TechSpot

Virus/Malware Removal

By Java13
Jul 20, 2015
  1. Hello! Lately my computer has been running terribly slow. I thought it was just bad internet but it's also running extremely slow when I'm clicking the start menu or the file manager or things like that. It would not take me to the task manager on ctr alt delete, so I perused some threads on this site, and after checking the path and system root, I've determined there must be a virus. I have run my anti virus software (VIPRE, up to date) multiple times and the problem is still not fixed.

    Heres the logs that were generated. They are quite long so of course I'm worried it must be something really bad.

    I noticed that I have not updated windows (in Lord knows how long) and so I'm thinking I'll start with that. I only just noticed it when I was running this scan so I figured I'd wait and see if anyone could help explain to me what all this means and what I can do to fix it.

    Any help would be so greatly appreciated!



    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-07-2015
    Ran by Elizabeth (administrator) on ELIZABETH-VAIO on 20-07-2015 21:15:32
    Running from C:\Users\Elizabeth\Downloads
    Loaded Profiles: Elizabeth (Available Profiles: Elizabeth)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
    (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
    (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Boot Manager\ActiveDelayDeviceService.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
    (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
    (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    (GFI Software Development Ltd.) C:\Program Files (x86)\GFI\LanGuard 11 Agent\lnssatt.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
    () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
    (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
    (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    (ThreatTrack Security, Inc.) C:\Program Files (x86)\VIPRE\SBPIMSvc.exe
    (Hewlett-Packard) C:\Program Files (x86)\ExamSoft\SofTest 11.0\Examsoft.ShieldRunner.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Examsoft Worldwide Inc.) C:\Program Files (x86)\ExamSoft\SofTest 11.0\Examsoft.SoftShield.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe
    (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
    (Western Digital) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
    (Western Digital ) C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
    (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
    (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Western Digital ) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Google Inc.) C:\Users\Elizabeth\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
    (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIGBA.EXE
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\pnamain.exe
    (Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    (Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
    (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
    (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Ask) C:\Program Files (x86)\Ask.com\Updater\Updater.exe
    (ThreatTrack Security, Inc.) C:\Program Files (x86)\VIPRE\SBAMTray.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
    (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
    (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
    (ThreatTrack Security, Inc.) C:\Program Files (x86)\VIPRE\SBAMSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
    () C:\Program Files\Sony\VAIO Care\esrv\esrv.exe
    (Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
    (Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
    (Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
    () C:\Program Files (x86)\Sony\Keyboard Shortcuts\KeyboardShortcuts.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
    (Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
    () C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Digital Delivery Networks, Inc.) C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
    (Sony of America Corporation) C:\Program Files\Sony\VAIO Care\listener.exe
    (Digital Delivery Networks, Inc.) C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
    (Google Inc.) C:\Users\Elizabeth\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Elizabeth\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Elizabeth\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Elizabeth\AppData\Local\Google\Chrome\Application\chrome.exe
    (ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-I Visual Effects 2\uCamMonitor.exe
    (Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
    (Sony Corporation) C:\Program Files\Sony\VAIO Improvement\vim.exe
    (Sony Corporation) C:\Program Files\Sony\VAIO Improvement\vim.exe
    (Sony Corporation) C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
    (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
    (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAdmin.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfica32.exe
    (Microsoft Corporation) C:\Windows\splwow64.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    (Google Inc.) C:\Users\Elizabeth\AppData\Local\Google\Chrome\Application\chrome.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-02-20] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-02-20] (Realtek Semiconductor)
    HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2884880 2012-03-19] (Synaptics Incorporated)
    HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
    HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [506712 2011-02-03] (Dolby Laboratories Inc.)
    HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-09] (Intel Corporation)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [60552 2011-09-20] (Sony Corporation)
    HKLM-x32\...\Run: [PMBVolumeWatcher] => c:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [693608 2012-02-21] (Sony Corporation)
    HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5235608 2012-04-30] (Western Digital Technologies, Inc.)
    HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
    HKLM-x32\...\Run: [ROC_ROC_JULY_P1] => "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
    HKLM-x32\...\Run: [ApnUpdater] => C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1561768 2012-05-04] (Ask)
    HKLM-x32\...\Run: [SBAMTray] => C:\Program Files (x86)\VIPRE\SBAMTray.exe [3216272 2013-09-05] (ThreatTrack Security, Inc.)
    HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [380088 2012-07-27] (Citrix Systems, Inc.)
    HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [976320 2009-12-03] (SEIKO EPSON CORPORATION)
    HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [847872 2009-12-03] (SEIKO EPSON CORPORATION)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-2041430264-2399561070-413413978-1000\...\Run: [Google Update] => C:\Users\Elizabeth\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-06-18] (Google Inc.)
    HKU\S-1-5-21-2041430264-2399561070-413413978-1000\...\Run: [MusicManager] => C:\Users\Elizabeth\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7646208 2015-05-29] (Google Inc.)
    HKU\S-1-5-21-2041430264-2399561070-413413978-1000\...\Run: [GoogleChromeAutoLaunch_BC42A7D22EA4C9EEEC843EF2870E3FB5] => C:\Users\Elizabeth\AppData\Local\Google\Chrome\Application\chrome.exe [813896 2015-07-13] (Google Inc.)
    HKU\S-1-5-21-2041430264-2399561070-413413978-1000\...\Run: [EPSON WorkForce 630 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGBA.EXE [224768 2010-01-12] (SEIKO EPSON CORPORATION)
    HKU\S-1-5-21-2041430264-2399561070-413413978-1000\...\Run: [WorkForce 630(Network)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGBA.EXE [224768 2010-01-12] (SEIKO EPSON CORPORATION)
    AppInit_DLLs-x32: C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll => C:\Program Files (x86)\Citrix\ICA Client\RSHook.dll [257208 2012-07-27] (Citrix Systems, Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Receiver.lnk [2014-06-29]
    ShortcutTarget: Receiver.lnk -> C:\Windows\Installer\{961882FF-663F-47D2-8588-C9943C5E6A26}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe ()
    Startup: C:\Users\Elizabeth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2013-01-14]
    ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\S-1-5-21-2041430264-2399561070-413413978-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sony.msn.com
    HKU\S-1-5-21-2041430264-2399561070-413413978-1000\Software\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://sony.msn.com
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.funmoods.com/results.p...BtCtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1076241928
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.funmoods.com/results.p...BtCtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1076241928
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.funmoods.com/results.p...BtCtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1076241928
    SearchScopes: HKLM-x32 -> Backup.Old.DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.funmoods.com/results.p...BtCtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1076241928
    SearchScopes: HKLM-x32 -> {5D60AD9C-0AA9-5572-367C-60A381D2B97C} URL = http://www.bing.com/search?q={searchTerms}&form=SNYVDF&pc=MASA&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-2041430264-2399561070-413413978-1000 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://isearch.avg.com/search?cid=...51e9f1f5e&lang=en&ds=ft011&pr=sa&d=2012-08-03 15:16:53&v=12.2.5.32&sap=dsp&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2041430264-2399561070-413413978-1000 -> Backup.Old.DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    SearchScopes: HKU\S-1-5-21-2041430264-2399561070-413413978-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.funmoods.com/results.p...BtCtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1076241928
    SearchScopes: HKU\S-1-5-21-2041430264-2399561070-413413978-1000 -> {5D60AD9C-0AA9-5572-367C-60A381D2B97C} URL =
    SearchScopes: HKU\S-1-5-21-2041430264-2399561070-413413978-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://isearch.avg.com/search?cid=...51e9f1f5e&lang=en&ds=ft011&pr=sa&d=2012-08-03 15:16:53&v=12.2.5.32&sap=dsp&q={searchTerms}
    BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-07-04] (Oracle Corporation)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-07-04] (Oracle Corporation)
    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
    BHO-x32: Funmoods Helper Object -> {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} -> C:\PROGRA~2\Funmoods\1.5.23.22\bh\escort.dll No File
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2015-07-04] (Oracle Corporation)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
    BHO-x32: VIPRE Search Guard Helper -> {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} -> C:\Program Files (x86)\VIPRE\VSGN.dll [2013-09-05] ()
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-09-15] (Microsoft Corporation.)
    BHO-x32: Tracker Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2012-05-04] (Ask)
    BHO-x32: WeCareReminder Class -> {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} -> C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll [2012-07-11] (We-Care.com)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2015-07-04] (Oracle Corporation)
    Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-09-15] (Microsoft Corporation.)
    Toolbar: HKLM-x32 - Funmoods Toolbar - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\PROGRA~2\Funmoods\1.5.23.22\escorTlbr.dll No File
    Toolbar: HKLM-x32 - Tracker Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2012-05-04] (Ask)
    Toolbar: HKLM-x32 - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - C:\Program Files (x86)\VIPRE\VSGN.dll [2013-09-05] ()
    Toolbar: HKU\S-1-5-21-2041430264-2399561070-413413978-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
    Handler-x32: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files (x86)\VIPRE\VSGN.dll [2013-09-05] ()
    Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
    Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
    Tcpip\..\Interfaces\{154B617A-3C70-4FE0-B386-C354D40ED8F5}: [DhcpNameServer] 192.168.1.254

    FireFox:
    ========
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-14] ()
    FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.)
    FF Plugin: @java.com/DTPlugin,version=10.80.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-07-04] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.80.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-07-04] (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-14] ()
    FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2012-07-27] (Citrix Systems, Inc.)
    FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-03-23] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-03-23] (Intel Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=10.80.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-07-04] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.80.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2015-07-04] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
    FF Plugin-x32: @playstation.com/PsndlCheck,version=1.00 -> C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll [2011-08-03] (Sony Computer Entertainment Inc.)
    FF Plugin-x32: @sony.com/ReaderDesktop -> C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll [2011-10-07] (Sony Corporation)
    FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files (x86)\Sony\Media Go\npmediago.dll [2011-08-02] (Sony Network Entertainment International LLC)
    FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-04-14] (VideoLAN)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-04-29] (Adobe Systems Inc.)
    FF Plugin HKU\.DEFAULT: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.)
    FF Plugin HKU\S-1-5-21-2041430264-2399561070-413413978-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.)
    FF Plugin HKU\S-1-5-21-2041430264-2399561070-413413978-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Elizabeth\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
    FF Plugin HKU\S-1-5-21-2041430264-2399561070-413413978-1000: @talk.google.com/O1DPlugin -> C:\Users\Elizabeth\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
    FF Plugin HKU\S-1-5-21-2041430264-2399561070-413413978-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Elizabeth\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-20] (Google Inc.)
    FF Plugin HKU\S-1-5-21-2041430264-2399561070-413413978-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Elizabeth\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-20] (Google Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Users\Elizabeth\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
    FF Plugin ProgramFiles/Appdata: C:\Users\Elizabeth\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)

    Chrome:
    =======
    CHR Profile: C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Funmoods) - C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh [2014-04-25]
    CHR Extension: (AdBlock) - C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-02-02]
    CHR Extension: (We-Care Reminder) - C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm [2014-04-25]
    CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-27]
    CHR Extension: (Google Wallet) - C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-01]
    CHR HKLM\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\ELIZAB~1\AppData\Local\funmoods.crx [2012-07-30]
    CHR HKLM\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\ELIZAB~1\AppData\Local\funmoods-speeddial.crx [2012-07-30]
    CHR HKU\S-1-5-21-2041430264-2399561070-413413978-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\ELIZAB~1\AppData\Local\funmoods.crx [2012-07-30]
    CHR HKU\S-1-5-21-2041430264-2399561070-413413978-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\ELIZAB~1\AppData\Local\funmoods-speeddial.crx [2012-07-30]
    CHR HKLM-x32\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\ELIZAB~1\AppData\Local\funmoods.crx [2012-07-30]
    CHR HKLM-x32\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\ELIZAB~1\AppData\Local\funmoods-speeddial.crx [2012-07-30]
    CHR HKLM-x32\...\Chrome\Extension: [ippkomaaonokjnfjoikaemidanojkfmm] - C:\ProgramData\WeCareReminder\\wecarereminderro.crx [2012-07-11]
    StartMenuInternet: Google Chrome - C:\Users\Elizabeth\AppData\Local\Google\Chrome\Application\chrome.exe

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
    R2 ActiveDelayDeviceService; C:\Program Files (x86)\Sony\VAIO Boot Manager\ActiveDelayDeviceService.exe [78472 2011-09-20] (Sony Corporation)
    R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
    R2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe [427432 2013-02-22] ()
    R2 gfi_lanss11_attservice; C:\Program Files (x86)\GFI\LanGuard 11 Agent\lnssatt.exe [133496 2012-11-23] (GFI Software Development Ltd.)
    R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [127320 2012-03-23] ()
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [162648 2012-03-23] (Intel Corporation)
    S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()
    R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2012-07-31] (Hewlett-Packard) [File not signed]
    R2 Oasis2Service; C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [61440 2013-07-02] (Digital Delivery Networks, Inc.) [File not signed]
    R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
    R2 PMBDeviceInfoProvider; c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [473960 2012-02-21] (Sony Corporation)
    R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2012-07-31] (Hewlett-Packard) [File not signed]
    U2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [258048 2013-03-04] (Sony Corporation) [File not signed]
    R2 SBAMSvc; C:\Program Files (x86)\VIPRE\SBAMSvc.exe [3937472 2013-09-05] (ThreatTrack Security, Inc.)
    R2 SBPIMSvc; C:\Program Files (x86)\VIPRE\SBPIMSvc.exe [176016 2013-09-05] (ThreatTrack Security, Inc.)
    R2 SoftshieldService; C:\Program Files (x86)\Examsoft\Softest 11.0\Examsoft.ShieldRunner.exe [67392 2014-06-23] (Hewlett-Packard)
    S3 Sony SCSI Helper Service; C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe [73728 2011-09-23] (Sony Corporation) [File not signed]
    R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-I Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.)
    S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe [427432 2013-02-22] ()
    S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [960160 2011-12-29] (Sony Corporation)
    R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1150368 2012-04-24] (Western Digital )
    R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [247704 2012-04-11] (Western Digital)
    R2 WDRulesService; C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [1177496 2012-04-11] (Western Digital )
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
    R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
    S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
    S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security)
    S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
    R2 sbapifs; C:\Windows\System32\DRIVERS\sbapifs.sys [88928 2013-06-18] (ThreatTrack Security, Inc.)
    R3 semav6thermal64ro; C:\Windows\system32\drivers\semav6thermal64ro.sys [13792 2012-11-06] ()

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-07-20 21:15 - 2015-07-20 21:17 - 00034369 _____ C:\Users\Elizabeth\Downloads\FRST.txt
    2015-07-20 21:15 - 2015-07-20 21:16 - 00000000 ____D C:\FRST
    2015-07-20 21:14 - 2015-07-20 21:15 - 02135552 _____ (Farbar) C:\Users\Elizabeth\Downloads\FRST64.exe
    2015-07-20 21:12 - 2015-07-20 21:13 - 00001640 _____ C:\Users\Elizabeth\Downloads\launch (1).ica
    2015-07-20 20:05 - 2015-07-20 20:05 - 00007599 _____ C:\Users\Elizabeth\AppData\Local\Resmon.ResmonCfg
    2015-07-20 18:08 - 2015-07-20 18:08 - 00000000 ____D C:\Program Files\Common Files\AV
    2015-07-04 11:36 - 2015-07-04 11:36 - 00001845 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
    2015-07-04 11:36 - 2015-07-04 11:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
    2015-07-04 11:34 - 2015-07-04 11:34 - 00320424 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
    2015-07-04 11:34 - 2015-07-04 11:34 - 00189864 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
    2015-07-04 11:34 - 2015-07-04 11:34 - 00189864 _____ (Oracle Corporation) C:\Windows\system32\java.exe
    2015-07-04 11:34 - 2015-07-04 11:34 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
    2015-07-04 11:33 - 2015-07-04 11:32 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2015-07-04 11:33 - 2015-07-04 11:32 - 00176040 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2015-07-04 11:33 - 2015-07-04 11:32 - 00176040 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2015-07-04 11:33 - 2015-07-04 11:32 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2015-07-04 11:29 - 2015-07-20 18:32 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
    2015-06-23 16:33 - 2015-06-23 16:33 - 00001166 _____ C:\Users\Public\Desktop\WorkForce 630 User's Guide.lnk
    2015-06-23 16:15 - 2015-06-23 16:15 - 00000930 _____ C:\Users\Public\Desktop\EPSON Scan.lnk
    2015-06-23 13:21 - 2015-07-13 23:28 - 00000000 ____D C:\Users\Elizabeth\Documents\M4
    2015-06-23 12:04 - 2015-06-23 12:04 - 00000000 ____D C:\Users\Public\Desktop\USMLE FredV2 Step2 Practice CBT
    2015-06-23 12:04 - 2015-06-23 12:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\USMLE FredV2 Step2 Practice CBT
    2015-06-23 12:02 - 2015-06-23 12:02 - 33143708 _____ C:\Users\Elizabeth\Downloads\Step2Download.zip

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-07-20 21:17 - 2012-05-10 13:06 - 01180669 _____ C:\Windows\WindowsUpdate.log
    2015-07-20 21:13 - 2009-07-14 00:13 - 00786622 _____ C:\Windows\system32\PerfStringBackup.INI
    2015-07-20 21:06 - 2010-11-20 22:47 - 00380764 _____ C:\Windows\PFRO.log
    2015-07-20 21:06 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2015-07-20 21:06 - 2009-07-13 23:51 - 00194842 _____ C:\Windows\setupact.log
    2015-07-20 20:34 - 2009-07-13 23:45 - 00020928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-07-20 20:34 - 2009-07-13 23:45 - 00020928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-07-20 20:20 - 2012-04-26 07:06 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-07-20 18:31 - 2013-03-08 20:35 - 00000000 ____D C:\Program Files\Common Files\Apple
    2015-07-20 18:26 - 2012-06-18 13:45 - 00000872 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2041430264-2399561070-413413978-1000Core.job
    2015-07-20 18:21 - 2012-06-18 13:45 - 00003902 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2041430264-2399561070-413413978-1000UA
    2015-07-20 18:21 - 2012-06-18 13:45 - 00003506 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2041430264-2399561070-413413978-1000Core
    2015-07-20 18:21 - 2012-06-18 13:45 - 00000924 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2041430264-2399561070-413413978-1000UA.job
    2015-07-14 19:20 - 2012-04-26 07:06 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-07-14 19:20 - 2012-04-26 07:06 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-07-14 19:20 - 2012-04-26 07:06 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-07-14 18:44 - 2013-06-20 10:16 - 00002390 _____ C:\Users\Elizabeth\Desktop\Google Chrome.lnk
    2015-07-12 16:34 - 2013-12-28 22:46 - 00000000 ____D C:\Users\Elizabeth\Documents\Wedding
    2015-07-09 11:49 - 2014-01-28 23:30 - 00000000 ____D C:\temp
    2015-07-06 14:20 - 2012-09-13 09:51 - 00000000 ____D C:\Users\Elizabeth\AppData\Roaming\Skype
    2015-07-04 13:40 - 2014-02-05 10:53 - 00000000 ____D C:\Users\Elizabeth\AppData\Roaming\VIPRE
    2015-07-04 11:37 - 2012-10-16 14:12 - 00000000 ____D C:\Windows\Patches
    2015-07-04 11:36 - 2012-11-17 12:49 - 00000000 ____D C:\Program Files (x86)\QuickTime
    2015-07-04 11:29 - 2014-04-07 09:30 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2015-07-04 11:24 - 2012-04-26 07:07 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
    2015-07-04 11:07 - 2013-03-22 22:18 - 00000000 ____D C:\Users\Elizabeth\AppData\Local\CrashDumps
    2015-06-23 16:22 - 2014-06-29 18:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
    2015-06-23 12:04 - 2014-06-02 15:13 - 00000000 ____D C:\Program Files (x86)\USMLE
    2015-06-23 12:04 - 2012-04-26 05:40 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

    ==================== Files in the root of some directories =======

    2013-02-10 16:39 - 2013-02-11 00:48 - 0005632 _____ () C:\Users\Elizabeth\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2012-07-30 19:58 - 2012-07-30 19:58 - 0384844 _____ () C:\Users\Elizabeth\AppData\Local\funmoods-speeddial.crx
    2012-07-30 19:58 - 2012-07-30 19:58 - 0031465 _____ () C:\Users\Elizabeth\AppData\Local\funmoods.crx
    2015-07-20 20:05 - 2015-07-20 20:05 - 0007599 _____ () C:\Users\Elizabeth\AppData\Local\Resmon.ResmonCfg
    2012-08-01 11:20 - 2012-08-01 11:20 - 0000057 _____ () C:\ProgramData\Ament.ini
    2012-07-12 09:29 - 2012-07-12 09:29 - 4534272 _____ () C:\ProgramData\ReadOnlyInstaller.msi
    2012-07-30 19:59 - 2012-07-30 19:59 - 0033958 _____ () C:\ProgramData\uninstaller.exe

    Files to move or delete:
    ====================
    C:\ProgramData\uninstaller.exe


    Some files in TEMP:
    ====================
    C:\Users\Elizabeth\AppData\Local\Temp\20120729103127337jniverify.dll
    C:\Users\Elizabeth\AppData\Local\Temp\AskSLib.dll
    C:\Users\Elizabeth\AppData\Local\Temp\avguidx.dll
    C:\Users\Elizabeth\AppData\Local\Temp\COMAP.EXE
    C:\Users\Elizabeth\AppData\Local\Temp\CommonInstaller.exe
    C:\Users\Elizabeth\AppData\Local\Temp\GLF524.EXE
    C:\Users\Elizabeth\AppData\Local\Temp\GLF5C5.EXE
    C:\Users\Elizabeth\AppData\Local\Temp\GLF84B0.EXE
    C:\Users\Elizabeth\AppData\Local\Temp\GLF8EDE.EXE
    C:\Users\Elizabeth\AppData\Local\Temp\GLF920C.EXE
    C:\Users\Elizabeth\AppData\Local\Temp\GLF9393.EXE
    C:\Users\Elizabeth\AppData\Local\Temp\GLF9B3C.EXE
    C:\Users\Elizabeth\AppData\Local\Temp\GLF9F04.EXE
    C:\Users\Elizabeth\AppData\Local\Temp\GLFB908.EXE
    C:\Users\Elizabeth\AppData\Local\Temp\GLFBD5D.EXE
    C:\Users\Elizabeth\AppData\Local\Temp\GLFC0AB.EXE
    C:\Users\Elizabeth\AppData\Local\Temp\GLFC879.EXE
    C:\Users\Elizabeth\AppData\Local\Temp\GLFE10.EXE
    C:\Users\Elizabeth\AppData\Local\Temp\GLFFC9B.EXE
    C:\Users\Elizabeth\AppData\Local\Temp\MachineIdCreator.exe
    C:\Users\Elizabeth\AppData\Local\Temp\oi_{D6FC9ABD-17CF-4145-80AE-2EECCC406C8B}.exe
    C:\Users\Elizabeth\AppData\Local\Temp\ose00000.exe
    C:\Users\Elizabeth\AppData\Local\Temp\ose00001.exe
    C:\Users\Elizabeth\AppData\Local\Temp\pslist.exe
    C:\Users\Elizabeth\AppData\Local\Temp\SkypeSetup.exe
    C:\Users\Elizabeth\AppData\Local\Temp\Soft32_Stub_5741(7).exe
    C:\Users\Elizabeth\AppData\Local\Temp\Soft32_Stub_5741(74).exe
    C:\Users\Elizabeth\AppData\Local\Temp\Soft32_Stub_5741.exe
    C:\Users\Elizabeth\AppData\Local\Temp\ToolbarInstaller.exe
    C:\Users\Elizabeth\AppData\Local\Temp\UNINSTALL.exe
    C:\Users\Elizabeth\AppData\Local\Temp\VCPerfService32.exe
    C:\Users\Elizabeth\AppData\Local\Temp\vlc-2.0.6-win32.exe
    C:\Users\Elizabeth\AppData\Local\Temp\_is2B0D.exe
    C:\Users\Elizabeth\AppData\Local\Temp\_isA07B.exe
    C:\Users\Elizabeth\AppData\Local\Temp\_isC1D9.exe
    C:\Users\Elizabeth\AppData\Local\Temp\_isD1E5.exe
    C:\Users\Elizabeth\AppData\Local\Temp\_isFBC3.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-07-14 19:03

    ==================== End of log ============================
     
  2. Java13

    Java13 TS Rookie Topic Starter Posts: 18

    Me again, here is the Additional log


    Additional scan result of Farbar Recovery Scan Tool (x64) Version:20-07-2015
    Ran by Elizabeth at 2015-07-20 21:19:34
    Running from C:\Users\Elizabeth\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-2041430264-2399561070-413413978-500 - Administrator - Disabled)
    Elizabeth (S-1-5-21-2041430264-2399561070-413413978-1000 - Administrator - Enabled) => C:\Users\Elizabeth
    Guest (S-1-5-21-2041430264-2399561070-413413978-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-2041430264-2399561070-413413978-1004 - Limited - Enabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: ThreatTrack Security VIPRE (Enabled - Up to date) {FFE93D16-FD09-0282-C7D3-8B1731B6A051}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: ThreatTrack Security VIPRE (Enabled - Up to date) {4488DCF2-DB33-0D0C-FD63-B0654A31EAEC}
    FW: ThreatTrack Security VIPRE (Enabled) {C7D2BC33-B766-03DA-EC8C-2222CF65E72A}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    64 Bit HP CIO Components Installer (Version: 13.2.1 - Hewlett-Packard) Hidden
    ACID Music Studio 8.0 (x32 Version: 8.0.178 - Sony) Hidden
    Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
    Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
    Adobe Reader X (10.1.14) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.14 - Adobe Systems Incorporated)
    Amazon Kindle (HKU\S-1-5-21-2041430264-2399561070-413413978-1000\...\Amazon Kindle) (Version: - Amazon)
    Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Application Manager for VAIO (HKLM-x32\...\Application Manager for VAIO) (Version: - )
    ArcSoft Magic-I Visual Effects 2 (HKLM-x32\...\{61438020-DDD4-42FA-99A2-50225441980A}) (Version: 2.0.1.161 - ArcSoft)
    ArcSoft WebCam Companion 4 (HKLM-x32\...\{C793AD32-2BB8-4CC4-ABD3-A1469C21593C}) (Version: 4.0.21.485 - ArcSoft)
    Ask Toolbar (HKLM-x32\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.15.2.0 - Ask.com) <==== ATTENTION
    ASPCA Reminder by We-Care.com v4.1.17.1 (HKLM-x32\...\{78FADD33-5D93-4FB8-AC29-1D823C0574B8}) (Version: 4.1.17.1 - We-Care.com)
    Bing Bar (HKLM-x32\...\{A7E8CB11-B09E-46F8-9BAE-B2E01EBF7E51}) (Version: 7.0.831.0 - Microsoft Corporation)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Camtasia Studio 8 (HKLM-x32\...\{DB93E2C2-851F-44B2-B09C-351D2C624AE1}) (Version: 8.0.4.1060 - TechSmith Corporation)
    Cardio Calipers (HKLM-x32\...\Cardio Calipers) (Version: 3.3 - Iconico)
    Cisco AnyConnect VPN Client (HKLM-x32\...\{C1EC4E2D-6F63-4806-B88E-7685B6EC186E}) (Version: 2.5.6005 - Cisco Systems, Inc.)
    Citrix Receiver (Enterprise) (HKLM-x32\...\CitrixOnlinePluginFull) (Version: 13.3.0.55 - Citrix Systems, Inc.)
    CyberLink PowerDVD (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.5009.52 - CyberLink Corp.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.7000.4 - Dolby Laboratories Inc)
    DVD Architect Studio 5.0 (x32 Version: 5.0.157 - Sony) Hidden
    Epson Event Manager (HKLM-x32\...\{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}) (Version: 2.40.0001 - SEIKO EPSON CORPORATION)
    Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.10.00 - SEIKO EPSON CORPORATION)
    Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - )
    EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
    EPSON WorkForce 630 Series Printer Uninstall (HKLM\...\EPSON WorkForce 630 Series) (Version: - SEIKO EPSON Corporation)
    EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
    EpsonNet Setup 3.3 (HKLM-x32\...\{C9D8A041-2963-4B31-8FFC-1500F3DB9293}) (Version: 3.3b - SEIKO EPSON CORPORATION)
    Evernote v. 4.5.2 (HKLM-x32\...\{8CE152BA-1D16-11E1-867D-984BE15F174E}) (Version: 4.5.2.5904 - Evernote Corp.)
    FDUx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
    FredV2Step1 (HKLM-x32\...\{D6BCD6F1-85F1-43AD-A5A8-FC7C070546DD}) (Version: 1.00.0000 - USMLE)
    FredV2Step2 (HKLM-x32\...\{CA59076F-26E1-4605-BE45-2C880A46A383}) (Version: 1.00.0000 - USMLE)
    Google Chrome (HKU\S-1-5-21-2041430264-2399561070-413413978-1000\...\Google Chrome) (Version: 43.0.2357.134 - Google Inc.)
    Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
    HP Deskjet 3050A J611 series Basic Device Software (HKLM\...\{B6A3EAE4-3727-46A4-A659-8576BF7C8C8D}) (Version: 23.0.504.0 - Hewlett-Packard Co.)
    HP Deskjet 3050A J611 series Help (HKLM-x32\...\{97DDCAB8-B770-4089-A10F-67568069D78A}) (Version: 140.0.2.2 - Hewlett Packard)
    HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.13.0.003 - HTC Corporation)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.4.1441 - Intel Corporation)
    Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2712 - Intel Corporation)
    Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (HKLM\...\{2C0E6BD4-65B1-4E82-B2AC-43EFFC8F100C}) (Version: 15.0.0.0083 - Intel Corporation)
    Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{F0932859-AA60-459E-B843-0BDECA34E2C7}) (Version: 2.0.0.0086 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
    Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
    Intel(R) WiDi (HKLM\...\{4E4282C3-F66E-4852-837A-7675527178C2}) (Version: 3.1.26.0 - Intel Corporation)
    Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - )
    Intel® PROSet/Wireless WiFi Software (HKLM\...\{DF7756DD-656A-45C3-BA71-74673E8259A9}) (Version: 15.00.0000.0708 - Intel Corporation)
    Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
    IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
    Java 7 Update 80 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417080FF}) (Version: 7.0.800 - Oracle)
    Java 7 Update 80 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217080FF}) (Version: 7.0.800 - Oracle)
    Jing (HKLM-x32\...\{22800204-9E53-45C7-B6F3-5BB0F1C1A147}) (Version: 2.8.13007.1 - TechSmith Corporation)
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Keyboard_Shortcuts (x32 Version: 1.1.0.12190 - Sony Corporation) Hidden
    KUx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
    Media Gallery (HKLM\...\{0EB7792D-EFA2-42AB-9A22-F33D9458E974}) (Version: 2.1.0.13300 - Sony Corporation)
    Media Go (x32 Version: 2.0.317 - Sony) Hidden
    Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
    Music Manager (HKU\S-1-5-21-2041430264-2399561070-413413978-1000\...\MusicManager) (Version: - Google, Inc.)
    Oasis2Service (HKLM-x32\...\{E50FC5DB-7CBD-407D-A46E-0C13E45BC386}) (Version: 1.0.4 - DDNi)
    Online Plug-in (x32 Version: 13.3.0.55 - Citrix Systems, Inc.) Hidden
    PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.214.2 - Tracker Software Products Ltd)
    PlayMemories Home (x32 Version: 6.1.01.14210 - Sony Corporation) Hidden
    PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
    PlayStation(R)Network Downloader (x32 Version: 2.07.00849 - Sony Computer Entertainment Inc.) Hidden
    PlayStation(R)Store (x32 Version: 4.5.15.13232 - Sony Computer Entertainment Inc.) Hidden
    QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
    Reader for PC (x32 Version: 1.1.02.10070 - Sony Corporation) Hidden
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.53.216.2012 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6570 - Realtek Semiconductor Corp.)
    Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.92 - Realtek Semiconductor Corp.)
    Remote Keyboard (x32 Version: 1.2.0.09270 - Sony Corporation) Hidden
    Remote Play with PlayStation(R)3 (x32 Version: 1.1.0.21090 - Sony Corporation) Hidden
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
    Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
    SofTest v11 (HKLM-x32\...\InstallShield_{943975DA-812E-455E-90B1-8323103656CC}) (Version: 11.5.3 - Examsoft)
    SofTest v11 (x32 Version: 11.5.3 - Examsoft) Hidden
    Sound Forge Audio Studio 10.0 (x32 Version: 10.0.176 - Sony) Hidden
    SSLx64 (Version: 1.0.0 - Sony Corporation ) Hidden
    SSLx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.0.0.5 - Synaptics Incorporated)
    System Requirements Lab for Intel (HKLM-x32\...\{1EBDF6D2-CEA0-484C-A23E-2DDAD7FD0DD0}) (Version: 4.5.22.0 - Husdawg, LLC)
    Tracker Toolbar Updater (HKU\S-1-5-21-2041430264-2399561070-413413978-1000\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.1.23037 - Ask.com) <==== ATTENTION
    TrackID(TM) with BRAVIA (x32 Version: 1.2.0.09270 - Sony Corportaion) Hidden
    TriDef 3D (Sony) 2.0.5 (HKLM-x32\...\experience-sony-bundle) (Version: 2.0.5 - Dynamic Digital Depth Australia Pty Ltd)
    V3DPx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
    VAIO - Microsoft Visual C++ 2010 SP1 Runtime 10.0.40219.325 (HKLM\...\{34EB42BE-F4D3-44C1-B28E-9740115DB72C}) (Version: 1.0.00.01300 - Sony Corporation)
    VAIO - PlayMemories Home Plug-in (HKLM\...\{886C0C18-F905-49B2-90BA-EFC0FEDF27C6}) (Version: 2.0.01.03310 - Sony Corporation)
    VAIO - Remote Keyboard (x32 Version: 1.2.0.09270 - Sony Corporation) Hidden
    VAIO - Remote Keyboard with PlayStation®3 (x32 Version: 1.2.0.09210 - Sony Corporation) Hidden
    VAIO - Remote Play with PlayStation®3 (x32 Version: 1.1.0.21090 - Sony Corporation) Hidden
    VAIO - TrackID™ with BRAVIA (x32 Version: 1.2.0.09270 - Sony Corporation) Hidden
    VAIO 3D Portal (x32 Version: 1.2.0.10131 - Sony Corporation) Hidden
    VAIO Care (HKLM\...\{471F7C0A-CA3A-4F4C-8346-DE36AD5E23D1}) (Version: 7.3.0.14170 - Sony Corporation)
    VAIO Control Center (x32 Version: 5.2.2.16060 - Sony Corporation) Hidden
    VAIO CPU Fan Diagnostic (x32 Version: 1.1.0.09200 - Sony Corporation) Hidden
    VAIO Data Restore Tool (x32 Version: 1.9.0.13190 - Sony Corporation) Hidden
    VAIO Easy Connect (x32 Version: 1.1.2.01120 - Sony Corporation) Hidden
    VAIO Gate (x32 Version: 2.4.1.09230 - Sony Corporation) Hidden
    VAIO Gate (x32 Version: 2.4.2.02200 - Sony Corporation) Hidden
    VAIO Gate Default (x32 Version: 2.5.2.02090 - Sony Corporation) Hidden
    VAIO Gesture Control (x32 Version: 1.0.0.12300 - Sony Corporation) Hidden
    VAIO Health Report (HKLM-x32\...\VAIO Health Report1.0) (Version: 1.0 - Sony Electronics)
    VAIO Help and Support (x32 Version: 17.00.0109 - Sony Corporation) Hidden
    VAIO Improvement (x32 Version: 1.3.0.12280 - Sony Corporation) Hidden
    VAIO Manual (x32 Version: 2.3.0.12300 - Sony Corporation) Hidden
    VAIO Messenger (HKLM-x32\...\VAIO Messenger) (Version: 2.0.550.0 - DDNi)
    VAIO OOBE (x32 Version: 12.2.1.2483 - Sony Corporation) Hidden
    VAIO Sample Contents (x32 Version: 1.4.0.09010 - Sony Corporation) Hidden
    VAIO Satisfaction Survey. (x32 Version: 3.0 - Sony Electronics Inc.) Hidden
    VAIO Smart Network (x32 Version: 3.11.1.15220 - Sony Corporation) Hidden
    VAIO Transfer Support (x32 Version: 1.7.1.06040 - Sony Corporation) Hidden
    VAIO Update (x32 Version: 5.7.0.13130 - Sony Corporation) Hidden
    VAIO Update Merge Module x64 (Version: 5.7.13130 - Sony Corporation) Hidden
    VBMx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
    VCCx64 (Version: 1.0.0 - Sony Corporation) Hidden
    VCCx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
    Vegas Movie Studio HD Platinum 11.0 (x32 Version: 11.0.256 - Sony) Hidden
    VGClientX64 (Version: 1.0.0 - Sony Corporation) Hidden
    VGClientX86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
    VHD (x32 Version: 1.0.0 - Microsoft) Hidden
    VIPRE Internet Security (HKLM-x32\...\{C1D1FC57-3EB9-4B21-BCA3-F1C927508200}) (Version: 7.0.6.2 - ThreatTrack Security, Inc.)
    VIPRE Internet Security (x32 Version: 7.0.6.2 - ThreatTrack Security, Inc.) Hidden
    Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
    VIx64 (Version: 1.0.0 - Sony Corporation) Hidden
    VIx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
    VLC media player 2.0.6 (HKLM-x32\...\VLC media player) (Version: 2.0.6 - VideoLAN)
    VMLx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
    VPMx64 (Version: 1.0.0 - Sony Corporation ) Hidden
    VSNx64 (Version: 1.0.0 - Sony Corporation) Hidden
    VSNx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
    VSSTx64 (Version: 1.0.0 - Sony Corporation ) Hidden
    VSSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
    VU5x64 (Version: 1.0.0 - Sony Corporation ) Hidden
    VU5x86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
    VWSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
    WD SmartWare (HKLM\...\{49B1B217-27B1-42D8-A0A5-7ED0CD0D9508}) (Version: 1.6.0.25 - Western Digital)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
    Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-2041430264-2399561070-413413978-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Elizabeth\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-2041430264-2399561070-413413978-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Elizabeth\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-2041430264-2399561070-413413978-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Elizabeth\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-2041430264-2399561070-413413978-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Elizabeth\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2041430264-2399561070-413413978-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Elizabeth\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-2041430264-2399561070-413413978-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Elizabeth\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-2041430264-2399561070-413413978-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Elizabeth\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-2041430264-2399561070-413413978-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Elizabeth\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2041430264-2399561070-413413978-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Elizabeth\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

    ==================== Restore Points =========================

    23-06-2015 12:03:42 Installed FredV2Step2
    23-06-2015 12:05:03 Configured FredV2Step2
    23-06-2015 16:22:47 Configured EpsonNet Print
    23-06-2015 16:23:26 Installed EpsonNet Setup 3.3
    01-07-2015 15:25:38 Scheduled Checkpoint
    09-07-2015 15:30:38 Scheduled Checkpoint
    20-07-2015 18:29:15 Removed iTunes

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {0616562E-6C65-40B4-B368-5390006AF92C} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-01-31] (Sony Corporation)
    Task: {073A4B3A-E308-41AF-8EEC-16403B7B4BF5} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate Restart => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2012-02-20] (Sony Corporation)
    Task: {0EB8EA04-16D8-4EC4-8D65-56C0CC4A76C5} - System32\Tasks\Sony Corporation\VAIO Smart Network\VSN Logon Start => net
    Task: {1092E57E-A607-46A9-9E52-FA16EBC5B26C} - System32\Tasks\Sony Corporation\VAIO Power Management\VPM Unlock => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2012-01-10] (Sony Corporation)
    Task: {10CDE930-EB02-4D83-BB07-D12723CC5F32} - System32\Tasks\VHDInformationCheck => C:\Program Files (x86)\Sony\VAIO Recovery\plugins\InformationCheck.exe [2012-02-24] (Sony Corporation)
    Task: {1D52B8F6-6E62-45FD-B66D-ED0456419C04} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-01-31] (Sony Corporation)
    Task: {21413B99-C1FE-4C52-869A-7CF73BEFEC44} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementMonitorUser => C:\Program Files\Sony\VAIO Improvement\vim.exe [2011-12-27] (Sony Corporation)
    Task: {313FB459-64CB-4C3A-9F59-2E60B3016E10} - System32\Tasks\Sony Corporation\VAIO Gate\StartExecuteProxy => C:\Program Files\Sony\VAIO Gate\ExecutionProxy.exe [2012-02-20] (Sony Corporation)
    Task: {327A7C60-C599-49B9-9A6E-A7D1DDB7D259} - System32\Tasks\DDNi Startup => C:\Program Files (x86)\DDNi\Oasis\DDNiStartup.exe [2013-07-03] (Digital Delivery Networks, Inc.)
    Task: {33B04916-0367-4358-AF01-54955A12AB09} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2041430264-2399561070-413413978-1000Core => C:\Users\Elizabeth\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-18] (Google Inc.)
    Task: {38A2B101-01F3-4B21-8811-76FA477781DE} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\viuploader.exe [2011-12-27] (Sony Corporation)
    Task: {38F8A1E4-54E5-486D-84F2-56C9F35E37F7} - System32\Tasks\Sony Corporation\VAIO Power Management\VPM Logon Start => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2012-01-10] (Sony Corporation)
    Task: {3E5AFA1C-2BCE-4E9C-A9E6-65008954525E} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Daily => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-04-06] (Sony Corporation)
    Task: {3E8507A6-5747-48DE-849F-D92F0D529159} - System32\Tasks\Sony Corporation\VAIO Care\CRMReminder => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-01-31] (Sony Corporation)
    Task: {458D076A-818C-4BC2-9E79-CE5F971B88C9} - System32\Tasks\USER_ESRV_SVC => Wscript.exe //B //NoLogo "C:\Program Files\Sony\VAIO Care\esrv\task.vbs"
    Task: {4C0CAE05-BEFA-4851-9275-6C7DED78649D} - System32\Tasks\VAIO® Messenger (Elizabeth) => C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe [2013-07-03] (Digital Delivery Networks, Inc.)
    Task: {6416DF84-1CFD-4B08-A347-BE7273C30527} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Month => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-04-06] (Sony Corporation)
    Task: {6DEB61AA-EF45-4417-8AE5-A2650CE3D0EE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-14] (Adobe Systems Incorporated)
    Task: {70794633-21B8-4128-B66E-27D81E1C0DC8} - System32\Tasks\VAIO Health Report => C:\Program Files (x86)\Sony\VAIO Health Report\VAIOHealthReport.exe [2013-06-20] (Sony Electronics)
    Task: {778734FD-439A-43B6-B940-304AB9684065} - System32\Tasks\Sony\OOBEApplauncher => C:\Program Files (x86)\Sony\OOBE\OOBEAppLauncher.exe [2012-03-15] (Sony Electronics Inc.)
    Task: {8E5278AA-74DC-4A01-A440-0E0BAA01FCFD} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-01-31] (Sony Corporation)
    Task: {9FA90726-F32F-475A-83E7-8FF6AD776BF1} - System32\Tasks\Sony Corporation\VAIO Care\VAU => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-01-31] (Sony Corporation)
    Task: {A9380D21-4BD4-4C82-98EC-22DBC4E166B4} - System32\Tasks\Sony Corporation\VAIO Gesture Control\VCGULogonTask => C:\Program Files (x86)\Sony\VAIO Camera Gesture Utility\VCGU.exe [2011-12-27] (Sony Corporation)
    Task: {AAE1DEB5-DC57-458E-9D69-0A9B02178648} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementMonitorSystem => C:\Program Files\Sony\VAIO Improvement\vim.exe [2011-12-27] (Sony Corporation)
    Task: {B0FB249E-6BAC-423C-A2B1-A0C3060AB02B} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-01-31] (Sony Corporation)
    Task: {B38ABD2C-70F5-4F07-A405-C492F8047019} - System32\Tasks\Sony Corporation\VAIO Care\AutoCheckMessage => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-01-31] (Sony Corporation)
    Task: {C54D4CC2-E9CB-4B26-BA52-068A50C2F541} - System32\Tasks\Sony Corporation\VAIO Power Management\VPM Session Change => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2012-01-10] (Sony Corporation)
    Task: {C62E3B46-16F4-444F-AA46-D4C24322AE5C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2041430264-2399561070-413413978-1000UA => C:\Users\Elizabeth\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-18] (Google Inc.)
    Task: {D1FDAB81-7929-463A-803D-2FB1F1EE010B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {D9829743-9328-4987-ACB3-DF1D7C081BA6} - System32\Tasks\Sony\Keyboard Shortcuts => C:\Program Files (x86)\Sony\Keyboard Shortcuts\KeyboardShortcuts.exe [2012-03-20] ()
    Task: {DD435CFE-8B37-4CA7-87EF-23E942396150} - System32\Tasks\VAIO® Messenger (Administrator) => C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe [2013-07-03] (Digital Delivery Networks, Inc.)
    Task: {F3406592-BD61-4339-8818-953906D90482} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2012-02-20] (Sony Corporation)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2041430264-2399561070-413413978-1000Core.job => C:\Users\Elizabeth\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2041430264-2399561070-413413978-1000UA.job => C:\Users\Elizabeth\AppData\Local\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (Whitelisted) ==============

    2012-04-26 05:51 - 2012-03-23 03:47 - 00127320 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    2013-10-17 15:27 - 2013-10-17 15:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
    2011-03-16 04:29 - 2011-03-16 04:29 - 02673000 _____ () C:\Windows\system32\HPScanTRDrv_DJ3050A_J611.dll
    2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
    2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    2012-04-04 21:04 - 2012-04-03 15:16 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
    2013-02-22 17:30 - 2013-02-22 14:02 - 00471464 _____ () C:\Program Files\Sony\VAIO Care\esrv\esrv.exe
    2013-02-22 17:30 - 2013-02-22 14:02 - 00528296 _____ () C:\Program Files\Sony\VAIO Care\esrv\intel_modeler.dll
    2013-02-22 17:30 - 2013-02-22 14:02 - 00148904 _____ () C:\Program Files\Sony\VAIO Care\esrv\sony_foreground_window_input.dll
    2012-03-20 15:43 - 2012-03-20 15:43 - 00477816 _____ () C:\Program Files (x86)\Sony\Keyboard Shortcuts\KeyboardShortcuts.exe
    2013-02-22 17:30 - 2013-02-22 14:02 - 00427432 _____ () C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe
    2013-02-22 17:30 - 2013-02-22 14:02 - 00171432 _____ () C:\Program Files\Sony\VAIO Care\esrv\sony_acpi_battery_input.dll
    2013-02-22 17:30 - 2013-02-22 14:02 - 00144296 _____ () C:\Program Files\Sony\VAIO Care\esrv\sony_sema_thermal_input.dll
    2013-02-22 17:30 - 2013-02-22 14:02 - 00146344 _____ () C:\Program Files\Sony\VAIO Care\esrv\sony_wifi_input.dll
    2011-11-30 20:49 - 2011-11-30 20:49 - 00276992 _____ () C:\Program Files\Sony\VAIO Care\READ\RecoveryPartitionManagerREAD.dll
    2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2012-11-23 10:53 - 2012-11-23 10:53 - 00329592 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\apistrings.dll
    2012-11-23 10:56 - 2012-11-23 10:56 - 00159608 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\modlop.dll
    2012-11-23 10:54 - 2012-11-23 10:54 - 00100728 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\httpserverattplugin.dll
    2012-11-23 10:46 - 2012-11-23 10:46 - 02029600 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\crmimodule.dll
    2009-07-13 16:03 - 2009-07-13 20:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
    2012-11-23 10:58 - 2012-11-23 10:58 - 00208760 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\patchautodownload.dll
    2012-12-07 11:02 - 2012-12-07 11:02 - 00183160 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\scanmngsys.dll
    2012-11-23 10:58 - 2012-11-23 10:58 - 00049528 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\schedcompactdb.dll
    2012-11-23 10:58 - 2012-11-23 10:58 - 00054648 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\schedupdates.dll
    2012-02-20 23:26 - 2012-02-20 23:26 - 00160768 _____ () C:\Program Files (x86)\VIPRE\unrar.dll
    2013-06-13 20:06 - 2013-06-13 20:06 - 00904704 _____ () C:\Program Files (x86)\Examsoft\Softest 11.0\System.Data.SQLite.dll
    2012-04-26 06:57 - 2012-04-06 16:37 - 00021128 _____ () C:\Program Files (x86)\Sony\VAIO Control Center\VESBasePS.dll
    2015-05-29 15:04 - 2015-05-29 15:04 - 00117248 _____ () C:\Users\Elizabeth\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
    2015-05-29 15:04 - 2015-05-29 15:04 - 00234496 _____ () C:\Users\Elizabeth\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
    2015-05-29 15:04 - 2015-05-29 15:04 - 00253440 _____ () C:\Users\Elizabeth\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
    2015-05-29 15:04 - 2015-05-29 15:04 - 00344064 _____ () C:\Users\Elizabeth\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
    2014-02-09 17:16 - 2015-06-26 03:13 - 00184184 _____ () C:\Program Files (x86)\VIPRE\Definitions\libBase64.dll
    2014-02-09 17:16 - 2015-06-26 03:13 - 00175992 _____ () C:\Program Files (x86)\VIPRE\Definitions\libMachoUniv.dll
    2012-03-20 15:43 - 2012-03-20 15:43 - 00160376 _____ () C:\Program Files (x86)\Sony\Keyboard Shortcuts\MessageHook.dll
    2012-03-20 15:43 - 2012-03-20 15:43 - 00026744 _____ () C:\Program Files (x86)\Sony\Keyboard Shortcuts\Utility.dll
    2014-03-24 13:19 - 2014-03-24 13:19 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\00a0b4a9df6e4abf30ae2af3624a77ce\IsdiInterop.ni.dll
    2012-04-26 05:40 - 2012-02-01 18:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
    2013-07-02 23:06 - 2013-07-02 23:06 - 00039936 _____ () C:\Program Files (x86)\DDNi\Oasis2Service\OasisCloudModel.dll
    2013-07-02 23:06 - 2013-07-02 23:06 - 00011264 _____ () C:\Program Files (x86)\DDNi\Oasis2Service\OasisCloudClient.dll
    2013-07-12 11:09 - 2013-07-03 01:08 - 00061864 _____ () C:\Program Files (x86)\DDNi\Oasis\OasisCloudModel.dll
    2013-07-12 11:09 - 2013-07-03 01:08 - 00018856 _____ () C:\Program Files (x86)\DDNi\Oasis\OasisCloudClient.dll
    2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    2015-07-14 18:44 - 2015-07-13 16:55 - 01281864 _____ () C:\Users\Elizabeth\AppData\Local\Google\Chrome\Application\43.0.2357.134\libglesv2.dll
    2015-07-14 18:44 - 2015-07-13 16:55 - 00080712 _____ () C:\Users\Elizabeth\AppData\Local\Google\Chrome\Application\43.0.2357.134\libegl.dll
    2012-01-09 02:46 - 2012-01-09 02:46 - 01099790 _____ () C:\Program Files (x86)\Citrix\ICA Client\avcodec-52.dll
    2012-01-09 02:46 - 2012-01-09 02:46 - 00079886 _____ () C:\Program Files (x86)\Citrix\ICA Client\avutil-50.dll
    2012-01-09 02:46 - 2012-01-09 02:46 - 00121870 _____ () C:\Program Files (x86)\Citrix\ICA Client\swscale-0.dll
    2012-01-09 02:46 - 2012-01-09 02:46 - 00117774 _____ () C:\Program Files (x86)\Citrix\ICA Client\avformat-52.dll
    2012-04-26 05:50 - 2012-03-23 03:47 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBPIMSvc => ""="Service"

    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-2041430264-2399561070-413413978-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Elizabeth\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.1.254
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is disabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{75020D15-FAF7-4E7A-824D-4A212C5BFF85}] => (Block) C:\Program Files (x86)\Sony\VAIO Creations\VAIO Movie Story\VMStory.exe
    FirewallRules: [{0225F8B5-34A1-48BD-8B66-37B811D2890B}] => (Block) C:\Program Files (x86)\Sony\VAIO Creations\VAIO Movie Story\VMStory.exe
    FirewallRules: [{F595C2A1-12EA-4DBC-BF52-C20B6232E024}] => (Block) C:\Program Files (x86)\Sony\VAIO Creations\VAIO Movie Story\VMStory.exe
    FirewallRules: [{D46E7367-B8FB-490B-9639-2B34E3E35B85}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE
    FirewallRules: [{0C084B53-E5BE-4982-8005-07A3ACB3507F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [{AADE3618-0C91-4353-8111-09AABC5CA2C2}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{6EE054F9-8495-46A0-8D3C-AAC25CAE889A}] => (Allow) LPort=2869
    FirewallRules: [{CEA14F9A-A741-4FE1-8201-E704DCB2847F}] => (Allow) LPort=1900
    FirewallRules: [{6FB4BE06-C716-4BBE-B8F1-723536A73BF7}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    FirewallRules: [{EA42EF0A-199D-4C08-8396-C4F9CE0CE16A}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
    FirewallRules: [{9D85719A-85C0-4891-90E4-91FBD9CB8FDC}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
    FirewallRules: [{E3715782-7E27-46E6-99FD-CA7E91141648}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
    FirewallRules: [{C7E2DD44-065F-41C5-94FD-2140E91CD06B}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
    FirewallRules: [{AC1B590F-8CDD-4EB8-AF7C-2720788440D9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{2FD07A5B-ACE4-48B0-ACC7-DDA159672A67}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{4AC6E8E4-15E5-4331-AE9B-EB96AFFE694D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{C0D56825-70BD-4D67-93CA-4A638C8FD0BE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{10D3C16C-20AD-4636-A2B5-76F1C37D33EC}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
    FirewallRules: [{B4085BD3-5D62-47B6-9DC2-C14A4DC3F10D}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
    FirewallRules: [{C06C0BE4-79CB-4B4E-B655-06E5B97C2F31}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe
    FirewallRules: [{61160157-6906-4694-9AB7-F6F4E272CA7E}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe
    FirewallRules: [{6141CD4F-A6FC-44EC-B074-87381F5353AD}] => (Allow) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\DeviceSetup.exe
    FirewallRules: [{3224AC18-1522-4DE9-9BF1-72EE7332C9CE}] => (Allow) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe
    FirewallRules: [TCP Query User{0C5FB283-F172-44CD-B65F-C059D3DA149C}C:\users\elizabeth\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\elizabeth\appdata\local\google\chrome\application\chrome.exe
    FirewallRules: [UDP Query User{6677E74E-8DE3-407B-915B-DF4E99C01610}C:\users\elizabeth\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\elizabeth\appdata\local\google\chrome\application\chrome.exe
    FirewallRules: [{2089ED48-2CC9-4472-9075-FC590C38CEB7}] => (Allow) C:\Users\Elizabeth\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
    FirewallRules: [{802CA57A-7CDF-4272-9EC8-01E7FAB3A32D}] => (Allow) C:\Users\Elizabeth\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
    FirewallRules: [{70ACB0B3-A7D5-4A1A-AAA1-AD983B70F684}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\TriDef 3D\TriDef\TriDefMediaPlayer\TriDefMediaPlayer.exe] => Enabled:TriDef 3D Media Player

    ==================== Faulty Device Manager Devices =============

    Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
    Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Cisco Systems
    Service: vpnva
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (07/20/2015 09:06:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (07/20/2015 06:18:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (07/20/2015 06:12:56 PM) (Source: Windows Backup) (EventID: 4103) (User: )
    Description: The backup did not complete because of an error writing to the backup location D:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

    Error: (07/20/2015 06:08:49 PM) (Source: Windows Activation Technologies) (EventID: 14) (User: )
    Description: Genuine validation failure:
    hr = 0x800706BA

    Error: (07/19/2015 10:54:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 8970

    Error: (07/19/2015 10:54:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 8970

    Error: (07/19/2015 10:54:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (07/19/2015 10:54:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 7941

    Error: (07/19/2015 10:54:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 7941

    Error: (07/19/2015 10:54:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second


    System errors:
    =============
    Error: (07/20/2015 09:11:37 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
    Description: The VAIO Care Performance Service service hung on starting.

    Error: (07/20/2015 09:07:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

    Error: (07/20/2015 09:05:19 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SampleCollector service.

    Error: (07/20/2015 09:04:22 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ESRV_SVC service.

    Error: (07/20/2015 09:03:52 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
    Description: The Windows Update service did not shut down properly after receiving a preshutdown control.

    Error: (07/20/2015 08:59:57 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Appinfo service.

    Error: (07/20/2015 06:31:22 PM) (Source: iaStor) (EventID: 9) (User: )
    Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

    Error: (07/20/2015 06:19:53 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

    Error: (07/20/2015 06:18:31 PM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 6:17:56 PM on ‎7/‎20/‎2015 was unexpected.

    Error: (07/20/2015 06:00:14 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.


    Microsoft Office:
    =========================
    Error: (07/20/2015 09:06:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (07/20/2015 06:18:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (07/20/2015 06:12:56 PM) (Source: Windows Backup) (EventID: 4103) (User: )
    Description: D:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)

    Error: (07/20/2015 06:08:49 PM) (Source: Windows Activation Technologies) (EventID: 14) (User: )
    Description: 0x800706BA

    Error: (07/19/2015 10:54:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 8970

    Error: (07/19/2015 10:54:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 8970

    Error: (07/19/2015 10:54:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (07/19/2015 10:54:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 7941

    Error: (07/19/2015 10:54:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 7941

    Error: (07/19/2015 10:54:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz
    Percentage of memory in use: 50%
    Total physical RAM: 6043.28 MB
    Available physical RAM: 3003.34 MB
    Total Virtual: 12084.73 MB
    Available Virtual: 8402.58 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:503.4 GB) (Free:283.24 GB) NTFS
    Drive d: (My Book) (Fixed) (Total:1862.98 GB) (Free:1491.28 GB) NTFS
    Drive f: (Pictures) (Fixed) (Total:73.24 GB) (Free:53.52 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 596.2 GB) (Disk ID: 8412C5D5)

    Partition: GPT Partition Type.

    ========================================================
    Disk: 1 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 00021365)
    Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

    ==================== End of log ============================
     
  3. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==============================

    [​IMG] Uninstall following unwanted programs:

    Ask Toolbar
    Tracker Toolbar Updater


    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
    NOTE. If you already have MBAM 2.0 installed scroll down.

    • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.


    If you already have MBAM 2.0 installed:

    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.

    How to get logs:
    (Export log to save as txt)


    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • Attach that saved log to your next reply.


    (Copy to clipboard for pasting into forum replies or tickets)

    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
  4. Java13

    Java13 TS Rookie Topic Starter Posts: 18

    Hi Broni! Thank you for your help!

    I've run RogueKiller, and after clicking delete I notice there are still PUPs, they wont let me select them. I went on and generated the report TXT (there was no file on my desktopw here the program was, but it's easy enough to generate).

    I just wanted to make sure this was correct before I moved forward with the next steps!

    RogueKiller V10.9.3.0 [Jul 21 2015] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Elizabeth [Administrator]
    Started from : C:\Users\Elizabeth\Desktop\RogueKiller.exe
    Mode : Delete -- Date : 07/21/2015 22:03:30

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 9 ¤¤¤
    [PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} -> Not selected
    [PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} -> Not selected
    [PUP] (X86) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar | {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} : Funmoods Toolbar -> Not selected
    [PUP] (X64) HKEY_USERS\S-1-5-21-2041430264-2399561070-413413978-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} : -> Not selected
    [PUP] (X86) HKEY_USERS\S-1-5-21-2041430264-2399561070-413413978-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} : -> Not selected
    [Suspicious.Path|VT.Unknown] (X64) HKEY_USERS\S-1-5-21-2041430264-2399561070-413413978-1000\Software\Microsoft\Windows\CurrentVersion\Run | WorkForce 630(Network) : C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGBA.EXE /FU "C:\Users\ELIZAB~1\AppData\Local\Temp\E_SBFB7.tmp" /EF "HKCU" [7][x][-][x][x] -> Not selected
    [Suspicious.Path|VT.Unknown] (X86) HKEY_USERS\S-1-5-21-2041430264-2399561070-413413978-1000\Software\Microsoft\Windows\CurrentVersion\Run | WorkForce 630(Network) : C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGBA.EXE /FU "C:\Users\ELIZAB~1\AppData\Local\Temp\E_SBFB7.tmp" /EF "HKCU" [7][x][-][x][x] -> Not selected
    [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2041430264-2399561070-413413978-1000\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://sony.msn.com -> Not selected
    [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2041430264-2399561070-413413978-1000\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://sony.msn.com -> Not selected

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: TOSHIBA MK6459GSXP +++++
    --- User ---
    [MBR] 11b1bc8498fe67fb396aa96d9547ccbd
    [BSP] 0fd6a87bbcb44afd601788e9e4f6169d : Empty|VT.Unknown MBR Code
    Partition table:
    0 - [SYSTEM][MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 260 MB
    1 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 534528 | Size: 19353 MB
    2 - EFI system partition | Offset (sectors): 40169472 | Size: 260 MB
    3 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 40701952 | Size: 128 MB
    4 - Basic data partition | Offset (sectors): 40964096 | Size: 515478 MB
    5 - Basic data partition | Offset (sectors): 1096665088 | Size: 74999 MB
    User = LL1 ... OK
    User = LL2 ... OK
     
  5. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    You did fine. Go on...
     
  6. Java13

    Java13 TS Rookie Topic Starter Posts: 18

    Ive run the MBAM, it took quite a while because whatever is on my computer makes it run very slowly at times. It quarantined my threats, let me know if you think I should go ahead and delete them?

    Anyhow, when I move on to the AdwCleaner and click the link the website asks me to log in. I clicked the Piwik logo but can't seem to find a place on their website to download the AdwCleaner there either
     
  7. Broni

    Broni Malware Annihilator Posts: 52,915   +344

  8. Java13

    Java13 TS Rookie Topic Starter Posts: 18

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 7/23/2015
    Scan Time: 11:42 PM
    Logfile: MBAM log.txt
    Administrator: Yes

    Version: 2.1.8.1057
    Malware Database: v2015.07.24.01
    Rootkit Database: v2015.07.22.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: Elizabeth

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 408941
    Time Elapsed: 18 hr, 54 min, 39 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 116
    PUP.Optional.FunMoods.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}, Quarantined, [0b866b7ae7a3fe381626acf1c73bff01],
    PUP.Optional.FunMoods.A, HKLM\SOFTWARE\CLASSES\funmoods.funmoodsHlpr.1, Quarantined, [0b866b7ae7a3fe381626acf1c73bff01],
    PUP.Optional.FunMoods.A, HKLM\SOFTWARE\CLASSES\funmoods.funmoodsHlpr, Quarantined, [0b866b7ae7a3fe381626acf1c73bff01],
    PUP.Optional.FunMoods.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\funmoods.funmoodsHlpr, Quarantined, [0b866b7ae7a3fe381626acf1c73bff01],
    PUP.Optional.FunMoods.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\funmoods.funmoodsHlpr, Quarantined, [0b866b7ae7a3fe381626acf1c73bff01],
    PUP.Optional.FunMoods.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}, Quarantined, [0b866b7ae7a3fe381626acf1c73bff01],
    PUP.Optional.FunMoods.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\funmoods.funmoodsHlpr.1, Quarantined, [0b866b7ae7a3fe381626acf1c73bff01],
    PUP.Optional.FunMoods.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\funmoods.funmoodsHlpr.1, Quarantined, [0b866b7ae7a3fe381626acf1c73bff01],
    PUP.Optional.FunMoods.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}, Quarantined, [0b866b7ae7a3fe381626acf1c73bff01],
    PUP.Optional.FunMoods.A, HKU\S-1-5-21-2041430264-2399561070-413413978-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}, Quarantined, [0b866b7ae7a3fe381626acf1c73bff01],
    PUP.Optional.FunMoods.A, HKU\S-1-5-21-2041430264-2399561070-413413978-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}, Quarantined, [0b866b7ae7a3fe381626acf1c73bff01],
    PUP.Optional.Funmoods.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439}, Quarantined, [c2cf0dd8058567cfc6ba843a3ac8b44c],
    PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\escort.escortIEPane.1, Quarantined, [c2cf0dd8058567cfc6ba843a3ac8b44c],
    PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\escort.escortIEPane, Quarantined, [c2cf0dd8058567cfc6ba843a3ac8b44c],
    PUP.Optional.Funmoods.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\escort.escortIEPane, Quarantined, [c2cf0dd8058567cfc6ba843a3ac8b44c],
    PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\escort.escortIEPane, Quarantined, [c2cf0dd8058567cfc6ba843a3ac8b44c],
    PUP.Optional.Funmoods.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\escort.escortIEPane.1, Quarantined, [c2cf0dd8058567cfc6ba843a3ac8b44c],
    PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\escort.escortIEPane.1, Quarantined, [c2cf0dd8058567cfc6ba843a3ac8b44c],
    PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439}, Quarantined, [c2cf0dd8058567cfc6ba843a3ac8b44c],
    PUP.Optional.Funmoods.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}, Quarantined, [0889ce17f19958de394a229ce61c27d9],
    PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\funmoods.dskBnd.1, Quarantined, [0889ce17f19958de394a229ce61c27d9],
    PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\funmoods.dskBnd, Quarantined, [0889ce17f19958de394a229ce61c27d9],
    PUP.Optional.Funmoods.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\funmoods.dskBnd, Quarantined, [0889ce17f19958de394a229ce61c27d9],
    PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\funmoods.dskBnd, Quarantined, [0889ce17f19958de394a229ce61c27d9],
    PUP.Optional.Funmoods.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\funmoods.dskBnd.1, Quarantined, [0889ce17f19958de394a229ce61c27d9],
    PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\funmoods.dskBnd.1, Quarantined, [0889ce17f19958de394a229ce61c27d9],
    PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}, Quarantined, [0889ce17f19958de394a229ce61c27d9],
    PUP.Optional.Funmoods.A, HKU\S-1-5-21-2041430264-2399561070-413413978-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}, Quarantined, [0889ce17f19958de394a229ce61c27d9],
    PUP.Optional.Funmoods.A, HKU\S-1-5-21-2041430264-2399561070-413413978-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}, Quarantined, [0889ce17f19958de394a229ce61c27d9],
    PUP.Optional.Funmoods.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13}, Quarantined, [167b727369217fb71371d2ecf40e6d93],
    PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\funmoodsApp.appCore.1, Quarantined, [167b727369217fb71371d2ecf40e6d93],
    PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\funmoodsApp.appCore, Quarantined, [167b727369217fb71371d2ecf40e6d93],
    PUP.Optional.Funmoods.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\funmoodsApp.appCore, Quarantined, [167b727369217fb71371d2ecf40e6d93],
    PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\funmoodsApp.appCore, Quarantined, [167b727369217fb71371d2ecf40e6d93],
    PUP.Optional.Funmoods.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\funmoodsApp.appCore.1, Quarantined, [167b727369217fb71371d2ecf40e6d93],
    PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\funmoodsApp.appCore.1, Quarantined, [167b727369217fb71371d2ecf40e6d93],
    PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13}, Quarantined, [167b727369217fb71371d2ecf40e6d93],
    PUP.Optional.WeCare.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}, Quarantined, [d8b9875ef496181e118d4e73887af30d],
    PUP.Optional.WeCare.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}, Quarantined, [d8b9875ef496181e118d4e73887af30d],
    PUP.Optional.WeCare.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}, Quarantined, [d8b9875ef496181e118d4e73887af30d],
    PUP.Optional.WeCare.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{F773BB94-6C19-4643-A570-0E429103D1C3}, Quarantined, [d8b9875ef496181e118d4e73887af30d],
    PUP.Optional.WeCare.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{F773BB94-6C19-4643-A570-0E429103D1C3}, Quarantined, [d8b9875ef496181e118d4e73887af30d],
    PUP.Optional.WeCare.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}, Quarantined, [d8b9875ef496181e118d4e73887af30d],
    PUP.Optional.WeCare.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}, Quarantined, [d8b9875ef496181e118d4e73887af30d],
    PUP.Optional.WeCare.A, HKLM\SOFTWARE\CLASSES\IEHelperv250.WeCareReminder.1, Quarantined, [d8b9875ef496181e118d4e73887af30d],
    PUP.Optional.WeCare.A, HKLM\SOFTWARE\CLASSES\IEHelperv250.WeCareReminder, Quarantined, [d8b9875ef496181e118d4e73887af30d],
    PUP.Optional.WeCare.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\IEHelperv250.WeCareReminder, Quarantined, [d8b9875ef496181e118d4e73887af30d],
    PUP.Optional.WeCare.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\IEHelperv250.WeCareReminder, Quarantined, [d8b9875ef496181e118d4e73887af30d],
    PUP.Optional.WeCare.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}, Quarantined, [d8b9875ef496181e118d4e73887af30d],
    PUP.Optional.WeCare.A, HKU\S-1-5-21-2041430264-2399561070-413413978-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}, Quarantined, [d8b9875ef496181e118d4e73887af30d],
    PUP.Optional.WeCare.A, HKU\S-1-5-21-2041430264-2399561070-413413978-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}, Quarantined, [d8b9875ef496181e118d4e73887af30d],
    PUP.Optional.Funmoods.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9}, Quarantined, [8a072fb6404a1620fe87bd0149b97090],
    PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\f, Quarantined, [8a072fb6404a1620fe87bd0149b97090],
    PUP.Optional.Funmoods.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\f, Quarantined, [8a072fb6404a1620fe87bd0149b97090],
    PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\f, Quarantined, [8a072fb6404a1620fe87bd0149b97090],
    PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9}, Quarantined, [8a072fb6404a1620fe87bd0149b97090],
    PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}, Quarantined, [c2cf608522689a9cef362e6c9c66c838],
    PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}, Quarantined, [c2cf608522689a9cef362e6c9c66c838],
    PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{23C70BCA-6E23-4A65-AD2E-1389062074F1}, Quarantined, [c2cf608522689a9cef362e6c9c66c838],
    PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}, Quarantined, [c2cf608522689a9cef362e6c9c66c838],
    PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{295CACB4-51F5-46FD-914E-C72BAAE1B672}, Quarantined, [c2cf608522689a9cef362e6c9c66c838],
    PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}, Quarantined, [c2cf608522689a9cef362e6c9c66c838],
    PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}, Quarantined, [c2cf608522689a9cef362e6c9c66c838],
    PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}, Quarantined, [c2cf608522689a9cef362e6c9c66c838],
    PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}, Quarantined, [c2cf608522689a9cef362e6c9c66c838],
    PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}, Quarantined, [c2cf608522689a9cef362e6c9c66c838],
    PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}, Quarantined, [c2cf608522689a9cef362e6c9c66c838],
    PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{C0585B2F-74D7-4734-88DE-6C150C5D4036}, Quarantined, [c2cf608522689a9cef362e6c9c66c838],
    PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}, Quarantined, [c2cf608522689a9cef362e6c9c66c838],
    PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}, Quarantined, [c2cf608522689a9cef362e6c9c66c838],
    PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{EF0588D6-1621-4A75-B8BE-F4BC34794136}, Quarantined, [c2cf608522689a9cef362e6c9c66c838],
    PUP.Optional.Funmoods.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}, Quarantined, [c2cf608522689a9cef362e6c9c66c838],
    PUP.Optional.Funmoods.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{23C70BCA-6E23-4A65-AD2E-1389062074F1}, Quarantined, [c2cf608522689a9cef362e6c9c66c838],
    PUP.Optional.Funmoods.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}, Quarantined, [c2cf608522689a9cef362e6c9c66c838],
    PUP.Optional.Funmoods.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{295CACB4-51F5-46FD-914E-C72BAAE1B672}, Quarantined, [c2cf608522689a9cef362e6c9c66c838],
    PUP.Optional.Funmoods.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}, Quarantined, [c2cf608522689a9cef362e6c9c66c838],
    PUP.Optional.Funmoods.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}, Quarantined, [c2cf608522689a9cef362e6c9c66c838],
    PUP.Optional.Funmoods.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}, Quarantined, [c2cf608522689a9cef362e6c9c66c838],
    PUP.Optional.Funmoods.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}, Quarantined, [c2cf608522689a9cef362e6c9c66c838],
    PUP.Optional.Funmoods.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}, Quarantined, [c2cf608522689a9cef362e6c9c66c838],
    PUP.Optional.Funmoods.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}, Quarantined, [c2cf608522689a9cef362e6c9c66c838],
    PUP.Optional.Funmoods.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C0585B2F-74D7-4734-88DE-6C150C5D4036}, Quarantined, [c2cf608522689a9cef362e6c9c66c838],
    PUP.Optional.Funmoods.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}, Quarantined, [c2cf608522689a9cef362e6c9c66c838],
    PUP.Optional.Funmoods.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}, Quarantined, [c2cf608522689a9cef362e6c9c66c838],
    PUP.Optional.Funmoods.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{EF0588D6-1621-4A75-B8BE-F4BC34794136}, Quarantined, [c2cf608522689a9cef362e6c9c66c838],
    PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}, Quarantined, [c2cf608522689a9cef362e6c9c66c838],
    PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{23C70BCA-6E23-4A65-AD2E-1389062074F1}, Quarantined, [c2cf608522689a9cef362e6c9c66c838],
    PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}, Quarantined, [c2cf608522689a9cef362e6c9c66c838],
    PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{295CACB4-51F5-46FD-914E-C72BAAE1B672}, Quarantined, [c2cf608522689a9cef362e6c9c66c838],
    PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}, Quarantined, [c2cf608522689a9cef362e6c9c66c838],
    PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}, Quarantined, [c2cf608522689a9cef362e6c9c66c838],
    PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}, Quarantined, [c2cf608522689a9cef362e6c9c66c838],
    PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}, Quarantined, [c2cf608522689a9cef362e6c9c66c838],
    PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}, Quarantined, [c2cf608522689a9cef362e6c9c66c838],
    PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}, Quarantined, [c2cf608522689a9cef362e6c9c66c838],
    PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{C0585B2F-74D7-4734-88DE-6C150C5D4036}, Quarantined, [c2cf608522689a9cef362e6c9c66c838],
    PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}, Quarantined, [c2cf608522689a9cef362e6c9c66c838],
    PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}, Quarantined, [c2cf608522689a9cef362e6c9c66c838],
    PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{EF0588D6-1621-4A75-B8BE-F4BC34794136}, Quarantined, [c2cf608522689a9cef362e6c9c66c838],
    PUP.Optional.Funmoods.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}, Quarantined, [c2cf608522689a9cef362e6c9c66c838],
    PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}, Quarantined, [c2cf608522689a9cef362e6c9c66c838],
    PUP.Funmoods, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\bbjciahceamgodcoidkjpchnokgfpphh, Quarantined, [ccc539acd8b26dc9360ba8b4f40f9f61],
    PUP.Optional.FunMoods.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\cjpglkicenollcignonpgiafdgfeehoj, Quarantined, [761b6e77c0cabf77dba3c284020245bb],
    PUP.Optional.FunMoods.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Quarantined, [6c25945186047abcf555d339778c8080],
    PUP.Funmoods, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\bbjciahceamgodcoidkjpchnokgfpphh, Quarantined, [741dfbea2b5fff37fc45c9930bf8847c],
    PUP.Optional.FunMoods.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\cjpglkicenollcignonpgiafdgfeehoj, Quarantined, [8a07d0153852c571dea0e363ea1abd43],
    PUP.Optional.WeCare.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\ippkomaaonokjnfjoikaemidanojkfmm, Quarantined, [3e534c990288122479384dfb13f0ae52],
    PUP.Optional.WeCareReminder.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}, Quarantined, [a0f1cc19404aa78facf18c7e43c055ab],
    PUP.Optional.FunMoods.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Quarantined, [7d14776e4f3bb284cf7b14f87b88956b],
    PUP.Optional.WeCareReminder.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{78FADD33-5D93-4FB8-AC29-1D823C0574B8}, Quarantined, [a9e87a6b088257df6539be4c25def10f],
    PUP.Optional.WeCare, HKU\S-1-5-21-2041430264-2399561070-413413978-1000\SOFTWARE\wecarereminder, Quarantined, [e6ab4e97b9d1ed4935a6c86bc83b768a],
    PUP.Funmoods, HKU\S-1-5-21-2041430264-2399561070-413413978-1000\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\bbjciahceamgodcoidkjpchnokgfpphh, Quarantined, [0e83a342dab07db955eb3b21de25f50b],
    PUP.Optional.FunMoods.A, HKU\S-1-5-21-2041430264-2399561070-413413978-1000\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\cjpglkicenollcignonpgiafdgfeehoj, Quarantined, [f29f6c79d7b3ae887b04aa9c46beb947],
    PUP.Optional.FunMoods.A, HKU\S-1-5-21-2041430264-2399561070-413413978-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Quarantined, [8a0741a43f4b2f07a3a64dbf8083ab55],
    PUP.Optional.WeCare.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}, Quarantined, [4d440cd9b4d689ad86022dcb4bb7d62a],
    PUP.Optional.WeCare.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}, Quarantined, [4d440cd9b4d689ad86022dcb4bb7d62a],
     
  9. Java13

    Java13 TS Rookie Topic Starter Posts: 18

    Heres the second half of MBAM log

    Registry Values: 26
    PUP.Optional.Funmoods.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}, Funmoods Toolbar, Quarantined, [0889ce17f19958de394a229ce61c27d9]
    PUP.Optional.Funmoods.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}, Quarantined, [642d27bedfabf046364d9727dc26ab55],
    PUP.Optional.FunMoods.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, Funmoods, Quarantined, [6c25945186047abcf555d339778c8080]
    PUP.Optional.FunMoods.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, http://start.funmoods.com/results.p...BtCtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1076241928, Quarantined, [4e43e7fe464459dd103a8a826f948977]
    PUP.Optional.FunMoods.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|DisplayName, Funmoods, Quarantined, [573a9d483357e254f45648c44fb4fd03]
    PUP.Optional.FunMoods.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|FaviconURL, http://start.funmoods.com/favicon.ico, Quarantined, [f29fa540751574c2af9bd537ed16d62a]
    PUP.Optional.FunMoods.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TopResultURLFallback, http://start.funmoods.com/results.p...BtCtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1076241928, Quarantined, [5e33fee79bef51e5da702be1ec1711ef]
    PUP.Optional.FunMoods.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|FaviconPath, C:\PROGRA~2\Funmoods\1.5.23.22\FavIcon.ico, Quarantined, [d8b9b72e22680234fb4f48c4d72c6e92]
    PUP.Optional.FunMoods.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|FaviconURLFallback, http://start.funmoods.com/favicon.ico, Quarantined, [68299451f298c76fad9d73996b98f30d]
    PUP.Optional.WeCareReminder.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}|AppPath, C:\ProgramData\WeCareReminder, Quarantined, [a0f1cc19404aa78facf18c7e43c055ab]
    PUP.Optional.FunMoods.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, Funmoods, Quarantined, [7d14776e4f3bb284cf7b14f87b88956b]
    PUP.Optional.FunMoods.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, http://start.funmoods.com/results.p...BtCtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1076241928, Quarantined, [bcd503e2e3a733033d0d8a82f211e41c]
    PUP.Optional.FunMoods.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|DisplayName, Funmoods, Quarantined, [bcd5b035ed9dff372723cb41af544eb2]
    PUP.Optional.FunMoods.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|FaviconURL, http://start.funmoods.com/favicon.ico, Quarantined, [4b46c1242664ee48f951e52709fa39c7]
    PUP.Optional.FunMoods.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TopResultURLFallback, http://start.funmoods.com/results.p...BtCtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1076241928, Quarantined, [523f50952466ec4a90ba56b6659eab55]
    PUP.Optional.FunMoods.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|FaviconPath, C:\PROGRA~2\Funmoods\1.5.23.22\FavIcon.ico, Quarantined, [870ade07365465d17bcf0705f0139967]
    PUP.Optional.FunMoods.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|FaviconURLFallback, http://start.funmoods.com/favicon.ico, Quarantined, [f1a02bba9befa096f45611fb5da6b44c]
    PUP.Optional.WeCareReminder.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{78FADD33-5D93-4FB8-AC29-1D823C0574B8}|Publisher, We-Care.com, Quarantined, [a9e87a6b088257df6539be4c25def10f]
    PUP.Optional.WeCareReminder.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{78FADD33-5D93-4FB8-AC29-1D823C0574B8}|DisplayName, ASPCA Reminder by We-Care.com v4.1.17.1, Quarantined, [0e83ffe6ef9b0e288e10f01a9a69db25]
    PUP.Optional.FunMoods.A, HKU\S-1-5-21-2041430264-2399561070-413413978-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, http://start.funmoods.com/results.p...BtCtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1076241928, Quarantined, [8a0741a43f4b2f07a3a64dbf8083ab55]
    PUP.Optional.FunMoods.A, HKU\S-1-5-21-2041430264-2399561070-413413978-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TopResultURLFallback, http://start.funmoods.com/results.p...BtCtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1076241928, Quarantined, [95fc9c49ec9ebb7bed5c28e470935ea2]
    PUP.Optional.FunMoods.A, HKU\S-1-5-21-2041430264-2399561070-413413978-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|FaviconURL, http://start.funmoods.com/favicon.ico, Quarantined, [f0a1b5302f5ba2940841b755c0439d63]
    PUP.Optional.FunMoods.A, HKU\S-1-5-21-2041430264-2399561070-413413978-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|FaviconPath, C:\PROGRA~2\Funmoods\1.5.23.22\FavIcon.ico, Quarantined, [7021e104cebce353ab9ea369dd26946c]
    PUP.Optional.FunMoods.A, HKU\S-1-5-21-2041430264-2399561070-413413978-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|FaviconURLFallback, http://start.funmoods.com/favicon.ico, Quarantined, [f29f5293fb8f92a41138ff0d32d1bd43]
    PUP.Optional.FunMoods.A, HKU\S-1-5-21-2041430264-2399561070-413413978-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, Funmoods, Quarantined, [6b26d90ca2e8989e5deca06ccf34ff01]
    PUP.Optional.FunMoods.A, HKU\S-1-5-21-2041430264-2399561070-413413978-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|DisplayName, Funmoods, Quarantined, [652c1dc8c8c287afcc7d8f7d748fb947]

    Registry Data: 0
    (No malicious items detected)

    Folders: 24
    PUP.Optional.FunMoods.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh, Quarantined, [7e13bf266b1fe452bc3acd0d7c86e719],
    PUP.Optional.FunMoods.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\1.0_0, Quarantined, [7e13bf266b1fe452bc3acd0d7c86e719],
    PUP.Optional.FunMoods.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\1.0_0\img, Quarantined, [7e13bf266b1fe452bc3acd0d7c86e719],
    PUP.Optional.FunMoods.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\1.0_0\js, Quarantined, [7e13bf266b1fe452bc3acd0d7c86e719],
    PUP.Optional.FunMoods.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\1.0_0\style, Quarantined, [7e13bf266b1fe452bc3acd0d7c86e719],
    PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm, Quarantined, [2071588d216970c6919d796229d9bf41],
    PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0, Quarantined, [2071588d216970c6919d796229d9bf41],
    PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\css, Quarantined, [2071588d216970c6919d796229d9bf41],
    PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\css\bootstrap, Quarantined, [2071588d216970c6919d796229d9bf41],
    PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\css\bootstrap\css, Quarantined, [2071588d216970c6919d796229d9bf41],
    PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\css\bootstrap\img, Quarantined, [2071588d216970c6919d796229d9bf41],
    PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\css\images, Quarantined, [2071588d216970c6919d796229d9bf41],
    PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\html, Quarantined, [2071588d216970c6919d796229d9bf41],
    PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\images, Quarantined, [2071588d216970c6919d796229d9bf41],
    PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\js, Quarantined, [2071588d216970c6919d796229d9bf41],
    PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\modules, Quarantined, [2071588d216970c6919d796229d9bf41],
    PUP.Optional.WeCare.A, C:\ProgramData\WeCareReminder, Quarantined, [4d440cd9b4d689ad86022dcb4bb7d62a],
    PUP.Optional.WeCare.A, C:\ProgramData\WeCareReminder\wecarereminder@bryan, Quarantined, [4d440cd9b4d689ad86022dcb4bb7d62a],
    PUP.Optional.WeCare.A, C:\ProgramData\WeCareReminder\wecarereminder@bryan\chrome, Quarantined, [4d440cd9b4d689ad86022dcb4bb7d62a],
    PUP.Optional.WeCare.A, C:\ProgramData\WeCareReminder\wecarereminder@bryan\chrome\logo, Quarantined, [4d440cd9b4d689ad86022dcb4bb7d62a],
    PUP.Optional.WeCare.A, C:\ProgramData\WeCareReminder\wecarereminder@bryan\components, Quarantined, [4d440cd9b4d689ad86022dcb4bb7d62a],
    PUP.Optional.WeCare.A, C:\ProgramData\WeCareReminder\wecarereminder@bryan\defaults, Quarantined, [4d440cd9b4d689ad86022dcb4bb7d62a],
    PUP.Optional.WeCare.A, C:\ProgramData\WeCareReminder\wecarereminder@bryan\defaults\preferences, Quarantined, [4d440cd9b4d689ad86022dcb4bb7d62a],
    PUP.Optional.WeCare.A, C:\ProgramData\WeCareReminder\wecarereminder@bryan\META-INF, Quarantined, [4d440cd9b4d689ad86022dcb4bb7d62a],

    Files: 120
    PUP.Optional.WeCare.A, C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll, Quarantined, [d8b9875ef496181e118d4e73887af30d],
    PUP.Optional.WeCare.A, C:\ProgramData\ReadOnlyInstaller.msi, Quarantined, [a5ec4d9859318fa75188819fcc34817f],
    PUP.Optional.WeCare.A, C:\ProgramData\WeCareReminder\ReminderHelper.exe, Quarantined, [0889c71ed6b41b1baa2f948cec145aa6],
    PUP.Optional.WeCare.A, C:\ProgramData\WeCareReminder\WCAutoUpdate.exe, Quarantined, [b8d935b0662487af9842df414cb4e020],
    PUP.Optional.DownloadAdmin.C, C:\Users\Elizabeth\Downloads\vlcmediaplayer-setup.exe, Quarantined, [2c658a5bb9d1a49271862d408c790000],
    PUP.Optional.WeCare.A, C:\Windows\Installer\2b5efae.msi, Quarantined, [444d6481eb9f86b0578269b743bd837d],
    PUP.Optional.FunMoods.A, C:\Users\Elizabeth\AppData\Local\funmoods-speeddial.crx, Quarantined, [4e43885d8901dd59bd34e29cb450738d],
    PUP.Optional.FunMoods.A, C:\Users\Elizabeth\AppData\Local\funmoods.crx, Quarantined, [642d28bdaedc8caa678a700e8084f907],
    PUP.Optional.FunMoods.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\1.0_0\background.html, Quarantined, [7e13bf266b1fe452bc3acd0d7c86e719],
    PUP.Optional.FunMoods.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\1.0_0\dropdown.html, Quarantined, [7e13bf266b1fe452bc3acd0d7c86e719],
    PUP.Optional.FunMoods.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\1.0_0\manifest.json, Quarantined, [7e13bf266b1fe452bc3acd0d7c86e719],
    PUP.Optional.FunMoods.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\1.0_0\img\128.png, Quarantined, [7e13bf266b1fe452bc3acd0d7c86e719],
    PUP.Optional.FunMoods.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\1.0_0\img\16.png, Quarantined, [7e13bf266b1fe452bc3acd0d7c86e719],
    PUP.Optional.FunMoods.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\1.0_0\img\32.png, Quarantined, [7e13bf266b1fe452bc3acd0d7c86e719],
    PUP.Optional.FunMoods.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\1.0_0\img\48.png, Quarantined, [7e13bf266b1fe452bc3acd0d7c86e719],
    PUP.Optional.FunMoods.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\1.0_0\img\64.png, Quarantined, [7e13bf266b1fe452bc3acd0d7c86e719],
    PUP.Optional.FunMoods.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\1.0_0\img\ajax-loader.gif, Quarantined, [7e13bf266b1fe452bc3acd0d7c86e719],
    PUP.Optional.FunMoods.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\1.0_0\js\FMLoader.js, Quarantined, [7e13bf266b1fe452bc3acd0d7c86e719],
    PUP.Optional.FunMoods.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\1.0_0\js\greetingmoods.js, Quarantined, [7e13bf266b1fe452bc3acd0d7c86e719],
    PUP.Optional.FunMoods.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\1.0_0\js\mtrprt.js, Quarantined, [7e13bf266b1fe452bc3acd0d7c86e719],
    PUP.Optional.FunMoods.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\1.0_0\style\funmoods_chrome_1.0.1.css, Quarantined, [7e13bf266b1fe452bc3acd0d7c86e719],
    PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\bg.html, Quarantined, [2071588d216970c6919d796229d9bf41],
    PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\icon_128.png, Quarantined, [2071588d216970c6919d796229d9bf41],
    PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\manifest.json, Quarantined, [2071588d216970c6919d796229d9bf41],
    PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\modules.json, Quarantined, [2071588d216970c6919d796229d9bf41],
    PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\npsimple.dll, Quarantined, [2071588d216970c6919d796229d9bf41],
    PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\css\clouds.css, Quarantined, [2071588d216970c6919d796229d9bf41],
    PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\css\if.css, Quarantined, [2071588d216970c6919d796229d9bf41],
    PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\css\jquery-ui-1.10.2.custom.min.css, Quarantined, [2071588d216970c6919d796229d9bf41],
    PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\css\jquery-ui-1.8.18.custom.css, Quarantined, [2071588d216970c6919d796229d9bf41],
    PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\css\normalize.css, Quarantined, [2071588d216970c6919d796229d9bf41],
    PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\css\options.css, Quarantined, [2071588d216970c6919d796229d9bf41],
    PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\css\search.css, Quarantined, [2071588d216970c6919d796229d9bf41],
    PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\css\showRedirect.css, Quarantined, [2071588d216970c6919d796229d9bf41],
    PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\css\updateNotif.css, Quarantined, [2071588d216970c6919d796229d9bf41],
    PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\css\updateNotif2.css, Quarantined, [2071588d216970c6919d796229d9bf41],
    PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\css\updateNotif2light.css, Quarantined, [2071588d216970c6919d796229d9bf41],
    PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\css\updateNotif3.css, Quarantined, [2071588d216970c6919d796229d9bf41],
    PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\css\updateNotif3light.css, Quarantined, [2071588d216970c6919d796229d9bf41],
    PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\css\we-care_app_bg.png, Quarantined, [2071588d216970c6919d796229d9bf41],
    PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\css\bootstrap\css\bootstrap-responsive.css, Quarantined, [2071588d216970c6919d796229d9bf41],
    PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\css\bootstrap\css\bootstrap-responsive.min.css, Quarantined, [2071588d216970c6919d796229d9bf41],
    PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\css\bootstrap\css\bootstrap.css, Quarantined, [2071588d216970c6919d796229d9bf41],
    PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\css\bootstrap\css\bootstrap.min.css, Quarantined, [2071588d216970c6919d796229d9bf41],
    PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\css\bootstrap\img\glyphicons-halflings-white.png, Quarantined, [2071588d216970c6919d796229d9bf41],
    PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\css\bootstrap\img\glyphicons-halflings.png, Quarantined, [2071588d216970c6919d796229d9bf41],
    PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\css\images\animated-overlay.gif, Quarantined, [2071588d216970c6919d796229d9bf41],
    PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\css\images\Breast_Cancer_Badge.png, Quarantined, [2071588d216970c6919d796229d9bf41],
    PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\css\images\Close_button.png, Quarantined, [2071588d216970c6919d796229d9bf41],
    PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\css\images\Eco_Friendly_Badge.png, Quarantined, [2071588d216970c6919d796229d9bf41],
    PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\css\images\Free_Shipping.png, Quarantined, [2071588d216970c6919d796229d9bf41],
    PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\css\images\Left_Clouds.png, Quarantined, [2071588d216970c6919d796229d9bf41],
    PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\css\images\Questions_button.png, Quarantined, [2071588d216970c6919d796229d9bf41],
    PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\css\images\Right_Clouds.png, Quarantined, [2071588d216970c6919d796229d9bf41],
    PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\css\images\Support_button.png, Quarantined, [2071588d216970c6919d796229d9bf41],
    PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\css\images\We_Care_Logo.png, Quarantined, [2071588d216970c6919d796229d9bf41],
    PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\html\app.html, Quarantined, [2071588d216970c6919d796229d9bf41],
    PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\html\container.html, Quarantined, [2071588d216970c6919d796229d9bf41],
    PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\html\menu.html, Quarantined, [2071588d216970c6919d796229d9bf41],
    PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\html\notif.html, Quarantined, [2071588d216970c6919d796229d9bf41],
    PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\html\options.html, Quarantined, [2071588d216970c6919d796229d9bf41],
    PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\html\search.html, Quarantined, [2071588d216970c6919d796229d9bf41],
    PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\html\uninstall.html, Quarantined, [2071588d216970c6919d796229d9bf41],
    PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\html\update_slide.html, Quarantined, [2071588d216970c6919d796229d9bf41],
    PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\html\upgrade.html, Quarantined, [2071588d216970c6919d796229d9bf41],
    PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\html\wca_slider.html, Quarantined, [2071588d216970c6919d796229d9bf41],
    PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\images\BOX.png, Quarantined, [2071588d216970c6919d796229d9bf41],
    PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\images\CHECK.png, Quarantined, [2071588d216970c6919d796229d9bf41],
    PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\images\close.gif, Quarantined, [2071588d216970c6919d796229d9bf41],
    PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\images\dog.gif, Quarantined, [2071588d216970c6919d796229d9bf41],
    PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\images\dog_wag.gif, Quarantined, [2071588d216970c6919d796229d9bf41],
    PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\images\donate.bmp, Quarantined, [2071588d216970c6919d796229d9bf41],
    PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\images\envelope.png, Quarantined, [2071588d216970c6919d796229d9bf41],
    PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\images\icon_128.png, Quarantined, [2071588d216970c6919d796229d9bf41],
    PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\images\logo_dark.png, Quarantined, [2071588d216970c6919d796229d9bf41],
    PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\images\logo_light.png, Quarantined, [2071588d216970c6919d796229d9bf41],
    PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\images\logo_sm_v.bmp, Quarantined, [2071588d216970c6919d796229d9bf41],
    PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\images\QUESTION.png, Quarantined, [2071588d216970c6919d796229d9bf41],
    PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\images\X-MARK.png, Quarantined, [2071588d216970c6919d796229d9bf41],
    PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\js\container.js, Quarantined, [2071588d216970c6919d796229d9bf41],
    PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\js\Controller.js, Quarantined, [2071588d216970c6919d796229d9bf41],
    PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\js\jquery-1.7.1.min.js, Quarantined, [2071588d216970c6919d796229d9bf41],
    PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\js\jquery-ui-1.10.2.custom.min.js, Quarantined, [2071588d216970c6919d796229d9bf41],
    PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\js\jquery.numericCounter-1.0.min.js, Quarantined, [2071588d216970c6919d796229d9bf41],
    PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\js\loader.js, Quarantined, [2071588d216970c6919d796229d9bf41],
    PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\js\menu.js, Quarantined, [2071588d216970c6919d796229d9bf41],
    PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\js\message.js, Quarantined, [2071588d216970c6919d796229d9bf41],
    PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\js\options.js, Quarantined, [2071588d216970c6919d796229d9bf41],
    PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\js\plugin.exe, Quarantined, [2071588d216970c6919d796229d9bf41],
    PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\js\slider.js, Quarantined, [2071588d216970c6919d796229d9bf41],
    PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\js\smileplus.js, Quarantined, [2071588d216970c6919d796229d9bf41],
    PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\js\smileplus_cs.js, Quarantined, [2071588d216970c6919d796229d9bf41],
    PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\js\uninstall.js, Quarantined, [2071588d216970c6919d796229d9bf41],
    PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\js\updateButtons.js, Quarantined, [2071588d216970c6919d796229d9bf41],
    PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\js\update_slide.js, Quarantined, [2071588d216970c6919d796229d9bf41],
    PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\js\wc.js, Quarantined, [2071588d216970c6919d796229d9bf41],
    PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\js\wca.js, Quarantined, [2071588d216970c6919d796229d9bf41],
    PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\modules\bgAdmon.js, Quarantined, [2071588d216970c6919d796229d9bf41],
    PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\modules\bgSerp.js, Quarantined, [2071588d216970c6919d796229d9bf41],
    PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\modules\csAdmon.js, Quarantined, [2071588d216970c6919d796229d9bf41],
    PUP.Optional.WeCare.A, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.41_0\modules\csSerp.js, Quarantined, [2071588d216970c6919d796229d9bf41],
    PUP.Optional.WeCare.A, C:\ProgramData\WeCareReminder\aspca.bmp, Quarantined, [4d440cd9b4d689ad86022dcb4bb7d62a],
    PUP.Optional.WeCare.A, C:\ProgramData\WeCareReminder\IEHelperv2.5.0PS.dll, Quarantined, [4d440cd9b4d689ad86022dcb4bb7d62a],
    PUP.Optional.WeCare.A, C:\ProgramData\WeCareReminder\MerchantHash.json, Quarantined, [4d440cd9b4d689ad86022dcb4bb7d62a],
    PUP.Optional.WeCare.A, C:\ProgramData\WeCareReminder\wecarereminderro.crx, Quarantined, [4d440cd9b4d689ad86022dcb4bb7d62a],
    PUP.Optional.WeCare.A, C:\ProgramData\WeCareReminder\wecarereminder@bryan\chrome.manifest, Quarantined, [4d440cd9b4d689ad86022dcb4bb7d62a],
    PUP.Optional.WeCare.A, C:\ProgramData\WeCareReminder\wecarereminder@bryan\install.rdf, Quarantined, [4d440cd9b4d689ad86022dcb4bb7d62a],
    PUP.Optional.WeCare.A, C:\ProgramData\WeCareReminder\wecarereminder@bryan\ltvid.xml, Quarantined, [4d440cd9b4d689ad86022dcb4bb7d62a],
    PUP.Optional.WeCare.A, C:\ProgramData\WeCareReminder\wecarereminder@bryan\MerchHash.txt, Quarantined, [4d440cd9b4d689ad86022dcb4bb7d62a],
    PUP.Optional.WeCare.A, C:\ProgramData\WeCareReminder\wecarereminder@bryan\chrome\wecarereminder.jar, Quarantined, [4d440cd9b4d689ad86022dcb4bb7d62a],
    PUP.Optional.WeCare.A, C:\ProgramData\WeCareReminder\wecarereminder@bryan\chrome\logo\default_serp.gif, Quarantined, [4d440cd9b4d689ad86022dcb4bb7d62a],
    PUP.Optional.WeCare.A, C:\ProgramData\WeCareReminder\wecarereminder@bryan\chrome\logo\wecare_logo.bmp, Quarantined, [4d440cd9b4d689ad86022dcb4bb7d62a],
    PUP.Optional.WeCare.A, C:\ProgramData\WeCareReminder\wecarereminder@bryan\components\httpModifyListener.js, Quarantined, [4d440cd9b4d689ad86022dcb4bb7d62a],
    PUP.Optional.WeCare.A, C:\ProgramData\WeCareReminder\wecarereminder@bryan\components\WCR_MerchantHash.idl, Quarantined, [4d440cd9b4d689ad86022dcb4bb7d62a],
    PUP.Optional.WeCare.A, C:\ProgramData\WeCareReminder\wecarereminder@bryan\components\WCR_MerchantHash.js, Quarantined, [4d440cd9b4d689ad86022dcb4bb7d62a],
    PUP.Optional.WeCare.A, C:\ProgramData\WeCareReminder\wecarereminder@bryan\components\WCR_MerchantHash.xpt, Quarantined, [4d440cd9b4d689ad86022dcb4bb7d62a],
    PUP.Optional.WeCare.A, C:\ProgramData\WeCareReminder\wecarereminder@bryan\defaults\preferences\wecarereminder.js, Quarantined, [4d440cd9b4d689ad86022dcb4bb7d62a],
    PUP.Optional.WeCare.A, C:\ProgramData\WeCareReminder\wecarereminder@bryan\META-INF\manifest.mf, Quarantined, [4d440cd9b4d689ad86022dcb4bb7d62a],
    PUP.Optional.WeCare.A, C:\ProgramData\WeCareReminder\wecarereminder@bryan\META-INF\zigbert.rsa, Quarantined, [4d440cd9b4d689ad86022dcb4bb7d62a],
    PUP.Optional.WeCare.A, C:\ProgramData\WeCareReminder\wecarereminder@bryan\META-INF\zigbert.sf, Quarantined, [4d440cd9b4d689ad86022dcb4bb7d62a],

    Physical Sectors: 0
    (No malicious items detected)


    (end)
     
  10. Java13

    Java13 TS Rookie Topic Starter Posts: 18

    Heres the AdwCleaner log

    # AdwCleaner v4.208 - Logfile created 26/07/2015 at 23:20:21
    # Updated 09/07/2015 by Xplode
    # Database : 2015-07-26.2 [Server]
    # Operating system : Windows 7 Home Premium Service Pack 1 (x64)
    # Username : Elizabeth - ELIZABETH-VAIO
    # Running from : C:\Users\Elizabeth\Desktop\adwcleaner_4.208.exe
    # Option : Cleaning

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    File Deleted : C:\Users\Public\Desktop\eBay.lnk
    File Deleted : C:\Users\Public\Desktop\iLivid.lnk
    File Deleted : C:\ProgramData\uninstaller.exe
    File Deleted : C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_isearch.avg.com_0.localstorage
    File Deleted : C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_isearch.avg.com_0.localstorage-journal
    File Deleted : C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
    File Deleted : C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
    File Deleted : C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.yourtango.com_0.localstorage
    File Deleted : C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.yourtango.com_0.localstorage-journal

    ***** [ Scheduled tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [Backup.old.Start Page]
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKU\.DEFAULT\Software\APN
    Key Deleted : HKU\.DEFAULT\Software\Ask.com
    Key Deleted : HKU\.DEFAULT\Software\AskToolbar
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\isearch.avg.com
    Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

    ***** [ Web browsers ] *****

    -\\ Internet Explorer v11.0.9600.16521


    -\\ Google Chrome v

    [C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1Qzu0CyEzzyDtDzztD0FtDyEzy0D0B0CyCtAtN0D0Tzu0CtBtCtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1076241928
    [C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxps://isearch.avg.com/search?cid={8A07EEBA-0AE7-4EB7-B783-1C3FC1419CBB}&mid=ed664006ed2347d0b3d8e1b0ab031794-565e6b247e04a74c4e37283d4e4795e51e9f1f5e&lang=en&ds=ft011&pr=sa&d=2012-08-03 15:16:53&v=12.1.0.21&sap=dsp&q={searchTerms}
    [C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
    [C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.netflix.com/WiSearch?raw_query=&ac_category_type=none&ac_rel_posn=-1&ac_abs_posn=-1&v1={searchTerms}&search_submit=

    *************************

    AdwCleaner[R0].txt - [5370 bytes] - [26/07/2015 22:11:40]
    AdwCleaner[S0].txt - [5151 bytes] - [26/07/2015 23:20:21]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5210 bytes] ##########
     
  11. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    JRT?
     
  12. Java13

    Java13 TS Rookie Topic Starter Posts: 18

    Last but not least...
    It was still running slow before running this one. Will take notice tomorrow when I get off work ho it is running after running this.

    Let me know your thoughts!

    Elizabeth

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 7.5.4 (07.27.2015:1)
    OS: Windows 7 Home Premium x64
    Ran by Elizabeth on Thu 07/30/2015 at 22:25:48.61
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Tasks



    ~~~ Registry Values

    Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_BC42A7D22EA4C9EEEC843EF2870E3FB5



    ~~~ Registry Keys



    ~~~ Files

    Successfully deleted: [File] C:\Users\Elizabeth\Appdata\Local\google\chrome\user data\default\local storage\hxxp_lyrics.wikia.com_0.localstorage
    Successfully deleted: [File] C:\Users\Elizabeth\Appdata\Local\google\chrome\user data\default\local storage\hxxp_lyrics.wikia.com_0.localstorage-journal
    Successfully deleted: [File] C:\Users\Elizabeth\Appdata\Local\google\chrome\user data\default\local storage\hxxp_services.hearstmags.com_0.localstorage
    Successfully deleted: [File] C:\Users\Elizabeth\Appdata\Local\google\chrome\user data\default\local storage\hxxp_services.hearstmags.com_0.localstorage-journal



    ~~~ Folders

    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{0257AAAF-250F-4E58-8D46-230714AF5DB7}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{039B8A4E-F417-4274-991A-131EC487AE7E}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{05DA9BD7-D567-4016-9EF6-32711713FA0A}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{06E2BA84-CC66-4996-AD6F-DC22E6AF9428}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{07660A19-E8B7-4D14-9C1C-40A2EFD37847}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{0831601A-4224-4EC1-A875-815ADE57279C}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{0A075B37-24F5-4C74-B3F0-A4396017D253}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{0C3987CF-B19D-493C-B403-80D1E1C1B2A9}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{0C52CC8F-F289-4D43-B8E2-EE801229FF1A}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{0F5C7E1A-46E3-430E-A9AE-423095D29F3B}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{12898BB3-5437-4AD2-A849-F115F729A7A1}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{14C44DE9-8300-4B73-B963-CFEDC7353C47}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{17063CF3-02F5-413F-AA5D-A694D8CAF893}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{174B23A3-F7F7-4861-8696-22A660C29EBC}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{1913FEAD-9374-4885-A515-BE720E508696}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{19AF36EA-61DD-4B00-9E27-792F923EE7B6}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{19ED4A81-4CBE-4508-96C3-89C5AD09F1F5}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{1AE34F11-5F84-49A6-8CF8-1BEC7399B414}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{1BD89C0A-2E1E-4CE4-A35D-7BF1CFFA29B3}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{1C0AB1FE-F136-4D9C-A3CC-92CD1D5DD4A8}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{23ED30A3-1F33-4B4B-8D29-493B71072E6B}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{244BE9A4-EA46-4FA7-B203-E6005EE5D0A7}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{2493BB08-C249-407C-B485-799D03FF8E95}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{257602EB-8394-49CA-B6F7-B893FD8ED186}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{25BA9221-C0D9-4662-A994-B1AE740C6815}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{273F7CFA-C7D1-4B22-8779-E5C70D58670B}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{27CD1599-A01B-4864-BA5D-E456F271715B}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{27E2B1BE-6D2C-49E9-B4F8-A0CE6CFA97C6}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{2851A4AF-F5C6-48C1-AD49-BEF9D973A53A}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{28A0EE9E-55C0-464F-B3DF-D83E3C73896B}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{290F71B8-E311-497A-99F7-031418A2ED65}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{292B3104-0C2C-4A7C-B829-C97B1BC31296}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{29359F48-11C3-44A4-A5EF-B1166759B7F5}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{2A72D843-A6E7-411E-B9B8-55DE5BA74300}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{2CD874F8-728F-4D25-9EA1-C2557B75C5A6}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{2DC65595-B7D4-4C9A-80A9-B9F655ABF0F7}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{33499B6F-5C56-4320-ACDD-D4AF406D2BA1}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{35DBA92D-12BE-49A7-A20D-CA920B3403B6}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{3C624DC4-6280-4D94-BFAA-27607B8E1A73}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{3C7E9698-B05A-459F-824D-4E290C624D49}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{404FB900-42C9-45A2-9EFA-74269593080F}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{439C19C7-8241-4B21-8959-0A81F03EE4DC}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{43A16109-3D22-4AA3-B1FC-969152B575EB}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{445AEF5F-7433-4272-B234-2DA9E3A05782}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{46535D5C-C610-4006-B86B-58615A917954}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{481E8403-D64C-4D48-8EF6-0E4F62B52325}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{489EB597-AB4C-4321-92EC-0F806EFB2C76}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{4B178ED7-796A-43BB-A830-A1796B0BF64D}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{4BA025C6-72E6-4CAA-A61B-7C69733991AC}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{4F19605F-58DB-4D4D-AEBA-4558EE4D78B6}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{4F1F77D1-277E-4B87-A8F0-D62EF7A70DAF}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{50C5B67A-95C7-454D-8209-5B9B132B3E73}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{53E1EC21-BEF0-4AC3-B76D-940239A5F2C0}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{547E9770-C498-478E-B305-29D136E3B549}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{54C10D1F-B3E4-42FC-9B09-940D3A480C06}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{55B4CAD0-B28C-459C-86B4-317EA12FEB01}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{5626D5D0-5ED1-4922-AF0A-7220739642C1}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{576DF9C6-E812-4AA1-A948-97D24C9CD912}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{57F3D081-289E-4B4A-95B5-1F68E5AEA67E}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{59529E36-ACC4-4010-B86E-CB6AB69D6223}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{5BBECF4E-83BE-4E8E-AE05-BF27D8ECD4E8}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{65708585-6795-4F37-B14B-377A6B770F41}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{6877E36F-FE45-4118-8520-BA7BD69E30E5}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{7088C7B2-FE61-4BB9-BF37-D842331EF7B6}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{709F4FB5-B999-4A47-A0F8-B59CA73E3988}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{70FF9017-9AB5-4E62-AFCE-10BB60DDFEBC}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{710F4D79-2B6C-46C9-8B90-B5B86AD8D745}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{72AE2311-FD0B-4A0D-A9AD-E1873914E295}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{72C3A525-EBEC-47C5-83B9-F0E70C53A0D7}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{74AAB699-2563-475D-80B0-10304057AD0E}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{74C7802F-941E-475D-B736-8907700F5BE7}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{762419F6-8813-47C9-ABBB-D070C678C3A3}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{76828477-363D-44A3-8BE5-199E45AAE541}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{7729F48F-DBC2-4955-9339-A1E89C02510E}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{78A87102-375F-434B-8B24-8BA3761B29B4}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{793D27C1-5DCC-4853-B777-E82243CA0BEB}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{7C2434C4-64D8-4EA3-85A7-01DB3F0577B1}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{7E9FEF91-9FDA-431B-916E-7DBBD38ECA59}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{82366FE0-4CB4-4531-8B20-624E97DF20B8}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{86ACC1DF-C953-4558-BEBC-AA9E877F9267}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{872A75C3-729A-4F6B-8827-86EFDEE35345}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{8791D826-C140-4B94-BCB6-4E4319C959AC}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{8885D030-9F0E-4EF8-9149-1E2DB3095326}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{892B586A-69CF-4139-9093-F69BC6BD622F}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{8BBA1DDD-36EF-42F2-B0C0-1A922EB7218B}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{8C235330-3390-4A0B-8E1D-E4049494C88E}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{900ACEE8-AE6A-4E06-99AF-F1F41D5FAE6A}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{922C6183-8943-4C2D-AB70-788BE9631BD1}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{950651D9-9B56-4411-8C42-F8BC0F409925}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{959FD1F7-1124-4B75-9EE5-09A0D9297F8B}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{96C53A30-201F-4252-AAAE-4C954E065672}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{9716008B-4C95-4C0E-A5EE-35E04D6659B0}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{98330CD9-549A-47FD-B025-F3A4E2E0655D}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{9AC4AEDB-584C-43D0-AAC1-F9651F540722}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{9B5CF174-5010-4C2A-9660-3DD9A1A974B7}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{A0CE9D25-39FA-4163-BB20-55B5AF7E14D7}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{A1D24A9E-10C9-4139-AC02-86C528DED7FD}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{A32119C5-4C92-465A-8B22-1EA7D33DFEB3}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{A6960D08-3A91-4578-9BC7-FCCF3955793E}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{A6CC5D2F-96E4-4836-9468-33C9BDD4AA08}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{A9E68E56-A8B2-4C3A-97AD-4C8582384268}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{A9EFE477-0B5B-4536-854F-47866D33DABA}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{AA3DD60A-A74C-4432-B629-9E70878E1E75}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{AA3F86A7-4204-4F40-9E91-253BA4B2DB41}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{AF03A0CF-D733-4462-B356-767F29E92EC8}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{AF6BBE95-2219-41CC-B802-829E04F60E33}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{B1E056C8-A913-4872-B242-0F0F3AE93EB9}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{B4544539-F762-4E02-B27D-AC8CBAA3F8DE}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{B539C05A-EAFB-4F48-A444-20142BB40C9D}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{B59899D9-603F-4FD3-8BCE-5D3D424846D6}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{B5C4A8A7-AFD1-4FCB-BB64-F44BD37430F5}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{B7261279-A501-4256-947C-A86EECA7F64E}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{BBE81C5A-58AA-4510-B9C5-7CEFC5847A83}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{BCCA5CD5-C918-4252-B528-ED47DE6F46C6}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{BD189B43-DE4B-4F20-AA62-F6B673D2901E}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{BD5DFF6B-B230-47C1-AF3C-78C334FC039B}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{BED7C776-F75D-44C8-8326-132AE303CFD3}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{C2DE99F4-6D2D-4D29-992A-EB275F80673D}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{CD5BCC31-D02F-46FF-9959-98DCAFC77E69}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{CE411A92-2CC4-482A-A1E2-C1CF22FFCE68}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{D110E8B5-ADBF-403F-B893-278D42F1B985}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{D3EC006E-8565-4337-AE70-5C93EBDBF338}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{D48D432C-D2AB-4835-8005-B044CB1F18DA}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{D640AD49-910D-4AE3-AA3B-CF8B7B125677}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{D7D08A1A-D88F-4B93-9FED-CCCC17A96990}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{DE294C54-0F8D-4906-AB25-52C394171A16}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{E00FAD19-6E1C-423C-8CA2-985A2D74D28D}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{E153CDEA-71FF-48D5-AA5D-6AD39AB3AD0F}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{E1773FD3-E4D7-4C67-B08D-5D849841482B}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{E5DABC0A-7718-4779-8F4A-893EB1B30CAC}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{E5DCED71-2457-47A1-AB65-7EE270CD8D5C}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{E8D2C074-7A6B-4F8E-A81C-B9D4DBE8F580}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{EBAC2387-49B9-4672-9138-FC7458B422D6}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{ECCFA35B-AD7A-44A2-8936-C4C754897C65}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{EF30F9AB-8A49-443A-A14A-443AADFE8918}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{F1886418-70B3-4317-9BB7-5D11C3C97D5D}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{F19013B4-4BC0-438E-9D35-46AAD8BF8AAC}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{F1EB4492-B645-41B4-B988-AD7888953EEE}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{F2AFF381-3141-4D5E-92ED-8E49174CAF8B}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{F87BAC7B-4042-4145-A8BD-306DA2406372}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{F984145E-11C6-495F-BD81-A5FAFDF3A098}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{FAE10CC0-3C9C-465B-945E-4B2E728BB653}
    Successfully deleted: [Empty Folder] C:\Users\Elizabeth\Appdata\Local\{FAE8C489-1D42-4695-8D3B-F45A417C51E2}



    ~~~ Chrome


    [C:\Users\Elizabeth\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

    [C:\Users\Elizabeth\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

    [C:\Users\Elizabeth\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

    [C:\Users\Elizabeth\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
    [
    bopakagnckmlgajfccecajhnimjiiedh,
    cjpglkicenollcignonpgiafdgfeehoj
    ]





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Thu 07/30/2015 at 22:32:58.43
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  13. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  14. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Still with me?
     
  15. Java13

    Java13 TS Rookie Topic Starter Posts: 18

    Hi! Yes! I moved over the weekend so I've just been a little out of commission, every day after work has been unpacking. I wasn't able to download combofix with the first link, but sometimes when I restart the computer it goes faster so I'm going to try again tomorrow with the others.

    So sorry for the delay! Thank you so much for your help.
     
  16. Broni

    Broni Malware Annihilator Posts: 52,915   +344

  17. Java13

    Java13 TS Rookie Topic Starter Posts: 18

    ComboFix 15-08-03.01 - Elizabeth 08/04/2015 21:24:26.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6043.4522 [GMT -5:00]
    Running from: c:\users\Elizabeth\Downloads\ComboFix.exe
    AV: ThreatTrack Security VIPRE *Disabled/Updated* {FFE93D16-FD09-0282-C7D3-8B1731B6A051}
    FW: ThreatTrack Security VIPRE *Disabled* {C7D2BC33-B766-03DA-EC8C-2222CF65E72A}
    SP: ThreatTrack Security VIPRE *Disabled/Updated* {4488DCF2-DB33-0D0C-FD63-B0654A31EAEC}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\Roaming
    .
    .
    ((((((((((((((((((((((((( Files Created from 2015-07-05 to 2015-08-05 )))))))))))))))))))))))))))))))
    .
    .
    2015-08-05 02:32 . 2015-08-05 02:32 -------- d-----w- c:\users\Default\AppData\Local\temp
    2015-07-27 03:02 . 2015-07-27 04:20 -------- d-----w- C:\AdwCleaner
    2015-07-24 04:39 . 2015-07-25 17:01 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2015-07-24 04:37 . 2015-07-24 04:37 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
    2015-07-24 04:37 . 2015-07-24 04:37 -------- d-----w- c:\programdata\Malwarebytes
    2015-07-24 04:37 . 2015-06-18 13:41 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
    2015-07-24 04:37 . 2015-06-18 13:41 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2015-07-24 04:37 . 2015-06-18 13:41 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
    2015-07-22 02:48 . 2015-07-22 02:48 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
    2015-07-22 02:48 . 2015-07-25 04:46 -------- d-----w- c:\programdata\RogueKiller
    2015-07-21 02:15 . 2015-07-21 02:21 -------- d-----w- C:\FRST
    2015-07-20 23:08 . 2015-07-20 23:08 -------- d-----w- c:\program files\Common Files\AV
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2015-07-15 00:20 . 2012-04-26 12:06 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2015-07-15 00:20 . 2012-04-26 12:06 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2015-07-04 16:34 . 2015-07-04 16:34 111016 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
    2015-07-04 16:34 . 2015-07-04 16:34 320424 ----a-w- c:\windows\system32\javaws.exe
    2015-07-04 16:34 . 2015-07-04 16:34 189864 ----a-w- c:\windows\system32\javaw.exe
    2015-07-04 16:34 . 2015-07-04 16:34 189864 ----a-w- c:\windows\system32\java.exe
    2015-07-04 16:32 . 2015-07-04 16:33 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MusicManager"="c:\users\Elizabeth\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2015-05-29 7646208]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-02-29 56088]
    "Dolby Home Theater v4"="c:\program files (x86)\Dolby Home Theater v4\pcee4.exe" [2011-02-03 506712]
    "USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-03-09 291608]
    "ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2011-09-20 60552]
    "PMBVolumeWatcher"="c:\program files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe" [2012-02-21 693608]
    "WD Quick View"="c:\program files (x86)\Western Digital\WD Quick View\WDDMStatus.exe" [2012-04-30 5235608]
    "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-13 43848]
    "SBAMTray"="c:\program files (x86)\VIPRE\SBAMTray.exe" [2013-09-06 3216272]
    "ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2012-07-27 380088]
    "EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
    "FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-12-03 847872]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-10-02 421888]
    .
    c:\users\Elizabeth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Receiver.lnk - c:\windows\Installer\{961882FF-663F-47D2-8588-C9943C5E6A26}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe /startup [2014-6-29 40120]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~2\Citrix\ICACLI~1\RSHook.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
    R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
    R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
    R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
    R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
    R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1y60x64.sys [x]
    R3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys;c:\windows\SYSNATIVE\drivers\gfiark.sys [x]
    R3 gfiutil;gfiutil;c:\windows\system32\drivers\gfiutil.sys;c:\windows\SYSNATIVE\drivers\gfiutil.sys [x]
    R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
    R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x]
    R3 HtcVCom32;HTC Diagnostic Port;c:\windows\system32\DRIVERS\HtcVComV64.sys;c:\windows\SYSNATIVE\DRIVERS\HtcVComV64.sys [x]
    R3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
    R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
    R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
    R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
    R3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys;c:\windows\SYSNATIVE\DRIVERS\sbfwim.sys [x]
    R3 SbHips;SbHips;c:\windows\system32\drivers\sbhips.sys;c:\windows\SYSNATIVE\drivers\sbhips.sys [x]
    R3 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [x]
    R3 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [x]
    R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
    R3 USER_ESRV_SVC;User Energy Server Service;c:\program files\Sony\VAIO Care\esrv\esrv_svc.exe;c:\program files\Sony\VAIO Care\esrv\esrv_svc.exe [x]
    R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [x]
    R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [x]
    R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [x]
    R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
    S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\drivers\iusb3hcs.sys;c:\windows\SYSNATIVE\drivers\iusb3hcs.sys [x]
    S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]
    S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys;c:\windows\SYSNATIVE\drivers\SbFw.sys [x]
    S2 ActiveDelayDeviceService;ActiveDelayDeviceService;c:\program files (x86)\Sony\VAIO Boot Manager\ActiveDelayDeviceService.exe;c:\program files (x86)\Sony\VAIO Boot Manager\ActiveDelayDeviceService.exe [x]
    S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
    S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x]
    S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
    S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
    S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
    S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [x]
    S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [x]
    S2 ESRV_SVC;Energy Server Service;c:\program files\Sony\VAIO Care\esrv\esrv_svc.exe --AUTO_START --start --address 127.0.0.1;c:\program files\Sony\VAIO Care\esrv\esrv_svc.exe --AUTO_START --start --address 127.0.0.1 [x]
    S2 gfi_lanss11_attservice;GFI LanGuard 11 Attendant Service;c:\program files (x86)\GFI\LanGuard 11 Agent\lnssatt.exe;c:\program files (x86)\GFI\LanGuard 11 Agent\lnssatt.exe [x]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
    S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
    S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
    S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
    S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
    S2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service\Oasis2Service.exe;c:\program files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [x]
    S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x]
    S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [x]
    S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe;c:\program files\Sony\VAIO Care\VCPerfService.exe [x]
    S2 SBAMSvc;VIPRE Internet Security;c:\program files (x86)\VIPRE\SBAMSvc.exe;c:\program files (x86)\VIPRE\SBAMSvc.exe [x]
    S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys;c:\windows\SYSNATIVE\DRIVERS\sbapifs.sys [x]
    S2 SBPIMSvc;SB Recovery Service;c:\program files (x86)\VIPRE\SBPIMSvc.exe;c:\program files (x86)\VIPRE\SBPIMSvc.exe [x]
    S2 SoftshieldService;ExamsoftShieldService;c:\program files (x86)\Examsoft\Softest 11.0\Examsoft.ShieldRunner.exe;c:\program files (x86)\Examsoft\Softest 11.0\Examsoft.ShieldRunner.exe [x]
    S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-I Visual Effects 2\uCamMonitor.exe;c:\program files (x86)\ArcSoft\Magic-I Visual Effects 2\uCamMonitor.exe [x]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
    S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe;c:\program files\Sony\VAIO Power Management\SPMService.exe [x]
    S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [x]
    S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe;c:\program files\Sony\VAIO Smart Network\VSNService.exe [x]
    S2 WDBackup;WD Backup;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [x]
    S2 WDDriveService;WD Drive Manager;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [x]
    S2 WDRulesService;WD Rules;c:\program files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe;c:\program files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [x]
    S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
    S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
    S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys;c:\windows\SYSNATIVE\DRIVERS\ArcSoftKsUFilter.sys [x]
    S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
    S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\drivers\iusb3hub.sys;c:\windows\SYSNATIVE\drivers\iusb3hub.sys [x]
    S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\drivers\iusb3xhc.sys;c:\windows\SYSNATIVE\drivers\iusb3xhc.sys [x]
    S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\drivers\iwdbus.sys;c:\windows\SYSNATIVE\drivers\iwdbus.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
    S3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys;c:\windows\SYSNATIVE\DRIVERS\SBFWIM.sys [x]
    S3 sbwtis;sbwtis;c:\windows\system32\DRIVERS\sbwtis.sys;c:\windows\SYSNATIVE\DRIVERS\sbwtis.sys [x]
    S3 semav6thermal64ro;semav6thermal64ro;c:\windows\system32\drivers\semav6thermal64ro.sys;c:\windows\SYSNATIVE\drivers\semav6thermal64ro.sys [x]
    S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys;c:\windows\SYSNATIVE\drivers\SFEP.sys [x]
    S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe;c:\program files\Sony\VAIO Care\VCService.exe [x]
    S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update\vuagent.exe;c:\program files\Sony\VAIO Update\vuagent.exe [x]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2015-08-05 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-26 00:20]
    .
    2015-08-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2041430264-2399561070-413413978-1000Core.job
    - c:\users\Elizabeth\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-18 18:45]
    .
    2015-07-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2041430264-2399561070-413413978-1000UA.job
    - c:\users\Elizabeth\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-18 18:45]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-02-20 1158248]
    "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-02-20 1158248]
    "BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-12-20 11406608]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-04-03 170264]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-04-03 398616]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2012-04-03 439064]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 192.168.1.1
    Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - c:\program files (x86)\VIPRE\VSGN.dll
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKLM-Run-ROC_ROC_JULY_P1 - c:\program files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe
    HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
    "ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"&_\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\%C3 &_ Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2015-08-04 21:33:41
    ComboFix-quarantined-files.txt 2015-08-05 02:33
    .
    Pre-Run: 313,839,611,904 bytes free
    Post-Run: 318,860,357,632 bytes free
    .
    - - End Of File - - A2BF263FFEEC1A08059B1834D794AC20
     
  18. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Make sure you checkmark Addition.txt box.
    • Press Scan button.
    • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
     
  19. Java13

    Java13 TS Rookie Topic Starter Posts: 18

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:02-08-2015 01
    Ran by Elizabeth (administrator) on ELIZABETH-VAIO (05-08-2015 20:36:03)
    Running from C:\Users\Elizabeth\Downloads
    Loaded Profiles: Elizabeth (Available Profiles: Elizabeth)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
    (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
    (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Boot Manager\ActiveDelayDeviceService.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
    (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
    (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    (GFI Software Development Ltd.) C:\Program Files (x86)\GFI\LanGuard 11 Agent\lnssatt.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
    () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
    (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
    (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    (ThreatTrack Security, Inc.) C:\Program Files (x86)\VIPRE\SBPIMSvc.exe
    (Hewlett-Packard) C:\Program Files (x86)\ExamSoft\SofTest 11.0\Examsoft.ShieldRunner.exe
    (Examsoft Worldwide Inc.) C:\Program Files (x86)\ExamSoft\SofTest 11.0\Examsoft.SoftShield.exe
    (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
    (Western Digital) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
    (Western Digital ) C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
    (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
    (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe
    (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Western Digital ) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\pnamain.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
    (Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    (Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
    (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
    (ThreatTrack Security, Inc.) C:\Program Files (x86)\VIPRE\SBAMTray.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
    (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
    (ThreatTrack Security, Inc.) C:\Program Files (x86)\VIPRE\SBAMSvc.exe
    (Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
    (Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
    (Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    () C:\Program Files (x86)\Sony\Keyboard Shortcuts\KeyboardShortcuts.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
    (Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
    () C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Digital Delivery Networks, Inc.) C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe
    (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
    (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Sony Corporation) C:\Program Files\Sony\VAIO Improvement\vim.exe
    (Sony Corporation) C:\Program Files\Sony\VAIO Improvement\vim.exe
    (ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-I Visual Effects 2\uCamMonitor.exe
    (Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
    (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAdmin.exe
    (Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
    (Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
    (Digital Delivery Networks, Inc.) C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
    (Google Inc.) C:\Users\Elizabeth\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Elizabeth\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Elizabeth\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Elizabeth\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Elizabeth\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Elizabeth\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Elizabeth\AppData\Local\Google\Chrome\Application\chrome.exe
    (Sony of America Corporation) C:\Program Files\Sony\VAIO Care\listener.exe
    (Google Inc.) C:\Users\Elizabeth\AppData\Local\Google\Update\GoogleUpdate.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-02-20] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-02-20] (Realtek Semiconductor)
    HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2884880 2012-03-19] (Synaptics Incorporated)
    HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
    HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [506712 2011-02-03] (Dolby Laboratories Inc.)
    HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-09] (Intel Corporation)
    HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [60552 2011-09-20] (Sony Corporation)
    HKLM-x32\...\Run: [PMBVolumeWatcher] => c:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [693608 2012-02-21] (Sony Corporation)
    HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5235608 2012-04-30] (Western Digital Technologies, Inc.)
    HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
    HKLM-x32\...\Run: [SBAMTray] => C:\Program Files (x86)\VIPRE\SBAMTray.exe [3216272 2013-09-05] (ThreatTrack Security, Inc.)
    HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [380088 2012-07-27] (Citrix Systems, Inc.)
    HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [976320 2009-12-03] (SEIKO EPSON CORPORATION)
    HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [847872 2009-12-03] (SEIKO EPSON CORPORATION)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-2041430264-2399561070-413413978-1000\...\Run: [MusicManager] => C:\Users\Elizabeth\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7646208 2015-05-29] (Google Inc.)
    AppInit_DLLs-x32: C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll => C:\Program Files (x86)\Citrix\ICA Client\RSHook.dll [257208 2012-07-27] (Citrix Systems, Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Receiver.lnk [2014-06-29]
    ShortcutTarget: Receiver.lnk -> C:\Windows\Installer\{961882FF-663F-47D2-8588-C9943C5E6A26}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe ()
    Startup: C:\Users\Elizabeth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2013-01-14]
    ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-2041430264-2399561070-413413978-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-2041430264-2399561070-413413978-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    SearchScopes: HKLM-x32 -> Backup.Old.DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    SearchScopes: HKLM-x32 -> {5D60AD9C-0AA9-5572-367C-60A381D2B97C} URL = http://www.bing.com/search?q={searchTerms}&form=SNYVDF&pc=MASA&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-2041430264-2399561070-413413978-1000 -> Backup.Old.DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    SearchScopes: HKU\S-1-5-21-2041430264-2399561070-413413978-1000 -> {5D60AD9C-0AA9-5572-367C-60A381D2B97C} URL =
    BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-07-04] (Oracle Corporation)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-07-04] (Oracle Corporation)
    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2015-07-04] (Oracle Corporation)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
    BHO-x32: VIPRE Search Guard Helper -> {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} -> C:\Program Files (x86)\VIPRE\VSGN.dll [2013-09-05] ()
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-09-15] (Microsoft Corporation.)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2015-07-04] (Oracle Corporation)
    Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-09-15] (Microsoft Corporation.)
    Toolbar: HKLM-x32 - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - C:\Program Files (x86)\VIPRE\VSGN.dll [2013-09-05] ()
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
    Handler-x32: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files (x86)\VIPRE\VSGN.dll [2013-09-05] ()
    Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
    Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{154B617A-3C70-4FE0-B386-C354D40ED8F5}: [DhcpNameServer] 192.168.1.1

    FireFox:
    ========
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-14] ()
    FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.)
    FF Plugin: @java.com/DTPlugin,version=10.80.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-07-04] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.80.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-07-04] (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-14] ()
    FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2012-07-27] (Citrix Systems, Inc.)
    FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-03-23] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-03-23] (Intel Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=10.80.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-07-04] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.80.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2015-07-04] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
    FF Plugin-x32: @playstation.com/PsndlCheck,version=1.00 -> C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll [2011-08-03] (Sony Computer Entertainment Inc.)
    FF Plugin-x32: @sony.com/ReaderDesktop -> C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll [2011-10-07] (Sony Corporation)
    FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files (x86)\Sony\Media Go\npmediago.dll [2011-08-02] (Sony Network Entertainment International LLC)
    FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-04-14] (VideoLAN)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-04-29] (Adobe Systems Inc.)
    FF Plugin HKU\.DEFAULT: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.)
    FF Plugin HKU\S-1-5-21-2041430264-2399561070-413413978-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.)
    FF Plugin HKU\S-1-5-21-2041430264-2399561070-413413978-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Elizabeth\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
    FF Plugin HKU\S-1-5-21-2041430264-2399561070-413413978-1000: @talk.google.com/O1DPlugin -> C:\Users\Elizabeth\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
    FF Plugin HKU\S-1-5-21-2041430264-2399561070-413413978-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Elizabeth\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-20] (Google Inc.)
    FF Plugin HKU\S-1-5-21-2041430264-2399561070-413413978-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Elizabeth\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-20] (Google Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Users\Elizabeth\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
    FF Plugin ProgramFiles/Appdata: C:\Users\Elizabeth\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)

    Chrome:
    =======
    CHR Profile: C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (AdBlock) - C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-02-02]
    CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-27]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-01]
    StartMenuInternet: Google Chrome - C:\Users\Elizabeth\AppData\Local\Google\Chrome\Application\chrome.exe

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
    R2 ActiveDelayDeviceService; C:\Program Files (x86)\Sony\VAIO Boot Manager\ActiveDelayDeviceService.exe [78472 2011-09-20] (Sony Corporation)
    R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
    R2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe [427432 2013-02-22] ()
    R2 gfi_lanss11_attservice; C:\Program Files (x86)\GFI\LanGuard 11 Agent\lnssatt.exe [133496 2012-11-23] (GFI Software Development Ltd.)
    R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [127320 2012-03-23] ()
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [162648 2012-03-23] (Intel Corporation)
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
    S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()
    S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2012-07-31] (Hewlett-Packard) [File not signed]
    R2 Oasis2Service; C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [61440 2013-07-02] (Digital Delivery Networks, Inc.) [File not signed]
    R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
    R2 PMBDeviceInfoProvider; c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [473960 2012-02-21] (Sony Corporation)
    S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2012-07-31] (Hewlett-Packard) [File not signed]
    R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [258048 2013-03-04] (Sony Corporation) [File not signed]
    R2 SBAMSvc; C:\Program Files (x86)\VIPRE\SBAMSvc.exe [3937472 2013-09-05] (ThreatTrack Security, Inc.)
    R2 SBPIMSvc; C:\Program Files (x86)\VIPRE\SBPIMSvc.exe [176016 2013-09-05] (ThreatTrack Security, Inc.)
    R2 SoftshieldService; C:\Program Files (x86)\Examsoft\Softest 11.0\Examsoft.ShieldRunner.exe [67392 2014-06-23] (Hewlett-Packard)
    S3 Sony SCSI Helper Service; C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe [73728 2011-09-23] (Sony Corporation) [File not signed]
    R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-I Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.)
    S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe [427432 2013-02-22] ()
    S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [960160 2011-12-29] (Sony Corporation)
    R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1634304 2015-03-16] (Sony Corporation)
    R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1150368 2012-04-24] (Western Digital )
    R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [247704 2012-04-11] (Western Digital)
    R2 WDRulesService; C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [1177496 2012-04-11] (Western Digital )
    S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
    R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
    R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
    S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
    S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security)
    S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
    S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
    R2 sbapifs; C:\Windows\System32\DRIVERS\sbapifs.sys [88928 2013-06-18] (ThreatTrack Security, Inc.)
    R3 semav6thermal64ro; C:\Windows\system32\drivers\semav6thermal64ro.sys [13792 2012-11-06] ()
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-07-21] ()

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-08-05 20:35 - 2015-08-05 20:35 - 00000000 ____D C:\Users\Elizabeth\Downloads\FRST-OlderVersion
    2015-08-05 06:18 - 2015-08-05 06:18 - 00021820 _____ C:\Users\Elizabeth\Desktop\combofix.txt
    2015-08-04 21:33 - 2015-08-04 21:33 - 00021820 _____ C:\ComboFix.txt
    2015-08-04 21:22 - 2015-08-04 21:33 - 00000000 ____D C:\Qoobox
    2015-08-04 21:22 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe
    2015-08-04 21:22 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe
    2015-08-04 21:22 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2015-08-04 21:22 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2015-08-04 21:22 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2015-08-04 21:22 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe
    2015-08-04 21:22 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe
    2015-08-04 21:22 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe
    2015-08-04 21:21 - 2015-08-04 21:33 - 00000000 ____D C:\Windows\erdnt
    2015-08-04 21:20 - 2015-08-04 21:21 - 05634591 ____R (Swearware) C:\Users\Elizabeth\Downloads\ComboFix.exe
    2015-08-04 18:35 - 2015-08-04 18:35 - 00000000 ____D C:\Users\Elizabeth\AppData\Local\{5BBBFBE6-DEE8-4B4F-A8F2-B0D459B7E9E7}
    2015-08-03 20:02 - 2015-08-03 20:02 - 00000000 ____D C:\Users\Elizabeth\AppData\Local\{C77B8339-B9FC-4351-A848-7315EE58A3DF}
    2015-08-02 19:54 - 2015-08-02 19:54 - 00002966 _____ C:\Windows\System32\Tasks\VIPRE Upgrade Task
    2015-07-31 19:14 - 2015-07-31 19:14 - 00001141 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk
    2015-07-30 22:32 - 2015-07-30 22:32 - 00017677 _____ C:\Users\Elizabeth\Desktop\JRT.txt
    2015-07-30 22:24 - 2015-07-30 22:24 - 01798176 _____ (Malwarebytes Corporation) C:\Users\Elizabeth\Downloads\JRT.exe
    2015-07-26 23:26 - 2015-07-26 23:26 - 00005302 _____ C:\Users\Elizabeth\Desktop\AdwCleaner[S0].txt
    2015-07-26 22:02 - 2015-07-26 23:20 - 00000000 ____D C:\AdwCleaner
    2015-07-26 21:34 - 2015-07-26 21:34 - 02248704 _____ C:\Users\Elizabeth\Desktop\adwcleaner_4.208.exe
    2015-07-23 23:39 - 2015-07-25 12:01 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-07-23 23:37 - 2015-07-23 23:37 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2015-07-23 23:37 - 2015-07-23 23:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-07-23 23:37 - 2015-07-23 23:37 - 00000000 ____D C:\ProgramData\Malwarebytes
    2015-07-23 23:37 - 2015-07-23 23:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-07-23 23:37 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2015-07-23 23:37 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2015-07-23 23:37 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2015-07-23 23:34 - 2015-07-23 23:35 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Elizabeth\Downloads\mbam-setup-2.1.8.1057.exe
    2015-07-21 21:48 - 2015-07-24 23:46 - 00000000 ____D C:\ProgramData\RogueKiller
    2015-07-21 21:48 - 2015-07-21 21:48 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys
    2015-07-21 21:34 - 2015-07-21 21:42 - 18705480 _____ C:\Users\Elizabeth\Desktop\RogueKiller.exe
    2015-07-20 21:19 - 2015-07-20 21:21 - 00046610 _____ C:\Users\Elizabeth\Downloads\Addition.txt
    2015-07-20 21:15 - 2015-08-05 20:36 - 00029947 _____ C:\Users\Elizabeth\Downloads\FRST.txt
    2015-07-20 21:15 - 2015-08-05 20:36 - 00000000 ____D C:\FRST
    2015-07-20 21:14 - 2015-08-05 20:35 - 02169856 _____ (Farbar) C:\Users\Elizabeth\Downloads\FRST64.exe
    2015-07-20 20:05 - 2015-07-20 20:05 - 00007599 _____ C:\Users\Elizabeth\AppData\Local\Resmon.ResmonCfg
    2015-07-20 18:08 - 2015-07-20 18:08 - 00000000 ____D C:\Program Files\Common Files\AV

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-08-05 20:32 - 2012-06-18 13:45 - 00000872 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2041430264-2399561070-413413978-1000Core.job
    2015-08-05 20:32 - 2012-05-10 13:06 - 01380737 _____ C:\Windows\WindowsUpdate.log
    2015-08-05 20:32 - 2012-04-26 07:06 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-08-04 21:33 - 2009-07-13 22:20 - 00000000 __RHD C:\Users\Default
    2015-08-04 21:32 - 2009-07-13 21:34 - 00000215 _____ C:\Windows\system.ini
    2015-08-04 21:10 - 2015-06-23 13:21 - 00000000 ____D C:\Users\Elizabeth\Documents\M4
    2015-07-31 19:17 - 2009-07-13 23:45 - 00020928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-07-31 19:17 - 2009-07-13 23:45 - 00020928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-07-31 19:14 - 2012-04-26 06:02 - 00000000 ____D C:\Windows\System32\Tasks\Sony Corporation
    2015-07-31 19:14 - 2012-04-26 05:24 - 00000000 ____D C:\ProgramData\Sony Corporation
    2015-07-31 19:13 - 2012-04-26 06:19 - 00000000 ____D C:\Program Files\Sony
    2015-07-31 19:13 - 2012-04-26 05:40 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2015-07-31 19:06 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2015-07-31 19:06 - 2009-07-13 23:51 - 00195178 _____ C:\Windows\setupact.log
    2015-07-30 22:23 - 2013-06-20 10:16 - 00002390 _____ C:\Users\Elizabeth\Desktop\Google Chrome.lnk
    2015-07-27 19:30 - 2009-07-14 00:13 - 00786622 _____ C:\Windows\system32\PerfStringBackup.INI
    2015-07-27 19:29 - 2012-06-16 15:31 - 00000000 ____D C:\Update
    2015-07-26 23:23 - 2010-11-20 22:47 - 00435366 _____ C:\Windows\PFRO.log
    2015-07-26 22:03 - 2012-07-30 20:01 - 00000000 ____D C:\Users\Elizabeth\AppData\Roaming\vlc
    2015-07-25 00:54 - 2009-07-13 22:20 - 00000000 __RSD C:\Windows\Media
    2015-07-21 21:26 - 2013-03-18 08:55 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2015-07-21 21:26 - 2013-03-18 08:55 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2015-07-20 21:35 - 2013-03-18 08:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2015-07-20 18:32 - 2015-07-04 11:29 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
    2015-07-20 18:31 - 2013-03-08 20:35 - 00000000 ____D C:\Program Files\Common Files\Apple
    2015-07-20 18:21 - 2012-06-18 13:45 - 00003902 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2041430264-2399561070-413413978-1000UA
    2015-07-20 18:21 - 2012-06-18 13:45 - 00003506 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2041430264-2399561070-413413978-1000Core
    2015-07-20 18:21 - 2012-06-18 13:45 - 00000924 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2041430264-2399561070-413413978-1000UA.job
    2015-07-14 19:20 - 2012-04-26 07:06 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-07-14 19:20 - 2012-04-26 07:06 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-07-14 19:20 - 2012-04-26 07:06 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-07-12 16:34 - 2013-12-28 22:46 - 00000000 ____D C:\Users\Elizabeth\Documents\Wedding
    2015-07-09 11:49 - 2014-01-28 23:30 - 00000000 ____D C:\temp
    2015-07-06 14:20 - 2012-09-13 09:51 - 00000000 ____D C:\Users\Elizabeth\AppData\Roaming\Skype

    ==================== Files in the root of some directories =======

    2013-02-10 16:39 - 2013-02-11 00:48 - 0005632 _____ () C:\Users\Elizabeth\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2015-07-20 20:05 - 2015-07-20 20:05 - 0007599 _____ () C:\Users\Elizabeth\AppData\Local\Resmon.ResmonCfg
    2012-08-01 11:20 - 2012-08-01 11:20 - 0000057 _____ () C:\ProgramData\Ament.ini

    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-08-04 22:15

    ==================== End of log ============================
     
  20. Java13

    Java13 TS Rookie Topic Starter Posts: 18

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:02-08-2015 01
    Ran by Elizabeth (2015-08-05 20:37:00)
    Running from C:\Users\Elizabeth\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-2041430264-2399561070-413413978-500 - Administrator - Disabled)
    Elizabeth (S-1-5-21-2041430264-2399561070-413413978-1000 - Administrator - Enabled) => C:\Users\Elizabeth
    Guest (S-1-5-21-2041430264-2399561070-413413978-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-2041430264-2399561070-413413978-1004 - Limited - Enabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: ThreatTrack Security VIPRE (Disabled - Up to date) {FFE93D16-FD09-0282-C7D3-8B1731B6A051}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: ThreatTrack Security VIPRE (Disabled - Up to date) {4488DCF2-DB33-0D0C-FD63-B0654A31EAEC}
    FW: ThreatTrack Security VIPRE (Disabled) {C7D2BC33-B766-03DA-EC8C-2222CF65E72A}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    64 Bit HP CIO Components Installer (Version: 13.2.1 - Hewlett-Packard) Hidden
    ACID Music Studio 8.0 (x32 Version: 8.0.178 - Sony) Hidden
    Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
    Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
    Adobe Reader X (10.1.14) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.14 - Adobe Systems Incorporated)
    Amazon Kindle (HKU\S-1-5-21-2041430264-2399561070-413413978-1000\...\Amazon Kindle) (Version: - Amazon)
    Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Application Manager for VAIO (HKLM-x32\...\Application Manager for VAIO) (Version: - )
    ArcSoft Magic-I Visual Effects 2 (HKLM-x32\...\{61438020-DDD4-42FA-99A2-50225441980A}) (Version: 2.0.1.161 - ArcSoft)
    ArcSoft WebCam Companion 4 (HKLM-x32\...\{C793AD32-2BB8-4CC4-ABD3-A1469C21593C}) (Version: 4.0.21.485 - ArcSoft)
    Bing Bar (HKLM-x32\...\{A7E8CB11-B09E-46F8-9BAE-B2E01EBF7E51}) (Version: 7.0.831.0 - Microsoft Corporation)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Camtasia Studio 8 (HKLM-x32\...\{DB93E2C2-851F-44B2-B09C-351D2C624AE1}) (Version: 8.0.4.1060 - TechSmith Corporation)
    Cardio Calipers (HKLM-x32\...\Cardio Calipers) (Version: 3.3 - Iconico)
    Cisco AnyConnect VPN Client (HKLM-x32\...\{C1EC4E2D-6F63-4806-B88E-7685B6EC186E}) (Version: 2.5.6005 - Cisco Systems, Inc.)
    Citrix Receiver (Enterprise) (HKLM-x32\...\CitrixOnlinePluginFull) (Version: 13.3.0.55 - Citrix Systems, Inc.)
    CyberLink PowerDVD (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.5009.52 - CyberLink Corp.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.7000.4 - Dolby Laboratories Inc)
    DVD Architect Studio 5.0 (x32 Version: 5.0.157 - Sony) Hidden
    Epson Event Manager (HKLM-x32\...\{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}) (Version: 2.40.0001 - SEIKO EPSON CORPORATION)
    Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.10.00 - SEIKO EPSON CORPORATION)
    Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - )
    EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
    EPSON WorkForce 630 Series Printer Uninstall (HKLM\...\EPSON WorkForce 630 Series) (Version: - SEIKO EPSON Corporation)
    EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
    EpsonNet Setup 3.3 (HKLM-x32\...\{C9D8A041-2963-4B31-8FFC-1500F3DB9293}) (Version: 3.3b - SEIKO EPSON CORPORATION)
    Evernote v. 4.5.2 (HKLM-x32\...\{8CE152BA-1D16-11E1-867D-984BE15F174E}) (Version: 4.5.2.5904 - Evernote Corp.)
    FDUx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
    FredV2Step1 (HKLM-x32\...\{D6BCD6F1-85F1-43AD-A5A8-FC7C070546DD}) (Version: 1.00.0000 - USMLE)
    FredV2Step2 (HKLM-x32\...\{CA59076F-26E1-4605-BE45-2C880A46A383}) (Version: 1.00.0000 - USMLE)
    Google Chrome (HKU\S-1-5-21-2041430264-2399561070-413413978-1000\...\Google Chrome) (Version: 44.0.2403.125 - Google Inc.)
    Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
    HP Deskjet 3050A J611 series Basic Device Software (HKLM\...\{B6A3EAE4-3727-46A4-A659-8576BF7C8C8D}) (Version: 23.0.504.0 - Hewlett-Packard Co.)
    HP Deskjet 3050A J611 series Help (HKLM-x32\...\{97DDCAB8-B770-4089-A10F-67568069D78A}) (Version: 140.0.2.2 - Hewlett Packard)
    HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.13.0.003 - HTC Corporation)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.4.1441 - Intel Corporation)
    Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2712 - Intel Corporation)
    Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (HKLM\...\{2C0E6BD4-65B1-4E82-B2AC-43EFFC8F100C}) (Version: 15.0.0.0083 - Intel Corporation)
    Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{F0932859-AA60-459E-B843-0BDECA34E2C7}) (Version: 2.0.0.0086 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
    Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
    Intel(R) WiDi (HKLM\...\{4E4282C3-F66E-4852-837A-7675527178C2}) (Version: 3.1.26.0 - Intel Corporation)
    Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - )
    Intel® PROSet/Wireless WiFi Software (HKLM\...\{DF7756DD-656A-45C3-BA71-74673E8259A9}) (Version: 15.00.0000.0708 - Intel Corporation)
    Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
    IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
    Java 7 Update 80 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417080FF}) (Version: 7.0.800 - Oracle)
    Java 7 Update 80 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217080FF}) (Version: 7.0.800 - Oracle)
    Jing (HKLM-x32\...\{22800204-9E53-45C7-B6F3-5BB0F1C1A147}) (Version: 2.8.13007.1 - TechSmith Corporation)
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Keyboard_Shortcuts (x32 Version: 1.1.0.12190 - Sony Corporation) Hidden
    KUx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
    Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
    Media Gallery (HKLM\...\{0EB7792D-EFA2-42AB-9A22-F33D9458E974}) (Version: 2.1.0.13300 - Sony Corporation)
    Media Go (x32 Version: 2.0.317 - Sony) Hidden
    Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
    Music Manager (HKU\S-1-5-21-2041430264-2399561070-413413978-1000\...\MusicManager) (Version: - Google, Inc.)
    Oasis2Service (HKLM-x32\...\{E50FC5DB-7CBD-407D-A46E-0C13E45BC386}) (Version: 1.0.4 - DDNi)
    Online Plug-in (x32 Version: 13.3.0.55 - Citrix Systems, Inc.) Hidden
    PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.214.2 - Tracker Software Products Ltd)
    PlayMemories Home (x32 Version: 6.1.01.14210 - Sony Corporation) Hidden
    PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
    PlayStation(R)Network Downloader (x32 Version: 2.07.00849 - Sony Computer Entertainment Inc.) Hidden
    PlayStation(R)Store (x32 Version: 4.5.15.13232 - Sony Computer Entertainment Inc.) Hidden
    QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
    Reader for PC (x32 Version: 1.1.02.10070 - Sony Corporation) Hidden
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.53.216.2012 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6570 - Realtek Semiconductor Corp.)
    Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.92 - Realtek Semiconductor Corp.)
    Remote Keyboard (x32 Version: 1.2.0.09270 - Sony Corporation) Hidden
    Remote Play with PlayStation(R)3 (x32 Version: 1.1.0.21090 - Sony Corporation) Hidden
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
    Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
    SofTest v11 (HKLM-x32\...\InstallShield_{943975DA-812E-455E-90B1-8323103656CC}) (Version: 11.5.3 - Examsoft)
    SofTest v11 (x32 Version: 11.5.3 - Examsoft) Hidden
    Sound Forge Audio Studio 10.0 (x32 Version: 10.0.176 - Sony) Hidden
    SSLx64 (Version: 1.0.0 - Sony Corporation ) Hidden
    SSLx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.0.0.5 - Synaptics Incorporated)
    System Requirements Lab for Intel (HKLM-x32\...\{1EBDF6D2-CEA0-484C-A23E-2DDAD7FD0DD0}) (Version: 4.5.22.0 - Husdawg, LLC)
    TrackID(TM) with BRAVIA (x32 Version: 1.2.0.09270 - Sony Corportaion) Hidden
    TriDef 3D (Sony) 2.0.5 (HKLM-x32\...\experience-sony-bundle) (Version: 2.0.5 - Dynamic Digital Depth Australia Pty Ltd)
    V3DPx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
    VAIO - Microsoft Visual C++ 2010 SP1 Runtime 10.0.40219.325 (HKLM\...\{34EB42BE-F4D3-44C1-B28E-9740115DB72C}) (Version: 1.0.00.01300 - Sony Corporation)
    VAIO - PlayMemories Home Plug-in (HKLM\...\{886C0C18-F905-49B2-90BA-EFC0FEDF27C6}) (Version: 2.0.01.03310 - Sony Corporation)
    VAIO - Remote Keyboard (x32 Version: 1.2.0.09270 - Sony Corporation) Hidden
    VAIO - Remote Keyboard with PlayStation®3 (x32 Version: 1.2.0.09210 - Sony Corporation) Hidden
    VAIO - Remote Play with PlayStation®3 (x32 Version: 1.1.0.21090 - Sony Corporation) Hidden
    VAIO - TrackID™ with BRAVIA (x32 Version: 1.2.0.09270 - Sony Corporation) Hidden
    VAIO 3D Portal (x32 Version: 1.2.0.10131 - Sony Corporation) Hidden
    VAIO Care (HKLM\...\{471F7C0A-CA3A-4F4C-8346-DE36AD5E23D1}) (Version: 7.3.0.14170 - Sony Corporation)
    VAIO Control Center (x32 Version: 5.2.2.16060 - Sony Corporation) Hidden
    VAIO CPU Fan Diagnostic (x32 Version: 1.1.0.09200 - Sony Corporation) Hidden
    VAIO Data Restore Tool (x32 Version: 1.9.0.13190 - Sony Corporation) Hidden
    VAIO Easy Connect (x32 Version: 1.1.2.01120 - Sony Corporation) Hidden
    VAIO Gate (x32 Version: 2.4.1.09230 - Sony Corporation) Hidden
    VAIO Gate (x32 Version: 2.4.2.02200 - Sony Corporation) Hidden
    VAIO Gate Default (x32 Version: 2.5.2.02090 - Sony Corporation) Hidden
    VAIO Gesture Control (x32 Version: 1.0.0.12300 - Sony Corporation) Hidden
    VAIO Health Report (HKLM-x32\...\VAIO Health Report1.0) (Version: 1.0 - Sony Electronics)
    VAIO Help and Support (x32 Version: 17.00.0109 - Sony Corporation) Hidden
    VAIO Improvement (x32 Version: 1.3.0.12280 - Sony Corporation) Hidden
    VAIO Manual (x32 Version: 2.3.0.12300 - Sony Corporation) Hidden
    VAIO Messenger (HKLM-x32\...\VAIO Messenger) (Version: 2.0.550.0 - DDNi)
    VAIO OOBE (x32 Version: 12.2.1.2483 - Sony Corporation) Hidden
    VAIO Sample Contents (x32 Version: 1.4.0.09010 - Sony Corporation) Hidden
    VAIO Satisfaction Survey. (x32 Version: 3.0 - Sony Electronics Inc.) Hidden
    VAIO Smart Network (x32 Version: 3.11.1.15220 - Sony Corporation) Hidden
    VAIO Transfer Support (x32 Version: 1.7.1.06040 - Sony Corporation) Hidden
    VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 7.0.0.15160 - Sony Corporation)
    VBMx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
    VCCx64 (Version: 1.0.0 - Sony Corporation) Hidden
    VCCx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
    Vegas Movie Studio HD Platinum 11.0 (x32 Version: 11.0.256 - Sony) Hidden
    VGClientX64 (Version: 1.0.0 - Sony Corporation) Hidden
    VGClientX86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
    VHD (x32 Version: 1.0.0 - Microsoft) Hidden
    VIPRE Internet Security (HKLM-x32\...\{C1D1FC57-3EB9-4B21-BCA3-F1C927508200}) (Version: 7.0.6.2 - ThreatTrack Security, Inc.)
    VIPRE Internet Security (x32 Version: 7.0.6.2 - ThreatTrack Security, Inc.) Hidden
    Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
    VIx64 (Version: 1.0.0 - Sony Corporation) Hidden
    VIx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
    VLC media player 2.0.6 (HKLM-x32\...\VLC media player) (Version: 2.0.6 - VideoLAN)
    VMLx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
    VPMx64 (Version: 1.0.0 - Sony Corporation ) Hidden
    VSNx64 (Version: 1.0.0 - Sony Corporation) Hidden
    VSNx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
    VSSTx64 (Version: 1.0.0 - Sony Corporation ) Hidden
    VSSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
    VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden
    VU5x86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
    VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden
    VWSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
    WD SmartWare (HKLM\...\{49B1B217-27B1-42D8-A0A5-7ED0CD0D9508}) (Version: 1.6.0.25 - Western Digital)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
    Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-2041430264-2399561070-413413978-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Elizabeth\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-2041430264-2399561070-413413978-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Elizabeth\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-2041430264-2399561070-413413978-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Elizabeth\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-2041430264-2399561070-413413978-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Elizabeth\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2041430264-2399561070-413413978-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Elizabeth\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-2041430264-2399561070-413413978-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Elizabeth\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-2041430264-2399561070-413413978-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Elizabeth\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-2041430264-2399561070-413413978-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Elizabeth\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2041430264-2399561070-413413978-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Elizabeth\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

    ==================== Restore Points =========================


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {04F1661B-A14C-4979-9C36-08A9A817248A} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2015-03-16] (Sony Corporation)
    Task: {0616562E-6C65-40B4-B368-5390006AF92C} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-01-31] (Sony Corporation)
    Task: {073A4B3A-E308-41AF-8EEC-16403B7B4BF5} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate Restart => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2012-02-20] (Sony Corporation)
    Task: {0EB8EA04-16D8-4EC4-8D65-56C0CC4A76C5} - System32\Tasks\Sony Corporation\VAIO Smart Network\VSN Logon Start => net
    Task: {1092E57E-A607-46A9-9E52-FA16EBC5B26C} - System32\Tasks\Sony Corporation\VAIO Power Management\VPM Unlock => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2012-01-10] (Sony Corporation)
    Task: {10CDE930-EB02-4D83-BB07-D12723CC5F32} - System32\Tasks\VHDInformationCheck => C:\Program Files (x86)\Sony\VAIO Recovery\plugins\InformationCheck.exe [2012-02-24] (Sony Corporation)
    Task: {1D52B8F6-6E62-45FD-B66D-ED0456419C04} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-01-31] (Sony Corporation)
    Task: {21413B99-C1FE-4C52-869A-7CF73BEFEC44} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementMonitorUser => C:\Program Files\Sony\VAIO Improvement\vim.exe [2011-12-27] (Sony Corporation)
    Task: {313FB459-64CB-4C3A-9F59-2E60B3016E10} - System32\Tasks\Sony Corporation\VAIO Gate\StartExecuteProxy => C:\Program Files\Sony\VAIO Gate\ExecutionProxy.exe [2012-02-20] (Sony Corporation)
    Task: {327A7C60-C599-49B9-9A6E-A7D1DDB7D259} - System32\Tasks\DDNi Startup => C:\Program Files (x86)\DDNi\Oasis\DDNiStartup.exe [2013-07-03] (Digital Delivery Networks, Inc.)
    Task: {33B04916-0367-4358-AF01-54955A12AB09} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2041430264-2399561070-413413978-1000Core => C:\Users\Elizabeth\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-18] (Google Inc.)
    Task: {38A2B101-01F3-4B21-8811-76FA477781DE} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\viuploader.exe [2011-12-27] (Sony Corporation)
    Task: {38F8A1E4-54E5-486D-84F2-56C9F35E37F7} - System32\Tasks\Sony Corporation\VAIO Power Management\VPM Logon Start => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2012-01-10] (Sony Corporation)
    Task: {3E5AFA1C-2BCE-4E9C-A9E6-65008954525E} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Daily => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-04-06] (Sony Corporation)
    Task: {3E8507A6-5747-48DE-849F-D92F0D529159} - System32\Tasks\Sony Corporation\VAIO Care\CRMReminder => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-01-31] (Sony Corporation)
    Task: {458D076A-818C-4BC2-9E79-CE5F971B88C9} - System32\Tasks\USER_ESRV_SVC => Wscript.exe //B //NoLogo "C:\Program Files\Sony\VAIO Care\esrv\task.vbs"
    Task: {4C0CAE05-BEFA-4851-9275-6C7DED78649D} - System32\Tasks\VAIO® Messenger (Elizabeth) => C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe [2013-07-03] (Digital Delivery Networks, Inc.)
    Task: {6416DF84-1CFD-4B08-A347-BE7273C30527} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Month => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-04-06] (Sony Corporation)
    Task: {670CF13C-A3F3-47BC-AAC4-2E944F9708D9} - System32\Tasks\VIPRE Upgrade Task => C:\PROGRAM FILES\COMMON FILES\AV\ThreatTrack Security VIPRE\Upgrade.exe [2015-07-30] (ThreatTrack Security Inc.)
    Task: {6DEB61AA-EF45-4417-8AE5-A2650CE3D0EE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-14] (Adobe Systems Incorporated)
    Task: {70794633-21B8-4128-B66E-27D81E1C0DC8} - System32\Tasks\VAIO Health Report => C:\Program Files (x86)\Sony\VAIO Health Report\VAIOHealthReport.exe [2013-06-20] (Sony Electronics)
    Task: {778734FD-439A-43B6-B940-304AB9684065} - System32\Tasks\Sony\OOBEApplauncher => C:\Program Files (x86)\Sony\OOBE\OOBEAppLauncher.exe [2012-03-15] (Sony Electronics Inc.)
    Task: {8E5278AA-74DC-4A01-A440-0E0BAA01FCFD} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-01-31] (Sony Corporation)
    Task: {9FA90726-F32F-475A-83E7-8FF6AD776BF1} - System32\Tasks\Sony Corporation\VAIO Care\VAU => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-01-31] (Sony Corporation)
    Task: {A9380D21-4BD4-4C82-98EC-22DBC4E166B4} - System32\Tasks\Sony Corporation\VAIO Gesture Control\VCGULogonTask => C:\Program Files (x86)\Sony\VAIO Camera Gesture Utility\VCGU.exe [2011-12-27] (Sony Corporation)
    Task: {AAE1DEB5-DC57-458E-9D69-0A9B02178648} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementMonitorSystem => C:\Program Files\Sony\VAIO Improvement\vim.exe [2011-12-27] (Sony Corporation)
    Task: {B0FB249E-6BAC-423C-A2B1-A0C3060AB02B} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-01-31] (Sony Corporation)
    Task: {B38ABD2C-70F5-4F07-A405-C492F8047019} - System32\Tasks\Sony Corporation\VAIO Care\AutoCheckMessage => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-01-31] (Sony Corporation)
    Task: {C54D4CC2-E9CB-4B26-BA52-068A50C2F541} - System32\Tasks\Sony Corporation\VAIO Power Management\VPM Session Change => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2012-01-10] (Sony Corporation)
    Task: {C62E3B46-16F4-444F-AA46-D4C24322AE5C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2041430264-2399561070-413413978-1000UA => C:\Users\Elizabeth\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-18] (Google Inc.)
    Task: {D1FDAB81-7929-463A-803D-2FB1F1EE010B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {D9829743-9328-4987-ACB3-DF1D7C081BA6} - System32\Tasks\Sony\Keyboard Shortcuts => C:\Program Files (x86)\Sony\Keyboard Shortcuts\KeyboardShortcuts.exe [2012-03-20] ()
    Task: {DD435CFE-8B37-4CA7-87EF-23E942396150} - System32\Tasks\VAIO® Messenger (Administrator) => C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe [2013-07-03] (Digital Delivery Networks, Inc.)
    Task: {E927FEA4-2CAB-408C-B608-57B09AD3746F} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2015-03-06] (Sony Corporation)
    Task: {F3406592-BD61-4339-8818-953906D90482} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2012-02-20] (Sony Corporation)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2041430264-2399561070-413413978-1000Core.job => C:\Users\Elizabeth\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2041430264-2399561070-413413978-1000UA.job => C:\Users\Elizabeth\AppData\Local\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (Whitelisted) ==============

    2012-04-26 05:51 - 2012-03-23 03:47 - 00127320 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    2013-10-17 15:27 - 2013-10-17 15:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
    2011-03-16 04:29 - 2011-03-16 04:29 - 02673000 _____ () C:\Windows\system32\HPScanTRDrv_DJ3050A_J611.dll
    2012-04-04 21:04 - 2012-04-03 15:16 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
    2012-03-20 15:43 - 2012-03-20 15:43 - 00477816 _____ () C:\Program Files (x86)\Sony\Keyboard Shortcuts\KeyboardShortcuts.exe
    2013-02-22 17:30 - 2013-02-22 14:02 - 00427432 _____ () C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe
    2013-02-22 17:30 - 2013-02-22 14:02 - 00528296 _____ () C:\Program Files\Sony\VAIO Care\esrv\intel_modeler.dll
    2013-02-22 17:30 - 2013-02-22 14:02 - 00171432 _____ () C:\Program Files\Sony\VAIO Care\esrv\sony_acpi_battery_input.dll
    2013-02-22 17:30 - 2013-02-22 14:02 - 00144296 _____ () C:\Program Files\Sony\VAIO Care\esrv\sony_sema_thermal_input.dll
    2013-02-22 17:30 - 2013-02-22 14:02 - 00146344 _____ () C:\Program Files\Sony\VAIO Care\esrv\sony_wifi_input.dll
    2011-11-30 20:49 - 2011-11-30 20:49 - 00276992 _____ () C:\Program Files\Sony\VAIO Care\READ\RecoveryPartitionManagerREAD.dll
    2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
    2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2012-11-23 10:53 - 2012-11-23 10:53 - 00329592 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\apistrings.dll
    2012-11-23 10:56 - 2012-11-23 10:56 - 00159608 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\modlop.dll
    2012-11-23 10:54 - 2012-11-23 10:54 - 00100728 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\httpserverattplugin.dll
    2012-11-23 10:46 - 2012-11-23 10:46 - 02029600 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\crmimodule.dll
    2012-11-23 10:58 - 2012-11-23 10:58 - 00208760 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\patchautodownload.dll
    2009-07-13 16:03 - 2009-07-13 20:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
    2012-12-07 11:02 - 2012-12-07 11:02 - 00183160 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\scanmngsys.dll
    2012-11-23 10:58 - 2012-11-23 10:58 - 00049528 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\schedcompactdb.dll
    2012-11-23 10:58 - 2012-11-23 10:58 - 00054648 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\schedupdates.dll
    2012-02-20 23:26 - 2012-02-20 23:26 - 00160768 _____ () C:\Program Files (x86)\VIPRE\unrar.dll
    2013-06-13 20:06 - 2013-06-13 20:06 - 00904704 _____ () C:\Program Files (x86)\Examsoft\Softest 11.0\System.Data.SQLite.dll
    2012-04-26 06:57 - 2012-04-06 16:37 - 00021128 _____ () C:\Program Files (x86)\Sony\VAIO Control Center\VESBasePS.dll
    2014-02-09 17:16 - 2015-06-26 03:13 - 00184184 _____ () C:\Program Files (x86)\VIPRE\Definitions\libBase64.dll
    2014-02-09 17:16 - 2015-06-26 03:13 - 00175992 _____ () C:\Program Files (x86)\VIPRE\Definitions\libMachoUniv.dll
    2012-03-20 15:43 - 2012-03-20 15:43 - 00160376 _____ () C:\Program Files (x86)\Sony\Keyboard Shortcuts\MessageHook.dll
    2012-03-20 15:43 - 2012-03-20 15:43 - 00026744 _____ () C:\Program Files (x86)\Sony\Keyboard Shortcuts\Utility.dll
    2014-03-24 13:19 - 2014-03-24 13:19 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\00a0b4a9df6e4abf30ae2af3624a77ce\IsdiInterop.ni.dll
    2012-04-26 05:40 - 2012-02-01 18:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
    2013-07-02 23:06 - 2013-07-02 23:06 - 00039936 _____ () C:\Program Files (x86)\DDNi\Oasis2Service\OasisCloudModel.dll
    2013-07-02 23:06 - 2013-07-02 23:06 - 00011264 _____ () C:\Program Files (x86)\DDNi\Oasis2Service\OasisCloudClient.dll
    2012-04-26 05:50 - 2012-03-23 03:47 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
    2013-07-12 11:09 - 2013-07-03 01:08 - 00061864 _____ () C:\Program Files (x86)\DDNi\Oasis\OasisCloudModel.dll
    2013-07-12 11:09 - 2013-07-03 01:08 - 00018856 _____ () C:\Program Files (x86)\DDNi\Oasis\OasisCloudClient.dll
    2015-07-30 22:23 - 2015-07-25 03:46 - 01405768 _____ () C:\Users\Elizabeth\AppData\Local\Google\Chrome\Application\44.0.2403.125\libglesv2.dll
    2015-07-30 22:23 - 2015-07-25 03:46 - 00081224 _____ () C:\Users\Elizabeth\AppData\Local\Google\Chrome\Application\44.0.2403.125\libegl.dll
    2015-07-30 22:23 - 2015-07-25 03:46 - 16308040 _____ () C:\Users\Elizabeth\AppData\Local\Google\Chrome\Application\44.0.2403.125\PepperFlash\pepflashplayer.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBPIMSvc => ""="Service"

    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-2041430264-2399561070-413413978-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Elizabeth\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is disabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{75020D15-FAF7-4E7A-824D-4A212C5BFF85}] => (Block) C:\Program Files (x86)\Sony\VAIO Creations\VAIO Movie Story\VMStory.exe
    FirewallRules: [{0225F8B5-34A1-48BD-8B66-37B811D2890B}] => (Block) C:\Program Files (x86)\Sony\VAIO Creations\VAIO Movie Story\VMStory.exe
    FirewallRules: [{F595C2A1-12EA-4DBC-BF52-C20B6232E024}] => (Block) C:\Program Files (x86)\Sony\VAIO Creations\VAIO Movie Story\VMStory.exe
    FirewallRules: [{D46E7367-B8FB-490B-9639-2B34E3E35B85}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE
    FirewallRules: [{0C084B53-E5BE-4982-8005-07A3ACB3507F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [{AADE3618-0C91-4353-8111-09AABC5CA2C2}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{6EE054F9-8495-46A0-8D3C-AAC25CAE889A}] => (Allow) LPort=2869
    FirewallRules: [{CEA14F9A-A741-4FE1-8201-E704DCB2847F}] => (Allow) LPort=1900
    FirewallRules: [{6FB4BE06-C716-4BBE-B8F1-723536A73BF7}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    FirewallRules: [{EA42EF0A-199D-4C08-8396-C4F9CE0CE16A}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
    FirewallRules: [{9D85719A-85C0-4891-90E4-91FBD9CB8FDC}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
    FirewallRules: [{E3715782-7E27-46E6-99FD-CA7E91141648}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
    FirewallRules: [{C7E2DD44-065F-41C5-94FD-2140E91CD06B}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
    FirewallRules: [{AC1B590F-8CDD-4EB8-AF7C-2720788440D9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{2FD07A5B-ACE4-48B0-ACC7-DDA159672A67}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{4AC6E8E4-15E5-4331-AE9B-EB96AFFE694D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{C0D56825-70BD-4D67-93CA-4A638C8FD0BE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{10D3C16C-20AD-4636-A2B5-76F1C37D33EC}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
    FirewallRules: [{B4085BD3-5D62-47B6-9DC2-C14A4DC3F10D}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
    FirewallRules: [{C06C0BE4-79CB-4B4E-B655-06E5B97C2F31}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe
    FirewallRules: [{61160157-6906-4694-9AB7-F6F4E272CA7E}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe
    FirewallRules: [{6141CD4F-A6FC-44EC-B074-87381F5353AD}] => (Allow) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\DeviceSetup.exe
    FirewallRules: [{3224AC18-1522-4DE9-9BF1-72EE7332C9CE}] => (Allow) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe
    FirewallRules: [TCP Query User{0C5FB283-F172-44CD-B65F-C059D3DA149C}C:\users\elizabeth\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\elizabeth\appdata\local\google\chrome\application\chrome.exe
    FirewallRules: [UDP Query User{6677E74E-8DE3-407B-915B-DF4E99C01610}C:\users\elizabeth\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\elizabeth\appdata\local\google\chrome\application\chrome.exe
    FirewallRules: [{2089ED48-2CC9-4472-9075-FC590C38CEB7}] => (Allow) C:\Users\Elizabeth\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
    FirewallRules: [{802CA57A-7CDF-4272-9EC8-01E7FAB3A32D}] => (Allow) C:\Users\Elizabeth\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
    FirewallRules: [{70ACB0B3-A7D5-4A1A-AAA1-AD983B70F684}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\TriDef 3D\TriDef\TriDefMediaPlayer\TriDefMediaPlayer.exe] => Enabled:TriDef 3D Media Player

    ==================== Faulty Device Manager Devices =============

    Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
    Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Cisco Systems
    Service: vpnva
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (08/03/2015 09:06:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 8283

    Error: (08/03/2015 09:06:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 8283

    Error: (08/03/2015 09:06:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (08/03/2015 09:06:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 7285

    Error: (08/03/2015 09:06:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 7285

    Error: (08/03/2015 09:06:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (08/03/2015 09:06:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 6287

    Error: (08/03/2015 09:06:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 6287

    Error: (08/03/2015 09:06:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (08/03/2015 09:06:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 5288


    System errors:
    =============
    Error: (08/05/2015 08:32:33 PM) (Source: DCOM) (EventID: 10010) (User: )
    Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

    Error: (08/05/2015 02:38:15 AM) (Source: volsnap) (EventID: 36) (User: )
    Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

    Error: (08/04/2015 09:32:31 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
    Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

    Error: (08/04/2015 09:29:22 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
    Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

    Error: (08/03/2015 07:32:29 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

    Error: (07/31/2015 07:11:33 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
    Description: The VAIO Care Performance Service service hung on starting.

    Error: (07/31/2015 07:07:43 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

    Error: (07/30/2015 10:57:37 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
    Description: WLAN Extensibility Module has stopped unexpectedly.

    Module Path: C:\Windows\System32\IWMSSvc.dll

    Error: (07/30/2015 10:57:37 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
    Description: WLAN Extensibility Module has stopped unexpectedly.

    Module Path: C:\Windows\System32\IWMSSvc.dll

    Error: (07/30/2015 10:57:37 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
    Description: WLAN Extensibility Module has stopped unexpectedly.

    Module Path: C:\Windows\System32\IWMSSvc.dll


    Microsoft Office:
    =========================
    Error: (08/03/2015 09:06:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 8283

    Error: (08/03/2015 09:06:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 8283

    Error: (08/03/2015 09:06:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (08/03/2015 09:06:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 7285

    Error: (08/03/2015 09:06:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 7285

    Error: (08/03/2015 09:06:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (08/03/2015 09:06:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 6287

    Error: (08/03/2015 09:06:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 6287

    Error: (08/03/2015 09:06:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (08/03/2015 09:06:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 5288


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz
    Percentage of memory in use: 33%
    Total physical RAM: 6043.28 MB
    Available physical RAM: 4021.54 MB
    Total Virtual: 12084.73 MB
    Available Virtual: 8666.96 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:503.4 GB) (Free:305.06 GB) NTFS
    Drive f: (Pictures) (Fixed) (Total:73.24 GB) (Free:54.67 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 596.2 GB) (Disk ID: 8412C5D5)

    Partition: GPT Partition Type.

    ==================== End of log ============================
     
  21. Java13

    Java13 TS Rookie Topic Starter Posts: 18

    Looks like theres a lot of errors....
     
  22. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Every computer has some errors listed.
    You look at Event Viewer only when you're having some particular issue. If not, leave it alone.

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  23. Java13

    Java13 TS Rookie Topic Starter Posts: 18

    It went SUPER quick, like less than 1 second

    Fix result of Farbar Recovery Scan Tool (x64) Version:02-08-2015 01
    Ran by Elizabeth (2015-08-05 21:07:17) Run:1
    Running from C:\Users\Elizabeth\Downloads
    Loaded Profiles: Elizabeth (Available Profiles: Elizabeth)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-2041430264-2399561070-413413978-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    SearchScopes: HKU\S-1-5-21-2041430264-2399561070-413413978-1000 -> Backup.Old.DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    SearchScopes: HKU\S-1-5-21-2041430264-2399561070-413413978-1000 -> {5D60AD9C-0AA9-5572-367C-60A381D2B97C} URL =
    2013-02-10 16:39 - 2013-02-11 00:48 - 0005632 _____ () C:\Users\Elizabeth\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2015-07-20 20:05 - 2015-07-20 20:05 - 0007599 _____ () C:\Users\Elizabeth\AppData\Local\Resmon.ResmonCfg
    2012-08-01 11:20 - 2012-08-01 11:20 - 0000057 _____ () C:\ProgramData\Ament.ini
    CustomCLSID: HKU\S-1-5-21-2041430264-2399561070-413413978-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Elizabeth\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-2041430264-2399561070-413413978-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Elizabeth\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-2041430264-2399561070-413413978-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Elizabeth\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-2041430264-2399561070-413413978-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Elizabeth\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-2041430264-2399561070-413413978-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Elizabeth\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-2041430264-2399561070-413413978-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Elizabeth\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-2041430264-2399561070-413413978-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Elizabeth\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

    *****************

    "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
    "HKU\S-1-5-21-2041430264-2399561070-413413978-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
    HKU\S-1-5-21-2041430264-2399561070-413413978-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\Backup.Old.DefaultScope => value removed successfully
    "HKU\S-1-5-21-2041430264-2399561070-413413978-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5D60AD9C-0AA9-5572-367C-60A381D2B97C}" => key removed successfully
    HKCR\CLSID\{5D60AD9C-0AA9-5572-367C-60A381D2B97C} => key not found.
    C:\Users\Elizabeth\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully.
    C:\Users\Elizabeth\AppData\Local\Resmon.ResmonCfg => moved successfully.
    C:\ProgramData\Ament.ini => moved successfully.
    "HKU\S-1-5-21-2041430264-2399561070-413413978-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => key removed successfully
    "HKU\S-1-5-21-2041430264-2399561070-413413978-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}" => key removed successfully
    "HKU\S-1-5-21-2041430264-2399561070-413413978-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => key removed successfully
    "HKU\S-1-5-21-2041430264-2399561070-413413978-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => key removed successfully
    "HKU\S-1-5-21-2041430264-2399561070-413413978-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}" => key removed successfully
    "HKU\S-1-5-21-2041430264-2399561070-413413978-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => key removed successfully
    "HKU\S-1-5-21-2041430264-2399561070-413413978-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => key removed successfully

    ==== End of Fixlog 21:07:17 ====
     
  24. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
    NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services

    Press "Scan".
    It will create a log (FSS.txt) in the same directory the tool is run.
    Please copy and paste the log to your reply.


    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    [​IMG] Download Sophos Free Virus Removal Tool and save it to your desktop.
    • Double click the icon and select Run
    • Click Next
    • Select I accept the terms in this license agreement, then click Next twice
    • Click Install
    • Click Finish to launch the program
    • Once the virus database has been updated click Start Scanning
    • If any threats are found click Details, then View log file... (bottom left hand corner)
    • Copy and paste the results in your reply
    • Close the Notepad document, close the Threat Details screen, then click Start cleanup
    • Click Exit to close the program
     
  25. Java13

    Java13 TS Rookie Topic Starter Posts: 18

    If my antivirus software is still disabled, should I re-enable it before running these?
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...