe
C:\Users\Elizabeth\AppData\Local\Temp\ose00000.exe
C:\Users\Elizabeth\AppData\Local\Temp\ose00001.exe
C:\Users\Elizabeth\AppData\Local\Temp\pslist.exe
C:\Users\Elizabeth\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Elizabeth\AppData\Local\Temp\Soft32_Stub_5741(7).exe
C:\Users\Elizabeth\AppData\Local\Temp\Soft32_Stub_5741(74).exe
C:\Users\Elizabeth\AppData\Local\Temp\Soft32_Stub_5741.exe
C:\Users\Elizabeth\AppData\Local\Temp\ToolbarInstaller.exe
C:\Users\Elizabeth\AppData\Local\Temp\UNINSTALL.exe
C:\Users\Elizabeth\AppData\Local\Temp\VCPerfService32.exe
C:\Users\Elizabeth\AppData\Local\Temp\vlc-2.0.6-win32.exe
C:\Users\Elizabeth\AppData\Local\Temp\_is2B0D.exe
C:\Users\Elizabeth\AppData\Local\Temp\_isA07B.exe
C:\Users\Elizabeth\AppData\Local\Temp\_isC1D9.exe
C:\Users\Elizabeth\AppData\Local\Temp\_isD1E5.exe
C:\Users\Elizabeth\AppData\Local\Temp\_isFBC3.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-07-14 19:03

==================== End of log ============================

Java13 · Jul 20, 2015

Me again, here is the Additional log

Additional scan result of Farbar Recovery Scan Tool (x64) Version:20-07-2015
Ran by Elizabeth at 2015-07-20 21:19:34
Running from C:\Users\Elizabeth\Downloads
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2041430264-2399561070-413413978-500 - Administrator - Disabled)
Elizabeth (S-1-5-21-2041430264-2399561070-413413978-1000 - Administrator - Enabled) => C:\Users\Elizabeth
Guest (S-1-5-21-2041430264-2399561070-413413978-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2041430264-2399561070-413413978-1004 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ThreatTrack Security VIPRE (Enabled - Up to date) {FFE93D16-FD09-0282-C7D3-8B1731B6A051}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ThreatTrack Security VIPRE (Enabled - Up to date) {4488DCF2-DB33-0D0C-FD63-B0654A31EAEC}
FW: ThreatTrack Security VIPRE (Enabled) {C7D2BC33-B766-03DA-EC8C-2222CF65E72A}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 13.2.1 - Hewlett-Packard) Hidden
ACID Music Studio 8.0 (x32 Version: 8.0.178 - Sony) Hidden
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Reader X (10.1.14) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.14 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-2041430264-2399561070-413413978-1000\...\Amazon Kindle) (Version: - Amazon)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Application Manager for VAIO (HKLM-x32\...\Application Manager for VAIO) (Version: - )
ArcSoft Magic-I Visual Effects 2 (HKLM-x32\...\{61438020-DDD4-42FA-99A2-50225441980A}) (Version: 2.0.1.161 - ArcSoft)
ArcSoft WebCam Companion 4 (HKLM-x32\...\{C793AD32-2BB8-4CC4-ABD3-A1469C21593C}) (Version: 4.0.21.485 - ArcSoft)
Ask Toolbar (HKLM-x32\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.15.2.0 - Ask.com) <==== ATTENTION
ASPCA Reminder by We-Care.com v4.1.17.1 (HKLM-x32\...\{78FADD33-5D93-4FB8-AC29-1D823C0574B8}) (Version: 4.1.17.1 - We-Care.com)
Bing Bar (HKLM-x32\...\{A7E8CB11-B09E-46F8-9BAE-B2E01EBF7E51}) (Version: 7.0.831.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Camtasia Studio 8 (HKLM-x32\...\{DB93E2C2-851F-44B2-B09C-351D2C624AE1}) (Version: 8.0.4.1060 - TechSmith Corporation)
Cardio Calipers (HKLM-x32\...\Cardio Calipers) (Version: 3.3 - Iconico)
Cisco AnyConnect VPN Client (HKLM-x32\...\{C1EC4E2D-6F63-4806-B88E-7685B6EC186E}) (Version: 2.5.6005 - Cisco Systems, Inc.)
Citrix Receiver (Enterprise) (HKLM-x32\...\CitrixOnlinePluginFull) (Version: 13.3.0.55 - Citrix Systems, Inc.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.5009.52 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.7000.4 - Dolby Laboratories Inc)
DVD Architect Studio 5.0 (x32 Version: 5.0.157 - Sony) Hidden
Epson Event Manager (HKLM-x32\...\{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}) (Version: 2.40.0001 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.10.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON WorkForce 630 Series Printer Uninstall (HKLM\...\EPSON WorkForce 630 Series) (Version: - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
EpsonNet Setup 3.3 (HKLM-x32\...\{C9D8A041-2963-4B31-8FFC-1500F3DB9293}) (Version: 3.3b - SEIKO EPSON CORPORATION)
Evernote v. 4.5.2 (HKLM-x32\...\{8CE152BA-1D16-11E1-867D-984BE15F174E}) (Version: 4.5.2.5904 - Evernote Corp.)
FDUx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
FredV2Step1 (HKLM-x32\...\{D6BCD6F1-85F1-43AD-A5A8-FC7C070546DD}) (Version: 1.00.0000 - USMLE)
FredV2Step2 (HKLM-x32\...\{CA59076F-26E1-4605-BE45-2C880A46A383}) (Version: 1.00.0000 - USMLE)
Google Chrome (HKU\S-1-5-21-2041430264-2399561070-413413978-1000\...\Google Chrome) (Version: 43.0.2357.134 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
HP Deskjet 3050A J611 series Basic Device Software (HKLM\...\{B6A3EAE4-3727-46A4-A659-8576BF7C8C8D}) (Version: 23.0.504.0 - Hewlett-Packard Co.)
HP Deskjet 3050A J611 series Help (HKLM-x32\...\{97DDCAB8-B770-4089-A10F-67568069D78A}) (Version: 140.0.2.2 - Hewlett Packard)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.13.0.003 - HTC Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.4.1441 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2712 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (HKLM\...\{2C0E6BD4-65B1-4E82-B2AC-43EFFC8F100C}) (Version: 15.0.0.0083 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{F0932859-AA60-459E-B843-0BDECA34E2C7}) (Version: 2.0.0.0086 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{4E4282C3-F66E-4852-837A-7675527178C2}) (Version: 3.1.26.0 - Intel Corporation)
Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - )
Intel® PROSet/Wireless WiFi Software (HKLM\...\{DF7756DD-656A-45C3-BA71-74673E8259A9}) (Version: 15.00.0000.0708 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
Java 7 Update 80 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417080FF}) (Version: 7.0.800 - Oracle)
Java 7 Update 80 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217080FF}) (Version: 7.0.800 - Oracle)
Jing (HKLM-x32\...\{22800204-9E53-45C7-B6F3-5BB0F1C1A147}) (Version: 2.8.13007.1 - TechSmith Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Keyboard_Shortcuts (x32 Version: 1.1.0.12190 - Sony Corporation) Hidden
KUx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
Media Gallery (HKLM\...\{0EB7792D-EFA2-42AB-9A22-F33D9458E974}) (Version: 2.1.0.13300 - Sony Corporation)
Media Go (x32 Version: 2.0.317 - Sony) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Music Manager (HKU\S-1-5-21-2041430264-2399561070-413413978-1000\...\MusicManager) (Version: - Google, Inc.)
Oasis2Service (HKLM-x32\...\{E50FC5DB-7CBD-407D-A46E-0C13E45BC386}) (Version: 1.0.4 - DDNi)
Online Plug-in (x32 Version: 13.3.0.55 - Citrix Systems, Inc.) Hidden
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.214.2 - Tracker Software Products Ltd)
PlayMemories Home (x32 Version: 6.1.01.14210 - Sony Corporation) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayStation(R)Network Downloader (x32 Version: 2.07.00849 - Sony Computer Entertainment Inc.) Hidden
PlayStation(R)Store (x32 Version: 4.5.15.13232 - Sony Computer Entertainment Inc.) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Reader for PC (x32 Version: 1.1.02.10070 - Sony Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.53.216.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6570 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.92 - Realtek Semiconductor Corp.)
Remote Keyboard (x32 Version: 1.2.0.09270 - Sony Corporation) Hidden
Remote Play with PlayStation(R)3 (x32 Version: 1.1.0.21090 - Sony Corporation) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
SofTest v11 (HKLM-x32\...\InstallShield_{943975DA-812E-455E-90B1-8323103656CC}) (Version: 11.5.3 - Examsoft)
SofTest v11 (x32 Version: 11.5.3 - Examsoft) Hidden
Sound Forge Audio Studio 10.0 (x32 Version: 10.0.176 - Sony) Hidden
SSLx64 (Version: 1.0.0 - Sony Corporation ) Hidden
SSLx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.0.0.5 - Synaptics Incorporated)
System Requirements Lab for Intel (HKLM-x32\...\{1EBDF6D2-CEA0-484C-A23E-2DDAD7FD0DD0}) (Version: 4.5.22.0 - Husdawg, LLC)
Tracker Toolbar Updater (HKU\S-1-5-21-2041430264-2399561070-413413978-1000\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.1.23037 - Ask.com) <==== ATTENTION
TrackID(TM) with BRAVIA (x32 Version: 1.2.0.09270 - Sony Corportaion) Hidden
TriDef 3D (Sony) 2.0.5 (HKLM-x32\...\experience-sony-bundle) (Version: 2.0.5 - Dynamic Digital Depth Australia Pty Ltd)
V3DPx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VAIO - Microsoft Visual C++ 2010 SP1 Runtime 10.0.40219.325 (HKLM\...\{34EB42BE-F4D3-44C1-B28E-9740115DB72C}) (Version: 1.0.00.01300 - Sony Corporation)
VAIO - PlayMemories Home Plug-in (HKLM\...\{886C0C18-F905-49B2-90BA-EFC0FEDF27C6}) (Version: 2.0.01.03310 - Sony Corporation)
VAIO - Remote Keyboard (x32 Version: 1.2.0.09270 - Sony Corporation) Hidden
VAIO - Remote Keyboard with PlayStation®3 (x32 Version: 1.2.0.09210 - Sony Corporation) Hidden
VAIO - Remote Play with PlayStation®3 (x32 Version: 1.1.0.21090 - Sony Corporation) Hidden
VAIO - TrackID™ with BRAVIA (x32 Version: 1.2.0.09270 - Sony Corporation) Hidden
VAIO 3D Portal (x32 Version: 1.2.0.10131 - Sony Corporation) Hidden
VAIO Care (HKLM\...\{471F7C0A-CA3A-4F4C-8346-DE36AD5E23D1}) (Version: 7.3.0.14170 - Sony Corporation)
VAIO Control Center (x32 Version: 5.2.2.16060 - Sony Corporation) Hidden
VAIO CPU Fan Diagnostic (x32 Version: 1.1.0.09200 - Sony Corporation) Hidden
VAIO Data Restore Tool (x32 Version: 1.9.0.13190 - Sony Corporation) Hidden
VAIO Easy Connect (x32 Version: 1.1.2.01120 - Sony Corporation) Hidden
VAIO Gate (x32 Version: 2.4.1.09230 - Sony Corporation) Hidden
VAIO Gate (x32 Version: 2.4.2.02200 - Sony Corporation) Hidden
VAIO Gate Default (x32 Version: 2.5.2.02090 - Sony Corporation) Hidden
VAIO Gesture Control (x32 Version: 1.0.0.12300 - Sony Corporation) Hidden
VAIO Health Report (HKLM-x32\...\VAIO Health Report1.0) (Version: 1.0 - Sony Electronics)
VAIO Help and Support (x32 Version: 17.00.0109 - Sony Corporation) Hidden
VAIO Improvement (x32 Version: 1.3.0.12280 - Sony Corporation) Hidden
VAIO Manual (x32 Version: 2.3.0.12300 - Sony Corporation) Hidden
VAIO Messenger (HKLM-x32\...\VAIO Messenger) (Version: 2.0.550.0 - DDNi)
VAIO OOBE (x32 Version: 12.2.1.2483 - Sony Corporation) Hidden
VAIO Sample Contents (x32 Version: 1.4.0.09010 - Sony Corporation) Hidden
VAIO Satisfaction Survey. (x32 Version: 3.0 - Sony Electronics Inc.) Hidden
VAIO Smart Network (x32 Version: 3.11.1.15220 - Sony Corporation) Hidden
VAIO Transfer Support (x32 Version: 1.7.1.06040 - Sony Corporation) Hidden
VAIO Update (x32 Version: 5.7.0.13130 - Sony Corporation) Hidden
VAIO Update Merge Module x64 (Version: 5.7.13130 - Sony Corporation) Hidden
VBMx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VCCx64 (Version: 1.0.0 - Sony Corporation) Hidden
VCCx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Vegas Movie Studio HD Platinum 11.0 (x32 Version: 11.0.256 - Sony) Hidden
VGClientX64 (Version: 1.0.0 - Sony Corporation) Hidden
VGClientX86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VHD (x32 Version: 1.0.0 - Microsoft) Hidden
VIPRE Internet Security (HKLM-x32\...\{C1D1FC57-3EB9-4B21-BCA3-F1C927508200}) (Version: 7.0.6.2 - ThreatTrack Security, Inc.)
VIPRE Internet Security (x32 Version: 7.0.6.2 - ThreatTrack Security, Inc.) Hidden
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
VIx64 (Version: 1.0.0 - Sony Corporation) Hidden
VIx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VLC media player 2.0.6 (HKLM-x32\...\VLC media player) (Version: 2.0.6 - VideoLAN)
VMLx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VPMx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSNx64 (Version: 1.0.0 - Sony Corporation) Hidden
VSNx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VSSTx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VU5x64 (Version: 1.0.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VWSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
WD SmartWare (HKLM\...\{49B1B217-27B1-42D8-A0A5-7ED0CD0D9508}) (Version: 1.6.0.25 - Western Digital)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2041430264-2399561070-413413978-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Elizabeth\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2041430264-2399561070-413413978-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Elizabeth\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2041430264-2399561070-413413978-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Elizabeth\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2041430264-2399561070-413413978-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Elizabeth\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2041430264-2399561070-413413978-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Elizabeth\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2041430264-2399561070-413413978-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Elizabeth\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2041430264-2399561070-413413978-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Elizabeth\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2041430264-2399561070-413413978-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Elizabeth\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2041430264-2399561070-413413978-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Elizabeth\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points =========================

23-06-2015 12:03:42 Installed FredV2Step2
23-06-2015 12:05:03 Configured FredV2Step2
23-06-2015 16:22:47 Configured EpsonNet Print
23-06-2015 16:23:26 Installed EpsonNet Setup 3.3
01-07-2015 15:25:38 Scheduled Checkpoint
09-07-2015 15:30:38 Scheduled Checkpoint
20-07-2015 18:29:15 Removed iTunes

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0616562E-6C65-40B4-B368-5390006AF92C} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-01-31] (Sony Corporation)
Task: {073A4B3A-E308-41AF-8EEC-16403B7B4BF5} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate Restart => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2012-02-20] (Sony Corporation)
Task: {0EB8EA04-16D8-4EC4-8D65-56C0CC4A76C5} - System32\Tasks\Sony Corporation\VAIO Smart Network\VSN Logon Start => net
Task: {1092E57E-A607-46A9-9E52-FA16EBC5B26C} - System32\Tasks\Sony Corporation\VAIO Power Management\VPM Unlock => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2012-01-10] (Sony Corporation)
Task: {10CDE930-EB02-4D83-BB07-D12723CC5F32} - System32\Tasks\VHDInformationCheck => C:\Program Files (x86)\Sony\VAIO Recovery\plugins\InformationCheck.exe [2012-02-24] (Sony Corporation)
Task: {1D52B8F6-6E62-45FD-B66D-ED0456419C04} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-01-31] (Sony Corporation)
Task: {21413B99-C1FE-4C52-869A-7CF73BEFEC44} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementMonitorUser => C:\Program Files\Sony\VAIO Improvement\vim.exe [2011-12-27] (Sony Corporation)
Task: {313FB459-64CB-4C3A-9F59-2E60B3016E10} - System32\Tasks\Sony Corporation\VAIO Gate\StartExecuteProxy => C:\Program Files\Sony\VAIO Gate\ExecutionProxy.exe [2012-02-20] (Sony Corporation)
Task: {327A7C60-C599-49B9-9A6E-A7D1DDB7D259} - System32\Tasks\DDNi Startup => C:\Program Files (x86)\DDNi\Oasis\DDNiStartup.exe [2013-07-03] (Digital Delivery Networks, Inc.)
Task: {33B04916-0367-4358-AF01-54955A12AB09} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2041430264-2399561070-413413978-1000Core => C:\Users\Elizabeth\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-18] (Google Inc.)
Task: {38A2B101-01F3-4B21-8811-76FA477781DE} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\viuploader.exe [2011-12-27] (Sony Corporation)
Task: {38F8A1E4-54E5-486D-84F2-56C9F35E37F7} - System32\Tasks\Sony Corporation\VAIO Power Management\VPM Logon Start => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2012-01-10] (Sony Corporation)
Task: {3E5AFA1C-2BCE-4E9C-A9E6-65008954525E} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Daily => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-04-06] (Sony Corporation)
Task: {3E8507A6-5747-48DE-849F-D92F0D529159} - System32\Tasks\Sony Corporation\VAIO Care\CRMReminder => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-01-31] (Sony Corporation)
Task: {458D076A-818C-4BC2-9E79-CE5F971B88C9} - System32\Tasks\USER_ESRV_SVC => Wscript.exe //B //NoLogo "C:\Program Files\Sony\VAIO Care\esrv\task.vbs"
Task: {4C0CAE05-BEFA-4851-9275-6C7DED78649D} - System32\Tasks\VAIO® Messenger (Elizabeth) => C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe [2013-07-03] (Digital Delivery Networks, Inc.)
Task: {6416DF84-1CFD-4B08-A347-BE7273C30527} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Month => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-04-06] (Sony Corporation)
Task: {6DEB61AA-EF45-4417-8AE5-A2650CE3D0EE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-14] (Adobe Systems Incorporated)
Task: {70794633-21B8-4128-B66E-27D81E1C0DC8} - System32\Tasks\VAIO Health Report => C:\Program Files (x86)\Sony\VAIO Health Report\VAIOHealthReport.exe [2013-06-20] (Sony Electronics)
Task: {778734FD-439A-43B6-B940-304AB9684065} - System32\Tasks\Sony\OOBEApplauncher => C:\Program Files (x86)\Sony\OOBE\OOBEAppLauncher.exe [2012-03-15] (Sony Electronics Inc.)
Task: {8E5278AA-74DC-4A01-A440-0E0BAA01FCFD} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-01-31] (Sony Corporation)
Task: {9FA90726-F32F-475A-83E7-8FF6AD776BF1} - System32\Tasks\Sony Corporation\VAIO Care\VAU => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-01-31] (Sony Corporation)
Task: {A9380D21-4BD4-4C82-98EC-22DBC4E166B4} - System32\Tasks\Sony Corporation\VAIO Gesture Control\VCGULogonTask => C:\Program Files (x86)\Sony\VAIO Camera Gesture Utility\VCGU.exe [2011-12-27] (Sony Corporation)
Task: {AAE1DEB5-DC57-458E-9D69-0A9B02178648} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementMonitorSystem => C:\Program Files\Sony\VAIO Improvement\vim.exe [2011-12-27] (Sony Corporation)
Task: {B0FB249E-6BAC-423C-A2B1-A0C3060AB02B} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-01-31] (Sony Corporation)
Task: {B38ABD2C-70F5-4F07-A405-C492F8047019} - System32\Tasks\Sony Corporation\VAIO Care\AutoCheckMessage => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-01-31] (Sony Corporation)
Task: {C54D4CC2-E9CB-4B26-BA52-068A50C2F541} - System32\Tasks\Sony Corporation\VAIO Power Management\VPM Session Change => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2012-01-10] (Sony Corporation)
Task: {C62E3B46-16F4-444F-AA46-D4C24322AE5C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2041430264-2399561070-413413978-1000UA => C:\Users\Elizabeth\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-18] (Google Inc.)
Task: {D1FDAB81-7929-463A-803D-2FB1F1EE010B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D9829743-9328-4987-ACB3-DF1D7C081BA6} - System32\Tasks\Sony\Keyboard Shortcuts => C:\Program Files (x86)\Sony\Keyboard Shortcuts\KeyboardShortcuts.exe [2012-03-20] ()
Task: {DD435CFE-8B37-4CA7-87EF-23E942396150} - System32\Tasks\VAIO® Messenger (Administrator) => C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe [2013-07-03] (Digital Delivery Networks, Inc.)
Task: {F3406592-BD61-4339-8818-953906D90482} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2012-02-20] (Sony Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2041430264-2399561070-413413978-1000Core.job => C:\Users\Elizabeth\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2041430264-2399561070-413413978-1000UA.job => C:\Users\Elizabeth\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2012-04-26 05:51 - 2012-03-23 03:47 - 00127320 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
2013-10-17 15:27 - 2013-10-17 15:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2011-03-16 04:29 - 2011-03-16 04:29 - 02673000 _____ () C:\Windows\system32\HPScanTRDrv_DJ3050A_J611.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-04-04 21:04 - 2012-04-03 15:16 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-02-22 17:30 - 2013-02-22 14:02 - 00471464 _____ () C:\Program Files\Sony\VAIO Care\esrv\esrv.exe
2013-02-22 17:30 - 2013-02-22 14:02 - 00528296 _____ () C:\Program Files\Sony\VAIO Care\esrv\intel_modeler.dll
2013-02-22 17:30 - 2013-02-22 14:02 - 00148904 _____ () C:\Program Files\Sony\VAIO Care\esrv\sony_foreground_window_input.dll
2012-03-20 15:43 - 2012-03-20 15:43 - 00477816 _____ () C:\Program Files (x86)\Sony\Keyboard Shortcuts\KeyboardShortcuts.exe
2013-02-22 17:30 - 2013-02-22 14:02 - 00427432 _____ () C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe
2013-02-22 17:30 - 2013-02-22 14:02 - 00171432 _____ () C:\Program Files\Sony\VAIO Care\esrv\sony_acpi_battery_input.dll
2013-02-22 17:30 - 2013-02-22 14:02 - 00144296 _____ () C:\Program Files\Sony\VAIO Care\esrv\sony_sema_thermal_input.dll
2013-02-22 17:30 - 2013-02-22 14:02 - 00146344 _____ () C:\Program Files\Sony\VAIO Care\esrv\sony_wifi_input.dll
2011-11-30 20:49 - 2011-11-30 20:49 - 00276992 _____ () C:\Program Files\Sony\VAIO Care\READ\RecoveryPartitionManagerREAD.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-11-23 10:53 - 2012-11-23 10:53 - 00329592 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\apistrings.dll
2012-11-23 10:56 - 2012-11-23 10:56 - 00159608 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\modlop.dll
2012-11-23 10:54 - 2012-11-23 10:54 - 00100728 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\httpserverattplugin.dll
2012-11-23 10:46 - 2012-11-23 10:46 - 02029600 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\crmimodule.dll
2009-07-13 16:03 - 2009-07-13 20:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2012-11-23 10:58 - 2012-11-23 10:58 - 00208760 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\patchautodownload.dll
2012-12-07 11:02 - 2012-12-07 11:02 - 00183160 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\scanmngsys.dll
2012-11-23 10:58 - 2012-11-23 10:58 - 00049528 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\schedcompactdb.dll
2012-11-23 10:58 - 2012-11-23 10:58 - 00054648 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\schedupdates.dll
2012-02-20 23:26 - 2012-02-20 23:26 - 00160768 _____ () C:\Program Files (x86)\VIPRE\unrar.dll
2013-06-13 20:06 - 2013-06-13 20:06 - 00904704 _____ () C:\Program Files (x86)\Examsoft\Softest 11.0\System.Data.SQLite.dll
2012-04-26 06:57 - 2012-04-06 16:37 - 00021128 _____ () C:\Program Files (x86)\Sony\VAIO Control Center\VESBasePS.dll
2015-05-29 15:04 - 2015-05-29 15:04 - 00117248 _____ () C:\Users\Elizabeth\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
2015-05-29 15:04 - 2015-05-29 15:04 - 00234496 _____ () C:\Users\Elizabeth\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
2015-05-29 15:04 - 2015-05-29 15:04 - 00253440 _____ () C:\Users\Elizabeth\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
2015-05-29 15:04 - 2015-05-29 15:04 - 00344064 _____ () C:\Users\Elizabeth\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
2014-02-09 17:16 - 2015-06-26 03:13 - 00184184 _____ () C:\Program Files (x86)\VIPRE\Definitions\libBase64.dll
2014-02-09 17:16 - 2015-06-26 03:13 - 00175992 _____ () C:\Program Files (x86)\VIPRE\Definitions\libMachoUniv.dll
2012-03-20 15:43 - 2012-03-20 15:43 - 00160376 _____ () C:\Program Files (x86)\Sony\Keyboard Shortcuts\MessageHook.dll
2012-03-20 15:43 - 2012-03-20 15:43 - 00026744 _____ () C:\Program Files (x86)\Sony\Keyboard Shortcuts\Utility.dll
2014-03-24 13:19 - 2014-03-24 13:19 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\00a0b4a9df6e4abf30ae2af3624a77ce\IsdiInterop.ni.dll
2012-04-26 05:40 - 2012-02-01 18:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-07-02 23:06 - 2013-07-02 23:06 - 00039936 _____ () C:\Program Files (x86)\DDNi\Oasis2Service\OasisCloudModel.dll
2013-07-02 23:06 - 2013-07-02 23:06 - 00011264 _____ () C:\Program Files (x86)\DDNi\Oasis2Service\OasisCloudClient.dll
2013-07-12 11:09 - 2013-07-03 01:08 - 00061864 _____ () C:\Program Files (x86)\DDNi\Oasis\OasisCloudModel.dll
2013-07-12 11:09 - 2013-07-03 01:08 - 00018856 _____ () C:\Program Files (x86)\DDNi\Oasis\OasisCloudClient.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-07-14 18:44 - 2015-07-13 16:55 - 01281864 _____ () C:\Users\Elizabeth\AppData\Local\Google\Chrome\Application\43.0.2357.134\libglesv2.dll
2015-07-14 18:44 - 2015-07-13 16:55 - 00080712 _____ () C:\Users\Elizabeth\AppData\Local\Google\Chrome\Application\43.0.2357.134\libegl.dll
2012-01-09 02:46 - 2012-01-09 02:46 - 01099790 _____ () C:\Program Files (x86)\Citrix\ICA Client\avcodec-52.dll
2012-01-09 02:46 - 2012-01-09 02:46 - 00079886 _____ () C:\Program Files (x86)\Citrix\ICA Client\avutil-50.dll
2012-01-09 02:46 - 2012-01-09 02:46 - 00121870 _____ () C:\Program Files (x86)\Citrix\ICA Client\swscale-0.dll
2012-01-09 02:46 - 2012-01-09 02:46 - 00117774 _____ () C:\Program Files (x86)\Citrix\ICA Client\avformat-52.dll
2012-04-26 05:50 - 2012-03-23 03:47 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBPIMSvc => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2041430264-2399561070-413413978-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Elizabeth\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{75020D15-FAF7-4E7A-824D-4A212C5BFF85}] => (Block) C:\Program Files (x86)\Sony\VAIO Creations\VAIO Movie Story\VMStory.exe
FirewallRules: [{0225F8B5-34A1-48BD-8B66-37B811D2890B}] => (Block) C:\Program Files (x86)\Sony\VAIO Creations\VAIO Movie Story\VMStory.exe
FirewallRules: [{F595C2A1-12EA-4DBC-BF52-C20B6232E024}] => (Block) C:\Program Files (x86)\Sony\VAIO Creations\VAIO Movie Story\VMStory.exe
FirewallRules: [{D46E7367-B8FB-490B-9639-2B34E3E35B85}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [{0C084B53-E5BE-4982-8005-07A3ACB3507F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{AADE3618-0C91-4353-8111-09AABC5CA2C2}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{6EE054F9-8495-46A0-8D3C-AAC25CAE889A}] => (Allow) LPort=2869
FirewallRules: [{CEA14F9A-A741-4FE1-8201-E704DCB2847F}] => (Allow) LPort=1900
FirewallRules: [{6FB4BE06-C716-4BBE-B8F1-723536A73BF7}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{EA42EF0A-199D-4C08-8396-C4F9CE0CE16A}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{9D85719A-85C0-4891-90E4-91FBD9CB8FDC}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{E3715782-7E27-46E6-99FD-CA7E91141648}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{C7E2DD44-065F-41C5-94FD-2140E91CD06B}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{AC1B590F-8CDD-4EB8-AF7C-2720788440D9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2FD07A5B-ACE4-48B0-ACC7-DDA159672A67}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4AC6E8E4-15E5-4331-AE9B-EB96AFFE694D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C0D56825-70BD-4D67-93CA-4A638C8FD0BE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{10D3C16C-20AD-4636-A2B5-76F1C37D33EC}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
FirewallRules: [{B4085BD3-5D62-47B6-9DC2-C14A4DC3F10D}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
FirewallRules: [{C06C0BE4-79CB-4B4E-B655-06E5B97C2F31}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe
FirewallRules: [{61160157-6906-4694-9AB7-F6F4E272CA7E}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe
FirewallRules: [{6141CD4F-A6FC-44EC-B074-87381F5353AD}] => (Allow) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\DeviceSetup.exe
FirewallRules: [{3224AC18-1522-4DE9-9BF1-72EE7332C9CE}] => (Allow) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [TCP Query User{0C5FB283-F172-44CD-B65F-C059D3DA149C}C:\users\elizabeth\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\elizabeth\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{6677E74E-8DE3-407B-915B-DF4E99C01610}C:\users\elizabeth\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\elizabeth\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [{2089ED48-2CC9-4472-9075-FC590C38CEB7}] => (Allow) C:\Users\Elizabeth\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{802CA57A-7CDF-4272-9EC8-01E7FAB3A32D}] => (Allow) C:\Users\Elizabeth\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{70ACB0B3-A7D5-4A1A-AAA1-AD983B70F684}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\TriDef 3D\TriDef\TriDefMediaPlayer\TriDefMediaPlayer.exe] => Enabled:TriDef 3D Media Player

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (07/20/2015 09:06:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/20/2015 06:18:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/20/2015 06:12:56 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location D:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (07/20/2015 06:08:49 PM) (Source: Windows Activation Technologies) (EventID: 14) (User: )
Description: Genuine validation failure:
hr = 0x800706BA

Error: (07/19/2015 10:54:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8970

Error: (07/19/2015 10:54:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8970

Error: (07/19/2015 10:54:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/19/2015 10:54:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7941

Error: (07/19/2015 10:54:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7941

Error: (07/19/2015 10:54:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

System errors:
=============
Error: (07/20/2015 09:11:37 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The VAIO Care Performance Service service hung on starting.

Error: (07/20/2015 09:07:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (07/20/2015 09:05:19 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SampleCollector service.

Error: (07/20/2015 09:04:22 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ESRV_SVC service.

Error: (07/20/2015 09:03:52 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.

Error: (07/20/2015 08:59:57 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Appinfo service.

Error: (07/20/2015 06:31:22 PM) (Source: iaStor) (EventID: 9) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (07/20/2015 06:19:53 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (07/20/2015 06:18:31 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 6:17:56 PM on ‎7/‎20/‎2015 was unexpected.

Error: (07/20/2015 06:00:14 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.

Microsoft Office:
=========================
Error: (07/20/2015 09:06:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/20/2015 06:18:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/20/2015 06:12:56 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: D:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)

Error: (07/20/2015 06:08:49 PM) (Source: Windows Activation Technologies) (EventID: 14) (User: )
Description: 0x800706BA

Error: (07/19/2015 10:54:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8970

Error: (07/19/2015 10:54:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8970

Error: (07/19/2015 10:54:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/19/2015 10:54:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7941

Error: (07/19/2015 10:54:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7941

Error: (07/19/2015 10:54:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 50%
Total physical RAM: 6043.28 MB
Available physical RAM: 3003.34 MB
Total Virtual: 12084.73 MB
Available Virtual: 8402.58 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:503.4 GB) (Free:283.24 GB) NTFS
Drive d: (My Book) (Fixed) (Total:1862.98 GB) (Free:1491.28 GB) NTFS
Drive f: (Pictures) (Fixed) (Total:73.24 GB) (Free:53.52 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: 8412C5D5)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 00021365)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End of log ============================

Broni · Jul 20, 2015

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==============================

Uninstall following unwanted programs:

Ask Toolbar
Tracker Toolbar Updater

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

Close all the running programs
Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
Otherwise just double-click on RogueKiller.exe
Pre-scan will start. Let it finish.
Click on SCAN button.
Wait until the Status box shows Scan Finished
Click on Delete.
Wait until the Status box shows Deleting Finished.
Click on Report and copy/paste the content of the Notepad into your next reply.
RKreport.txt could also be found on your desktop.
If more than one log is produced post all logs.
If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.

Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
Launch Malwarebytes Anti-Malware
A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
Click Finish.
On the Dashboard, click the 'Update Now >>' link
After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

If you already have MBAM 2.0 installed:

On the Dashboard, click the 'Update Now >>' link
After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

How to get logs:
(Export log to save as txt)

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the Scan Log which shows the Date and time of the scan just performed.
Click 'Export'.
Click 'Text file (*.txt)'
In the Save File dialog box which appears, click on Desktop.
In the File name: box type a name for your scan log.
A message box named 'File Saved' should appear stating "Your file has been successfully exported".
Click Ok
Attach that saved log to your next reply.

(Copy to clipboard for pasting into forum replies or tickets)

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the Scan Log which shows the Date and time of the scan just performed.
Click 'Copy to Clipboard'
Paste the contents of the clipboard into your reply.

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Scan button.
When the scan has finished click on Clean button.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Java13 · Jul 21, 2015

Hi Broni! Thank you for your help!

I've run RogueKiller, and after clicking delete I notice there are still PUPs, they wont let me select them. I went on and generated the report TXT (there was no file on my desktopw here the program was, but it's easy enough to generate).

I just wanted to make sure this was correct before I moved forward with the next steps!

RogueKiller V10.9.3.0 [Jul 21 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Elizabeth [Administrator]
Started from : C:\Users\Elizabeth\Desktop\RogueKiller.exe
Mode : Delete -- Date : 07/21/2015 22:03:30

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 9 ¤¤¤
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} -> Not selected
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} -> Not selected
[PUP] (X86) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar | {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} : Funmoods Toolbar -> Not selected
[PUP] (X64) HKEY_USERS\S-1-5-21-2041430264-2399561070-413413978-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} : -> Not selected
[PUP] (X86) HKEY_USERS\S-1-5-21-2041430264-2399561070-413413978-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} : -> Not selected
[Suspicious.Path|VT.Unknown] (X64) HKEY_USERS\S-1-5-21-2041430264-2399561070-413413978-1000\Software\Microsoft\Windows\CurrentVersion\Run | WorkForce 630(Network) : C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGBA.EXE /FU "C:\Users\ELIZAB~1\AppData\Local\Temp\E_SBFB7.tmp" /EF "HKCU" [7][x][-][x][x] -> Not selected
[Suspicious.Path|VT.Unknown] (X86) HKEY_USERS\S-1-5-21-2041430264-2399561070-413413978-1000\Software\Microsoft\Windows\CurrentVersion\Run | WorkForce 630(Network) : C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGBA.EXE /FU "C:\Users\ELIZAB~1\AppData\Local\Temp\E_SBFB7.tmp" /EF "HKCU" [7][x][-][x][x] -> Not selected
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2041430264-2399561070-413413978-1000\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://sony.msn.com -> Not selected
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2041430264-2399561070-413413978-1000\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://sony.msn.com -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK6459GSXP +++++
--- User ---
[MBR] 11b1bc8498fe67fb396aa96d9547ccbd
[BSP] 0fd6a87bbcb44afd601788e9e4f6169d : Empty|VT.Unknown MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 260 MB
1 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 534528 | Size: 19353 MB
2 - EFI system partition | Offset (sectors): 40169472 | Size: 260 MB
3 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 40701952 | Size: 128 MB
4 - Basic data partition | Offset (sectors): 40964096 | Size: 515478 MB
5 - Basic data partition | Offset (sectors): 1096665088 | Size: 74999 MB
User = LL1 ... OK
User = LL2 ... OK

Broni · Jul 22, 2015

You did fine. Go on...

Java13 · Jul 25, 2015

Ive run the MBAM, it took quite a while because whatever is on my computer makes it run very slowly at times. It quarantined my threats, let me know if you think I should go ahead and delete them?

Anyhow, when I move on to the AdwCleaner and click the link the website asks me to log in. I clicked the Piwik logo but can't seem to find a place on their website to download the AdwCleaner there either

Broni · Jul 25, 2015

Quarantine is good enough. I still need to see MBAM log.

Uploaded AdwCleaner for you here: https://www.sendspace.com/file/2ykpok

Java13 · Jul 27, 2015

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/23/2015
Scan Time: 11:42 PM
Logfile: MBAM log.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.07.24.01
Rootkit Database: v2015.07.22.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Elizabeth

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 408941
Time Elapsed: 18 hr, 54 min, 39 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 116
PUP.Optional.FunMoods.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}, Quarantined, [0b866b7ae7a3fe381626acf1c73bff01],
PUP.Optional.FunMoods.A, HKLM\SOFTWARE\CLASSES\funmoods.funmoodsHlpr.1, Quarantined, [0b866b7ae7a3fe381626acf1c73bff01],
PUP.Optional.FunMoods.A, HKLM\SOFTWARE\CLASSES\funmoods.funmoodsHlpr, Quarantined, [0b866b7ae7a3fe381626acf1c73bff01],
PUP.Optional.FunMoods.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\funmoods.funmoodsHlpr, Quarantined, [0b866b7ae7a3fe381626acf1c73bff01],
PUP.Optional.FunMoods.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\funmoods.funmoodsHlpr, Quarantined, [0b866b7ae7a3fe381626acf1c73bff01],
PUP.Optional.FunMoods.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}, Quarantined, [0b866b7ae7a3fe381626acf1c73bff01],
PUP.Optional.FunMoods.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\funmoods.funmoodsHlpr.1, Quarantined, [0b866b7ae7a3fe381626acf1c73bff01],
PUP.Optional.FunMoods.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\funmoods.funmoodsHlpr.1, Quarantined, [0b866b7ae7a3fe381626acf1c73bff01],
PUP.Optional.FunMoods.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}, Quarantined, [0b866b7ae7a3fe381626acf1c73bff01],
PUP.Optional.FunMoods.A, HKU\S-1-5-21-2041430264-2399561070-413413978-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}, Quarantined, [0b866b7ae7a3fe381626acf1c73bff01],
PUP.Optional.FunMoods.A, HKU\S-1-5-21-2041430264-2399561070-413413978-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}, Quarantined, [0b866b7ae7a3fe381626acf1c73bff01],
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439}, Quarantined, [c2cf0dd8058567cfc6ba843a3ac8b44c],
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\escort.escortIEPane.1, Quarantined, [c2cf0dd8058567cfc6ba843a3ac8b44c],
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\escort.escortIEPane, Quarantined, [c2cf0dd8058567cfc6ba843a3ac8b44c],
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\escort.escortIEPane, Quarantined, [c2cf0dd8058567cfc6ba843a3ac8b44c],
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\escort.escortIEPane, Quarantined, [c2cf0dd8058567cfc6ba843a3ac8b44c],
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\escort.escortIEPane.1, Quarantined, [c2cf0dd8058567cfc6ba843a3ac8b44c],
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\escort.escortIEPane.1, Quarantined, [c2cf0dd8058567cfc6ba843a3ac8b44c],
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439}, Quarantined, [c2cf0dd8058567cfc6ba843a3ac8b44c],
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}, Quarantined, [0889ce17f19958de394a229ce61c27d9],
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\funmoods.dskBnd.1, Quarantined, [0889ce17f19958de394a229ce61c27d9],
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\funmoods.dskBnd, Quarantined, [0889ce17f19958de394a229ce61c27d9],
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\funmoods.dskBnd, Quarantined, [0889ce17f19958de394a229ce61c27d9],
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\funmoods.dskBnd, Quarantined, [0889ce17f19958de394a229ce61c27d9],
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\funmoods.dskBnd.1, Quarantined, [0889ce17f19958de394a229ce61c27d9],
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\funmoods.dskBnd.1, Quarantined, [0889ce17f19958de394a229ce61c27d9],
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}, Quarantined, [0889ce17f19958de394a229ce61c27d9],
PUP.Optional.Funmoods.A, HKU\S-1-5-21-2041430264-2399561070-413413978-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}, Quarantined, [0889ce17f19958de394a229ce61c27d9],
PUP.Optional.Funmoods.A, HKU\S-1-5-21-2041430264-2399561070-413413978-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}, Quarantined, [0889ce17f19958de394a229ce61c27d9],
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13}, Quarantined, [167b727369217fb71371d2ecf40e6d93],
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\funmoodsApp.appCore.1, Quarantined, [167b727369217fb71371d2ecf40e6d93],
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\funmoodsApp.appCore, Quarantined, [167b727369217fb71371d2ecf40e6d93],
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\funmoodsApp.appCore, Quarantined, [167b727369217fb71371d2ecf40e6d93],
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\funmoodsApp.appCore, Quarantined, [167b727369217fb71371d2ecf40e6d93],
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\funmoodsApp.appCore.1, Quarantined, [167b727369217fb71371d2ecf40e6d93],
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\funmoodsApp.appCore.1, Quarantined, [167b727369217fb71371d2ecf40e6d93],
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13}, Quarantined, [167b727369217fb71371d2ecf40e6d93],
PUP.Optional.WeCare.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}, Quarantined, [d8b9875ef496181e118d4e73887af30d],
PUP.Optional.WeCare.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}, Quarantined, [d8b9875ef496181e118d4e73887af30d],
PUP.Optional.WeCare.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}, Quarantined, [d8b9875ef496181e118d4e73887af30d],
PUP.Optional.WeCare.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{F773BB94-6C19-4643-A570-0E429103D1C3}, Quarantined, [d8b9875ef496181e118d4e73887af30d],
PUP.Optional.WeCare.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{F773BB94-6C19-4643-A570-0E429103D1C3}, Quarantined, [d8b9875ef496181e118d4e73887af30d],
PUP.Optional.WeCare.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}, Quarantined, [d8b9875ef496181e118d4e73887af30d],
PUP.Optional.WeCare.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}, Quarantined, [d8b9875ef496181e118d4e73887af30d],
PUP.Optional.WeCare.A, HKLM\SOFTWARE\CLASSES\IEHelperv250.WeCareReminder.1, Quarantined, [d8b9875ef496181e118d4e73887af30d],
PUP.Optional.WeCare.A, HKLM\SOFTWARE\CLASSES\IEHelperv250.WeCareReminder, Quarantined, [d8b9875ef496181e118d4e73887af30d],
PUP.Optional.WeCare.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\IEHelperv250.WeCareReminder, Quarantined, [d8b9875ef496181e118d4e73887af30d],
PUP.Optional.WeCare.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\IEHelperv250.WeCareReminder, Quarantined, [d8b9875ef496181e118d4e73887af30d],
PUP.Optional.WeCare.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}, Quarantined, [d8b9875ef496181e118d4e73887af30d],
PUP.Optional.WeCare.A, HKU\S-1-5-21-2041430264-2399561070-413413978-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}, Quarantined, [d8b9875ef496181e118d4e73887af30d],
PUP.Optional.WeCare.A, HKU\S-1-5-21-2041430264-2399561070-413413978-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}, Quarantined, [d8b9875ef496181e118d4e73887af30d],
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9}, Quarantined, [8a072fb6404a1620fe87bd0149b97090],
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\f, Quarantined, [8a072fb6404a1620fe87bd0149b97090],
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\f, Quarantined, [8a072fb6404a1620fe87bd0149b97090],
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\f, Quarantined, [8a072fb6404a1620fe87bd0149b97090],
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9}, Quarantined, [8a072fb6404a1620fe87bd0149b97090],
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}, Quarantined, [c2cf608522689a9cef362e6c9c66c838],
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}, Quarantined, [c2cf608522689a9cef362e6c9c66c838],
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{23C70BCA-6E23-4A65-AD2E-1389062074F1}, Quarantined, [c2cf608522689a9cef362e6c9c66c838],
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}, Quarantined, [c2cf608522689a9cef362e6c9c66c838],
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{295CACB4-51F5-46FD-914E-C72BAAE1B672}, Quarantined, [c2cf608522689a9cef362e6c9c66c838],
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}, Quarantined, [c2cf608522689a9cef362e6c9c66c838],
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}, Quarantined, [c2cf608522689a9cef362e6c9c66c838],
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}, Quarantined, [c2cf608522689a9cef362e6c9c66c838],
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}, Quarantined, [c2cf608522689a9cef362e6c9c66c838],
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}, Quarantined, [c2cf608522689a9cef362e6c9c66c838],
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}, Quarantined, [c2cf608522689a9cef362e6c9c66c838],
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{C0585B2F-74D7-4734-88DE-6C150C5D4036}, Quarantined, [c2cf608522689a9cef362e6c9c66c838],
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}, Quarantined, [c2cf608522689a9cef362e6c9c66c838],
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}, Quarantined, [c2cf608522689a9cef362e6c9c66c838],
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{EF0588D6-1621-4A75-B8BE-F4BC34794136}, Quarantined, [c2cf608522689a9cef362e6c9c66c838],
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}, Quarantined, [c2cf608522689a9cef362e6c9c66c838],
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{23C70BCA-6E23-4A65-AD2E-1389062074F1}, Quarantined, [c2cf608522689a9cef362e6c9c66c838],
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}, Quarantined, [c2cf608522689a9cef362e6c9c66c838],
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{295CACB4-51F5-46FD-914E-C72BAAE1B672}, Quarantined, [c2cf608522689a9cef362e6c9c66c838],
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}, Quarantined, [c2cf608522689a9cef362e6c9c66c838],
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}, Quarantined, [c2cf608522689a9cef362e6c9c66c838],
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}, Quarantined, [c2cf608522689a9cef362e6c9c66c838],
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}, Quarantined, [c2cf608522689a9cef362e6c9c66c838],
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}, Quarantined, [c2cf608522689a9cef362e6c9c66c838],
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}, Quarantined, [c2cf608522689a9cef362e6c9c66c838],
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C0585B2F-74D7-4734-88DE-6C150C5D4036}, Quarantined, [c2cf608522689a9cef362e6c9c66c838],
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}, Quarantined, [c2cf608522689a9cef362e6c9c66c838],
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}, Quarantined, [c2cf608522689a9cef362e6c9c66c838],
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{EF0588D6-1621-4A75-B8BE-F4BC34794136}, Quarantined, [c2cf608522689a9cef362e6c9c66c838],
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}, Quarantined, [c2cf608522689a9cef362e6c9c66c838],
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{23C70BCA-6E23-4A65-AD2E-1389062074F1}, Quarantined, [c2cf608522689a9cef362e6c9c66c838],
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}, Quarantined, [c2cf608522689a9cef362e6c9c66c838],
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{295CACB4-51F5-46FD-914E-C72BAAE1B672}, Quarantined, [c2cf608522689a9cef362e6c9c66c838],
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}, Quarantined, [c2cf608522689a9cef362e6c9c66c838],
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}, Quarantined, [c2cf608522689a9cef362e6c9c66c838],
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}, Quarantined, [c2cf608522689a9cef362e6c9c66c838],
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}, Quarantined, [c2cf608522689a9cef362e6c9c66c838],
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}, Quarantined, [c2cf608522689a9cef362e6c9c66c838],
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}, Quarantined, [c2cf608522689a9cef362e6c9c66c838],
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{C0585B2F-74D7-4734-88DE-6C150C5D4036}, Quarantined, [c2cf608522689a9cef362e6c9c66c838],
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}, Quarantined, [c2cf608522689a9cef362e6c9c66c838],
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}, Quarantined, [c2cf608522689a9cef362e6c9c66c838],
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{EF0588D6-1621-4A75-B8BE-F4BC34794136}, Quarantined, [c2cf608522689a9cef362e6c9c66c838],
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}, Quarantined, [c2cf608522689a9cef362e6c9c66c838],
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}, Quarantined, [c2cf608522689a9cef362e6c9c66c838],
PUP.Funmoods, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\bbjciahceamgodcoidkjpchnokgfpphh, Quarantined, [ccc539acd8b26dc9360ba8b4f40f9f61],
PUP.Optional.FunMoods.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\cjpglkicenollcignonpgiafdgfeehoj, Quarantined, [761b6e77c0cabf77dba3c284020245bb],
PUP.Optional.FunMoods.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Quarantined, [6c25945186047abcf555d339778c8080],
PUP.Funmoods, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\bbjciahceamgodcoidkjpchnokgfpphh, Quarantined, [741dfbea2b5fff37fc45c9930bf8847c],
PUP.Optional.FunMoods.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\cjpglkicenollcignonpgiafdgfeehoj, Quarantined, [8a07d0153852c571dea0e363ea1abd43],
PUP.Optional.WeCare.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\ippkomaaonokjnfjoikaemidanojkfmm, Quarantined, [3e534c990288122479384dfb13f0ae52],
PUP.Optional.WeCareReminder.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}, Quarantined, [a0f1cc19404aa78facf18c7e43c055ab],
PUP.Optional.FunMoods.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Quarantined, [7d14776e4f3bb284cf7b14f87b88956b],
PUP.Optional.WeCareReminder.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{78FADD33-5D93-4FB8-AC29-1D823C0574B8}, Quarantined, [a9e87a6b088257df6539be4c25def10f],
PUP.Optional.WeCare, HKU\S-1-5-21-2041430264-2399561070-413413978-1000\SOFTWARE\wecarereminder, Quarantined, [e6ab4e97b9d1ed4935a6c86bc83b768a],
PUP.Funmoods, HKU\S-1-5-21-2041430264-2399561070-413413978-1000\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\bbjciahceamgodcoidkjpchnokgfpphh, Quarantined, [0e83a342dab07db955eb3b21de25f50b],
PUP.Optional.FunMoods.A, HKU\S-1-5-21-2041430264-2399561070-413413978-1000\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\cjpglkicenollcignonpgiafdgfeehoj, Quarantined, [f29f6c79d7b3ae887b04aa9c46beb947],
PUP.Optional.FunMoods.A, HKU\S-1-5-21-2041430264-2399561070-413413978-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Quarantined, [8a0741a43f4b2f07a3a64dbf8083ab55],
PUP.Optional.WeCare.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}, Quarantined, [4d440cd9b4d689ad86022dcb4bb7d62a],
PUP.Optional.WeCare.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}, Quarantined, [4d440cd9b4d689ad86022dcb4bb7d62a],

Java13 · Jul 27, 2015

Heres the second half of MBAM log

Registry Values: 26
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}, Funmoods Toolbar, Quarantined, [0889ce17f19958de394a229ce61c27d9]
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}, Quarantined, [642d27bedfabf046364d9727dc26ab55],
PUP.Optional.FunMoods.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, Funmoods, Quarantined, [6c25945186047abcf555d339778c8080]
PUP.Optional.FunMoods.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, http://start.funmoods.com/results.p...BtCtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1076241928, Quarantined, [4e43e7fe464459dd103a8a826f948977]
PUP.Optional.FunMoods.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|DisplayName, Funmoods, Quarantined, [573a9d483357e254f45648c44fb4fd03]
PUP.Optional.FunMoods.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|FaviconURL, http://start.funmoods.com/favicon.ico, Quarantined, [f29fa540751574c2af9bd537ed16d62a]
PUP.Optional.FunMoods.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TopResultURLFallback, http://start.funmoods.com/results.p...BtCtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1076241928, Quarantined, [5e33fee79bef51e5da702be1ec1711ef]
PUP.Optional.FunMoods.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|FaviconPath, C:\PROGRA~2\Funmoods\1.5.23.22\FavIcon.ico, Quarantined, [d8b9b72e22680234fb4f48c4d72c6e92]
PUP.Optional.FunMoods.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|FaviconURLFallback, http://start.funmoods.com/favicon.ico, Quarantined, [68299451f298c76fad9d73996b98f30d]
PUP.Optional.WeCareReminder.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}|AppPath, C:\ProgramData\WeCareReminder, Quarantined, [a0f1cc19404aa78facf18c7e43c055ab]
PUP.Optional.FunMoods.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, Funmoods, Quarantined, [7d14776e4f3bb284cf7b14f87b88956b]
PUP.Optional.FunMoods.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, http://start.funmoods.com/results.p...BtCtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1076241928, Quarantined, [bcd503e2e3a733033d0d8a82f211e41c]
PUP.Optional.FunMoods.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|DisplayName, Funmoods, Quarantined, [bcd5b035ed9dff372723cb41af544eb2]
PUP.Optional.FunMoods.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|FaviconURL, http://start.funmoods.com/favicon.ico, Quarantined, [4b46c1242664ee48f951e52709fa39c7]
PUP.Optional.FunMoods.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TopResultURLFallback, http://start.funmoods.com/results.p...BtCtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1076241928, Quarantined, [523f50952466ec4a90ba56b6659eab55]
PUP.Optional.FunMoods.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|FaviconPath, C:\PROGRA~2\Funmoods\1.5.23.22\FavIcon.ico, Quarantined, [870ade07365465d17bcf0705f0139967]
PUP.Optional.FunMoods.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|FaviconURLFallback, http://start.funmoods.com/favicon.ico, Quarantined, [f1a02bba9befa096f45611fb5da6b44c]
PUP.Optional.WeCareReminder.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{78FADD33-5D93-4FB8-AC29-1D823C0574B8}|Publisher, We-Care.com, Quarantined, [a9e87a6b088257df6539be4c25def10f]
PUP.Optional.WeCareReminder.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{78FADD33-5D93-4FB8-AC29-1D823C0574B8}|DisplayName, ASPCA Reminder by We-Care.com v4.1.17.1, Quarantined, [0e83ffe6ef9b0e288e10f01a9a69db25]
PUP.Optional.FunMoods.A, HKU\S-1-5-21-2041430264-2399561070-413413978-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, http://start.funmoods.com/results.p...BtCtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1076241928, Quarantined, [8a0741a43f4b2f07a3a64dbf8083ab55]
PUP.Optional.FunMoods.A, HKU\S-1-5-21-2041430264-2399561070-413413978-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TopResultURLFallback, http://start.funmoods.com/results.p...BtCtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1076241928, Quarantined, [95fc9c49ec9ebb7bed5c28e470935ea2]
PUP.Optional.FunMoods.A, HKU\S-1-5-21-2041430264-2399561070-413413978-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|FaviconURL, http://start.funmoods.com/favicon.ico, Quarantined, [f0a1b5302f5ba2940841b755c0439d63]
PUP.Optional.FunMoods.A, HKU\S-1-5-21-2041430264-2399561070-413413978-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|FaviconPath, C:\PROGRA~2\Funmoods\1.5.23.22\FavIcon.ico, Quarantined, [7021e104cebce353ab9ea369dd26946c]
PUP.Optional.FunMoods.A, HKU\S-1-5-21-2041430264-2399561070-413413978-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|FaviconURLFallback, http://start.funmoods.com/favicon.ico, Quarantined, [f29f5293fb8f92a41138ff0d32d1bd43]
PUP.Optional.FunMoods.A, HKU\S-1-5-21-2041430264-2399561070-413413978-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, Funmoods, Quarantined, [6b26d90ca2e8989e5deca06ccf34ff01]
PUP.Optional.FunMoods.A, HKU\S-1-5-21-2041430264-2399561070-413413978-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|DisplayName, Funmoods, Quarantined, [652c1dc8c8c287afcc7d8f7d748fb947]

Registry Data: 0
(No malicious items detected)

Folders: 24
PUP.Optional.FunMoods.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh, Quarantined, [7e13bf266b1fe452bc3acd0d7c86e719],
PUP.Optional.FunMoods.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\1.0_0, Quarantined, [7e13bf266b1fe452bc3acd0d7c86e719],
PUP.Optional.FunMoods.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\1.0_0\img, Quarantined, [7e13bf266b1fe452bc3acd0d7c86e719],
PUP.Optional.FunMoods.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\1.0_0\js, Quarantined, [7e13bf266b1fe452bc3acd0d7c86e719],
PUP.Optional.FunMoods.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\1.0_0\style, Quarantined, [7e13bf266b1fe452bc3acd0d7c86e719],
PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm, Quarantined, [2071588d216970c6919d796229d9bf41],
PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0, Quarantined, [2071588d216970c6919d796229d9bf41],
PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\css, Quarantined, [2071588d216970c6919d796229d9bf41],
PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\css\bootstrap, Quarantined, [2071588d216970c6919d796229d9bf41],
PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\css\bootstrap\css, Quarantined, [2071588d216970c6919d796229d9bf41],
PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\css\bootstrap\img, Quarantined, [2071588d216970c6919d796229d9bf41],
PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\css\images, Quarantined, [2071588d216970c6919d796229d9bf41],
PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\html, Quarantined, [2071588d216970c6919d796229d9bf41],
PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\images, Quarantined, [2071588d216970c6919d796229d9bf41],
PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\js, Quarantined, [2071588d216970c6919d796229d9bf41],
PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\modules, Quarantined, [2071588d216970c6919d796229d9bf41],
PUP.Optional.WeCare.A, C:\ProgramData\WeCareReminder, Quarantined, [4d440cd9b4d689ad86022dcb4bb7d62a],
PUP.Optional.WeCare.A, C:\ProgramData\WeCareReminder\wecarereminder@bryan, Quarantined, [4d440cd9b4d689ad86022dcb4bb7d62a],
PUP.Optional.WeCare.A, C:\ProgramData\WeCareReminder\wecarereminder@bryan\chrome, Quarantined, [4d440cd9b4d689ad86022dcb4bb7d62a],
PUP.Optional.WeCare.A, C:\ProgramData\WeCareReminder\wecarereminder@bryan\chrome\logo, Quarantined, [4d440cd9b4d689ad86022dcb4bb7d62a],
PUP.Optional.WeCare.A, C:\ProgramData\WeCareReminder\wecarereminder@bryan\components, Quarantined, [4d440cd9b4d689ad86022dcb4bb7d62a],
PUP.Optional.WeCare.A, C:\ProgramData\WeCareReminder\wecarereminder@bryan\defaults, Quarantined, [4d440cd9b4d689ad86022dcb4bb7d62a],
PUP.Optional.WeCare.A, C:\ProgramData\WeCareReminder\wecarereminder@bryan\defaults\preferences, Quarantined, [4d440cd9b4d689ad86022dcb4bb7d62a],
PUP.Optional.WeCare.A, C:\ProgramData\WeCareReminder\wecarereminder@bryan\META-INF, Quarantined, [4d440cd9b4d689ad86022dcb4bb7d62a],

Files: 120
PUP.Optional.WeCare.A, C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll, Quarantined, [d8b9875ef496181e118d4e73887af30d],
PUP.Optional.WeCare.A, C:\ProgramData\ReadOnlyInstaller.msi, Quarantined, [a5ec4d9859318fa75188819fcc34817f],
PUP.Optional.WeCare.A, C:\ProgramData\WeCareReminder\ReminderHelper.exe, Quarantined, [0889c71ed6b41b1baa2f948cec145aa6],
PUP.Optional.WeCare.A, C:\ProgramData\WeCareReminder\WCAutoUpdate.exe, Quarantined, [b8d935b0662487af9842df414cb4e020],
PUP.Optional.DownloadAdmin.C, C:\Users\Elizabeth\Downloads\vlcmediaplayer-setup.exe, Quarantined, [2c658a5bb9d1a49271862d408c790000],
PUP.Optional.WeCare.A, C:\Windows\Installer\2b5efae.msi, Quarantined, [444d6481eb9f86b0578269b743bd837d],
PUP.Optional.FunMoods.A, C:\Users\Elizabeth\AppData\Local\funmoods-speeddial.crx, Quarantined, [4e43885d8901dd59bd34e29cb450738d],
PUP.Optional.FunMoods.A, C:\Users\Elizabeth\AppData\Local\funmoods.crx, Quarantined, [642d28bdaedc8caa678a700e8084f907],
PUP.Optional.FunMoods.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\1.0_0\background.html, Quarantined, [7e13bf266b1fe452bc3acd0d7c86e719],
PUP.Optional.FunMoods.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\1.0_0\dropdown.html, Quarantined, [7e13bf266b1fe452bc3acd0d7c86e719],
PUP.Optional.FunMoods.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\1.0_0\manifest.json, Quarantined, [7e13bf266b1fe452bc3acd0d7c86e719],
PUP.Optional.FunMoods.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\1.0_0\img\128.png, Quarantined, [7e13bf266b1fe452bc3acd0d7c86e719],
PUP.Optional.FunMoods.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\1.0_0\img\16.png, Quarantined, [7e13bf266b1fe452bc3acd0d7c86e719],
PUP.Optional.FunMoods.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\1.0_0\img\32.png, Quarantined, [7e13bf266b1fe452bc3acd0d7c86e719],
PUP.Optional.FunMoods.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\1.0_0\img\48.png, Quarantined, [7e13bf266b1fe452bc3acd0d7c86e719],
PUP.Optional.FunMoods.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\1.0_0\img\64.png, Quarantined, [7e13bf266b1fe452bc3acd0d7c86e719],
PUP.Optional.FunMoods.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\1.0_0\img\ajax-loader.gif, Quarantined, [7e13bf266b1fe452bc3acd0d7c86e719],
PUP.Optional.FunMoods.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\1.0_0\js\FMLoader.js, Quarantined, [7e13bf266b1fe452bc3acd0d7c86e719],
PUP.Optional.FunMoods.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\1.0_0\js\greetingmoods.js, Quarantined, [7e13bf266b1fe452bc3acd0d7c86e719],
PUP.Optional.FunMoods.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\1.0_0\js\mtrprt.js, Quarantined, [7e13bf266b1fe452bc3acd0d7c86e719],
PUP.Optional.FunMoods.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\1.0_0\style\funmoods_chrome_1.0.1.css, Quarantined, [7e13bf266b1fe452bc3acd0d7c86e719],
PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\bg.html, Quarantined, [2071588d216970c6919d796229d9bf41],
PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\icon_128.png, Quarantined, [2071588d216970c6919d796229d9bf41],
PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\manifest.json, Quarantined, [2071588d216970c6919d796229d9bf41],
PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\modules.json, Quarantined, [2071588d216970c6919d796229d9bf41],
PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\npsimple.dll, Quarantined, [2071588d216970c6919d796229d9bf41],
PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\css\clouds.css, Quarantined, [2071588d216970c6919d796229d9bf41],
PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\css\if.css, Quarantined, [2071588d216970c6919d796229d9bf41],
PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\css\jquery-ui-1.10.2.custom.min.css, Quarantined, [2071588d216970c6919d796229d9bf41],
PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\css\jquery-ui-1.8.18.custom.css, Quarantined, [2071588d216970c6919d796229d9bf41],
PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\css\normalize.css, Quarantined, [2071588d216970c6919d796229d9bf41],
PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\css\options.css, Quarantined, [2071588d216970c6919d796229d9bf41],
PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\css\search.css, Quarantined, [2071588d216970c6919d796229d9bf41],
PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\css\showRedirect.css, Quarantined, [2071588d216970c6919d796229d9bf41],
PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\css\updateNotif.css, Quarantined, [2071588d216970c6919d796229d9bf41],
PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\css\updateNotif2.css, Quarantined, [2071588d216970c6919d796229d9bf41],
PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\css\updateNotif2light.css, Quarantined, [2071588d216970c6919d796229d9bf41],
PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\css\updateNotif3.css, Quarantined, [2071588d216970c6919d796229d9bf41],
PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\css\updateNotif3light.css, Quarantined, [2071588d216970c6919d796229d9bf41],
PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\css\we-care_app_bg.png, Quarantined, [2071588d216970c6919d796229d9bf41],
PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\css\bootstrap\css\bootstrap-responsive.css, Quarantined, [2071588d216970c6919d796229d9bf41],
PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\css\bootstrap\css\bootstrap-responsive.min.css, Quarantined, [2071588d216970c6919d796229d9bf41],
PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\css\bootstrap\css\bootstrap.css, Quarantined, [2071588d216970c6919d796229d9bf41],
PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\css\bootstrap\css\bootstrap.min.css, Quarantined, [2071588d216970c6919d796229d9bf41],
PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\css\bootstrap\img\glyphicons-halflings-white.png, Quarantined, [2071588d216970c6919d796229d9bf41],
PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\css\bootstrap\img\glyphicons-halflings.png, Quarantined, [2071588d216970c6919d796229d9bf41],
PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\css\images\animated-overlay.gif, Quarantined, [2071588d216970c6919d796229d9bf41],
PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\css\images\Breast_Cancer_Badge.png, Quarantined, [2071588d216970c6919d796229d9bf41],
PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\css\images\Close_button.png, Quarantined, [2071588d216970c6919d796229d9bf41],
PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\css\images\Eco_Friendly_Badge.png, Quarantined, [2071588d216970c6919d796229d9bf41],
PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\css\images\Free_Shipping.png, Quarantined, [2071588d216970c6919d796229d9bf41],
PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\css\images\Left_Clouds.png, Quarantined, [2071588d216970c6919d796229d9bf41],
PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\css\images\Questions_button.png, Quarantined, [2071588d216970c6919d796229d9bf41],
PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\css\images\Right_Clouds.png, Quarantined, [2071588d216970c6919d796229d9bf41],
PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\css\images\Support_button.png, Quarantined, [2071588d216970c6919d796229d9bf41],
PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\css\images\We_Care_Logo.png, Quarantined, [2071588d216970c6919d796229d9bf41],
PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\html\app.html, Quarantined, [2071588d216970c6919d796229d9bf41],
PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\html\container.html, Quarantined, [2071588d216970c6919d796229d9bf41],
PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\html\menu.html, Quarantined, [2071588d216970c6919d796229d9bf41],
PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\html\notif.html, Quarantined, [2071588d216970c6919d796229d9bf41],
PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\html\options.html, Quarantined, [2071588d216970c6919d796229d9bf41],
PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\html\search.html, Quarantined, [2071588d216970c6919d796229d9bf41],
PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\html\uninstall.html, Quarantined, [2071588d216970c6919d796229d9bf41],
PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\html\update_slide.html, Quarantined, [2071588d216970c6919d796229d9bf41],
PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\html\upgrade.html, Quarantined, [2071588d216970c6919d796229d9bf41],
PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\html\wca_slider.html, Quarantined, [2071588d216970c6919d796229d9bf41],
PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\images\BOX.png, Quarantined, [2071588d216970c6919d796229d9bf41],
PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\images\CHECK.png, Quarantined, [2071588d216970c6919d796229d9bf41],
PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\images\close.gif, Quarantined, [2071588d216970c6919d796229d9bf41],
PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\images\dog.gif, Quarantined, [2071588d216970c6919d796229d9bf41],
PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\images\dog_wag.gif, Quarantined, [2071588d216970c6919d796229d9bf41],
PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\images\donate.bmp, Quarantined, [2071588d216970c6919d796229d9bf41],
PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\images\envelope.png, Quarantined, [2071588d216970c6919d796229d9bf41],
PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\images\icon_128.png, Quarantined, [2071588d216970c6919d796229d9bf41],
PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\images\logo_dark.png, Quarantined, [2071588d216970c6919d796229d9bf41],
PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\images\logo_light.png, Quarantined, [2071588d216970c6919d796229d9bf41],
PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\images\logo_sm_v.bmp, Quarantined, [2071588d216970c6919d796229d9bf41],
PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\images\QUESTION.png, Quarantined, [2071588d216970c6919d796229d9bf41],
PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\images\X-MARK.png, Quarantined, [2071588d216970c6919d796229d9bf41],
PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\js\container.js, Quarantined, [2071588d216970c6919d796229d9bf41],
PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\js\Controller.js, Quarantined, [2071588d216970c6919d796229d9bf41],
PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\js\jquery-1.7.1.min.js, Quarantined, [2071588d216970c6919d796229d9bf41],
PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\js\jquery-ui-1.10.2.custom.min.js, Quarantined, [2071588d216970c6919d796229d9bf41],
PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\js\jquery.numericCounter-1.0.min.js, Quarantined, [2071588d216970c6919d796229d9bf41],
PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\js\loader.js, Quarantined, [2071588d216970c6919d796229d9bf41],
PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\js\menu.js, Quarantined, [2071588d216970c6919d796229d9bf41],
PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\js\message.js, Quarantined, [2071588d216970c6919d796229d9bf41],
PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\js\options.js, Quarantined, [2071588d216970c6919d796229d9bf41],
PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\js\plugin.exe, Quarantined, [2071588d216970c6919d796229d9bf41],
PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\js\slider.js, Quarantined, [2071588d216970c6919d796229d9bf41],
PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\js\smileplus.js, Quarantined, [2071588d216970c6919d796229d9bf41],
PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\js\smileplus_cs.js, Quarantined, [2071588d216970c6919d796229d9bf41],
PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\js\uninstall.js, Quarantined, [2071588d216970c6919d796229d9bf41],
PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\js\updateButtons.js, Quarantined, [2071588d216970c6919d796229d9bf41],
PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\js\update_slide.js, Quarantined, [2071588d216970c6919d796229d9bf41],
PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\js\wc.js, Quarantined, [2071588d216970c6919d796229d9bf41],
PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\js\wca.js, Quarantined, [2071588d216970c6919d796229d9bf41],
PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\modules\bgAdmon.js, Quarantined, [2071588d216970c6919d796229d9bf41],
PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\modules\bgSerp.js, Quarantined, [2071588d216970c6919d796229d9bf41],
PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\modules\csAdmon.js, Quarantined, [2071588d216970c6919d796229d9bf41],
PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\modules\csSerp.js, Quarantined, [2071588d216970c6919d796229d9bf41],
PUP.Optional.WeCare.A, C:\ProgramData\WeCareReminder\aspca.bmp, Quarantined, [4d440cd9b4d689ad86022dcb4bb7d62a],
PUP.Optional.WeCare.A, C:\ProgramData\WeCareReminder\IEHelperv2.5.0PS.dll, Quarantined, [4d440cd9b4d689ad86022dcb4bb7d62a],
PUP.Optional.WeCare.A, C:\ProgramData\WeCareReminder\MerchantHash.json, Quarantined, [4d440cd9b4d689ad86022dcb4bb7d62a],
PUP.Optional.WeCare.A, C:\ProgramData\WeCareReminder\wecarereminderro.crx, Quarantined, [4d440cd9b4d689ad86022dcb4bb7d62a],
PUP.Optional.WeCare.A, C:\ProgramData\WeCareReminder\wecarereminder@bryan\chrome.manifest, Quarantined, [4d440cd9b4d689ad86022dcb4bb7d62a],
PUP.Optional.WeCare.A, C:\ProgramData\WeCareReminder\wecarereminder@bryan\install.rdf, Quarantined, [4d440cd9b4d689ad86022dcb4bb7d62a],
PUP.Optional.WeCare.A, C:\ProgramData\WeCareReminder\wecarereminder@bryan\ltvid.xml, Quarantined, [4d440cd9b4d689ad86022dcb4bb7d62a],
PUP.Optional.WeCare.A, C:\ProgramData\WeCareReminder\wecarereminder@bryan\MerchHash.txt, Quarantined, [4d440cd9b4d689ad86022dcb4bb7d62a],
PUP.Optional.WeCare.A, C:\ProgramData\WeCareReminder\wecarereminder@bryan\chrome\wecarereminder.jar, Quarantined, [4d440cd9b4d689ad86022dcb4bb7d62a],
PUP.Optional.WeCare.A, C:\ProgramData\WeCareReminder\wecarereminder@bryan\chrome\logo\default_serp.gif, Quarantined, [4d440cd9b4d689ad86022dcb4bb7d62a],
PUP.Optional.WeCare.A, C:\ProgramData\WeCareReminder\wecarereminder@bryan\chrome\logo\wecare_logo.bmp, Quarantined, [4d440cd9b4d689ad86022dcb4bb7d62a],
PUP.Optional.WeCare.A, C:\ProgramData\WeCareReminder\wecarereminder@bryan\components\httpModifyListener.js, Quarantined, [4d440cd9b4d689ad86022dcb4bb7d62a],
PUP.Optional.WeCare.A, C:\ProgramData\WeCareReminder\wecarereminder@bryan\components\WCR_MerchantHash.idl, Quarantined, [4d440cd9b4d689ad86022dcb4bb7d62a],
PUP.Optional.WeCare.A, C:\ProgramData\WeCareReminder\wecarereminder@bryan\components\WCR_MerchantHash.js, Quarantined, [4d440cd9b4d689ad86022dcb4bb7d62a],
PUP.Optional.WeCare.A, C:\ProgramData\WeCareReminder\wecarereminder@bryan\components\WCR_MerchantHash.xpt, Quarantined, [4d440cd9b4d689ad86022dcb4bb7d62a],
PUP.Optional.WeCare.A, C:\ProgramData\WeCareReminder\wecarereminder@bryan\defaults\preferences\wecarereminder.js, Quarantined, [4d440cd9b4d689ad86022dcb4bb7d62a],
PUP.Optional.WeCare.A, C:\ProgramData\WeCareReminder\wecarereminder@bryan\META-INF\manifest.mf, Quarantined, [4d440cd9b4d689ad86022dcb4bb7d62a],
PUP.Optional.WeCare.A, C:\ProgramData\WeCareReminder\wecarereminder@bryan\META-INF\zigbert.rsa, Quarantined, [4d440cd9b4d689ad86022dcb4bb7d62a],
PUP.Optional.WeCare.A, C:\ProgramData\WeCareReminder\wecarereminder@bryan\META-INF\zigbert.sf, Quarantined, [4d440cd9b4d689ad86022dcb4bb7d62a],

Physical Sectors: 0
(No malicious items detected)

(end)

Java13 · Jul 27, 2015

Heres the AdwCleaner log

# AdwCleaner v4.208 - Logfile created 26/07/2015 at 23:20:21
# Updated 09/07/2015 by Xplode
# Database : 2015-07-26.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Elizabeth - ELIZABETH-VAIO
# Running from : C:\Users\Elizabeth\Desktop\adwcleaner_4.208.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

File Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\Users\Public\Desktop\iLivid.lnk
File Deleted : C:\ProgramData\uninstaller.exe
File Deleted : C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_isearch.avg.com_0.localstorage
File Deleted : C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_isearch.avg.com_0.localstorage-journal
File Deleted : C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
File Deleted : C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
File Deleted : C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.yourtango.com_0.localstorage
File Deleted : C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.yourtango.com_0.localstorage-journal

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [Backup.old.Start Page]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKU\.DEFAULT\Software\APN
Key Deleted : HKU\.DEFAULT\Software\Ask.com
Key Deleted : HKU\.DEFAULT\Software\AskToolbar
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\isearch.avg.com
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.16521

-\\ Google Chrome v

[C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1Qzu0CyEzzyDtDzztD0FtDyEzy0D0B0CyCtAtN0D0Tzu0CtBtCtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1076241928
[C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxps://isearch.avg.com/search?cid={8A07EEBA-0AE7-4EB7-B783-1C3FC1419CBB}&mid=ed664006ed2347d0b3d8e1b0ab031794-565e6b247e04a74c4e37283d4e4795e51e9f1f5e&lang=en&ds=ft011&pr=sa&d=2012-08-03 15:16:53&v=12.1.0.21&sap=dsp&q={searchTerms}
[C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.netflix.com/WiSearch?raw_query=&ac_category_type=none&ac_rel_posn=-1&ac_abs_posn=-1&v1={searchTerms}&search_submit=

*************************

AdwCleaner[R0].txt - [5370 bytes] - [26/07/2015 22:11:40]
AdwCleaner[S0].txt - [5151 bytes] - [26/07/2015 23:20:21]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5210 bytes] ##########

Broni · Jul 27, 2015

Java13 · Jul 30, 2015

Last but not least...
It was still running slow before running this one. Will take notice tomorrow when I get off work ho it is running after running this.

Let me know your thoughts!

Elizabeth

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.4 (07.27.2015:1)
OS: Windows 7 Home Premium x64
Ran by Elizabeth on Thu 07/30/2015 at 22:25:48.61
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Tasks

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_BC42A7D22EA4C9EEEC843EF2870E3FB5

~~~ Registry Keys

~~~ Files

Successfully deleted: [File] C:\Users\Elizabeth\Appdata\Local\google\chrome\user data\default\local storage\hxxp_lyrics.wikia.com_0.localstorage
Successfully deleted: [File] C:\Users\Elizabeth\Appdata\Local\google\chrome\user data\default\local storage\hxxp_lyrics.wikia.com_0.localstorage-journal
Successfully deleted: [File] C:\Users\Elizabeth\Appdata\Local\google\chrome\user data\default\local storage\hxxp_services.hearstmags.com_0.localstorage
Successfully deleted: [File] C:\Users\Elizabeth\Appdata\Local\google\chrome\user data\default\local storage\hxxp_services.hearstmags.com_0.localstorage-journal

~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{0257AAAF-250F-4E58-8D46-230714AF5DB7}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{039B8A4E-F417-4274-991A-131EC487AE7E}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{05DA9BD7-D567-4016-9EF6-32711713FA0A}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{06E2BA84-CC66-4996-AD6F-DC22E6AF9428}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{07660A19-E8B7-4D14-9C1C-40A2EFD37847}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{0831601A-4224-4EC1-A875-815ADE57279C}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{0A075B37-24F5-4C74-B3F0-A4396017D253}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{0C3987CF-B19D-493C-B403-80D1E1C1B2A9}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{0C52CC8F-F289-4D43-B8E2-EE801229FF1A}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{0F5C7E1A-46E3-430E-A9AE-423095D29F3B}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{12898BB3-5437-4AD2-A849-F115F729A7A1}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{14C44DE9-8300-4B73-B963-CFEDC7353C47}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{17063CF3-02F5-413F-AA5D-A694D8CAF893}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{174B23A3-F7F7-4861-8696-22A660C29EBC}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{1913FEAD-9374-4885-A515-BE720E508696}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{19AF36EA-61DD-4B00-9E27-792F923EE7B6}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{19ED4A81-4CBE-4508-96C3-89C5AD09F1F5}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{1AE34F11-5F84-49A6-8CF8-1BEC7399B414}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{1BD89C0A-2E1E-4CE4-A35D-7BF1CFFA29B3}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{1C0AB1FE-F136-4D9C-A3CC-92CD1D5DD4A8}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{23ED30A3-1F33-4B4B-8D29-493B71072E6B}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{244BE9A4-EA46-4FA7-B203-E6005EE5D0A7}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{2493BB08-C249-407C-B485-799D03FF8E95}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{257602EB-8394-49CA-B6F7-B893FD8ED186}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{25BA9221-C0D9-4662-A994-B1AE740C6815}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{273F7CFA-C7D1-4B22-8779-E5C70D58670B}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{27CD1599-A01B-4864-BA5D-E456F271715B}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{27E2B1BE-6D2C-49E9-B4F8-A0CE6CFA97C6}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{2851A4AF-F5C6-48C1-AD49-BEF9D973A53A}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{28A0EE9E-55C0-464F-B3DF-D83E3C73896B}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{290F71B8-E311-497A-99F7-031418A2ED65}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{292B3104-0C2C-4A7C-B829-C97B1BC31296}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{29359F48-11C3-44A4-A5EF-B1166759B7F5}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{2A72D843-A6E7-411E-B9B8-55DE5BA74300}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{2CD874F8-728F-4D25-9EA1-C2557B75C5A6}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{2DC65595-B7D4-4C9A-80A9-B9F655ABF0F7}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{33499B6F-5C56-4320-ACDD-D4AF406D2BA1}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{35DBA92D-12BE-49A7-A20D-CA920B3403B6}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{3C624DC4-6280-4D94-BFAA-27607B8E1A73}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{3C7E9698-B05A-459F-824D-4E290C624D49}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{404FB900-42C9-45A2-9EFA-74269593080F}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{439C19C7-8241-4B21-8959-0A81F03EE4DC}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{43A16109-3D22-4AA3-B1FC-969152B575EB}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{445AEF5F-7433-4272-B234-2DA9E3A05782}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{46535D5C-C610-4006-B86B-58615A917954}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{481E8403-D64C-4D48-8EF6-0E4F62B52325}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{489EB597-AB4C-4321-92EC-0F806EFB2C76}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{4B178ED7-796A-43BB-A830-A1796B0BF64D}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{4BA025C6-72E6-4CAA-A61B-7C69733991AC}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{4F19605F-58DB-4D4D-AEBA-4558EE4D78B6}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{4F1F77D1-277E-4B87-A8F0-D62EF7A70DAF}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{50C5B67A-95C7-454D-8209-5B9B132B3E73}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{53E1EC21-BEF0-4AC3-B76D-940239A5F2C0}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{547E9770-C498-478E-B305-29D136E3B549}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{54C10D1F-B3E4-42FC-9B09-940D3A480C06}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{55B4CAD0-B28C-459C-86B4-317EA12FEB01}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{5626D5D0-5ED1-4922-AF0A-7220739642C1}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{576DF9C6-E812-4AA1-A948-97D24C9CD912}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{57F3D081-289E-4B4A-95B5-1F68E5AEA67E}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{59529E36-ACC4-4010-B86E-CB6AB69D6223}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{5BBECF4E-83BE-4E8E-AE05-BF27D8ECD4E8}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{65708585-6795-4F37-B14B-377A6B770F41}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{6877E36F-FE45-4118-8520-BA7BD69E30E5}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{7088C7B2-FE61-4BB9-BF37-D842331EF7B6}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{709F4FB5-B999-4A47-A0F8-B59CA73E3988}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{70FF9017-9AB5-4E62-AFCE-10BB60DDFEBC}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{710F4D79-2B6C-46C9-8B90-B5B86AD8D745}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{72AE2311-FD0B-4A0D-A9AD-E1873914E295}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{72C3A525-EBEC-47C5-83B9-F0E70C53A0D7}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{74AAB699-2563-475D-80B0-10304057AD0E}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{74C7802F-941E-475D-B736-8907700F5BE7}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{762419F6-8813-47C9-ABBB-D070C678C3A3}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{76828477-363D-44A3-8BE5-199E45AAE541}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{7729F48F-DBC2-4955-9339-A1E89C02510E}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{78A87102-375F-434B-8B24-8BA3761B29B4}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{793D27C1-5DCC-4853-B777-E82243CA0BEB}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{7C2434C4-64D8-4EA3-85A7-01DB3F0577B1}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{7E9FEF91-9FDA-431B-916E-7DBBD38ECA59}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{82366FE0-4CB4-4531-8B20-624E97DF20B8}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{86ACC1DF-C953-4558-BEBC-AA9E877F9267}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{872A75C3-729A-4F6B-8827-86EFDEE35345}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{8791D826-C140-4B94-BCB6-4E4319C959AC}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{8885D030-9F0E-4EF8-9149-1E2DB3095326}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{892B586A-69CF-4139-9093-F69BC6BD622F}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{8BBA1DDD-36EF-42F2-B0C0-1A922EB7218B}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{8C235330-3390-4A0B-8E1D-E4049494C88E}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{900ACEE8-AE6A-4E06-99AF-F1F41D5FAE6A}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{922C6183-8943-4C2D-AB70-788BE9631BD1}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{950651D9-9B56-4411-8C42-F8BC0F409925}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{959FD1F7-1124-4B75-9EE5-09A0D9297F8B}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{96C53A30-201F-4252-AAAE-4C954E065672}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{9716008B-4C95-4C0E-A5EE-35E04D6659B0}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{98330CD9-549A-47FD-B025-F3A4E2E0655D}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{9AC4AEDB-584C-43D0-AAC1-F9651F540722}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{9B5CF174-5010-4C2A-9660-3DD9A1A974B7}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{A0CE9D25-39FA-4163-BB20-55B5AF7E14D7}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{A1D24A9E-10C9-4139-AC02-86C528DED7FD}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{A32119C5-4C92-465A-8B22-1EA7D33DFEB3}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{A6960D08-3A91-4578-9BC7-FCCF3955793E}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{A6CC5D2F-96E4-4836-9468-33C9BDD4AA08}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{A9E68E56-A8B2-4C3A-97AD-4C8582384268}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{A9EFE477-0B5B-4536-854F-47866D33DABA}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{AA3DD60A-A74C-4432-B629-9E70878E1E75}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{AA3F86A7-4204-4F40-9E91-253BA4B2DB41}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{AF03A0CF-D733-4462-B356-767F29E92EC8}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{AF6BBE95-2219-41CC-B802-829E04F60E33}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{B1E056C8-A913-4872-B242-0F0F3AE93EB9}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{B4544539-F762-4E02-B27D-AC8CBAA3F8DE}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{B539C05A-EAFB-4F48-A444-20142BB40C9D}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{B59899D9-603F-4FD3-8BCE-5D3D424846D6}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{B5C4A8A7-AFD1-4FCB-BB64-F44BD37430F5}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{B7261279-A501-4256-947C-A86EECA7F64E}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{BBE81C5A-58AA-4510-B9C5-7CEFC5847A83}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{BCCA5CD5-C918-4252-B528-ED47DE6F46C6}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{BD189B43-DE4B-4F20-AA62-F6B673D2901E}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{BD5DFF6B-B230-47C1-AF3C-78C334FC039B}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{BED7C776-F75D-44C8-8326-132AE303CFD3}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{C2DE99F4-6D2D-4D29-992A-EB275F80673D}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{CD5BCC31-D02F-46FF-9959-98DCAFC77E69}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{CE411A92-2CC4-482A-A1E2-C1CF22FFCE68}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{D110E8B5-ADBF-403F-B893-278D42F1B985}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{D3EC006E-8565-4337-AE70-5C93EBDBF338}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{D48D432C-D2AB-4835-8005-B044CB1F18DA}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{D640AD49-910D-4AE3-AA3B-CF8B7B125677}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{D7D08A1A-D88F-4B93-9FED-CCCC17A96990}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{DE294C54-0F8D-4906-AB25-52C394171A16}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{E00FAD19-6E1C-423C-8CA2-985A2D74D28D}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{E153CDEA-71FF-48D5-AA5D-6AD39AB3AD0F}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{E1773FD3-E4D7-4C67-B08D-5D849841482B}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{E5DABC0A-7718-4779-8F4A-893EB1B30CAC}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{E5DCED71-2457-47A1-AB65-7EE270CD8D5C}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{E8D2C074-7A6B-4F8E-A81C-B9D4DBE8F580}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{EBAC2387-49B9-4672-9138-FC7458B422D6}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{ECCFA35B-AD7A-44A2-8936-C4C754897C65}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{EF30F9AB-8A49-443A-A14A-443AADFE8918}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{F1886418-70B3-4317-9BB7-5D11C3C97D5D}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{F19013B4-4BC0-438E-9D35-46AAD8BF8AAC}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{F1EB4492-B645-41B4-B988-AD7888953EEE}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{F2AFF381-3141-4D5E-92ED-8E49174CAF8B}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{F87BAC7B-4042-4145-A8BD-306DA2406372}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{F984145E-11C6-495F-BD81-A5FAFDF3A098}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{FAE10CC0-3C9C-465B-945E-4B2E728BB653}
Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{FAE8C489-1D42-4695-8D3B-F45A417C51E2}

~~~ Chrome

[C:\Users\Elizabeth\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Elizabeth\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Elizabeth\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Elizabeth\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[
bopakagnckmlgajfccecajhnimjiiedh,
cjpglkicenollcignonpgiafdgfeehoj
]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 07/30/2015 at 22:32:58.43
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Broni · Jul 31, 2015

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Never rename Combofix unless instructed.
Close any open browsers.
Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
If the connection is not there use restore point you created prior to running Combofix.
Double click on combofix.exe & follow the prompts.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

Double-click on the Rkill desktop icon to run the tool.
If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

Broni · Aug 4, 2015

Still with me?

Java13 · Aug 4, 2015

Hi! Yes! I moved over the weekend so I've just been a little out of commission, every day after work has been unpacking. I wasn't able to download combofix with the first link, but sometimes when I restart the computer it goes faster so I'm going to try again tomorrow with the others.

So sorry for the delay! Thank you so much for your help.

Broni · Aug 4, 2015

Java13 · Aug 5, 2015

ComboFix 15-08-03.01 - Elizabeth 08/04/2015 21:24:26.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6043.4522 [GMT -5:00]
Running from: c:\users\Elizabeth\Downloads\ComboFix.exe
AV: ThreatTrack Security VIPRE *Disabled/Updated* {FFE93D16-FD09-0282-C7D3-8B1731B6A051}
FW: ThreatTrack Security VIPRE *Disabled* {C7D2BC33-B766-03DA-EC8C-2222CF65E72A}
SP: ThreatTrack Security VIPRE *Disabled/Updated* {4488DCF2-DB33-0D0C-FD63-B0654A31EAEC}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
.
.
((((((((((((((((((((((((( Files Created from 2015-07-05 to 2015-08-05 )))))))))))))))))))))))))))))))
.
.
2015-08-05 02:32 . 2015-08-05 02:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-07-27 03:02 . 2015-07-27 04:20 -------- d-----w- C:\AdwCleaner
2015-07-24 04:39 . 2015-07-25 17:01 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-07-24 04:37 . 2015-07-24 04:37 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-07-24 04:37 . 2015-07-24 04:37 -------- d-----w- c:\programdata\Malwarebytes
2015-07-24 04:37 . 2015-06-18 13:41 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-07-24 04:37 . 2015-06-18 13:41 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-07-24 04:37 . 2015-06-18 13:41 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-07-22 02:48 . 2015-07-22 02:48 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-07-22 02:48 . 2015-07-25 04:46 -------- d-----w- c:\programdata\RogueKiller
2015-07-21 02:15 . 2015-07-21 02:21 -------- d-----w- C:\FRST
2015-07-20 23:08 . 2015-07-20 23:08 -------- d-----w- c:\program files\Common Files\AV
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-07-15 00:20 . 2012-04-26 12:06 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-07-15 00:20 . 2012-04-26 12:06 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-07-04 16:34 . 2015-07-04 16:34 111016 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2015-07-04 16:34 . 2015-07-04 16:34 320424 ----a-w- c:\windows\system32\javaws.exe
2015-07-04 16:34 . 2015-07-04 16:34 189864 ----a-w- c:\windows\system32\javaw.exe
2015-07-04 16:34 . 2015-07-04 16:34 189864 ----a-w- c:\windows\system32\java.exe
2015-07-04 16:32 . 2015-07-04 16:33 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MusicManager"="c:\users\Elizabeth\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2015-05-29 7646208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-02-29 56088]
"Dolby Home Theater v4"="c:\program files (x86)\Dolby Home Theater v4\pcee4.exe" [2011-02-03 506712]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-03-09 291608]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2011-09-20 60552]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe" [2012-02-21 693608]
"WD Quick View"="c:\program files (x86)\Western Digital\WD Quick View\WDDMStatus.exe" [2012-04-30 5235608]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-13 43848]
"SBAMTray"="c:\program files (x86)\VIPRE\SBAMTray.exe" [2013-09-06 3216272]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2012-07-27 380088]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-12-03 847872]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-10-02 421888]
.
c:\users\Elizabeth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Receiver.lnk - c:\windows\Installer\{961882FF-663F-47D2-8588-C9943C5E6A26}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe /startup [2014-6-29 40120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\Citrix\ICACLI~1\RSHook.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1y60x64.sys [x]
R3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys;c:\windows\SYSNATIVE\drivers\gfiark.sys [x]
R3 gfiutil;gfiutil;c:\windows\system32\drivers\gfiutil.sys;c:\windows\SYSNATIVE\drivers\gfiutil.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x]
R3 HtcVCom32;HTC Diagnostic Port;c:\windows\system32\DRIVERS\HtcVComV64.sys;c:\windows\SYSNATIVE\DRIVERS\HtcVComV64.sys [x]
R3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
R3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys;c:\windows\SYSNATIVE\DRIVERS\sbfwim.sys [x]
R3 SbHips;SbHips;c:\windows\system32\drivers\sbhips.sys;c:\windows\SYSNATIVE\drivers\sbhips.sys [x]
R3 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [x]
R3 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [x]
R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 USER_ESRV_SVC;User Energy Server Service;c:\program files\Sony\VAIO Care\esrv\esrv_svc.exe;c:\program files\Sony\VAIO Care\esrv\esrv_svc.exe [x]
R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [x]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [x]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [x]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\drivers\iusb3hcs.sys;c:\windows\SYSNATIVE\drivers\iusb3hcs.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys;c:\windows\SYSNATIVE\drivers\SbFw.sys [x]
S2 ActiveDelayDeviceService;ActiveDelayDeviceService;c:\program files (x86)\Sony\VAIO Boot Manager\ActiveDelayDeviceService.exe;c:\program files (x86)\Sony\VAIO Boot Manager\ActiveDelayDeviceService.exe [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [x]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [x]
S2 ESRV_SVC;Energy Server Service;c:\program files\Sony\VAIO Care\esrv\esrv_svc.exe --AUTO_START --start --address 127.0.0.1;c:\program files\Sony\VAIO Care\esrv\esrv_svc.exe --AUTO_START --start --address 127.0.0.1 [x]
S2 gfi_lanss11_attservice;GFI LanGuard 11 Attendant Service;c:\program files (x86)\GFI\LanGuard 11 Agent\lnssatt.exe;c:\program files (x86)\GFI\LanGuard 11 Agent\lnssatt.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service\Oasis2Service.exe;c:\program files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [x]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe;c:\program files\Sony\VAIO Care\VCPerfService.exe [x]
S2 SBAMSvc;VIPRE Internet Security;c:\program files (x86)\VIPRE\SBAMSvc.exe;c:\program files (x86)\VIPRE\SBAMSvc.exe [x]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys;c:\windows\SYSNATIVE\DRIVERS\sbapifs.sys [x]
S2 SBPIMSvc;SB Recovery Service;c:\program files (x86)\VIPRE\SBPIMSvc.exe;c:\program files (x86)\VIPRE\SBPIMSvc.exe [x]
S2 SoftshieldService;ExamsoftShieldService;c:\program files (x86)\Examsoft\Softest 11.0\Examsoft.ShieldRunner.exe;c:\program files (x86)\Examsoft\Softest 11.0\Examsoft.ShieldRunner.exe [x]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-I Visual Effects 2\uCamMonitor.exe;c:\program files (x86)\ArcSoft\Magic-I Visual Effects 2\uCamMonitor.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe;c:\program files\Sony\VAIO Power Management\SPMService.exe [x]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [x]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe;c:\program files\Sony\VAIO Smart Network\VSNService.exe [x]
S2 WDBackup;WD Backup;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [x]
S2 WDDriveService;WD Drive Manager;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [x]
S2 WDRulesService;WD Rules;c:\program files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe;c:\program files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [x]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys;c:\windows\SYSNATIVE\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\drivers\iusb3hub.sys;c:\windows\SYSNATIVE\drivers\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\drivers\iusb3xhc.sys;c:\windows\SYSNATIVE\drivers\iusb3xhc.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\drivers\iwdbus.sys;c:\windows\SYSNATIVE\drivers\iwdbus.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys;c:\windows\SYSNATIVE\DRIVERS\SBFWIM.sys [x]
S3 sbwtis;sbwtis;c:\windows\system32\DRIVERS\sbwtis.sys;c:\windows\SYSNATIVE\DRIVERS\sbwtis.sys [x]
S3 semav6thermal64ro;semav6thermal64ro;c:\windows\system32\drivers\semav6thermal64ro.sys;c:\windows\SYSNATIVE\drivers\semav6thermal64ro.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys;c:\windows\SYSNATIVE\drivers\SFEP.sys [x]
S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe;c:\program files\Sony\VAIO Care\VCService.exe [x]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update\vuagent.exe;c:\program files\Sony\VAIO Update\vuagent.exe [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2015-08-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-26 00:20]
.
2015-08-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2041430264-2399561070-413413978-1000Core.job
- c:\users\Elizabeth\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-18 18:45]
.
2015-07-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2041430264-2399561070-413413978-1000UA.job
- c:\users\Elizabeth\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-18 18:45]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-02-20 1158248]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-02-20 1158248]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-12-20 11406608]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-04-03 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-04-03 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-04-03 439064]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - c:\program files (x86)\VIPRE\VSGN.dll
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-ROC_ROC_JULY_P1 - c:\program files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"&_\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\%C3 &_ Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-08-04 21:33:41
ComboFix-quarantined-files.txt 2015-08-05 02:33
.
Pre-Run: 313,839,611,904 bytes free
Post-Run: 318,860,357,632 bytes free
.
- - End Of File - - A2BF263FFEEC1A08059B1834D794AC20

Broni · Aug 5, 2015

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

Double-click to run it. When the tool opens click Yes to disclaimer.
Make sure you checkmark Addition.txt box.
Press Scan button.
Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

Java13 · Aug 5, 2015

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:02-08-2015 01
Ran by Elizabeth (administrator) on ELIZABETH-VAIO (05-08-2015 20:36:03)
Running from C:\Users\Elizabeth\Downloads
Loaded Profiles: Elizabeth (Available Profiles: Elizabeth)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Boot Manager\ActiveDelayDeviceService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(GFI Software Development Ltd.) C:\Program Files (x86)\GFI\LanGuard 11 Agent\lnssatt.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(ThreatTrack Security, Inc.) C:\Program Files (x86)\VIPRE\SBPIMSvc.exe
(Hewlett-Packard) C:\Program Files (x86)\ExamSoft\SofTest 11.0\Examsoft.ShieldRunner.exe
(Examsoft Worldwide Inc.) C:\Program Files (x86)\ExamSoft\SofTest 11.0\Examsoft.SoftShield.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(Western Digital) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital ) C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Western Digital ) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\pnamain.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(ThreatTrack Security, Inc.) C:\Program Files (x86)\VIPRE\SBAMTray.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(ThreatTrack Security, Inc.) C:\Program Files (x86)\VIPRE\SBAMSvc.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files (x86)\Sony\Keyboard Shortcuts\KeyboardShortcuts.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
() C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Digital Delivery Networks, Inc.) C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Improvement\vim.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Improvement\vim.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-I Visual Effects 2\uCamMonitor.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAdmin.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Digital Delivery Networks, Inc.) C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Google Inc.) C:\Users\Elizabeth\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Elizabeth\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Elizabeth\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Elizabeth\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Elizabeth\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Elizabeth\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Elizabeth\AppData\Local\Google\Chrome\Application\chrome.exe
(Sony of America Corporation) C:\Program Files\Sony\VAIO Care\listener.exe
(Google Inc.) C:\Users\Elizabeth\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-02-20] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-02-20] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2884880 2012-03-19] (Synaptics Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [506712 2011-02-03] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-09] (Intel Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [60552 2011-09-20] (Sony Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] => c:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [693608 2012-02-21] (Sony Corporation)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5235608 2012-04-30] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [SBAMTray] => C:\Program Files (x86)\VIPRE\SBAMTray.exe [3216272 2013-09-05] (ThreatTrack Security, Inc.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [380088 2012-07-27] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [976320 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [847872 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2041430264-2399561070-413413978-1000\...\Run: [MusicManager] => C:\Users\Elizabeth\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7646208 2015-05-29] (Google Inc.)
AppInit_DLLs-x32: C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll => C:\Program Files (x86)\Citrix\ICA Client\RSHook.dll [257208 2012-07-27] (Citrix Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Receiver.lnk [2014-06-29]
ShortcutTarget: Receiver.lnk -> C:\Windows\Installer\{961882FF-663F-47D2-8588-C9943C5E6A26}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe ()
Startup: C:\Users\Elizabeth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2013-01-14]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2041430264-2399561070-413413978-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2041430264-2399561070-413413978-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM-x32 -> Backup.Old.DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
SearchScopes: HKLM-x32 -> {5D60AD9C-0AA9-5572-367C-60A381D2B97C} URL = http://www.bing.com/search?q={searchTerms}&form=SNYVDF&pc=MASA&src=IE-SearchBox
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2041430264-2399561070-413413978-1000 -> Backup.Old.DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
SearchScopes: HKU\S-1-5-21-2041430264-2399561070-413413978-1000 -> {5D60AD9C-0AA9-5572-367C-60A381D2B97C} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-07-04] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-07-04] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2015-07-04] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: VIPRE Search Guard Helper -> {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} -> C:\Program Files (x86)\VIPRE\VSGN.dll [2013-09-05] ()
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-09-15] (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2015-07-04] (Oracle Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-09-15] (Microsoft Corporation.)
Toolbar: HKLM-x32 - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - C:\Program Files (x86)\VIPRE\VSGN.dll [2013-09-05] ()
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler-x32: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files (x86)\VIPRE\VSGN.dll [2013-09-05] ()
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{154B617A-3C70-4FE0-B386-C354D40ED8F5}: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-14] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.80.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-07-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.80.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-07-04] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-14] ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2012-07-27] (Citrix Systems, Inc.)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-03-23] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-03-23] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.80.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-07-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.80.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2015-07-04] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @playstation.com/PsndlCheck,version=1.00 -> C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll [2011-08-03] (Sony Computer Entertainment Inc.)
FF Plugin-x32: @sony.com/ReaderDesktop -> C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll [2011-10-07] (Sony Corporation)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files (x86)\Sony\Media Go\npmediago.dll [2011-08-02] (Sony Network Entertainment International LLC)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-04-14] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-04-29] (Adobe Systems Inc.)
FF Plugin HKU\.DEFAULT: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-2041430264-2399561070-413413978-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-2041430264-2399561070-413413978-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Elizabeth\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-2041430264-2399561070-413413978-1000: @talk.google.com/O1DPlugin -> C:\Users\Elizabeth\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-2041430264-2399561070-413413978-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Elizabeth\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-20] (Google Inc.)
FF Plugin HKU\S-1-5-21-2041430264-2399561070-413413978-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Elizabeth\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-20] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Elizabeth\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Elizabeth\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)

Chrome:
=======
CHR Profile: C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (AdBlock) - C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-02-02]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-01]
StartMenuInternet: Google Chrome - C:\Users\Elizabeth\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 ActiveDelayDeviceService; C:\Program Files (x86)\Sony\VAIO Boot Manager\ActiveDelayDeviceService.exe [78472 2011-09-20] (Sony Corporation)
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe [427432 2013-02-22] ()
R2 gfi_lanss11_attservice; C:\Program Files (x86)\GFI\LanGuard 11 Agent\lnssatt.exe [133496 2012-11-23] (GFI Software Development Ltd.)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [127320 2012-03-23] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [162648 2012-03-23] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2012-07-31] (Hewlett-Packard) [File not signed]
R2 Oasis2Service; C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [61440 2013-07-02] (Digital Delivery Networks, Inc.) [File not signed]
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 PMBDeviceInfoProvider; c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [473960 2012-02-21] (Sony Corporation)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2012-07-31] (Hewlett-Packard) [File not signed]
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [258048 2013-03-04] (Sony Corporation) [File not signed]
R2 SBAMSvc; C:\Program Files (x86)\VIPRE\SBAMSvc.exe [3937472 2013-09-05] (ThreatTrack Security, Inc.)
R2 SBPIMSvc; C:\Program Files (x86)\VIPRE\SBPIMSvc.exe [176016 2013-09-05] (ThreatTrack Security, Inc.)
R2 SoftshieldService; C:\Program Files (x86)\Examsoft\Softest 11.0\Examsoft.ShieldRunner.exe [67392 2014-06-23] (Hewlett-Packard)
S3 Sony SCSI Helper Service; C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe [73728 2011-09-23] (Sony Corporation) [File not signed]
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-I Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.)
S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe [427432 2013-02-22] ()
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [960160 2011-12-29] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1634304 2015-03-16] (Sony Corporation)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1150368 2012-04-24] (Western Digital )
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [247704 2012-04-11] (Western Digital)
R2 WDRulesService; C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [1177496 2012-04-11] (Western Digital )
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R2 sbapifs; C:\Windows\System32\DRIVERS\sbapifs.sys [88928 2013-06-18] (ThreatTrack Security, Inc.)
R3 semav6thermal64ro; C:\Windows\system32\drivers\semav6thermal64ro.sys [13792 2012-11-06] ()
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-07-21] ()

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-05 20:35 - 2015-08-05 20:35 - 00000000 ____D C:\Users\Elizabeth\Downloads\FRST-OlderVersion
2015-08-05 06:18 - 2015-08-05 06:18 - 00021820 _____ C:\Users\Elizabeth\Desktop\combofix.txt
2015-08-04 21:33 - 2015-08-04 21:33 - 00021820 _____ C:\ComboFix.txt
2015-08-04 21:22 - 2015-08-04 21:33 - 00000000 ____D C:\Qoobox
2015-08-04 21:22 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe
2015-08-04 21:22 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe
2015-08-04 21:22 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-08-04 21:22 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-08-04 21:22 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-08-04 21:22 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe
2015-08-04 21:22 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe
2015-08-04 21:22 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe
2015-08-04 21:21 - 2015-08-04 21:33 - 00000000 ____D C:\Windows\erdnt
2015-08-04 21:20 - 2015-08-04 21:21 - 05634591 ____R (Swearware) C:\Users\Elizabeth\Downloads\ComboFix.exe
2015-08-04 18:35 - 2015-08-04 18:35 - 00000000 ____D C:\Users\Elizabeth\AppData\Local\{5BBBFBE6-DEE8-4B4F-A8F2-B0D459B7E9E7}
2015-08-03 20:02 - 2015-08-03 20:02 - 00000000 ____D C:\Users\Elizabeth\AppData\Local\{C77B8339-B9FC-4351-A848-7315EE58A3DF}
2015-08-02 19:54 - 2015-08-02 19:54 - 00002966 _____ C:\Windows\System32\Tasks\VIPRE Upgrade Task
2015-07-31 19:14 - 2015-07-31 19:14 - 00001141 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk
2015-07-30 22:32 - 2015-07-30 22:32 - 00017677 _____ C:\Users\Elizabeth\Desktop\JRT.txt
2015-07-30 22:24 - 2015-07-30 22:24 - 01798176 _____ (Malwarebytes Corporation) C:\Users\Elizabeth\Downloads\JRT.exe
2015-07-26 23:26 - 2015-07-26 23:26 - 00005302 _____ C:\Users\Elizabeth\Desktop\AdwCleaner[S0].txt
2015-07-26 22:02 - 2015-07-26 23:20 - 00000000 ____D C:\AdwCleaner
2015-07-26 21:34 - 2015-07-26 21:34 - 02248704 _____ C:\Users\Elizabeth\Desktop\adwcleaner_4.208.exe
2015-07-23 23:39 - 2015-07-25 12:01 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-23 23:37 - 2015-07-23 23:37 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-23 23:37 - 2015-07-23 23:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-23 23:37 - 2015-07-23 23:37 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-23 23:37 - 2015-07-23 23:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-23 23:37 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-23 23:37 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-07-23 23:37 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-07-23 23:34 - 2015-07-23 23:35 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Elizabeth\Downloads\mbam-setup-2.1.8.1057.exe
2015-07-21 21:48 - 2015-07-24 23:46 - 00000000 ____D C:\ProgramData\RogueKiller
2015-07-21 21:48 - 2015-07-21 21:48 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-07-21 21:34 - 2015-07-21 21:42 - 18705480 _____ C:\Users\Elizabeth\Desktop\RogueKiller.exe
2015-07-20 21:19 - 2015-07-20 21:21 - 00046610 _____ C:\Users\Elizabeth\Downloads\Addition.txt
2015-07-20 21:15 - 2015-08-05 20:36 - 00029947 _____ C:\Users\Elizabeth\Downloads\FRST.txt
2015-07-20 21:15 - 2015-08-05 20:36 - 00000000 ____D C:\FRST
2015-07-20 21:14 - 2015-08-05 20:35 - 02169856 _____ (Farbar) C:\Users\Elizabeth\Downloads\FRST64.exe
2015-07-20 20:05 - 2015-07-20 20:05 - 00007599 _____ C:\Users\Elizabeth\AppData\Local\Resmon.ResmonCfg
2015-07-20 18:08 - 2015-07-20 18:08 - 00000000 ____D C:\Program Files\Common Files\AV

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-05 20:32 - 2012-06-18 13:45 - 00000872 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2041430264-2399561070-413413978-1000Core.job
2015-08-05 20:32 - 2012-05-10 13:06 - 01380737 _____ C:\Windows\WindowsUpdate.log
2015-08-05 20:32 - 2012-04-26 07:06 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-04 21:33 - 2009-07-13 22:20 - 00000000 __RHD C:\Users\Default
2015-08-04 21:32 - 2009-07-13 21:34 - 00000215 _____ C:\Windows\system.ini
2015-08-04 21:10 - 2015-06-23 13:21 - 00000000 ____D C:\Users\Elizabeth\Documents\M4
2015-07-31 19:17 - 2009-07-13 23:45 - 00020928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-31 19:17 - 2009-07-13 23:45 - 00020928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-31 19:14 - 2012-04-26 06:02 - 00000000 ____D C:\Windows\System32\Tasks\Sony Corporation
2015-07-31 19:14 - 2012-04-26 05:24 - 00000000 ____D C:\ProgramData\Sony Corporation
2015-07-31 19:13 - 2012-04-26 06:19 - 00000000 ____D C:\Program Files\Sony
2015-07-31 19:13 - 2012-04-26 05:40 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-07-31 19:06 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-31 19:06 - 2009-07-13 23:51 - 00195178 _____ C:\Windows\setupact.log
2015-07-30 22:23 - 2013-06-20 10:16 - 00002390 _____ C:\Users\Elizabeth\Desktop\Google Chrome.lnk
2015-07-27 19:30 - 2009-07-14 00:13 - 00786622 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-27 19:29 - 2012-06-16 15:31 - 00000000 ____D C:\Update
2015-07-26 23:23 - 2010-11-20 22:47 - 00435366 _____ C:\Windows\PFRO.log
2015-07-26 22:03 - 2012-07-30 20:01 - 00000000 ____D C:\Users\Elizabeth\AppData\Roaming\vlc
2015-07-25 00:54 - 2009-07-13 22:20 - 00000000 __RSD C:\Windows\Media
2015-07-21 21:26 - 2013-03-18 08:55 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-07-21 21:26 - 2013-03-18 08:55 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-07-20 21:35 - 2013-03-18 08:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-07-20 18:32 - 2015-07-04 11:29 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-07-20 18:31 - 2013-03-08 20:35 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-07-20 18:21 - 2012-06-18 13:45 - 00003902 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2041430264-2399561070-413413978-1000UA
2015-07-20 18:21 - 2012-06-18 13:45 - 00003506 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2041430264-2399561070-413413978-1000Core
2015-07-20 18:21 - 2012-06-18 13:45 - 00000924 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2041430264-2399561070-413413978-1000UA.job
2015-07-14 19:20 - 2012-04-26 07:06 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-14 19:20 - 2012-04-26 07:06 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-14 19:20 - 2012-04-26 07:06 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-12 16:34 - 2013-12-28 22:46 - 00000000 ____D C:\Users\Elizabeth\Documents\Wedding
2015-07-09 11:49 - 2014-01-28 23:30 - 00000000 ____D C:\temp
2015-07-06 14:20 - 2012-09-13 09:51 - 00000000 ____D C:\Users\Elizabeth\AppData\Roaming\Skype

==================== Files in the root of some directories =======

2013-02-10 16:39 - 2013-02-11 00:48 - 0005632 _____ () C:\Users\Elizabeth\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-07-20 20:05 - 2015-07-20 20:05 - 0007599 _____ () C:\Users\Elizabeth\AppData\Local\Resmon.ResmonCfg
2012-08-01 11:20 - 2012-08-01 11:20 - 0000057 _____ () C:\ProgramData\Ament.ini

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-08-04 22:15

==================== End of log ============================

Java13 · Aug 5, 2015

Additional scan result of Farbar Recovery Scan Tool (x64) Version:02-08-2015 01
Ran by Elizabeth (2015-08-05 20:37:00)
Running from C:\Users\Elizabeth\Downloads
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2041430264-2399561070-413413978-500 - Administrator - Disabled)
Elizabeth (S-1-5-21-2041430264-2399561070-413413978-1000 - Administrator - Enabled) => C:\Users\Elizabeth
Guest (S-1-5-21-2041430264-2399561070-413413978-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2041430264-2399561070-413413978-1004 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ThreatTrack Security VIPRE (Disabled - Up to date) {FFE93D16-FD09-0282-C7D3-8B1731B6A051}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ThreatTrack Security VIPRE (Disabled - Up to date) {4488DCF2-DB33-0D0C-FD63-B0654A31EAEC}
FW: ThreatTrack Security VIPRE (Disabled) {C7D2BC33-B766-03DA-EC8C-2222CF65E72A}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 13.2.1 - Hewlett-Packard) Hidden
ACID Music Studio 8.0 (x32 Version: 8.0.178 - Sony) Hidden
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Reader X (10.1.14) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.14 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-2041430264-2399561070-413413978-1000\...\Amazon Kindle) (Version: - Amazon)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Application Manager for VAIO (HKLM-x32\...\Application Manager for VAIO) (Version: - )
ArcSoft Magic-I Visual Effects 2 (HKLM-x32\...\{61438020-DDD4-42FA-99A2-50225441980A}) (Version: 2.0.1.161 - ArcSoft)
ArcSoft WebCam Companion 4 (HKLM-x32\...\{C793AD32-2BB8-4CC4-ABD3-A1469C21593C}) (Version: 4.0.21.485 - ArcSoft)
Bing Bar (HKLM-x32\...\{A7E8CB11-B09E-46F8-9BAE-B2E01EBF7E51}) (Version: 7.0.831.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Camtasia Studio 8 (HKLM-x32\...\{DB93E2C2-851F-44B2-B09C-351D2C624AE1}) (Version: 8.0.4.1060 - TechSmith Corporation)
Cardio Calipers (HKLM-x32\...\Cardio Calipers) (Version: 3.3 - Iconico)
Cisco AnyConnect VPN Client (HKLM-x32\...\{C1EC4E2D-6F63-4806-B88E-7685B6EC186E}) (Version: 2.5.6005 - Cisco Systems, Inc.)
Citrix Receiver (Enterprise) (HKLM-x32\...\CitrixOnlinePluginFull) (Version: 13.3.0.55 - Citrix Systems, Inc.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.5009.52 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.7000.4 - Dolby Laboratories Inc)
DVD Architect Studio 5.0 (x32 Version: 5.0.157 - Sony) Hidden
Epson Event Manager (HKLM-x32\...\{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}) (Version: 2.40.0001 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.10.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON WorkForce 630 Series Printer Uninstall (HKLM\...\EPSON WorkForce 630 Series) (Version: - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
EpsonNet Setup 3.3 (HKLM-x32\...\{C9D8A041-2963-4B31-8FFC-1500F3DB9293}) (Version: 3.3b - SEIKO EPSON CORPORATION)
Evernote v. 4.5.2 (HKLM-x32\...\{8CE152BA-1D16-11E1-867D-984BE15F174E}) (Version: 4.5.2.5904 - Evernote Corp.)
FDUx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
FredV2Step1 (HKLM-x32\...\{D6BCD6F1-85F1-43AD-A5A8-FC7C070546DD}) (Version: 1.00.0000 - USMLE)
FredV2Step2 (HKLM-x32\...\{CA59076F-26E1-4605-BE45-2C880A46A383}) (Version: 1.00.0000 - USMLE)
Google Chrome (HKU\S-1-5-21-2041430264-2399561070-413413978-1000\...\Google Chrome) (Version: 44.0.2403.125 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
HP Deskjet 3050A J611 series Basic Device Software (HKLM\...\{B6A3EAE4-3727-46A4-A659-8576BF7C8C8D}) (Version: 23.0.504.0 - Hewlett-Packard Co.)
HP Deskjet 3050A J611 series Help (HKLM-x32\...\{97DDCAB8-B770-4089-A10F-67568069D78A}) (Version: 140.0.2.2 - Hewlett Packard)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.13.0.003 - HTC Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.4.1441 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2712 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (HKLM\...\{2C0E6BD4-65B1-4E82-B2AC-43EFFC8F100C}) (Version: 15.0.0.0083 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{F0932859-AA60-459E-B843-0BDECA34E2C7}) (Version: 2.0.0.0086 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{4E4282C3-F66E-4852-837A-7675527178C2}) (Version: 3.1.26.0 - Intel Corporation)
Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - )
Intel® PROSet/Wireless WiFi Software (HKLM\...\{DF7756DD-656A-45C3-BA71-74673E8259A9}) (Version: 15.00.0000.0708 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
Java 7 Update 80 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417080FF}) (Version: 7.0.800 - Oracle)
Java 7 Update 80 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217080FF}) (Version: 7.0.800 - Oracle)
Jing (HKLM-x32\...\{22800204-9E53-45C7-B6F3-5BB0F1C1A147}) (Version: 2.8.13007.1 - TechSmith Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Keyboard_Shortcuts (x32 Version: 1.1.0.12190 - Sony Corporation) Hidden
KUx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Media Gallery (HKLM\...\{0EB7792D-EFA2-42AB-9A22-F33D9458E974}) (Version: 2.1.0.13300 - Sony Corporation)
Media Go (x32 Version: 2.0.317 - Sony) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Music Manager (HKU\S-1-5-21-2041430264-2399561070-413413978-1000\...\MusicManager) (Version: - Google, Inc.)
Oasis2Service (HKLM-x32\...\{E50FC5DB-7CBD-407D-A46E-0C13E45BC386}) (Version: 1.0.4 - DDNi)
Online Plug-in (x32 Version: 13.3.0.55 - Citrix Systems, Inc.) Hidden
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.214.2 - Tracker Software Products Ltd)
PlayMemories Home (x32 Version: 6.1.01.14210 - Sony Corporation) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayStation(R)Network Downloader (x32 Version: 2.07.00849 - Sony Computer Entertainment Inc.) Hidden
PlayStation(R)Store (x32 Version: 4.5.15.13232 - Sony Computer Entertainment Inc.) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Reader for PC (x32 Version: 1.1.02.10070 - Sony Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.53.216.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6570 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.92 - Realtek Semiconductor Corp.)
Remote Keyboard (x32 Version: 1.2.0.09270 - Sony Corporation) Hidden
Remote Play with PlayStation(R)3 (x32 Version: 1.1.0.21090 - Sony Corporation) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
SofTest v11 (HKLM-x32\...\InstallShield_{943975DA-812E-455E-90B1-8323103656CC}) (Version: 11.5.3 - Examsoft)
SofTest v11 (x32 Version: 11.5.3 - Examsoft) Hidden
Sound Forge Audio Studio 10.0 (x32 Version: 10.0.176 - Sony) Hidden
SSLx64 (Version: 1.0.0 - Sony Corporation ) Hidden
SSLx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.0.0.5 - Synaptics Incorporated)
System Requirements Lab for Intel (HKLM-x32\...\{1EBDF6D2-CEA0-484C-A23E-2DDAD7FD0DD0}) (Version: 4.5.22.0 - Husdawg, LLC)
TrackID(TM) with BRAVIA (x32 Version: 1.2.0.09270 - Sony Corportaion) Hidden
TriDef 3D (Sony) 2.0.5 (HKLM-x32\...\experience-sony-bundle) (Version: 2.0.5 - Dynamic Digital Depth Australia Pty Ltd)
V3DPx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VAIO - Microsoft Visual C++ 2010 SP1 Runtime 10.0.40219.325 (HKLM\...\{34EB42BE-F4D3-44C1-B28E-9740115DB72C}) (Version: 1.0.00.01300 - Sony Corporation)
VAIO - PlayMemories Home Plug-in (HKLM\...\{886C0C18-F905-49B2-90BA-EFC0FEDF27C6}) (Version: 2.0.01.03310 - Sony Corporation)
VAIO - Remote Keyboard (x32 Version: 1.2.0.09270 - Sony Corporation) Hidden
VAIO - Remote Keyboard with PlayStation®3 (x32 Version: 1.2.0.09210 - Sony Corporation) Hidden
VAIO - Remote Play with PlayStation®3 (x32 Version: 1.1.0.21090 - Sony Corporation) Hidden
VAIO - TrackID™ with BRAVIA (x32 Version: 1.2.0.09270 - Sony Corporation) Hidden
VAIO 3D Portal (x32 Version: 1.2.0.10131 - Sony Corporation) Hidden
VAIO Care (HKLM\...\{471F7C0A-CA3A-4F4C-8346-DE36AD5E23D1}) (Version: 7.3.0.14170 - Sony Corporation)
VAIO Control Center (x32 Version: 5.2.2.16060 - Sony Corporation) Hidden
VAIO CPU Fan Diagnostic (x32 Version: 1.1.0.09200 - Sony Corporation) Hidden
VAIO Data Restore Tool (x32 Version: 1.9.0.13190 - Sony Corporation) Hidden
VAIO Easy Connect (x32 Version: 1.1.2.01120 - Sony Corporation) Hidden
VAIO Gate (x32 Version: 2.4.1.09230 - Sony Corporation) Hidden
VAIO Gate (x32 Version: 2.4.2.02200 - Sony Corporation) Hidden
VAIO Gate Default (x32 Version: 2.5.2.02090 - Sony Corporation) Hidden
VAIO Gesture Control (x32 Version: 1.0.0.12300 - Sony Corporation) Hidden
VAIO Health Report (HKLM-x32\...\VAIO Health Report1.0) (Version: 1.0 - Sony Electronics)
VAIO Help and Support (x32 Version: 17.00.0109 - Sony Corporation) Hidden
VAIO Improvement (x32 Version: 1.3.0.12280 - Sony Corporation) Hidden
VAIO Manual (x32 Version: 2.3.0.12300 - Sony Corporation) Hidden
VAIO Messenger (HKLM-x32\...\VAIO Messenger) (Version: 2.0.550.0 - DDNi)
VAIO OOBE (x32 Version: 12.2.1.2483 - Sony Corporation) Hidden
VAIO Sample Contents (x32 Version: 1.4.0.09010 - Sony Corporation) Hidden
VAIO Satisfaction Survey. (x32 Version: 3.0 - Sony Electronics Inc.) Hidden
VAIO Smart Network (x32 Version: 3.11.1.15220 - Sony Corporation) Hidden
VAIO Transfer Support (x32 Version: 1.7.1.06040 - Sony Corporation) Hidden
VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 7.0.0.15160 - Sony Corporation)
VBMx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VCCx64 (Version: 1.0.0 - Sony Corporation) Hidden
VCCx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Vegas Movie Studio HD Platinum 11.0 (x32 Version: 11.0.256 - Sony) Hidden
VGClientX64 (Version: 1.0.0 - Sony Corporation) Hidden
VGClientX86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VHD (x32 Version: 1.0.0 - Microsoft) Hidden
VIPRE Internet Security (HKLM-x32\...\{C1D1FC57-3EB9-4B21-BCA3-F1C927508200}) (Version: 7.0.6.2 - ThreatTrack Security, Inc.)
VIPRE Internet Security (x32 Version: 7.0.6.2 - ThreatTrack Security, Inc.) Hidden
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
VIx64 (Version: 1.0.0 - Sony Corporation) Hidden
VIx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VLC media player 2.0.6 (HKLM-x32\...\VLC media player) (Version: 2.0.6 - VideoLAN)
VMLx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VPMx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSNx64 (Version: 1.0.0 - Sony Corporation) Hidden
VSNx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VSSTx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden
VWSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
WD SmartWare (HKLM\...\{49B1B217-27B1-42D8-A0A5-7ED0CD0D9508}) (Version: 1.6.0.25 - Western Digital)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2041430264-2399561070-413413978-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Elizabeth\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2041430264-2399561070-413413978-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Elizabeth\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2041430264-2399561070-413413978-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Elizabeth\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2041430264-2399561070-413413978-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Elizabeth\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2041430264-2399561070-413413978-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Elizabeth\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2041430264-2399561070-413413978-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Elizabeth\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2041430264-2399561070-413413978-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Elizabeth\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2041430264-2399561070-413413978-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Elizabeth\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2041430264-2399561070-413413978-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Elizabeth\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points =========================

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04F1661B-A14C-4979-9C36-08A9A817248A} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2015-03-16] (Sony Corporation)
Task: {0616562E-6C65-40B4-B368-5390006AF92C} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-01-31] (Sony Corporation)
Task: {073A4B3A-E308-41AF-8EEC-16403B7B4BF5} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate Restart => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2012-02-20] (Sony Corporation)
Task: {0EB8EA04-16D8-4EC4-8D65-56C0CC4A76C5} - System32\Tasks\Sony Corporation\VAIO Smart Network\VSN Logon Start => net
Task: {1092E57E-A607-46A9-9E52-FA16EBC5B26C} - System32\Tasks\Sony Corporation\VAIO Power Management\VPM Unlock => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2012-01-10] (Sony Corporation)
Task: {10CDE930-EB02-4D83-BB07-D12723CC5F32} - System32\Tasks\VHDInformationCheck => C:\Program Files (x86)\Sony\VAIO Recovery\plugins\InformationCheck.exe [2012-02-24] (Sony Corporation)
Task: {1D52B8F6-6E62-45FD-B66D-ED0456419C04} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-01-31] (Sony Corporation)
Task: {21413B99-C1FE-4C52-869A-7CF73BEFEC44} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementMonitorUser => C:\Program Files\Sony\VAIO Improvement\vim.exe [2011-12-27] (Sony Corporation)
Task: {313FB459-64CB-4C3A-9F59-2E60B3016E10} - System32\Tasks\Sony Corporation\VAIO Gate\StartExecuteProxy => C:\Program Files\Sony\VAIO Gate\ExecutionProxy.exe [2012-02-20] (Sony Corporation)
Task: {327A7C60-C599-49B9-9A6E-A7D1DDB7D259} - System32\Tasks\DDNi Startup => C:\Program Files (x86)\DDNi\Oasis\DDNiStartup.exe [2013-07-03] (Digital Delivery Networks, Inc.)
Task: {33B04916-0367-4358-AF01-54955A12AB09} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2041430264-2399561070-413413978-1000Core => C:\Users\Elizabeth\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-18] (Google Inc.)
Task: {38A2B101-01F3-4B21-8811-76FA477781DE} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\viuploader.exe [2011-12-27] (Sony Corporation)
Task: {38F8A1E4-54E5-486D-84F2-56C9F35E37F7} - System32\Tasks\Sony Corporation\VAIO Power Management\VPM Logon Start => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2012-01-10] (Sony Corporation)
Task: {3E5AFA1C-2BCE-4E9C-A9E6-65008954525E} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Daily => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-04-06] (Sony Corporation)
Task: {3E8507A6-5747-48DE-849F-D92F0D529159} - System32\Tasks\Sony Corporation\VAIO Care\CRMReminder => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-01-31] (Sony Corporation)
Task: {458D076A-818C-4BC2-9E79-CE5F971B88C9} - System32\Tasks\USER_ESRV_SVC => Wscript.exe //B //NoLogo "C:\Program Files\Sony\VAIO Care\esrv\task.vbs"
Task: {4C0CAE05-BEFA-4851-9275-6C7DED78649D} - System32\Tasks\VAIO® Messenger (Elizabeth) => C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe [2013-07-03] (Digital Delivery Networks, Inc.)
Task: {6416DF84-1CFD-4B08-A347-BE7273C30527} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Month => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-04-06] (Sony Corporation)
Task: {670CF13C-A3F3-47BC-AAC4-2E944F9708D9} - System32\Tasks\VIPRE Upgrade Task => C:\PROGRAM FILES\COMMON FILES\AV\ThreatTrack Security VIPRE\Upgrade.exe [2015-07-30] (ThreatTrack Security Inc.)
Task: {6DEB61AA-EF45-4417-8AE5-A2650CE3D0EE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-14] (Adobe Systems Incorporated)
Task: {70794633-21B8-4128-B66E-27D81E1C0DC8} - System32\Tasks\VAIO Health Report => C:\Program Files (x86)\Sony\VAIO Health Report\VAIOHealthReport.exe [2013-06-20] (Sony Electronics)
Task: {778734FD-439A-43B6-B940-304AB9684065} - System32\Tasks\Sony\OOBEApplauncher => C:\Program Files (x86)\Sony\OOBE\OOBEAppLauncher.exe [2012-03-15] (Sony Electronics Inc.)
Task: {8E5278AA-74DC-4A01-A440-0E0BAA01FCFD} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-01-31] (Sony Corporation)
Task: {9FA90726-F32F-475A-83E7-8FF6AD776BF1} - System32\Tasks\Sony Corporation\VAIO Care\VAU => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-01-31] (Sony Corporation)
Task: {A9380D21-4BD4-4C82-98EC-22DBC4E166B4} - System32\Tasks\Sony Corporation\VAIO Gesture Control\VCGULogonTask => C:\Program Files (x86)\Sony\VAIO Camera Gesture Utility\VCGU.exe [2011-12-27] (Sony Corporation)
Task: {AAE1DEB5-DC57-458E-9D69-0A9B02178648} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementMonitorSystem => C:\Program Files\Sony\VAIO Improvement\vim.exe [2011-12-27] (Sony Corporation)
Task: {B0FB249E-6BAC-423C-A2B1-A0C3060AB02B} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-01-31] (Sony Corporation)
Task: {B38ABD2C-70F5-4F07-A405-C492F8047019} - System32\Tasks\Sony Corporation\VAIO Care\AutoCheckMessage => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-01-31] (Sony Corporation)
Task: {C54D4CC2-E9CB-4B26-BA52-068A50C2F541} - System32\Tasks\Sony Corporation\VAIO Power Management\VPM Session Change => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2012-01-10] (Sony Corporation)
Task: {C62E3B46-16F4-444F-AA46-D4C24322AE5C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2041430264-2399561070-413413978-1000UA => C:\Users\Elizabeth\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-18] (Google Inc.)
Task: {D1FDAB81-7929-463A-803D-2FB1F1EE010B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D9829743-9328-4987-ACB3-DF1D7C081BA6} - System32\Tasks\Sony\Keyboard Shortcuts => C:\Program Files (x86)\Sony\Keyboard Shortcuts\KeyboardShortcuts.exe [2012-03-20] ()
Task: {DD435CFE-8B37-4CA7-87EF-23E942396150} - System32\Tasks\VAIO® Messenger (Administrator) => C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe [2013-07-03] (Digital Delivery Networks, Inc.)
Task: {E927FEA4-2CAB-408C-B608-57B09AD3746F} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2015-03-06] (Sony Corporation)
Task: {F3406592-BD61-4339-8818-953906D90482} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2012-02-20] (Sony Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2041430264-2399561070-413413978-1000Core.job => C:\Users\Elizabeth\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2041430264-2399561070-413413978-1000UA.job => C:\Users\Elizabeth\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2012-04-26 05:51 - 2012-03-23 03:47 - 00127320 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
2013-10-17 15:27 - 2013-10-17 15:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2011-03-16 04:29 - 2011-03-16 04:29 - 02673000 _____ () C:\Windows\system32\HPScanTRDrv_DJ3050A_J611.dll
2012-04-04 21:04 - 2012-04-03 15:16 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-03-20 15:43 - 2012-03-20 15:43 - 00477816 _____ () C:\Program Files (x86)\Sony\Keyboard Shortcuts\KeyboardShortcuts.exe
2013-02-22 17:30 - 2013-02-22 14:02 - 00427432 _____ () C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe
2013-02-22 17:30 - 2013-02-22 14:02 - 00528296 _____ () C:\Program Files\Sony\VAIO Care\esrv\intel_modeler.dll
2013-02-22 17:30 - 2013-02-22 14:02 - 00171432 _____ () C:\Program Files\Sony\VAIO Care\esrv\sony_acpi_battery_input.dll
2013-02-22 17:30 - 2013-02-22 14:02 - 00144296 _____ () C:\Program Files\Sony\VAIO Care\esrv\sony_sema_thermal_input.dll
2013-02-22 17:30 - 2013-02-22 14:02 - 00146344 _____ () C:\Program Files\Sony\VAIO Care\esrv\sony_wifi_input.dll
2011-11-30 20:49 - 2011-11-30 20:49 - 00276992 _____ () C:\Program Files\Sony\VAIO Care\READ\RecoveryPartitionManagerREAD.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-11-23 10:53 - 2012-11-23 10:53 - 00329592 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\apistrings.dll
2012-11-23 10:56 - 2012-11-23 10:56 - 00159608 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\modlop.dll
2012-11-23 10:54 - 2012-11-23 10:54 - 00100728 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\httpserverattplugin.dll
2012-11-23 10:46 - 2012-11-23 10:46 - 02029600 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\crmimodule.dll
2012-11-23 10:58 - 2012-11-23 10:58 - 00208760 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\patchautodownload.dll
2009-07-13 16:03 - 2009-07-13 20:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2012-12-07 11:02 - 2012-12-07 11:02 - 00183160 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\scanmngsys.dll
2012-11-23 10:58 - 2012-11-23 10:58 - 00049528 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\schedcompactdb.dll
2012-11-23 10:58 - 2012-11-23 10:58 - 00054648 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\schedupdates.dll
2012-02-20 23:26 - 2012-02-20 23:26 - 00160768 _____ () C:\Program Files (x86)\VIPRE\unrar.dll
2013-06-13 20:06 - 2013-06-13 20:06 - 00904704 _____ () C:\Program Files (x86)\Examsoft\Softest 11.0\System.Data.SQLite.dll
2012-04-26 06:57 - 2012-04-06 16:37 - 00021128 _____ () C:\Program Files (x86)\Sony\VAIO Control Center\VESBasePS.dll
2014-02-09 17:16 - 2015-06-26 03:13 - 00184184 _____ () C:\Program Files (x86)\VIPRE\Definitions\libBase64.dll
2014-02-09 17:16 - 2015-06-26 03:13 - 00175992 _____ () C:\Program Files (x86)\VIPRE\Definitions\libMachoUniv.dll
2012-03-20 15:43 - 2012-03-20 15:43 - 00160376 _____ () C:\Program Files (x86)\Sony\Keyboard Shortcuts\MessageHook.dll
2012-03-20 15:43 - 2012-03-20 15:43 - 00026744 _____ () C:\Program Files (x86)\Sony\Keyboard Shortcuts\Utility.dll
2014-03-24 13:19 - 2014-03-24 13:19 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\00a0b4a9df6e4abf30ae2af3624a77ce\IsdiInterop.ni.dll
2012-04-26 05:40 - 2012-02-01 18:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-07-02 23:06 - 2013-07-02 23:06 - 00039936 _____ () C:\Program Files (x86)\DDNi\Oasis2Service\OasisCloudModel.dll
2013-07-02 23:06 - 2013-07-02 23:06 - 00011264 _____ () C:\Program Files (x86)\DDNi\Oasis2Service\OasisCloudClient.dll
2012-04-26 05:50 - 2012-03-23 03:47 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-07-12 11:09 - 2013-07-03 01:08 - 00061864 _____ () C:\Program Files (x86)\DDNi\Oasis\OasisCloudModel.dll
2013-07-12 11:09 - 2013-07-03 01:08 - 00018856 _____ () C:\Program Files (x86)\DDNi\Oasis\OasisCloudClient.dll
2015-07-30 22:23 - 2015-07-25 03:46 - 01405768 _____ () C:\Users\Elizabeth\AppData\Local\Google\Chrome\Application\44.0.2403.125\libglesv2.dll
2015-07-30 22:23 - 2015-07-25 03:46 - 00081224 _____ () C:\Users\Elizabeth\AppData\Local\Google\Chrome\Application\44.0.2403.125\libegl.dll
2015-07-30 22:23 - 2015-07-25 03:46 - 16308040 _____ () C:\Users\Elizabeth\AppData\Local\Google\Chrome\Application\44.0.2403.125\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBPIMSvc => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2041430264-2399561070-413413978-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Elizabeth\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{75020D15-FAF7-4E7A-824D-4A212C5BFF85}] => (Block) C:\Program Files (x86)\Sony\VAIO Creations\VAIO Movie Story\VMStory.exe
FirewallRules: [{0225F8B5-34A1-48BD-8B66-37B811D2890B}] => (Block) C:\Program Files (x86)\Sony\VAIO Creations\VAIO Movie Story\VMStory.exe
FirewallRules: [{F595C2A1-12EA-4DBC-BF52-C20B6232E024}] => (Block) C:\Program Files (x86)\Sony\VAIO Creations\VAIO Movie Story\VMStory.exe
FirewallRules: [{D46E7367-B8FB-490B-9639-2B34E3E35B85}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [{0C084B53-E5BE-4982-8005-07A3ACB3507F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{AADE3618-0C91-4353-8111-09AABC5CA2C2}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{6EE054F9-8495-46A0-8D3C-AAC25CAE889A}] => (Allow) LPort=2869
FirewallRules: [{CEA14F9A-A741-4FE1-8201-E704DCB2847F}] => (Allow) LPort=1900
FirewallRules: [{6FB4BE06-C716-4BBE-B8F1-723536A73BF7}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{EA42EF0A-199D-4C08-8396-C4F9CE0CE16A}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{9D85719A-85C0-4891-90E4-91FBD9CB8FDC}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{E3715782-7E27-46E6-99FD-CA7E91141648}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{C7E2DD44-065F-41C5-94FD-2140E91CD06B}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{AC1B590F-8CDD-4EB8-AF7C-2720788440D9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2FD07A5B-ACE4-48B0-ACC7-DDA159672A67}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4AC6E8E4-15E5-4331-AE9B-EB96AFFE694D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C0D56825-70BD-4D67-93CA-4A638C8FD0BE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{10D3C16C-20AD-4636-A2B5-76F1C37D33EC}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
FirewallRules: [{B4085BD3-5D62-47B6-9DC2-C14A4DC3F10D}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
FirewallRules: [{C06C0BE4-79CB-4B4E-B655-06E5B97C2F31}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe
FirewallRules: [{61160157-6906-4694-9AB7-F6F4E272CA7E}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe
FirewallRules: [{6141CD4F-A6FC-44EC-B074-87381F5353AD}] => (Allow) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\DeviceSetup.exe
FirewallRules: [{3224AC18-1522-4DE9-9BF1-72EE7332C9CE}] => (Allow) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [TCP Query User{0C5FB283-F172-44CD-B65F-C059D3DA149C}C:\users\elizabeth\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\elizabeth\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{6677E74E-8DE3-407B-915B-DF4E99C01610}C:\users\elizabeth\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\elizabeth\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [{2089ED48-2CC9-4472-9075-FC590C38CEB7}] => (Allow) C:\Users\Elizabeth\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{802CA57A-7CDF-4272-9EC8-01E7FAB3A32D}] => (Allow) C:\Users\Elizabeth\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{70ACB0B3-A7D5-4A1A-AAA1-AD983B70F684}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\TriDef 3D\TriDef\TriDefMediaPlayer\TriDefMediaPlayer.exe] => Enabled:TriDef 3D Media Player

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (08/03/2015 09:06:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8283

Error: (08/03/2015 09:06:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8283

Error: (08/03/2015 09:06:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/03/2015 09:06:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7285

Error: (08/03/2015 09:06:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7285

Error: (08/03/2015 09:06:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/03/2015 09:06:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6287

Error: (08/03/2015 09:06:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6287

Error: (08/03/2015 09:06:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/03/2015 09:06:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5288

System errors:
=============
Error: (08/05/2015 08:32:33 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (08/05/2015 02:38:15 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (08/04/2015 09:32:31 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (08/04/2015 09:29:22 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (08/03/2015 07:32:29 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (07/31/2015 07:11:33 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The VAIO Care Performance Service service hung on starting.

Error: (07/31/2015 07:07:43 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (07/30/2015 10:57:37 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll

Error: (07/30/2015 10:57:37 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll

Error: (07/30/2015 10:57:37 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll

Microsoft Office:
=========================
Error: (08/03/2015 09:06:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8283

Error: (08/03/2015 09:06:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8283

Error: (08/03/2015 09:06:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/03/2015 09:06:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7285

Error: (08/03/2015 09:06:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7285

Error: (08/03/2015 09:06:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/03/2015 09:06:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6287

Error: (08/03/2015 09:06:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6287

Error: (08/03/2015 09:06:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/03/2015 09:06:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5288

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 33%
Total physical RAM: 6043.28 MB
Available physical RAM: 4021.54 MB
Total Virtual: 12084.73 MB
Available Virtual: 8666.96 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:503.4 GB) (Free:305.06 GB) NTFS
Drive f: (Pictures) (Fixed) (Total:73.24 GB) (Free:54.67 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: 8412C5D5)

Partition: GPT Partition Type.

==================== End of log ============================

Java13 · Aug 5, 2015

Looks like theres a lot of errors....

Broni · Aug 5, 2015

Every computer has some errors listed.
You look at Event Viewer only when you're having some particular issue. If not, leave it alone.

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Java13 · Aug 5, 2015

It went SUPER quick, like less than 1 second

Fix result of Farbar Recovery Scan Tool (x64) Version:02-08-2015 01
Ran by Elizabeth (2015-08-05 21:07:17) Run:1
Running from C:\Users\Elizabeth\Downloads
Loaded Profiles: Elizabeth (Available Profiles: Elizabeth)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2041430264-2399561070-413413978-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-2041430264-2399561070-413413978-1000 -> Backup.Old.DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
SearchScopes: HKU\S-1-5-21-2041430264-2399561070-413413978-1000 -> {5D60AD9C-0AA9-5572-367C-60A381D2B97C} URL =
2013-02-10 16:39 - 2013-02-11 00:48 - 0005632 _____ () C:\Users\Elizabeth\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-07-20 20:05 - 2015-07-20 20:05 - 0007599 _____ () C:\Users\Elizabeth\AppData\Local\Resmon.ResmonCfg
2012-08-01 11:20 - 2012-08-01 11:20 - 0000057 _____ () C:\ProgramData\Ament.ini
CustomCLSID: HKU\S-1-5-21-2041430264-2399561070-413413978-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Elizabeth\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2041430264-2399561070-413413978-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Elizabeth\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2041430264-2399561070-413413978-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Elizabeth\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2041430264-2399561070-413413978-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Elizabeth\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2041430264-2399561070-413413978-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Elizabeth\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2041430264-2399561070-413413978-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Elizabeth\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2041430264-2399561070-413413978-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Elizabeth\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

*****************

"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-2041430264-2399561070-413413978-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\S-1-5-21-2041430264-2399561070-413413978-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\Backup.Old.DefaultScope => value removed successfully
"HKU\S-1-5-21-2041430264-2399561070-413413978-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5D60AD9C-0AA9-5572-367C-60A381D2B97C}" => key removed successfully
HKCR\CLSID\{5D60AD9C-0AA9-5572-367C-60A381D2B97C} => key not found.
C:\Users\Elizabeth\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully.
C:\Users\Elizabeth\AppData\Local\Resmon.ResmonCfg => moved successfully.
C:\ProgramData\Ament.ini => moved successfully.
"HKU\S-1-5-21-2041430264-2399561070-413413978-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => key removed successfully
"HKU\S-1-5-21-2041430264-2399561070-413413978-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}" => key removed successfully
"HKU\S-1-5-21-2041430264-2399561070-413413978-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => key removed successfully
"HKU\S-1-5-21-2041430264-2399561070-413413978-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => key removed successfully
"HKU\S-1-5-21-2041430264-2399561070-413413978-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}" => key removed successfully
"HKU\S-1-5-21-2041430264-2399561070-413413978-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => key removed successfully
"HKU\S-1-5-21-2041430264-2399561070-413413978-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => key removed successfully

==== End of Fixlog 21:07:17 ====

Broni · Aug 5, 2015

Last scans...

Download Security Check from here or here and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:

Internet Services
Windows Firewall
System Restore
Security Center
Windows Update
Windows Defender
Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

Download Sophos Free Virus Removal Tool and save it to your desktop.

Double click the icon and select Run
Click Next
Select I accept the terms in this license agreement, then click Next twice
Click Install
Click Finish to launch the program
Once the virus database has been updated click Start Scanning
If any threats are found click Details, then View log file... (bottom left hand corner)
Copy and paste the results in your reply
Close the Notepad document, close the Threat Details screen, then click Start cleanup
Click Exit to close the program

Java13 · Aug 6, 2015

If my antivirus software is still disabled, should I re-enable it before running these?

Solved Virus/Malware Removal

Posts: 18 +0

Posts: 18 +0

Posts: 56,041 +516

Posts: 18 +0

Posts: 56,041 +516

Posts: 18 +0

Posts: 56,041 +516

Posts: 18 +0

Posts: 18 +0

Posts: 18 +0

Posts: 56,041 +516

Posts: 18 +0

Posts: 56,041 +516

Posts: 56,041 +516

Posts: 18 +0

Posts: 56,041 +516

Posts: 18 +0

Posts: 56,041 +516

Posts: 18 +0

Posts: 18 +0

Posts: 18 +0

Posts: 56,041 +516

Attachments

Posts: 18 +0

Posts: 56,041 +516

Posts: 18 +0

Similar threads