Solved Infected with iexplore.exe malware (logs attached)

Hi Broni. I can't tell you how many times I've done the same thing :)

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-04-2015 01
Ran by SYSTEM at 2015-04-23 21:21:44 Run:5
Running from g:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
Replace: C:\Windows\winsxs\amd64_microsoft-windows-explorerframe_31bf3856ad364e35_6.1.7600.16623_none_1eb0dfb08d530aa2\ExplorerFrame.dll C:\Windows\System32\ExplorerFrame.dll
*****************

Could not find C:\Windows\System32\ExplorerFrame.dll
C:\Windows\winsxs\amd64_microsoft-windows-explorerframe_31bf3856ad364e35_6.1.7600.16623_none_1eb0dfb08d530aa2\ExplorerFrame.dll copied successfully to C:\Windows\System32\ExplorerFrame.dll

==== End of Fixlog 21:21:44 ====
 
Hi Broni. It seems to be stalled on a black screen with white pointer cursor. When I try to do <ctrl><alt><del> to access the logoff / switch user / shutdown screen, it took about 1 minute for it to appear. When I selected cancel, the black screen returned, but with no cursor.
 
Btw, did <ctrl><alt><del> again and it took maybe 4 minutes for the logoff / switch user screen to appear. I'm now back on the black screen and after a few minutes of delay the mouse has reappeared.
 
Boot back to System Recovery Options, run FRST scan from USB and give me fresh log.
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-04-2015 01
Ran by SYSTEM on MININT-TNDDUI3 on 23-04-2015 22:03:55
Running from G:\
Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool:

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10775584 2010-05-31] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2040352 2010-05-31] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [212480 2010-05-31] (Alps Electric Co., Ltd.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2710856 2009-11-01] (CANON INC.)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1931024 2010-07-19] (Intel(R) Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [673136 2010-05-31] (Sony Corporation)
HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [140640 2009-09-28] (CANON INC.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-01-20] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [40184 2015-02-26] (Panda Security, S.L.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\Guest\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-08-03] (Google Inc.)
HKU\Kevin\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-08-03] (Google Inc.)
HKU\Kevin\...\Policies\system: [LogonHoursAction] 2
HKU\Kevin\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Shelley\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3872080 2010-04-16] (Microsoft Corporation)
HKU\Shelley\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-08-03] (Google Inc.)
HKU\Shelley\...\Run: [TrayClient] => C:\Program Files (x86)\TrayClient\TrayClient.exe [714240 2015-04-01] (TrayClient)
HKU\Shelley\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
HKU\Shelley\...\Run: [KSS] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202080 2014-06-15] (Kaspersky Lab ZAO)
HKU\Shelley\...\Policies\system: [LogonHoursAction] 2
HKU\Shelley\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [5020520 2015-03-23] (Emsisoft GmbH)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S2 CrashPlanService; C:\Program Files\CrashPlan\CrashPlanService.exe [222720 2010-12-06] (CrashPlan)
S2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)
S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-04-21] (SurfRight B.V.)
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
S2 KSS; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202080 2014-06-15] (Kaspersky Lab ZAO)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-07-19] ()
S2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142584 2015-02-26] (Panda Security, S.L.)
S2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
S2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2015-02-26] (Panda Security, S.L.)
S2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1919256 2015-02-12] (IBM Corp.)
S2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [266168 2013-11-01] (Intel Corporation)
S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)
S2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [851824 2010-06-17] (Sony Corporation)
S3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-28] (Sony Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 NCO; "C:\Program Files (x86)\Norton Safe Web Lite\Engine\2014.7.11.42\NST.exe" /s "NCO" /m "C:\Program Files (x86)\Norton Safe Web Lite\Engine\2014.7.11.42\diMaster.dll" /prefetch:1

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE070B0.02A\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)
S1 epp64; C:\Windows\System32\DRIVERS\epp64.sys [135800 2015-03-23] (Emsisoft GmbH)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-04-23] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
S1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [93968 2015-02-09] (Panda Security, S.L.)
S1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [202000 2015-02-09] (Panda Security, S.L.)
S1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110864 2015-02-09] (Panda Security, S.L.)
S1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [116496 2015-02-09] (Panda Security, S.L.)
S1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [48400 2014-12-31] (Panda Security, S.L.)
S1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [99600 2015-02-09] (Panda Security, S.L.)
S1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [69904 2015-02-09] (Panda Security, S.L.)
S1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [124176 2015-02-09] (Panda Security, S.L.)
S1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [299792 2015-02-09] (Panda Security, S.L.)
S1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [166160 2015-02-09] (Panda Security, S.L.)
S1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [113424 2015-02-09] (Panda Security, S.L.)
S1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [257296 2015-02-09] (Panda Security, S.L.)
S1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [106256 2015-02-09] (Panda Security, S.L.)
S2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [163088 2015-02-25] (Panda Security, S.L.)
S2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121616 2015-02-25] (Panda Security, S.L.)
S1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [197392 2015-02-25] (Panda Security, S.L.)
S2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [124176 2015-02-25] (Panda Security, S.L.)
S2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [133904 2015-02-25] (Panda Security, S.L.)
S2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2015-02-25] (Panda Security, S.L.)
S1 RapportCerberus_80128; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_80128.sys [844440 2015-02-26] (IBM Corp.)
S1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [445816 2015-02-12] (IBM Corp.)
S0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [535576 2015-02-12] (IBM Corp.)
S1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [558872 2015-02-12] (IBM Corp.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
S3 semav6thermal64ro; C:\Windows\system32\drivers\semav6thermal64ro.sys [13792 2014-12-22] ()
S3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-04-22] ()

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-23 21:21 - 2010-06-26 00:31 - 01863680 ____N (Microsoft Corporation) C:\Windows\System32\ExplorerFrame.dll
2015-04-22 22:26 - 2015-04-22 22:26 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Shelley\Downloads\mbam-setup-2.1.6.1022.exe
2015-04-22 22:16 - 2015-04-22 22:23 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-04-22 22:16 - 2015-04-22 22:16 - 00035064 _____ () C:\Windows\System32\Drivers\TrueSight.sys
2015-04-22 22:15 - 2015-04-22 22:16 - 16884312 _____ () C:\Users\Shelley\Downloads\RogueKiller.exe
2015-04-22 05:59 - 2015-04-22 05:59 - 00046392 _____ () C:\Users\Shelley\Desktop\Addition.txt
2015-04-22 05:58 - 2015-04-22 05:58 - 00069811 _____ () C:\Users\Shelley\Desktop\FRST.txt
2015-04-22 05:41 - 2015-04-22 05:42 - 00046392 _____ () C:\Users\Shelley\Downloads\Addition.txt
2015-04-22 05:37 - 2015-04-23 22:03 - 00000000 ____D () C:\FRST
2015-04-22 05:37 - 2015-04-22 05:42 - 00069811 _____ () C:\Users\Shelley\Downloads\FRST.txt
2015-04-22 05:36 - 2015-04-22 05:36 - 02099712 _____ (Farbar) C:\Users\Shelley\Downloads\FRST64.exe
2015-04-22 05:24 - 2015-04-23 20:41 - 00001300 _____ () C:\Windows\setupact.log
2015-04-22 05:24 - 2015-04-22 05:24 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-22 05:22 - 2015-04-22 22:44 - 00001606 _____ () C:\Windows\PFRO.log
2015-04-21 23:54 - 2015-04-21 23:54 - 00000000 ____D () C:\ProgramData\Emsisoft
2015-04-21 20:40 - 2015-04-21 20:40 - 00001091 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2015-04-21 20:39 - 2015-04-23 20:29 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2015-04-21 20:39 - 2015-03-23 23:17 - 00135800 _____ (Emsisoft GmbH) C:\Windows\System32\Drivers\epp64.sys
2015-04-21 19:51 - 2015-04-21 19:53 - 159720456 _____ (Emsisoft Ltd. ) C:\Users\Shelley\Downloads\EmsisoftAntiMalwareSetup.exe
2015-04-21 18:39 - 2015-04-21 18:39 - 00001077 _____ () C:\Users\Shelley\Desktop\Kaspersky Security Scan.lnk
2015-04-21 18:38 - 2015-04-21 18:38 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-04-21 18:38 - 2015-04-21 18:38 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2015-04-21 18:35 - 2015-04-21 18:35 - 00189304 _____ (Kaspersky Lab) C:\Users\Shelley\Downloads\kss12.0.1.881de_en_es_fr_it_ja_ko_pl_pt_ru_zh_6221.exe
2015-04-21 16:44 - 2015-04-21 16:44 - 00002802 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-04-21 16:44 - 2015-04-21 16:44 - 00000000 ____D () C:\Program Files\CCleaner
2015-04-21 16:43 - 2015-04-21 16:43 - 05344528 _____ (Piriform Ltd) C:\Users\Shelley\Downloads\ccsetup504.exe
2015-04-21 16:38 - 2015-04-21 16:38 - 00000000 ____D () C:\Users\Shelley\AppData\Roaming\Panda Security
2015-04-21 16:37 - 2015-04-21 16:39 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2015-04-21 16:33 - 2015-04-21 16:39 - 00000000 ____D () C:\ProgramData\Panda Security
2015-04-21 16:33 - 2015-04-21 16:33 - 01630952 _____ () C:\Users\Shelley\Downloads\PANDAFREEAV.exe
2015-04-21 16:19 - 2015-04-21 16:19 - 00012724 _____ () C:\Windows\System32\.crusader
2015-04-21 16:02 - 2015-04-21 16:02 - 00001893 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2015-04-21 16:02 - 2015-04-21 16:02 - 00000000 ____D () C:\Program Files\HitmanPro
2015-04-21 16:01 - 2015-04-21 16:20 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-04-21 16:00 - 2015-04-21 16:00 - 11028616 _____ (SurfRight B.V.) C:\Users\Shelley\Downloads\HitmanPro_x64.exe
2015-04-21 15:12 - 2015-04-23 20:58 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2015-04-21 15:11 - 2015-04-22 22:27 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-21 15:11 - 2015-04-22 22:27 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-21 15:11 - 2015-04-21 15:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-21 15:11 - 2015-04-14 08:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2015-04-21 15:11 - 2015-04-14 08:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys
2015-04-21 15:11 - 2015-04-14 08:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2015-04-21 15:09 - 2015-04-21 15:10 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Shelley\Downloads\mbam-setup-2.1.4.1018.exe
2015-04-21 14:30 - 2015-04-21 14:37 - 00000000 ____D () C:\AdwCleaner
2015-04-21 14:28 - 2015-04-21 14:28 - 02217984 _____ () C:\Users\Shelley\Downloads\adwcleaner_4.201.exe
2015-04-19 03:06 - 2015-04-21 14:17 - 00000004 _____ () C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-04-18 20:41 - 2015-04-21 16:19 - 00000000 ____D () C:\Program Files (x86)\user extensions
2015-04-18 20:41 - 2015-04-18 20:41 - 00000064 _____ () C:\Users\Shelley\AppData\Local\e47e00864d60f26a598b359baecf41e7
2015-04-18 20:12 - 2015-04-18 20:13 - 00000000 ____D () C:\Program Files (x86)\fbbf7ad2-3426-4d05-8d7c-fc1e7c02d584
2015-04-18 19:43 - 2015-04-18 19:43 - 00737736 _____ (My Company, Inc. ) C:\Users\Shelley\Downloads\setup v8 (3).exe
2015-04-18 19:41 - 2015-04-18 19:42 - 00737736 _____ (My Company, Inc. ) C:\Users\Shelley\Downloads\setup v8 (2).exe
2015-04-18 19:40 - 2015-04-18 19:40 - 00000000 ____D () C:\Users\Shelley\AppData\Local\TrayClient
2015-04-18 19:40 - 2015-04-18 19:40 - 00000000 ____D () C:\Program Files (x86)\TrayClient
2015-04-18 19:39 - 2015-04-18 19:39 - 00737736 _____ (My Company, Inc. ) C:\Users\Shelley\Downloads\setup v8.exe
2015-04-18 19:39 - 2015-04-18 19:39 - 00737736 _____ (My Company, Inc. ) C:\Users\Shelley\Downloads\setup v8 (1).exe
2015-04-14 15:24 - 2015-03-24 22:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2015-04-14 15:24 - 2015-03-24 22:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2015-04-14 15:24 - 2015-03-24 22:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2015-04-14 15:24 - 2015-03-24 22:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2015-04-14 15:24 - 2015-03-24 22:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2015-04-14 15:24 - 2015-03-24 22:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\System32\WinSetupUI.dll
2015-04-14 15:24 - 2015-03-24 22:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\System32\wups2.dll
2015-04-14 15:24 - 2015-03-24 22:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\System32\wups.dll
2015-04-14 15:24 - 2015-03-24 22:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2015-04-14 15:24 - 2015-03-24 22:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2015-04-14 15:24 - 2015-03-24 22:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\System32\wu.upgrade.ps.dll
2015-04-14 15:24 - 2015-03-24 22:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-14 15:24 - 2015-03-24 22:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-14 15:24 - 2015-03-24 22:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-14 15:24 - 2015-03-24 22:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-14 15:24 - 2015-03-24 22:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-14 15:24 - 2015-03-22 22:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\System32\invagent.dll
2015-04-14 15:24 - 2015-03-22 22:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\System32\generaltel.dll
2015-04-14 15:24 - 2015-03-22 22:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\System32\appraiser.dll
2015-04-14 15:24 - 2015-03-22 22:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\System32\devinv.dll
2015-04-14 15:24 - 2015-03-22 22:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll
2015-04-14 15:24 - 2015-03-22 22:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\System32\aepic.dll
2015-04-14 15:24 - 2015-03-22 22:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\System32\acmigration.dll
2015-04-14 15:24 - 2015-03-22 22:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2015-04-14 15:24 - 2015-03-05 00:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\System32\gdi32.dll
2015-04-14 15:24 - 2015-03-04 23:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-14 15:24 - 2015-02-24 22:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\http.sys
2015-04-14 15:23 - 2015-03-17 00:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2015-04-14 15:23 - 2015-03-17 00:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2015-04-14 15:23 - 2015-03-17 00:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2015-04-14 15:23 - 2015-03-17 00:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2015-04-14 15:23 - 2015-03-17 00:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2015-04-14 15:23 - 2015-03-17 00:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll
2015-04-14 15:23 - 2015-03-17 00:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2015-04-14 15:23 - 2015-03-17 00:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2015-04-14 15:23 - 2015-03-17 00:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2015-04-14 15:23 - 2015-03-17 00:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2015-04-14 15:23 - 2015-03-17 00:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\System32\srcore.dll
2015-04-14 15:23 - 2015-03-17 00:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2015-04-14 15:23 - 2015-03-17 00:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2015-04-14 15:23 - 2015-03-17 00:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\System32\msv1_0.dll
2015-04-14 15:23 - 2015-03-17 00:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2015-04-14 15:23 - 2015-03-17 00:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\System32\rstrui.exe
2015-04-14 15:23 - 2015-03-17 00:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2015-04-14 15:23 - 2015-03-17 00:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\System32\wdigest.dll
2015-04-14 15:23 - 2015-03-17 00:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2015-04-14 15:23 - 2015-03-17 00:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\System32\smss.exe
2015-04-14 15:23 - 2015-03-17 00:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\System32\TSpkg.dll
2015-04-14 15:23 - 2015-03-17 00:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\System32\srclient.dll
2015-04-14 15:23 - 2015-03-17 00:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2015-04-14 15:23 - 2015-03-17 00:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2015-04-14 15:23 - 2015-03-17 00:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\System32\secur32.dll
2015-04-14 15:23 - 2015-03-17 00:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\System32\credssp.dll
2015-04-14 15:23 - 2015-03-17 00:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2015-04-14 15:23 - 2015-03-17 00:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\System32\conhost.exe
2015-04-14 15:23 - 2015-03-17 00:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\System32\auditpol.exe
2015-04-14 15:23 - 2015-03-17 00:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\System32\lsass.exe
2015-04-14 15:23 - 2015-03-17 00:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\System32\msaudite.dll
2015-04-14 15:23 - 2015-03-17 00:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\System32\msobjs.dll
2015-04-14 15:23 - 2015-03-17 00:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\System32\adtschema.dll
2015-04-14 15:23 - 2015-03-17 00:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\System32\apisetschema.dll
2015-04-14 15:23 - 2015-03-17 00:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2015-04-14 15:23 - 2015-03-17 00:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2015-04-14 15:23 - 2015-03-17 00:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-14 15:23 - 2015-03-17 00:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-14 15:23 - 2015-03-17 00:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-14 15:23 - 2015-03-17 00:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2015-04-14 15:23 - 2015-03-17 00:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-14 15:23 - 2015-03-17 00:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2015-04-14 15:23 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-14 15:23 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-14 15:23 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-14 15:23 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2015-04-14 15:23 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2015-04-14 15:23 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-14 15:23 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2015-04-14 15:23 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-14 15:23 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2015-04-14 15:23 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2015-04-14 15:23 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2015-04-14 15:23 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2015-04-14 15:23 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-14 15:23 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2015-04-14 15:23 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-14 15:23 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-14 15:23 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-14 15:23 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2015-04-14 15:23 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-14 15:23 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2015-04-14 15:23 - 2015-03-17 00:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-14 15:23 - 2015-03-17 00:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-14 15:23 - 2015-03-16 23:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-14 15:23 - 2015-03-16 23:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-14 15:23 - 2015-03-16 23:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-14 15:23 - 2015-03-16 23:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-14 15:23 - 2015-03-16 23:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-14 15:23 - 2015-03-16 23:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-14 15:23 - 2015-03-16 23:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-14 15:23 - 2015-03-16 23:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-14 15:23 - 2015-03-16 23:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-14 15:23 - 2015-03-16 23:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-14 15:23 - 2015-03-16 23:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-14 15:23 - 2015-03-16 23:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-14 15:23 - 2015-03-16 23:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-14 15:23 - 2015-03-16 23:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-14 15:23 - 2015-03-16 23:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-14 15:23 - 2015-03-16 23:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-14 15:23 - 2015-03-16 23:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-14 15:23 - 2015-03-16 23:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-14 15:23 - 2015-03-16 23:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-14 15:23 - 2015-03-16 23:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-14 15:23 - 2015-03-16 23:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-14 15:23 - 2015-03-16 23:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-14 15:23 - 2015-03-16 23:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-14 15:23 - 2015-03-16 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-14 15:23 - 2015-03-16 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-14 15:23 - 2015-03-16 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-14 15:23 - 2015-03-16 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-14 15:23 - 2015-03-16 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-14 15:23 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-14 15:23 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-14 15:23 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-14 15:23 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-14 15:23 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-14 15:23 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-14 15:23 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-14 15:23 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-14 15:23 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-14 15:23 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-14 15:23 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-14 15:23 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-14 15:23 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-14 15:23 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-14 15:23 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-14 15:23 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-14 15:23 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-14 15:23 - 2015-03-16 22:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-14 15:23 - 2015-03-16 22:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-14 15:23 - 2015-03-16 22:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-14 15:23 - 2015-03-16 22:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-14 15:23 - 2015-03-16 22:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-14 15:23 - 2015-03-16 22:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-14 15:22 - 2015-04-01 18:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-14 15:22 - 2015-03-12 23:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2015-04-14 15:22 - 2015-03-12 23:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2015-04-14 15:22 - 2015-03-12 22:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2015-04-14 15:22 - 2015-03-12 22:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2015-04-14 15:22 - 2015-03-12 22:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-14 15:22 - 2015-03-12 22:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-14 15:22 - 2015-03-12 22:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-04-14 15:22 - 2015-03-12 22:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-14 15:22 - 2015-03-12 22:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-14 15:22 - 2015-03-12 22:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-14 15:22 - 2015-03-12 22:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2015-04-14 15:22 - 2015-03-12 22:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-14 15:22 - 2015-03-12 21:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-14 15:22 - 2015-03-12 21:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-14 15:22 - 2015-03-12 21:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-14 15:22 - 2015-03-12 21:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-14 15:22 - 2015-03-09 22:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2015-04-14 15:22 - 2015-03-09 22:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2015-04-14 15:22 - 2015-03-09 22:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-14 15:22 - 2015-03-09 22:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-14 15:21 - 2015-04-01 19:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2015-04-14 15:21 - 2015-03-12 23:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2015-04-14 15:21 - 2015-03-12 23:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2015-04-14 15:21 - 2015-03-12 23:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2015-04-14 15:21 - 2015-03-12 23:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2015-04-14 15:21 - 2015-03-12 23:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2015-04-14 15:21 - 2015-03-12 23:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2015-04-14 15:21 - 2015-03-12 23:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2015-04-14 15:21 - 2015-03-12 23:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2015-04-14 15:21 - 2015-03-12 22:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2015-04-14 15:21 - 2015-03-12 22:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2015-04-14 15:21 - 2015-03-12 22:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2015-04-14 15:21 - 2015-03-12 22:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2015-04-14 15:21 - 2015-03-12 22:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2015-04-14 15:21 - 2015-03-12 22:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2015-04-14 15:21 - 2015-03-12 22:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-14 15:21 - 2015-03-12 22:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-14 15:21 - 2015-03-12 22:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-14 15:21 - 2015-03-12 22:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2015-04-14 15:21 - 2015-03-12 22:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2015-04-14 15:21 - 2015-03-12 22:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2015-04-14 15:21 - 2015-03-12 22:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-14 15:21 - 2015-03-12 22:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-14 15:21 - 2015-03-12 22:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-14 15:21 - 2015-03-12 22:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-14 15:21 - 2015-03-12 22:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-14 15:21 - 2015-03-12 22:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2015-04-14 15:21 - 2015-03-12 22:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-14 15:21 - 2015-03-12 22:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2015-04-14 15:21 - 2015-03-12 22:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2015-04-14 15:21 - 2015-03-12 22:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2015-04-14 15:21 - 2015-03-12 21:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-14 15:21 - 2015-03-12 21:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-14 15:21 - 2015-03-12 21:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2015-04-14 15:21 - 2015-03-12 21:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-14 15:21 - 2015-03-12 21:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-14 15:21 - 2015-03-12 21:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-14 15:21 - 2015-03-12 21:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2015-04-14 15:21 - 2015-03-12 21:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2015-04-14 15:21 - 2015-03-12 21:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-14 15:21 - 2015-03-12 21:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-14 15:20 - 2015-03-03 23:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\System32\clfs.sys
2015-04-14 15:20 - 2015-03-03 23:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\System32\clfsw32.dll
2015-04-14 15:20 - 2015-03-03 23:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-14 13:54 - 2015-04-14 13:54 - 18178736 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-04-05 02:01 - 2015-04-05 02:02 - 00000000 ___SD () C:\Windows\System32\GWX
2015-04-05 02:01 - 2015-04-05 02:01 - 00000000 ___SD () C:\Windows\SysWOW64\GWX

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-23 21:02 - 2009-07-13 23:45 - 00022704 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-23 21:02 - 2009-07-13 23:45 - 00022704 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-23 21:01 - 2010-10-11 09:00 - 01354685 _____ () C:\Windows\WindowsUpdate.log
2015-04-23 20:57 - 2012-08-11 16:32 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-23 20:52 - 2015-02-02 10:00 - 00000574 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-989391033-3763930807-2314399830-1001.job
2015-04-23 20:48 - 2013-07-05 07:50 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ce797e38c49566.job
2015-04-23 20:42 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-23 18:40 - 2013-12-06 08:18 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cef285a2e6c3d9.job
2015-04-23 17:51 - 2009-07-14 00:13 - 00782510 _____ () C:\Windows\System32\PerfStringBackup.INI
2015-04-23 17:49 - 2010-11-20 09:59 - 00003950 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{E1F0BE7D-DC64-46E7-8F3E-9D502C339AA6}
2015-04-22 23:05 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-22 22:44 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Web
2015-04-22 21:49 - 2011-12-12 20:26 - 00000000 ____D () C:\Users\Shelley\Tracing
2015-04-21 18:55 - 2012-02-05 10:40 - 00002491 _____ () C:\Users\Public\Desktop\Safari.lnk
2015-04-21 18:23 - 2012-03-07 19:32 - 00000000 ____D () C:\ProgramData\Yahoo!
2015-04-21 18:23 - 2012-03-07 19:31 - 00000000 ____D () C:\Program Files (x86)\Yahoo!
2015-04-21 18:13 - 2014-03-30 18:48 - 00000000 ____D () C:\Windows\Minidump
2015-04-21 18:13 - 2011-12-28 11:22 - 00000000 ____D () C:\Users\Shelley\AppData\Local\CrashDumps
2015-04-21 18:13 - 2010-07-12 15:26 - 00000000 ____D () C:\Windows\Panther
2015-04-21 17:13 - 2009-07-13 23:45 - 00479416 _____ () C:\Windows\System32\FNTCACHE.DAT
2015-04-21 16:38 - 2010-11-20 09:56 - 00119104 _____ () C:\Users\Shelley\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-20 20:30 - 2014-06-23 06:21 - 00000000 ____D () C:\Users\Shelley\AppData\Local\BingoCabin
2015-04-19 21:44 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\System32\NDF
2015-04-19 18:17 - 2010-11-20 12:24 - 00000000 ____D () C:\Users\Shelley\AppData\Local\Google
2015-04-18 20:13 - 2011-02-14 19:49 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-04-15 05:23 - 2014-12-10 03:39 - 00000000 ____D () C:\Windows\System32\appraiser
2015-04-15 05:23 - 2014-05-07 02:01 - 00000000 ___SD () C:\Windows\System32\CompatTel
2015-04-15 05:23 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-15 02:42 - 2011-03-23 17:50 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-15 02:35 - 2012-11-17 12:58 - 00766820 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-15 02:23 - 2012-08-10 20:59 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-04-15 02:23 - 2010-08-03 19:33 - 00000000 ____D () C:\ProgramData\Skype
2015-04-15 02:22 - 2013-07-24 02:05 - 00000000 ____D () C:\Windows\System32\MRT
2015-04-15 02:09 - 2010-11-21 08:51 - 128913832 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2015-04-15 02:08 - 2009-07-13 21:34 - 00000478 _____ () C:\Windows\win.ini
2015-04-14 13:54 - 2012-08-11 16:32 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-14 13:54 - 2012-08-11 16:32 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-14 13:54 - 2011-06-21 12:12 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-13 19:30 - 2014-03-26 13:51 - 00000000 ____D () C:\Users\Shelley\AppData\Local\Bingoliner
2015-04-13 19:29 - 2014-03-26 13:51 - 00001002 _____ () C:\Users\Shelley\Desktop\BingoLiner.lnk
2015-04-13 06:50 - 2015-02-02 10:00 - 00003612 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-989391033-3763930807-2314399830-1001
2015-03-25 19:45 - 2014-06-23 06:21 - 00001002 _____ () C:\Users\Shelley\Desktop\BingoCabin.lnk
2015-03-25 15:27 - 2013-06-16 11:35 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Identity Safe
2015-03-25 06:55 - 2013-08-22 16:21 - 00002460 _____ () C:\Users\Public\Desktop\Norton Identity Safe.LNK
2015-03-25 06:55 - 2013-04-10 19:05 - 00000000 ____D () C:\Windows\System32\Drivers\NSTx64

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points =========================

Restore point made on: 2015-03-31 11:50:34
Restore point made on: 2015-04-03 14:33:59
Restore point made on: 2015-04-05 02:01:23
Restore point made on: 2015-04-10 07:36:36
Restore point made on: 2015-04-14 14:38:06
Restore point made on: 2015-04-15 02:02:44
Restore point made on: 2015-04-21 14:32:59
Restore point made on: 2015-04-21 16:18:43
Restore point made on: 2015-04-21 16:19:35

==================== Memory info ===========================

Percentage of memory in use: 17%
Total physical RAM: 3758.1 MB
Available physical RAM: 3114.15 MB
Total Pagefile: 3756.25 MB
Available Pagefile: 3099.67 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:455.32 GB) (Free:281.21 GB) NTFS
Drive e: (Recovery) (Fixed) (Total:10.34 GB) (Free:0.81 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: () (Removable) (Total:0.96 GB) (Free:0.15 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 61EB3EF9)
Partition 1: (Not Active) - (Size=10.3 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=455.3 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 984 MB) (Disk ID: 6F20736B)
No partition Table on disk 1.
Disk 1 is a removable device.


LastRegBack: 2014-10-18 03:08

==================== End Of Log ============================
 
We could try to restore your computer back to this date:
LastRegBack: 2014-10-18 03:08
but it's way back so I'd like to try to avoid it.

You have newer restore points.

Go back to System Recovery Options and try Startup Repair first.
If that doesn't work try System Restore:

Restore point made on: 2015-03-31 11:50:34
Restore point made on: 2015-04-03 14:33:59
Restore point made on: 2015-04-05 02:01:23
Restore point made on: 2015-04-10 07:36:36
Restore point made on: 2015-04-14 14:38:06
Restore point made on: 2015-04-15 02:02:44
Restore point made on: 2015-04-21 14:32:59
Restore point made on: 2015-04-21 16:18:43
Restore point made on: 2015-04-21 16:19:35

Start with the latest one.
 
Hi Broni. I restored to the April 15 restore point which I thought was before the malware symptoms appeared. However, after rebooting, the following error message appears:

explorer.exe - Bad Image. C:\Windows\system32\EXPLORERFRAME.dll is either not designed to run on Windows or it contains an error. Try installing the program again using the original installation media.

Can you clarify whether the changes we made would be causing this error to appear? I'm trying to figure out whether going to an older restore point will eliminate this error...

Thanks!
 
When I dismiss the error, I'm at the black screen with white arrow cursor. Doesn't get to the Windows desktop.
 
Hi Broni. My second attempt at restore point worked and I booted into Windows. I began following your original instructions.

1) I was able to remove plesome and searchbyask.
2) I followed your steps for RogueKiller. Logs below.

RogueKiller V10.6.0.0 [Apr 17 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Shelley [Administrator]
Started from : C:\Users\Shelley\Downloads\RogueKiller.exe
Mode : Delete -- Date : 04/24/2015 07:03:27

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 15 ¤¤¤
[Suspicious.Path] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce | {91140000-0011-0000-0000-0000000FF1CE} : C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H [7][x][x][x][x][x] -> Deleted
[Suspicious.Path] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce | {90140000-0018-0409-0000-0000000FF1CE} : C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H [7][x][x][x][x][x] -> Deleted
[Suspicious.Path] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce | {91140000-0011-0000-0000-0000000FF1CE} : C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H -> ERROR [2]
[Suspicious.Path] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce | {90140000-0018-0409-0000-0000000FF1CE} : C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H -> ERROR [2]
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce | {91140000-0011-0000-0000-0000000FF1CE} : C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H -> ERROR [2]
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce | {90140000-0018-0409-0000-0000000FF1CE} : C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H -> ERROR [2]
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce | {91140000-0011-0000-0000-0000000FF1CE} : C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H -> ERROR [2]
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce | {90140000-0018-0409-0000-0000000FF1CE} : C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H -> ERROR [2]
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BC863AAA-54E2-4F05-A57B-5B003D0368DB} | DhcpNameServer : 10.100.18.2 [(Private Address) (XX)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{BC863AAA-54E2-4F05-A57B-5B003D0368DB} | DhcpNameServer : 10.100.18.2 [(Private Address) (XX)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{BC863AAA-54E2-4F05-A57B-5B003D0368DB} | DhcpNameServer : 10.100.18.2 [(Private Address) (XX)] -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected

¤¤¤ Tasks : 4 ¤¤¤
[Suspicious.Path] AODKBZN.job -- C:\Users\Shelley\AppData\Roaming\AODKBZN.exe (/infocmdline=Ui3e1jErobfc2DEETYkZ8oT8sY4RADEIEPvsDuILZSUaLC1JidE6EI+ynQcBdm4XJQdPkcvgThr6IdxngAG+k3u2XLc5UoofnIW10FuTqUXZoxl2YKhXgV2kYCLCT2gtSyY6YgxZg52SJ+4RXBdjpotOs332VKsvgkbr27R8uqlQE9aSsDUcWxAmmEI9DFC+A/HHCRYYDzFdcpcf7UuhhZbkXJM7o0hwCuNS7k/SKLDyur+HkGeabYO3pD0wDCQOicXrsV515EFY0FcUmno931G2Kinebh5TsRztpH1fQlRPVCK5XMr5+pOyrUqj/Xv20Ha2HAm627wjBebAdH0QMmjshYWtWId3oRwJj8RrKTvCKGBD6XmjovRGxe/wTTP8SpZwDoR9FAaN+aYveAaHDDBGkLyPYxY1YQ1XnkkUl0A2rWkMEwq9uxs0nRoxPxaAQz/gNrH/FsklRlZpsf6bSTZV6P3TnDuanUKoH2XrG1R6tbQ1joroAWB2bEhShfOuqA5POcZgiGcz88A0D/owDv2EW28VYmjIYUpcNAfwwBd8A7nOqSIXtDw3Vqe0JeZHQr6Yp/Ves+OqMM8587Ryv2iCkwpevi6rrr9x9A4crcJfU6S+2xTNAyYBSdpWy9qW1vh9vSUNyhCrdLSjq0PfHww9PoW/hIZdMw4hjfXxM70=) -> Deleted
[Suspicious.Path] \\AODKBZN -- C:\Users\Shelley\AppData\Roaming\AODKBZN.exe (/infocmdline=Ui3e1jErobfc2DEETYkZ8oT8sY4RADEIEPvsDuILZSUaLC1JidE6EI+ynQcBdm4XJQdPkcvgThr6IdxngAG+k3u2XLc5UoofnIW10FuTqUXZoxl2YKhXgV2kYCLCT2gtSyY6YgxZg52SJ+4RXBdjpotOs332VKsvgkbr27R8uqlQE9aSsDUcWxAmmEI9DFC+A/HHCRYYDzFdcpcf7UuhhZbkXJM7o0hwCuNS7k/SKLDyur+HkGeabYO3pD0wDCQOicXrsV515EFY0FcUmno931G2Kinebh5TsRztpH1fQlRPVCK5XMr5+pOyrUqj/Xv20Ha2HAm627wjBebAdH0QMmjshYWtWId3oRwJj8RrKTvCKGBD6XmjovRGxe/wTTP8SpZwDoR9FAaN+aYveAaHDDBGkLyPYxY1YQ1XnkkUl0A2rWkMEwq9uxs0nRoxPxaAQz/gNrH/FsklRlZpsf6bSTZV6P3TnDuanUKoH2XrG1R6tbQ1joroAWB2bEhShfOuqA5POcZgiGcz88A0D/owDv2EW28VYmjIYUpcNAfwwBd8A7nOqSIXtDw3Vqe0JeZHQr6Yp/Ves+OqMM8587Ryv2iCkwpevi6rrr9x9A4crcJfU6S+2xTNAyYBSdpWy9qW1vh9vSUNyhCrdLSjq0PfHww9PoW/hIZdMw4hjfXxM70=) -> Deleted
[Suspicious.Path] \Norton Identity Safe\Norton Error Analyzer -- C:\Program Files (x86)\Norton Safe Web Lite\Engine\2014.7.11.42\SymErr.exe (/analyze) -> Deleted
[Suspicious.Path] \Norton Identity Safe\Norton Error Processor -- C:\Program Files (x86)\Norton Safe Web Lite\Engine\2014.7.11.42\SymErr.exe (/submit) -> Deleted

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 50 (Driver: Not loaded [0xc000036b]) ¤¤¤
[IAT:Inl(Hook.IEAT)] (iexplore.exe) ntdll.dll - NtMapViewOfSection : Unknown @ 0x719f0022 (jmp 0xfffffffffa7a03d6|jmp dword near [0x719f001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) kernel32.dll - SetUnhandledExceptionFilter : Unknown @ 0x71a30022 (ret |jmp dword near [0x71a3001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) USER32.dll - PeekMessageW : Unknown @ 0x719b0022 (ret |jmp dword near [0x719b001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) USER32.dll - TranslateMessage : Unknown @ 0x71690022 (ret |jmp dword near [0x7169001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WINTRUST.dll - WinVerifyTrust : Unknown @ 0x70eb0022 (ret |jmp dword near [0x70eb001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) kernel32.dll - QueueUserWorkItem : Unknown @ 0x70cf0022 (ret |jmp dword near [0x70cf001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) USER32.dll - RegisterClassA : Unknown @ 0x71890022 (ret |jmp dword near [0x7189001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) USER32.dll - GetMessageA : Unknown @ 0x70d70022 (ret |jmp dword near [0x70d7001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) GDI32.dll - BitBlt : Unknown @ 0x71810022 (ret |jmp dword near [0x7181001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) USER32.dll - GetClipboardData : Unknown @ 0x716f0022 (ret |jmp dword near [0x716f001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) USER32.dll - GetMessageW : Unknown @ 0x70d30022 (ret |jmp dword near [0x70d3001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) USER32.dll - DdeInitializeW : Unknown @ 0x71730022 (ret |jmp dword near [0x7173001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WS2_32.dll - getaddrinfo : Unknown @ 0x70dc0022 (jmp 0xfffffffffadebd8c|jmp dword near [0x70dc001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - InternetGetCookieExW : Unknown @ 0x71040022 (ret |jmp dword near [0x7104001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - InternetConnectW : Unknown @ 0x710c0022 (ret |jmp dword near [0x710c001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - InternetOpenW : Unknown @ 0x70fb0022 (ret |jmp dword near [0x70fb001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - InternetSetStatusCallbackA : Unknown @ 0x70f30022 (ret |jmp dword near [0x70f3001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - InternetQueryDataAvailable : Unknown @ 0x70f70022 (ret |jmp dword near [0x70f7001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - HttpOpenRequestW : Unknown @ 0x715d0022 (ret |jmp dword near [0x715d001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - HttpSendRequestExW : Unknown @ 0x711c0022 (ret |jmp dword near [0x711c001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - HttpSendRequestW : Unknown @ 0x71180022 (ret |jmp dword near [0x7118001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - InternetWriteFile : Unknown @ 0x70ef0022 (ret |jmp dword near [0x70ef001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - InternetCloseHandle : Unknown @ 0x71140022 (ret |jmp dword near [0x7114001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WS2_32.dll - GetAddrInfoExW : Unknown @ 0x70e60022 (jmp 0xfffffffffae82e38|jmp dword near [0x70e6001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - HttpAddRequestHeadersA : Unknown @ 0x71650022 (ret |jmp dword near [0x7165001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) ntdll.dll - NtMapViewOfSection : Unknown @ 0x719f0022 (jmp 0xfffffffffa7a03d6|jmp dword near [0x719f001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) kernel32.dll - SetUnhandledExceptionFilter : Unknown @ 0x71a30022 (ret |jmp dword near [0x71a3001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) USER32.dll - PeekMessageW : Unknown @ 0x719b0022 (ret |jmp dword near [0x719b001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) USER32.dll - TranslateMessage : Unknown @ 0x71690022 (ret |jmp dword near [0x7169001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WINTRUST.dll - WinVerifyTrust : Unknown @ 0x70eb0022 (ret |jmp dword near [0x70eb001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) kernel32.dll - QueueUserWorkItem : Unknown @ 0x70cf0022 (ret |jmp dword near [0x70cf001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) USER32.dll - RegisterClassA : Unknown @ 0x71890022 (ret |jmp dword near [0x7189001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) USER32.dll - GetMessageA : Unknown @ 0x70d70022 (ret |jmp dword near [0x70d7001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) GDI32.dll - BitBlt : Unknown @ 0x71810022 (ret |jmp dword near [0x7181001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) USER32.dll - GetClipboardData : Unknown @ 0x716f0022 (ret |jmp dword near [0x716f001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) USER32.dll - GetMessageW : Unknown @ 0x70d30022 (ret |jmp dword near [0x70d3001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) USER32.dll - DdeInitializeW : Unknown @ 0x71730022 (ret |jmp dword near [0x7173001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WS2_32.dll - getaddrinfo : Unknown @ 0x70dc0022 (jmp 0xfffffffffadebd8c|jmp dword near [0x70dc001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - InternetGetCookieExW : Unknown @ 0x71040022 (ret |jmp dword near [0x7104001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - InternetConnectW : Unknown @ 0x710c0022 (ret |jmp dword near [0x710c001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - InternetOpenW : Unknown @ 0x70fb0022 (ret |jmp dword near [0x70fb001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - InternetSetStatusCallbackA : Unknown @ 0x70f30022 (ret |jmp dword near [0x70f3001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - InternetQueryDataAvailable : Unknown @ 0x70f70022 (ret |jmp dword near [0x70f7001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - HttpOpenRequestW : Unknown @ 0x715d0022 (ret |jmp dword near [0x715d001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - HttpSendRequestExW : Unknown @ 0x711c0022 (ret |jmp dword near [0x711c001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - HttpSendRequestW : Unknown @ 0x71180022 (ret |jmp dword near [0x7118001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - InternetWriteFile : Unknown @ 0x70ef0022 (ret |jmp dword near [0x70ef001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - InternetCloseHandle : Unknown @ 0x71140022 (ret |jmp dword near [0x7114001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WS2_32.dll - GetAddrInfoExW : Unknown @ 0x70e60022 (jmp 0xfffffffffae82e38|jmp dword near [0x70e6001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - HttpAddRequestHeadersA : Unknown @ 0x71650022 (ret |jmp dword near [0x7165001e]|jmp 0x10)

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HM500JI +++++
--- User ---
[MBR] 5b97e1c22e118e29dcc71d7da8eb7971
[BSP] dd8d4a3c7ac34e7a3494ee31337cfb4a : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 10592 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 21694464 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 21899264 | Size: 466246 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_04222015_232023.log - RKreport_DEL_04222015_232045.log - RKreport_SCN_04242015_064410.log - RKreport_SCN_04242015_070227.log
 
I followed your MBAM instructions. See attached log file.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 24/04/2015
Scan Time: 7:11:47 AM
Logfile: MBAM scan log.txt
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.04.24.02
Rootkit Database: v2015.04.21.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Shelley

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 443664
Time Elapsed: 20 min, 15 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
 

Attachments

  • MBAM scan log.txt
    1 KB · Views: 1
Last edited by a moderator:
Here's the AdwareClearer logs...

# AdwCleaner v4.202 - Logfile created 24/04/2015 at 07:45:05
# Updated 23/04/2015 by Xplode
# Database : 2015-04-23.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Shelley - SHELLEY-VAIO
# Running from : C:\Users\Shelley\Desktop\adwcleaner_4.202.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\AskPartnerNetwork
Folder Deleted : C:\Program Files (x86)\Norton Safe Web Lite
Folder Deleted : C:\Users\Shelley\AppData\Local\Temp\apn
Folder Deleted : C:\Users\Shelley\AppData\Local\AskPartnerNetwork
Folder Deleted : C:\Users\Shelley\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp
File Deleted : C:\Users\Shelley\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aaaaaiabcopkplhgaedhbloeejhhankf
File Deleted : C:\Users\Shelley\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\papbadoldddalgcjcicnikcfenodpghp

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17728


-\\ Google Chrome v42.0.2311.90

[C:\Users\Shelley\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Shelley\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3319733&octid=EB_ORIGINAL_CTID&ISID=MF0324CB5-2570-4FB8-96C9-65C62516ADC1&SearchSource=58&CUI=&UM=8&UP=SP4834A50B-B784-4537-BB4B-2CE9989FED99&q={searchTerms}&D=041915&SSPV=SP22230TA_sp_ch
[C:\Users\Shelley\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&ctid=CT3209602
[C:\Users\Shelley\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=7BC24A67-2002-4FE2-9B89-0C357B1C34F3&n=77fc67a7&ind=2013030311&p2=^AFA^chr999^S04801^ca&si=184459&searchfor={searchTerms}
[C:\Users\Shelley\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}&amp;o=15527&amp;l=dis&amp;prt=NIS&amp;chn=retail&amp;geo=CA&amp;ver=19&gct=sb&qsrc=2869
[C:\Users\Shelley\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.canadiantire.ca/en/search-results.html?searchByTerm=true&q={searchTerms}
[C:\Users\Shelley\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.epicurious.com/tools/searchresults?search={searchTerms}&x=0&y=0
[C:\Users\Shelley\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.onlineshoes.com/search_results.asp?plt=8&searchstring={searchTerms}&gen=a
[C:\Users\Shelley\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.booking.com/searchresults.en-us.html?si=ai%2Cco%2Cci%2Cre%2Cdi;ss={searchTerms};label=opensearch-plugin
[C:\Users\Shelley\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://waterlooon.flyerland.ca/search_results.php?q={searchTerms}
[C:\Users\Shelley\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://toronto.flyerland.ca/search_results.php?q={searchTerms}
[C:\Users\Shelley\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.netflix.com/WiSearch?raw_query=&ac_category_type=none&ac_rel_posn=-1&ac_abs_posn=-1&v1={searchTerms}&search_submit=
[C:\Users\Shelley\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://searchservice.myspace.com/index.cfm?fuseaction=sitesearch.results&type=People&qry={searchTerms}&pg={startPage?}&g={myspace:gender?}&npic={myspace:hasPhoto?}&minAge={myspace:minAge?}&maxAge={myspace:maxAge?}&loc={myspace:location?}&d={myspace:distance?}
[C:\Users\Shelley\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.shoemeoutlet.ca/pages/search-results?q={searchTerms}&type=product
[C:\Users\Shelley\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : cihkncgahkfiennnplhakaimjbhoefec
[C:\Users\Shelley\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : papbadoldddalgcjcicnikcfenodpghp
[C:\Users\Shelley\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Startup_URLs] : hxxp://www.trovi.com/?gd=&ctid=CT3319733&octid=EB_ORIGINAL_CTID&ISID=MF0324CB5-2570-4FB8-96C9-65C62516ADC1&SearchSource=55&CUI=&UM=8&UP=SP4834A50B-B784-4537-BB4B-2CE9989FED99&D=041915&SSPV=SP22230TA_sp_ch
[C:\Users\Shelley\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Default_Search_Provider_Data] :

*************************

AdwCleaner[R0].txt - [30392 bytes] - [21/04/2015 15:30:23]
AdwCleaner[R1].txt - [16522 bytes] - [24/04/2015 07:40:00]
AdwCleaner[S0].txt - [29906 bytes] - [21/04/2015 15:36:14]
AdwCleaner[S1].txt - [5277 bytes] - [24/04/2015 07:45:05]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [5336 bytes] #######
 
Here's the JRT log file...

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.6.2 (04.24.2015:1)
OS: Windows 7 Home Premium x64
Ran by Shelley on 24/04/2015 at 7:58:19.80
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Shelley\appdata\local\{13CE7CF5-33F8-496B-A10B-D1016525D402}





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24/04/2015 at 8:05:35.13
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Good news :)

Just in case create new restore point.
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
Thanks Broni. Here's the log for ComboFix.

ComboFix 15-04-19.01 - Shelley 24/04/2015 12:01:26.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3758.2068 [GMT -4:00]
Running from: c:\users\Shelley\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
/wow section - STAGE 6A
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\Adobe\fbbf7ad2-3426-4d05-8d7c-fc1e7c02d584.dll
c:\program files (x86)\fbbf7ad2-3426-4d05-8d7c-fc1e7c02d584\8b9f9a84-37ea-4d37-820a-f3459b4fee94.dll
c:\programdata\Roaming
c:\users\Shelley\Documents\~WRL1749.tmp
c:\users\Shelley\g2mdlhlpx.exe
c:\windows\msdownld.tmp
c:\windows\TEMP\jna5863690637273681997.dll
.
.
((((((((((((((((((((((((( Files Created from 2015-03-24 to 2015-04-24 )))))))))))))))))))))))))))))))
.
.
2015-04-24 16:34 . 2015-04-24 16:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-04-24 16:34 . 2015-04-24 16:34 -------- d-----w- c:\users\Kevin\AppData\Local\temp
2015-04-24 16:34 . 2015-04-24 16:34 -------- d-----w- c:\users\Guest\AppData\Local\temp
2015-04-24 12:08 . 2015-04-24 16:00 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AA7F57FC-3E6A-41F6-BD36-27B0C0294EC4}\offreg.dll
2015-04-24 11:58 . 2015-04-24 11:58 -------- d-----w- C:\RegBackup
2015-04-24 10:25 . 2015-04-24 10:53 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-04-24 04:56 . 2015-03-14 10:02 12002392 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AA7F57FC-3E6A-41F6-BD36-27B0C0294EC4}\mpengine.dll
2015-04-23 03:16 . 2015-04-24 10:49 -------- d-----w- c:\programdata\RogueKiller
2015-04-22 10:37 . 2015-04-24 03:04 -------- d-----w- C:\FRST
2015-04-22 04:54 . 2015-04-22 04:54 -------- d-----w- c:\programdata\Emsisoft
2015-04-22 01:39 . 2015-04-24 05:32 -------- d-----w- c:\program files (x86)\Emsisoft Anti-Malware
2015-04-21 23:38 . 2015-04-21 23:38 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2015-04-21 23:38 . 2015-04-21 23:38 -------- d-----w- c:\programdata\Kaspersky Lab
2015-04-21 21:44 . 2015-04-24 02:51 -------- d-----w- c:\program files\CCleaner
2015-04-21 21:38 . 2015-04-21 21:38 -------- d-----w- c:\users\Shelley\AppData\Roaming\Panda Security
2015-04-21 21:37 . 2015-04-21 21:39 -------- d-----w- c:\program files (x86)\Panda Security
2015-04-21 21:33 . 2015-04-21 21:39 -------- d-----w- c:\programdata\Panda Security
2015-04-21 21:02 . 2015-04-24 05:32 -------- d-----w- c:\program files\HitmanPro
2015-04-21 21:01 . 2015-04-24 05:32 -------- d-----w- c:\programdata\HitmanPro
2015-04-21 20:12 . 2015-04-24 15:35 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-04-21 20:11 . 2015-03-17 10:15 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-04-21 20:11 . 2015-03-17 10:15 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-04-21 20:11 . 2015-03-17 10:15 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-04-21 20:11 . 2015-04-24 05:32 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-04-21 20:11 . 2015-04-24 05:14 -------- d-----w- c:\programdata\Malwarebytes
2015-04-21 19:30 . 2015-04-24 11:45 -------- d-----w- C:\AdwCleaner
2015-04-21 19:28 . 2015-04-24 05:33 -------- d-----w- c:\users\Shelley\AppData\Roaming\zjroinbm
2015-04-21 19:22 . 2015-04-24 05:33 -------- d-----w- c:\users\Shelley\AppData\Roaming\bqraerag
2015-04-20 15:00 . 2015-04-24 05:33 -------- d-----w- c:\users\Shelley\AppData\Roaming\mxlfwwvq
2015-04-20 02:11 . 2015-04-24 05:33 -------- d-----w- c:\users\Shelley\AppData\Roaming\sdbbziuz
2015-04-20 01:14 . 2015-04-24 05:33 -------- d-----w- c:\users\Shelley\AppData\Roaming\tgyydpwn
2015-04-19 23:17 . 2015-04-24 05:33 -------- d-----w- c:\users\Shelley\AppData\Roaming\utkbetwm
2015-04-19 23:16 . 2015-04-24 05:33 -------- d-----w- c:\users\Shelley\AppData\Roaming\xkazcuut
2015-04-19 23:16 . 2015-04-24 05:33 -------- d-----w- c:\users\Shelley\AppData\Roaming\jowubgbm
2015-04-19 01:41 . 2015-04-24 05:32 -------- d-----w- c:\program files (x86)\user extensions
2015-04-19 01:12 . 2015-04-24 16:32 -------- d-----w- c:\program files (x86)\fbbf7ad2-3426-4d05-8d7c-fc1e7c02d584
2015-04-19 00:40 . 2015-04-24 05:22 -------- d-----w- c:\users\Shelley\AppData\Local\TrayClient
2015-04-19 00:40 . 2015-04-24 05:32 -------- d-----w- c:\program files (x86)\TrayClient
2015-04-19 00:40 . 2015-04-19 00:40 -------- d-----w- c:\program files (x86)\Installer
2015-04-15 07:23 . 2015-04-24 05:32 -------- d-----w- c:\program files (x86)\Common Files\Skype
2015-04-14 20:23 . 2015-03-17 05:22 5557696 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-04-14 20:22 . 2015-03-10 03:25 1882624 ----a-w- c:\windows\system32\msxml3.dll
2015-04-14 20:21 . 2015-03-13 03:28 62464 ----a-w- c:\windows\SysWow64\iesetup.dll
2015-04-14 20:20 . 2015-03-04 04:55 367552 ----a-w- c:\windows\system32\clfs.sys
2015-04-14 20:20 . 2015-03-04 04:41 79360 ----a-w- c:\windows\system32\clfsw32.dll
2015-04-14 20:20 . 2015-03-04 04:10 58880 ----a-w- c:\windows\SysWow64\clfsw32.dll
2015-04-14 18:54 . 2015-04-14 18:54 18178736 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2015-04-05 07:01 . 2015-04-05 07:01 -------- d-s---w- c:\windows\SysWow64\GWX
2015-04-05 07:01 . 2015-04-24 05:33 -------- d-s---w- c:\windows\system32\GWX
2015-03-25 18:34 . 2015-03-25 18:34 18475704 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-04-24 05:38 . 2012-06-16 02:16 1866240 ----a-w- c:\windows\system32\ExplorerFrame.dll
2015-04-15 07:09 . 2010-11-21 13:51 128913832 ----a-w- c:\windows\system32\MRT.exe
2015-04-14 18:54 . 2012-08-11 21:32 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-04-14 18:54 . 2011-06-21 17:12 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-03-17 04:56 . 2015-04-14 20:23 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-03-06 05:42 . 2015-03-11 13:23 210944 ----a-w- c:\windows\system32\wdigest(76).dll
2015-02-26 03:25 . 2015-03-11 13:22 3204096 ----a-w- c:\windows\system32\win32k.sys
2015-02-24 08:17 . 2010-12-22 02:03 295552 ----a-w- c:\windows\system32\MpSigStub.exe
2015-02-20 04:41 . 2015-03-11 13:25 41984 ----a-w- c:\windows\system32\lpk.dll
2015-02-20 04:40 . 2015-03-11 13:25 100864 ----a-w- c:\windows\system32\fontsub.dll
2015-02-20 04:40 . 2015-03-11 13:25 14336 ----a-w- c:\windows\system32\dciman32.dll
2015-02-20 04:40 . 2015-03-11 13:25 46080 ----a-w- c:\windows\system32\atmlib.dll
2015-02-20 04:13 . 2015-03-11 13:25 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2015-02-20 04:13 . 2015-03-11 13:25 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2015-02-20 04:13 . 2015-03-11 13:25 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2015-02-20 04:12 . 2015-03-11 13:25 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2015-02-20 03:29 . 2015-03-11 13:25 372224 ----a-w- c:\windows\system32\atmfd.dll
2015-02-20 03:09 . 2015-03-11 13:25 299008 ----a-w- c:\windows\SysWow64\atmfd.dll
2015-02-17 19:26 . 2015-02-17 19:26 1217184 ----a-w- c:\windows\SysWow64\FM20.DLL
2015-02-13 05:22 . 2015-03-11 13:23 14177280 ----a-w- c:\windows\system32\shell32.dll
2015-02-12 15:00 . 2014-09-04 15:02 535576 ----a-w- c:\windows\system32\drivers\RapportKE64.sys
2015-02-04 16:23 . 2015-02-04 16:23 875688 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
2015-02-04 16:13 . 2015-02-04 16:13 869536 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2015-02-04 03:16 . 2015-03-11 13:21 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2015-02-04 02:54 . 2015-03-11 13:21 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2015-02-03 03:34 . 2015-03-11 13:25 693176 ----a-w- c:\windows\system32\winload.efi
2015-02-03 03:34 . 2015-03-11 13:25 94656 ----a-w- c:\windows\system32\drivers\mountmgr.sys
2015-02-03 03:33 . 2015-03-11 13:25 616360 ----a-w- c:\windows\system32\winresume.efi
2015-02-03 03:31 . 2015-03-11 13:25 14632960 ----a-w- c:\windows\system32\wmp.dll
2015-02-03 03:31 . 2015-03-11 13:25 782848 ----a-w- c:\windows\system32\wmdrmsdk.dll
2015-02-03 03:31 . 2015-03-11 13:25 229376 ----a-w- c:\windows\system32\wintrust.dll
2015-02-03 03:31 . 2015-03-11 13:22 1424896 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-02-03 03:31 . 2015-03-11 13:23 215552 ----a-w- c:\windows\system32\ubpm.dll
2015-02-03 03:31 . 2015-03-11 13:24 5120 ----a-w- c:\windows\system32\msdxm.ocx
2015-02-03 03:31 . 2015-03-11 13:24 5120 ----a-w- c:\windows\system32\dxmasf.dll
2015-02-03 03:31 . 2015-03-11 13:24 63488 ----a-w- c:\windows\system32\setbcdlocale.dll
2015-02-03 03:31 . 2015-03-11 13:25 1574400 ----a-w- c:\windows\system32\quartz.dll
2015-02-03 03:31 . 2015-03-11 13:25 500224 ----a-w- c:\windows\system32\AUDIOKSE.dll
2015-02-03 03:31 . 2015-03-11 13:25 371712 ----a-w- c:\windows\system32\qdvd.dll
2015-02-03 03:31 . 2015-03-11 13:25 188416 ----a-w- c:\windows\system32\pcasvc.dll
2015-02-03 03:31 . 2015-03-11 13:25 37376 ----a-w- c:\windows\system32\pcadm.dll
2015-02-03 03:31 . 2015-03-11 13:24 9728 ----a-w- c:\windows\system32\spwmp.dll
2015-02-03 03:31 . 2015-03-11 13:25 641024 ----a-w- c:\windows\system32\msscp.dll
2015-02-03 03:31 . 2015-03-11 13:25 325632 ----a-w- c:\windows\system32\msnetobj.dll
2015-02-03 03:31 . 2015-03-11 13:25 11264 ----a-w- c:\windows\system32\msmmsp.dll
2015-02-03 03:31 . 2015-03-11 13:25 432128 ----a-w- c:\windows\system32\mfplat.dll
2015-02-03 03:31 . 2015-03-11 13:25 4121600 ----a-w- c:\windows\system32\mf.dll
2015-02-03 03:31 . 2015-03-11 13:25 206848 ----a-w- c:\windows\system32\mfps.dll
2015-02-03 03:30 . 2015-03-11 13:25 631808 ----a-w- c:\windows\system32\evr.dll
2015-02-03 03:30 . 2015-03-11 13:24 284672 ----a-w- c:\windows\system32\EncDump.dll
2015-02-03 03:30 . 2015-03-11 13:25 1202176 ----a-w- c:\windows\system32\drmv2clt.dll
2015-02-03 03:30 . 2015-03-11 13:25 497664 ----a-w- c:\windows\system32\drmmgrtn.dll
2015-02-03 03:30 . 2015-03-11 13:25 1480192 ----a-w- c:\windows\system32\crypt32.dll
2015-02-03 03:30 . 2015-03-11 13:25 1069056 ----a-w- c:\windows\system32\cryptui.dll
2015-02-03 03:30 . 2015-03-11 13:25 82432 ----a-w- c:\windows\system32\cryptsp.dll
2015-02-03 03:30 . 2015-03-11 13:25 140288 ----a-w- c:\windows\system32\cryptnet.dll
2015-02-03 03:30 . 2015-03-11 13:25 187904 ----a-w- c:\windows\system32\cryptsvc.dll
2015-02-03 03:30 . 2015-03-11 13:25 842240 ----a-w- c:\windows\system32\blackbox.dll
2015-02-03 03:30 . 2015-03-11 13:25 680960 ----a-w- c:\windows\system32\audiosrv.dll
2015-02-03 03:30 . 2015-03-11 13:25 296448 ----a-w- c:\windows\system32\AudioSes.dll
2015-02-03 03:30 . 2015-03-11 13:25 440832 ----a-w- c:\windows\system32\AudioEng.dll
2015-02-03 03:30 . 2015-03-11 13:25 32256 ----a-w- c:\windows\system32\appidsvc.dll
2015-02-03 03:30 . 2015-03-11 13:25 58880 ----a-w- c:\windows\system32\appidapi.dll
2015-02-03 03:30 . 2015-03-11 13:25 55808 ----a-w- c:\windows\system32\rrinstaller.exe
2015-02-03 03:30 . 2015-03-11 13:25 9728 ----a-w- c:\windows\system32\pcalua.exe
2015-02-03 03:30 . 2015-03-11 13:25 11264 ----a-w- c:\windows\system32\pcawrk.exe
2015-02-03 03:30 . 2015-03-11 13:24 24576 ----a-w- c:\windows\system32\mfpmp.exe
2015-02-03 03:30 . 2015-03-11 13:25 126464 ----a-w- c:\windows\system32\audiodg.exe
2015-02-03 03:30 . 2015-03-11 13:25 146944 ----a-w- c:\windows\system32\appidpolicyconverter.exe
2015-02-03 03:30 . 2015-03-11 13:24 17920 ----a-w- c:\windows\system32\appidcertstorecheck.exe
2015-02-03 03:30 . 2015-03-11 13:24 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2015-02-03 03:29 . 2015-03-11 13:24 8704 ----a-w- c:\windows\system32\pcaevts.dll
2015-02-03 03:28 . 2015-03-11 13:24 2048 ----a-w- c:\windows\system32\mferror.dll
2015-02-03 03:19 . 2015-03-11 13:25 663552 ----a-w- c:\windows\system32\drivers\PEAuth.sys
2015-02-03 03:12 . 2015-03-11 13:25 617984 ----a-w- c:\windows\SysWow64\wmdrmsdk.dll
2015-02-03 03:12 . 2015-03-11 13:25 179200 ----a-w- c:\windows\SysWow64\wintrust.dll
2015-02-03 03:12 . 2015-03-11 13:22 1230848 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2015-02-03 03:12 . 2015-03-11 13:23 171520 ----a-w- c:\windows\SysWow64\ubpm.dll
2015-02-03 03:12 . 2015-03-11 13:24 4096 ----a-w- c:\windows\SysWow64\msdxm.ocx
2015-02-03 03:12 . 2015-03-11 13:24 4096 ----a-w- c:\windows\SysWow64\dxmasf.dll
2015-02-03 03:12 . 2015-03-11 13:25 1329664 ----a-w- c:\windows\SysWow64\quartz.dll
2015-02-03 03:12 . 2015-03-11 13:25 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
2015-02-03 03:12 . 2015-03-11 13:25 442880 ----a-w- c:\windows\SysWow64\AUDIOKSE.dll
2015-02-03 03:12 . 2015-03-11 13:24 8192 ----a-w- c:\windows\SysWow64\spwmp.dll
2015-02-03 03:12 . 2015-03-11 13:25 504320 ----a-w- c:\windows\SysWow64\msscp.dll
2015-02-03 03:12 . 2015-03-11 13:25 265216 ----a-w- c:\windows\SysWow64\msnetobj.dll
2015-02-03 03:12 . 2015-03-11 13:25 3209728 ----a-w- c:\windows\SysWow64\mf.dll
2015-02-03 03:12 . 2015-03-11 13:25 354816 ----a-w- c:\windows\SysWow64\mfplat.dll
2015-02-03 03:12 . 2015-03-11 13:25 103424 ----a-w- c:\windows\SysWow64\mfps.dll
2015-02-03 03:12 . 2015-03-11 13:25 489984 ----a-w- c:\windows\SysWow64\evr.dll
2015-02-03 03:12 . 2015-03-11 13:25 988160 ----a-w- c:\windows\SysWow64\drmv2clt.dll
2015-02-03 03:12 . 2015-03-11 13:25 406016 ----a-w- c:\windows\SysWow64\drmmgrtn.dll
2015-02-03 03:12 . 2015-03-11 13:25 1174528 ----a-w- c:\windows\SysWow64\crypt32.dll
2015-02-03 03:12 . 2015-03-11 13:25 81408 ----a-w- c:\windows\SysWow64\cryptsp.dll
2015-02-03 03:12 . 2015-03-11 13:25 1005056 ----a-w- c:\windows\SysWow64\cryptui.dll
2015-02-03 03:12 . 2015-03-11 13:25 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2015-02-03 03:12 . 2015-03-11 13:25 143872 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2015-02-03 03:12 . 2015-03-11 13:25 744960 ----a-w- c:\windows\SysWow64\blackbox.dll
2015-02-03 03:12 . 2015-03-11 13:25 374784 ----a-w- c:\windows\SysWow64\AudioEng.dll
2015-02-03 03:12 . 2015-03-11 13:25 50688 ----a-w- c:\windows\SysWow64\appidapi.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-08-04 39408]
"TrayClient"="c:\program files (x86)\TrayClient\TrayClient.exe" [2015-04-01 714240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2010-05-31 673136]
"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-09-28 140640]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2015-01-21 60712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-10-07 507776]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-10-02 421888]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-6-8 1128224]
CrashPlan Tray.lnk - c:\program files\CrashPlan\CrashPlanTray.exe [2010-12-6 217088]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.150\SSScheduler.exe [2014-4-9 332016]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 NCO;Norton Identity Safe;c:\program files (x86)\Norton Safe Web Lite\Engine\2014.7.11.42\NST.exe;c:\program files (x86)\Norton Safe Web Lite\Engine\2014.7.11.42\NST.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 HPFXBULKLEDM;HPFXBULKLEDM;c:\windows\system32\drivers\hppdbulkio.sys;c:\windows\SYSNATIVE\drivers\hppdbulkio.sys [x]
R3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hppdfaxio.sys;c:\windows\SYSNATIVE\drivers\hppdfaxio.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USER_ESRV_SVC;User Energy Server Service;c:\program files\Sony\VAIO Care\ESRV\esrv_svc.exe;c:\program files\Sony\VAIO Care\ESRV\esrv_svc.exe [x]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [x]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys;c:\windows\SYSNATIVE\Drivers\RapportKE64.sys [x]
S1 ccSet_NST;Norton Identity Safe Settings Manager;c:\windows\system32\drivers\NSTx64\7DE070B0.02A\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NSTx64\7DE070B0.02A\ccSetx64.sys [x]
S1 RapportCerberus_80128;RapportCerberus_80128;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_80128.sys;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_80128.sys [x]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [x]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 CrashPlanService;CrashPlan Backup Service;c:\program files\CrashPlan\CrashPlanService.exe;c:\program files\CrashPlan\CrashPlanService.exe [x]
S2 ESRV_SVC;Energy Server Service;c:\program files\Sony\VAIO Care\ESRV\esrv_svc.exe --AUTO_START --start --address 127.0.0.1;c:\program files\Sony\VAIO Care\ESRV\esrv_svc.exe --AUTO_START --start --address 127.0.0.1 [x]
S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe;c:\program files\HitmanPro\hmpsched.exe [x]
S2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [x]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys;c:\windows\SYSNATIVE\drivers\rimssne64.sys [x]
S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys;c:\windows\SYSNATIVE\drivers\risdsne64.sys [x]
S2 SampleCollector;Intel(R) System Behavior Tracker Collector Service;c:\program files\Sony\VAIO Care\VCPerfService.exe;c:\program files\Sony\VAIO Care\VCPerfService.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe;c:\program files\Sony\VAIO Power Management\SPMService.exe [x]
S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [x]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys;c:\windows\SYSNATIVE\drivers\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 semav6thermal64ro;semav6thermal64ro;c:\windows\system32\drivers\semav6thermal64ro.sys;c:\windows\SYSNATIVE\drivers\semav6thermal64ro.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys;c:\windows\SYSNATIVE\drivers\SFEP.sys [x]
S3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [x]
S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe;c:\program files\Sony\VAIO Care\VCService.exe [x]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update\vuagent.exe;c:\program files\Sony\VAIO Update\vuagent.exe [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - RAPPORTIASO
*Deregistered* - RapportIaso
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-04-16 04:11 988488 ----a-w- c:\program files (x86)\Google\Chrome\Application\42.0.2311.90\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-04-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-11 18:54]
.
2015-04-24 c:\windows\Tasks\G2MUpdateTask-S-1-5-21-989391033-3763930807-2314399830-1001.job
- c:\users\Shelley\AppData\Local\Citrix\GoToMeeting\2553\g2mupdate.exe [2015-04-13 11:50]
.
2015-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore1ce797e38c49566.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-04 10:58]
.
2015-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cef285a2e6c3d9.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-04 10:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2015-02-19 18:24 774472 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2015-02-19 18:24 774472 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2015-02-19 18:24 774472 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2015-02-19 18:24 774472 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2015-02-19 18:24 774472 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-05-31 10775584]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-05-31 2040352]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-01 2710856]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-05-01 162584]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-05-01 386840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-05-01 417560]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-07-19 1931024]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-01-27 169768]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-Messenger (Yahoo!) - c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-Apoint - c:\program files (x86)\Apoint\Apoint.exe
AddRemove-{0131D7EF-65FF-478F-8ABD-5ABEE24EC8EF} - c:\programdata\{AA28280A-C4CA-4B4F-9DF1-593032D2F3EC}\VAIO Messenger Setup 2.0.550.0.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NCO]
"ImagePath"="\"c:\program files (x86)\Norton Safe Web Lite\Engine\2014.7.11.42\NST.exe\" /s \"NCO\" /m \"c:\program files (x86)\Norton Safe Web Lite\Engine\2014.7.11.42\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=10000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\%C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.17"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-04-24 12:49:25
ComboFix-quarantined-files.txt 2015-04-24 16:49
.
Pre-Run: 306,380,025,856 bytes free
Post-Run: 306,483,605,504 bytes free
.
- - End Of File - - 827C67E445CF035DA4408983917D0E1C
 
redtarget.gif
Uninstall McAfee Security Scan Plus, typical foistware.

redtarget.gif

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
 
Hi Broni. I am seeing the adware pop-up "urgent action required, security thread found, contact 343-700-2863".

Also, when I reverted to the earlier restore point, it meant that the computer no longer had the Panda anti-virus software. So, when I completed ComboFix and the adware appeared on my system, I remembered to download and install the Panda software which I have since done.

Here is the FRST log (part I)

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-04-2015 01
Ran by Shelley (administrator) on SHELLEY-VAIO on 24-04-2015 13:25:16
Running from D:\
Loaded Profiles: Shelley (Available profiles: Shelley & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(CrashPlan) C:\Program Files\CrashPlan\CrashPlanService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(TrayClient) C:\Program Files (x86)\TrayClient\TrayClient.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Code 42 Software, Inc.) C:\Program Files\CrashPlan\CrashPlanTray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(ALPS) C:\Program Files\Apoint\Apvfb.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
() C:\Program Files\Sony\VAIO Care\listener.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Microsoft Corporation) C:\Windows\System32\dinotify.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10775584 2010-05-31] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2040352 2010-05-31] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [212480 2010-05-31] (Alps Electric Co., Ltd.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2710856 2009-11-01] (CANON INC.)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1931024 2010-07-19] (Intel(R) Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [673136 2010-05-31] (Sony Corporation)
HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [140640 2009-09-28] (CANON INC.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-01-20] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [40184 2015-02-26] (Panda Security, S.L.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-989391033-3763930807-2314399830-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-08-03] (Google Inc.)
HKU\S-1-5-21-989391033-3763930807-2314399830-1001\...\Run: [TrayClient] => C:\Program Files (x86)\TrayClient\TrayClient.exe [714240 2015-04-01] (TrayClient)
HKU\S-1-5-21-989391033-3763930807-2314399830-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-989391033-3763930807-2314399830-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2010-08-03]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CrashPlan Tray.lnk [2011-01-09]
ShortcutTarget: CrashPlan Tray.lnk -> C:\Program Files\CrashPlan\CrashPlanTray.exe (Code 42 Software, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-989391033-3763930807-2314399830-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-989391033-3763930807-2314399830-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7SNNT
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7SNNT
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-989391033-3763930807-2314399830-1001 -> {1AEE912D-894E-41D1-A883-61992E817E6E} URL = http://www.google.com/search?source...&oe={outputEncoding}&rlz=1I7SNNT_enCA406CA407
SearchScopes: HKU\S-1-5-21-989391033-3763930807-2314399830-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?source...&oe={outputEncoding}&rlz=1I7SNNT_enCA406CA407
SearchScopes: HKU\S-1-5-21-989391033-3763930807-2314399830-1001 -> {9980D35B-DBEA-4F6B-854F-99B100A33EA5} URL = http://ca.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-04] (Google Inc.)
BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Safe Web Lite\Engine64\2014.7.11.42\coIEPlg.dll No File
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-10-16] (Oracle Corporation)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-04] (Google Inc.)
BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Safe Web Lite\Engine\2014.7.11.42\coIEPlg.dll No File
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-10-16] (Oracle Corporation)
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Safe Web Lite\Engine64\2014.7.11.42\coIEPlg.dll No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-04] (Google Inc.)
Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\2014.7.11.42\coIEPlg.dll No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-04] (Google Inc.)
Toolbar: HKU\S-1-5-21-989391033-3763930807-2314399830-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-04] (Google Inc.)
Toolbar: HKU\S-1-5-21-989391033-3763930807-2314399830-1001 -> Norton Identity Safe Toolbar - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Safe Web Lite\Engine64\2014.7.11.42\coIEPlg.dll No File
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} http://costco.pnimedia.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-10-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-10-16] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-02-22] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-989391033-3763930807-2314399830-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Shelley\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-02-02] (Citrix Online)
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.5.0.67\coFFPlgn
FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.5.0.67\coFFPlgn [2015-04-21]

Chrome:
=======
CHR Profile: C:\Users\Shelley\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Bookmark Manager) - C:\Users\Shelley\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-24]
CHR Extension: (Norton Identity Safe) - C:\Users\Shelley\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-04-24]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Shelley\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Skype Click to Call) - C:\Users\Shelley\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-08-13]
CHR Extension: (Google Wallet) - C:\Users\Shelley\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 CrashPlanService; C:\Program Files\CrashPlan\CrashPlanService.exe [222720 2010-12-06] (CrashPlan) [File not signed]
R2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-04-21] (SurfRight B.V.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-07-19] ()
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142584 2015-02-26] (Panda Security, S.L.)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-01-18] (Hewlett-Packard) [File not signed]
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-01-18] (Hewlett-Packard) [File not signed]
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2015-02-26] (Panda Security, S.L.)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1919256 2015-02-12] (IBM Corp.)
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [266168 2013-11-01] (Intel Corporation)
S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)
R2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [851824 2010-06-17] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-28] (Sony Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 NCO; "C:\Program Files (x86)\Norton Safe Web Lite\Engine\2014.7.11.42\NST.exe" /s "NCO" /m "C:\Program Files (x86)\Norton Safe Web Lite\Engine\2014.7.11.42\diMaster.dll" /prefetch:1

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE070B0.02A\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-04-24] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [93968 2015-02-09] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [202000 2015-02-09] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110864 2015-02-09] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [116496 2015-02-09] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [48400 2014-12-31] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [99600 2015-02-09] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [69904 2015-02-09] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [124176 2015-02-09] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [299792 2015-02-09] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [166160 2015-02-09] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [113424 2015-02-09] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [257296 2015-02-09] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [106256 2015-02-09] (Panda Security, S.L.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [163600 2015-04-21] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121616 2015-02-25] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [197392 2015-02-25] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [124176 2015-02-25] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [133904 2015-02-25] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2015-02-25] (Panda Security, S.L.)
U3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [61712 2015-01-29] (Panda Security, S.L.)
R1 RapportCerberus_80128; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_80128.sys [844440 2015-02-26] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [445816 2015-02-12] (IBM Corp.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [535576 2015-02-12] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [558872 2015-02-12] (IBM Corp.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
R3 semav6thermal64ro; C:\Windows\system32\drivers\semav6thermal64ro.sys [13792 2014-12-22] ()
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-04-24] ()
U3 catchme; \??\C:\ComboFix\catchme.sys [X]
U2 MSSQL$DDNI; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
Here is the FRST log (part 2)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-24 13:20 - 2015-01-29 13:21 - 00061712 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2015-04-24 13:16 - 2015-04-24 13:16 - 01630952 _____ () C:\Users\Shelley\Downloads\PANDAFREEAV.exe
2015-04-24 12:49 - 2015-04-24 12:49 - 00035756 _____ () C:\ComboFix.txt
2015-04-24 11:55 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-04-24 11:55 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-04-24 11:55 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-04-24 11:55 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-04-24 11:55 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-04-24 11:55 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2015-04-24 11:55 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2015-04-24 11:55 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2015-04-24 11:54 - 2015-04-24 12:50 - 00000000 ____D () C:\Qoobox
2015-04-24 11:53 - 2015-04-24 12:37 - 00000000 ____D () C:\Windows\erdnt
2015-04-24 11:44 - 2015-04-24 11:44 - 05619466 ____R (Swearware) C:\Users\Shelley\Downloads\ComboFix.exe
2015-04-24 08:11 - 2015-04-24 08:11 - 00691576 _____ (Yahoo! Inc.) C:\Users\Shelley\Downloads\msgr11us.exe
2015-04-24 08:09 - 2015-04-24 08:09 - 00003174 _____ () C:\Windows\System32\Tasks\{15AE394A-B8D4-4DAA-AEE2-C2337265213A}
2015-04-24 08:05 - 2015-04-24 08:05 - 00000712 _____ () C:\Users\Shelley\Desktop\JRT.txt
2015-04-24 07:58 - 2015-04-24 07:58 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-SHELLEY-VAIO-Windows-7-Home-Premium-(64-bit).dat
2015-04-24 07:58 - 2015-04-24 07:58 - 00000000 ____D () C:\RegBackup
2015-04-24 07:56 - 2015-04-24 07:56 - 02685461 _____ (Thisisu) C:\Users\Shelley\Downloads\JRT.exe
2015-04-24 07:39 - 2015-04-24 07:39 - 02224640 _____ () C:\Users\Shelley\Desktop\adwcleaner_4.202.exe
2015-04-24 07:38 - 2015-04-24 07:39 - 02224640 _____ () C:\Users\Shelley\Downloads\adwcleaner_4.202.exe
2015-04-24 06:25 - 2015-04-24 06:53 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-04-24 06:24 - 2015-04-24 06:24 - 16884312 _____ () C:\Users\Shelley\Downloads\RogueKiller.exe
2015-04-22 23:16 - 2015-04-24 06:49 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-04-22 06:59 - 2015-04-22 06:59 - 00046392 _____ () C:\Users\Shelley\Desktop\Addition.txt
2015-04-22 06:58 - 2015-04-22 06:58 - 00069811 _____ () C:\Users\Shelley\Desktop\FRST.txt
2015-04-22 06:41 - 2015-04-22 06:42 - 00046392 _____ () C:\Users\Shelley\Downloads\Addition.txt
2015-04-22 06:37 - 2015-04-24 13:25 - 00000000 ____D () C:\FRST
2015-04-22 06:37 - 2015-04-22 06:42 - 00069811 _____ () C:\Users\Shelley\Downloads\FRST.txt
2015-04-22 00:54 - 2015-04-22 00:54 - 00000000 ____D () C:\ProgramData\Emsisoft
2015-04-21 21:39 - 2015-04-24 01:32 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2015-04-21 19:38 - 2015-04-21 19:38 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-04-21 19:38 - 2015-04-21 19:38 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2015-04-21 17:44 - 2015-04-23 22:51 - 00000000 ____D () C:\Program Files\CCleaner
2015-04-21 17:38 - 2015-04-21 17:38 - 00000000 ____D () C:\Users\Shelley\AppData\Roaming\Panda Security
2015-04-21 17:37 - 2015-04-24 13:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus
2015-04-21 17:37 - 2015-04-21 17:39 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2015-04-21 17:33 - 2015-04-24 13:19 - 00000000 ____D () C:\ProgramData\Panda Security
2015-04-21 17:19 - 2015-04-21 17:19 - 00012724 _____ () C:\Windows\system32\.crusader
2015-04-21 17:02 - 2015-04-24 01:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-04-21 17:02 - 2015-04-24 01:32 - 00000000 ____D () C:\Program Files\HitmanPro
2015-04-21 17:02 - 2015-04-21 17:02 - 00001893 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2015-04-21 17:01 - 2015-04-24 01:32 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-04-21 17:00 - 2015-04-21 17:00 - 11028616 _____ (SurfRight B.V.) C:\Users\Shelley\Downloads\HitmanPro_x64.exe
2015-04-21 16:12 - 2015-04-24 12:51 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-21 16:11 - 2015-04-24 01:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-21 16:11 - 2015-04-24 01:32 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-21 16:11 - 2015-04-24 01:14 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-21 16:11 - 2015-04-21 16:11 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-21 16:11 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-21 16:11 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-21 16:11 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-21 16:09 - 2015-04-21 16:10 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Shelley\Downloads\mbam-setup-2.1.4.1018.exe
2015-04-21 15:30 - 2015-04-24 07:45 - 00000000 ____D () C:\AdwCleaner
2015-04-21 15:28 - 2015-04-24 01:33 - 00000000 ____D () C:\Users\Shelley\AppData\Roaming\zjroinbm
2015-04-21 15:28 - 2015-04-21 15:28 - 02217984 _____ () C:\Users\Shelley\Downloads\adwcleaner_4.201.exe
2015-04-21 15:22 - 2015-04-24 01:33 - 00000000 ____D () C:\Users\Shelley\AppData\Roaming\bqraerag
2015-04-21 11:28 - 2015-04-21 11:28 - 00163600 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSINAflt.sys
2015-04-20 11:00 - 2015-04-24 01:33 - 00000000 ____D () C:\Users\Shelley\AppData\Roaming\mxlfwwvq
2015-04-19 22:11 - 2015-04-24 01:33 - 00000000 ____D () C:\Users\Shelley\AppData\Roaming\sdbbziuz
2015-04-19 21:14 - 2015-04-24 01:33 - 00000000 ____D () C:\Users\Shelley\AppData\Roaming\tgyydpwn
2015-04-19 19:17 - 2015-04-24 01:33 - 00000000 ____D () C:\Users\Shelley\AppData\Roaming\utkbetwm
2015-04-19 19:16 - 2015-04-24 01:33 - 00000000 ____D () C:\Users\Shelley\AppData\Roaming\xkazcuut
2015-04-19 19:16 - 2015-04-24 01:33 - 00000000 ____D () C:\Users\Shelley\AppData\Roaming\jowubgbm
2015-04-19 04:06 - 2015-04-21 15:17 - 00000004 _____ () C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-04-18 21:41 - 2015-04-24 01:32 - 00000000 ____D () C:\Program Files (x86)\user extensions
2015-04-18 21:41 - 2015-04-18 21:41 - 00000064 _____ () C:\Users\Shelley\AppData\Local\e47e00864d60f26a598b359baecf41e7
2015-04-18 21:12 - 2015-04-24 12:32 - 00000000 ____D () C:\Program Files (x86)\fbbf7ad2-3426-4d05-8d7c-fc1e7c02d584
2015-04-18 20:43 - 2015-04-18 20:43 - 00737736 _____ (My Company, Inc. ) C:\Users\Shelley\Downloads\setup v8 (3).exe
2015-04-18 20:41 - 2015-04-18 20:42 - 00737736 _____ (My Company, Inc. ) C:\Users\Shelley\Downloads\setup v8 (2).exe
2015-04-18 20:40 - 2015-04-24 01:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrayClient
2015-04-18 20:40 - 2015-04-24 01:32 - 00000000 ____D () C:\Program Files (x86)\TrayClient
2015-04-18 20:40 - 2015-04-24 01:22 - 00000000 ____D () C:\Users\Shelley\AppData\Local\TrayClient
2015-04-18 20:39 - 2015-04-18 20:39 - 00737736 _____ (My Company, Inc. ) C:\Users\Shelley\Downloads\setup v8.exe
2015-04-18 20:39 - 2015-04-18 20:39 - 00737736 _____ (My Company, Inc. ) C:\Users\Shelley\Downloads\setup v8 (1).exe
2015-04-15 03:23 - 2015-04-24 01:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-04-14 16:24 - 2015-03-24 23:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-14 16:24 - 2015-03-24 23:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-14 16:24 - 2015-03-24 23:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-14 16:24 - 2015-03-24 23:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-14 16:24 - 2015-03-24 23:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-14 16:24 - 2015-03-24 23:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-14 16:24 - 2015-03-24 23:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-14 16:24 - 2015-03-24 23:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-14 16:24 - 2015-03-24 23:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-14 16:24 - 2015-03-24 23:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-14 16:24 - 2015-03-24 23:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-14 16:24 - 2015-03-24 23:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-14 16:24 - 2015-03-24 23:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-14 16:24 - 2015-03-24 23:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-14 16:24 - 2015-03-24 23:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-14 16:24 - 2015-03-24 23:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-14 16:24 - 2015-03-22 23:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-14 16:24 - 2015-03-22 23:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-14 16:24 - 2015-03-22 23:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-14 16:24 - 2015-03-22 23:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-14 16:24 - 2015-03-22 23:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-14 16:24 - 2015-03-22 23:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-14 16:24 - 2015-03-22 23:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-14 16:24 - 2015-03-22 23:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-14 16:24 - 2015-03-05 01:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-14 16:24 - 2015-03-05 00:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-14 16:24 - 2015-02-24 23:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-14 16:23 - 2015-03-17 01:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-14 16:23 - 2015-03-17 01:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-14 16:23 - 2015-03-17 01:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-14 16:23 - 2015-03-17 01:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-14 16:23 - 2015-03-17 01:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-14 16:23 - 2015-03-17 01:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-14 16:23 - 2015-03-17 01:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-14 16:23 - 2015-03-17 01:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-14 16:23 - 2015-03-17 01:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-14 16:23 - 2015-03-17 01:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32(53).dll
2015-04-14 16:23 - 2015-03-17 01:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-14 16:23 - 2015-03-17 01:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos(52).dll
2015-04-14 16:23 - 2015-03-17 01:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-14 16:23 - 2015-03-17 01:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-14 16:23 - 2015-03-17 01:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase(54).dll
2015-04-14 16:23 - 2015-03-17 01:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-14 16:23 - 2015-03-17 01:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel(55).dll
2015-04-14 16:23 - 2015-03-17 01:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-14 16:23 - 2015-03-17 01:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-14 16:23 - 2015-03-17 01:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-14 16:23 - 2015-03-17 01:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-14 16:23 - 2015-03-17 01:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv(57).dll
2015-04-14 16:23 - 2015-03-17 01:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-14 16:23 - 2015-03-17 01:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-14 16:23 - 2015-03-17 01:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-14 16:23 - 2015-03-17 01:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-14 16:23 - 2015-03-17 01:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg(56).dll
2015-04-14 16:23 - 2015-03-17 01:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-14 16:23 - 2015-03-17 01:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-14 16:23 - 2015-03-17 01:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-14 16:23 - 2015-03-17 01:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-14 16:23 - 2015-03-17 01:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-14 16:23 - 2015-03-17 01:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp(50).dll
2015-04-14 16:23 - 2015-03-17 01:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-14 16:23 - 2015-03-17 01:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-14 16:23 - 2015-03-17 01:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-14 16:23 - 2015-03-17 01:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-14 16:23 - 2015-03-17 01:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-14 16:23 - 2015-03-17 01:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-14 16:23 - 2015-03-17 01:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-14 16:23 - 2015-03-17 01:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-14 16:23 - 2015-03-17 01:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-14 16:23 - 2015-03-17 01:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-14 16:23 - 2015-03-17 01:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-14 16:23 - 2015-03-17 01:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-14 16:23 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-14 16:23 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-14 16:23 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-14 16:23 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-14 16:23 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-14 16:23 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-14 16:23 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-14 16:23 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-14 16:23 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-14 16:23 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-14 16:23 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-14 16:23 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-14 16:23 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-14 16:23 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-14 16:23 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-14 16:23 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-14 16:23 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-14 16:23 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-14 16:23 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-14 16:23 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-14 16:23 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-14 16:23 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-14 16:23 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-14 16:23 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-14 16:23 - 2015-03-17 01:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-14 16:23 - 2015-03-17 01:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-14 16:23 - 2015-03-17 00:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-14 16:23 - 2015-03-17 00:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll(60).dll
2015-04-14 16:23 - 2015-03-17 00:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-14 16:23 - 2015-03-17 00:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-14 16:23 - 2015-03-17 00:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-14 16:23 - 2015-03-17 00:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-14 16:23 - 2015-03-17 00:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-14 16:23 - 2015-03-17 00:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-14 16:23 - 2015-03-17 00:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-14 16:23 - 2015-03-17 00:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-14 16:23 - 2015-03-17 00:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-14 16:23 - 2015-03-17 00:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-14 16:23 - 2015-03-17 00:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32(59).dll
2015-04-14 16:23 - 2015-03-17 00:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-14 16:23 - 2015-03-17 00:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-14 16:23 - 2015-03-17 00:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli(61).dll
2015-04-14 16:23 - 2015-03-17 00:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-14 16:23 - 2015-03-17 00:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-14 16:23 - 2015-03-17 00:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-14 16:23 - 2015-03-17 00:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-14 16:23 - 2015-03-17 00:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-14 16:23 - 2015-03-17 00:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-14 16:23 - 2015-03-17 00:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-14 16:23 - 2015-03-17 00:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-14 16:23 - 2015-03-17 00:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-14 16:23 - 2015-03-17 00:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-14 16:23 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-14 16:23 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-14 16:23 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-14 16:23 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-14 16:23 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-14 16:23 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-14 16:23 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-14 16:23 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-14 16:23 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-14 16:23 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-14 16:23 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-14 16:23 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-14 16:23 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-14 16:23 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-14 16:23 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-14 16:23 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-14 16:23 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-14 16:23 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-14 16:23 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-14 16:23 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-14 16:23 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-14 16:23 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-14 16:23 - 2015-03-16 23:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-14 16:23 - 2015-03-16 23:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-14 16:23 - 2015-03-16 23:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-14 16:23 - 2015-03-16 23:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-14 16:23 - 2015-03-16 23:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-14 16:23 - 2015-03-16 23:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-14 16:22 - 2015-04-01 19:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-14 16:22 - 2015-04-01 19:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32(58).dll
2015-04-14 16:22 - 2015-03-13 00:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-14 16:22 - 2015-03-13 00:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-14 16:22 - 2015-03-12 23:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-14 16:22 - 2015-03-12 23:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-14 16:22 - 2015-03-12 23:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-14 16:22 - 2015-03-12 23:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-14 16:22 - 2015-03-12 23:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-14 16:22 - 2015-03-12 23:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-14 16:22 - 2015-03-12 23:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-14 16:22 - 2015-03-12 23:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-14 16:22 - 2015-03-12 23:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-14 16:22 - 2015-03-12 23:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-14 16:22 - 2015-03-12 22:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-14 16:22 - 2015-03-12 22:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-14 16:22 - 2015-03-12 22:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-14 16:22 - 2015-03-12 22:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-14 16:22 - 2015-03-09 23:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-14 16:22 - 2015-03-09 23:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-14 16:22 - 2015-03-09 23:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-14 16:22 - 2015-03-09 23:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-14 16:21 - 2015-04-01 20:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-14 16:21 - 2015-03-13 00:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-14 16:21 - 2015-03-13 00:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-14 16:21 - 2015-03-13 00:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-14 16:21 - 2015-03-13 00:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-14 16:21 - 2015-03-13 00:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-14 16:21 - 2015-03-13 00:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-14 16:21 - 2015-03-13 00:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-14 16:21 - 2015-03-13 00:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-14 16:21 - 2015-03-12 23:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-14 16:21 - 2015-03-12 23:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-14 16:21 - 2015-03-12 23:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-14 16:21 - 2015-03-12 23:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-14 16:21 - 2015-03-12 23:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-14 16:21 - 2015-03-12 23:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-14 16:21 - 2015-03-12 23:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-14 16:21 - 2015-03-12 23:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-14 16:21 - 2015-03-12 23:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-14 16:21 - 2015-03-12 23:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-14 16:21 - 2015-03-12 23:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-14 16:21 - 2015-03-12 23:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-14 16:21 - 2015-03-12 23:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-14 16:21 - 2015-03-12 23:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-14 16:21 - 2015-03-12 23:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-14 16:21 - 2015-03-12 23:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-14 16:21 - 2015-03-12 23:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-14 16:21 - 2015-03-12 23:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-14 16:21 - 2015-03-12 23:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-14 16:21 - 2015-03-12 23:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-14 16:21 - 2015-03-12 23:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-14 16:21 - 2015-03-12 23:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-14 16:21 - 2015-03-12 22:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-14 16:21 - 2015-03-12 22:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-14 16:21 - 2015-03-12 22:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-14 16:21 - 2015-03-12 22:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-14 16:21 - 2015-03-12 22:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-14 16:21 - 2015-03-12 22:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-14 16:21 - 2015-03-12 22:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-14 16:21 - 2015-03-12 22:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-14 16:21 - 2015-03-12 22:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-14 16:21 - 2015-03-12 22:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-14 16:20 - 2015-03-04 00:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-14 16:20 - 2015-03-04 00:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-14 16:20 - 2015-03-04 00:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-14 14:54 - 2015-04-14 14:54 - 18178736 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-04-05 03:01 - 2015-04-24 01:33 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-05 03:01 - 2015-04-05 03:01 - 00000000 ___SD () C:\Windows\SysWOW64\GWX

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-24 13:23 - 2009-07-14 01:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-24 13:22 - 2011-10-17 22:10 - 00022053 _____ () C:\Windows\setupact.log
2015-04-24 13:19 - 2010-11-20 10:56 - 00119104 _____ () C:\Users\Shelley\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-24 12:54 - 2012-08-11 17:32 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-24 12:49 - 2015-02-02 11:00 - 00000574 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-989391033-3763930807-2314399830-1001.job
2015-04-24 12:49 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Default
2015-04-24 12:38 - 2013-12-06 09:18 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cef285a2e6c3d9.job
2015-04-24 12:35 - 2009-07-13 22:34 - 00000215 _____ () C:\Windows\system.ini
2015-04-24 12:33 - 2010-11-20 10:52 - 00000000 ____D () C:\Users\Shelley
2015-04-24 12:32 - 2011-02-14 20:49 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-04-24 11:50 - 2009-07-14 00:45 - 00022704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-24 11:50 - 2009-07-14 00:45 - 00022704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-24 11:38 - 2013-07-05 08:50 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ce797e38c49566.job
2015-04-24 11:38 - 2010-10-11 10:00 - 01467308 _____ () C:\Windows\WindowsUpdate.log
2015-04-24 11:37 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-24 11:36 - 2009-07-14 01:08 - 00032558 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-24 08:22 - 2011-12-12 21:26 - 00000000 ____D () C:\Users\Shelley\Tracing
2015-04-24 08:20 - 2011-10-17 22:09 - 01314416 _____ () C:\Windows\PFRO.log
2015-04-24 08:17 - 2012-03-07 20:31 - 00000000 ____D () C:\Program Files (x86)\Yahoo!
2015-04-24 08:14 - 2012-03-07 20:32 - 00000000 ____D () C:\ProgramData\Yahoo!
2015-04-24 07:11 - 2010-11-21 11:26 - 00000000 ____D () C:\Users\Kevin
2015-04-24 07:11 - 2010-11-21 10:11 - 00000000 ____D () C:\Users\Guest
2015-04-24 07:03 - 2013-06-16 12:35 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Identity Safe
2015-04-24 01:38 - 2012-06-15 22:16 - 01866240 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-04-24 01:34 - 2014-12-10 04:39 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-24 01:34 - 2014-05-07 03:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-24 01:34 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-24 01:33 - 2014-03-30 19:48 - 00000000 ____D () C:\Windows\Minidump
2015-04-24 01:33 - 2014-03-26 14:51 - 00000000 ____D () C:\Users\Shelley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BingoLiner
2015-04-24 01:33 - 2012-03-15 07:36 - 00000000 ____D () C:\Windows\system32\Macromed
2015-04-24 01:33 - 2012-03-07 20:34 - 00000000 ____D () C:\Users\Shelley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserPlus
2015-04-24 01:33 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-24 01:32 - 2014-06-23 07:21 - 00000000 ____D () C:\Users\Shelley\AppData\Local\BingoCabin
2015-04-24 01:32 - 2014-03-26 14:51 - 00000000 ____D () C:\Users\Shelley\AppData\Local\Bingoliner
2015-04-24 01:32 - 2012-08-10 21:59 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-04-24 01:32 - 2010-08-03 20:33 - 00000000 ____D () C:\ProgramData\Skype
2015-04-24 01:32 - 2010-08-03 20:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-04-24 01:32 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-04-24 01:31 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
2015-04-24 01:22 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-24 01:17 - 2010-11-20 13:24 - 00000000 ____D () C:\Users\Shelley\AppData\Local\Google
2015-04-24 01:15 - 2010-08-03 20:29 - 00000000 ____D () C:\ProgramData\Norton
2015-04-24 01:14 - 2011-03-23 18:50 - 00000000 ___RD () C:\MSOCache
2015-04-21 19:13 - 2011-12-28 12:22 - 00000000 ____D () C:\Users\Shelley\AppData\Local\CrashDumps
2015-04-21 19:13 - 2010-07-12 16:26 - 00000000 ____D () C:\Windows\Panther
2015-04-20 20:07 - 2010-11-20 10:59 - 00003950 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{E1F0BE7D-DC64-46E7-8F3E-9D502C339AA6}
2015-04-15 03:42 - 2011-03-23 18:50 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-15 03:35 - 2012-11-17 13:58 - 00766820 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-15 03:22 - 2013-07-24 03:05 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-15 03:09 - 2010-11-21 09:51 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-15 03:08 - 2009-07-13 22:34 - 00000478 _____ () C:\Windows\win.ini
2015-04-14 14:54 - 2012-08-11 17:32 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-14 14:54 - 2012-08-11 17:32 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-14 14:54 - 2011-06-21 13:12 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-13 20:29 - 2014-03-26 14:51 - 00001002 _____ () C:\Users\Shelley\Desktop\BingoLiner.lnk
2015-04-13 07:50 - 2015-02-02 11:00 - 00003612 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-989391033-3763930807-2314399830-1001
2015-03-25 20:45 - 2014-06-23 07:21 - 00001002 _____ () C:\Users\Shelley\Desktop\BingoCabin.lnk
2015-03-25 07:55 - 2013-08-23 07:05 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Identity Safe
2015-03-25 07:55 - 2013-08-22 17:21 - 00002460 _____ () C:\Users\Public\Desktop\Norton Identity Safe.LNK
2015-03-25 07:55 - 2013-04-10 20:05 - 00000000 ____D () C:\Windows\system32\Drivers\NSTx64

==================== Files in the root of some directories =======

2011-09-05 09:44 - 2013-02-02 10:16 - 0000231 _____ () C:\Users\Shelley\AppData\Roaming\Rim.Desktop.Exception.log
2011-09-05 09:32 - 2013-08-23 06:21 - 0002021 _____ () C:\Users\Shelley\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2011-09-05 09:45 - 2013-02-02 10:16 - 0000231 _____ () C:\Users\Shelley\AppData\Roaming\Rim.DesktopHelper.Exception.log
2015-04-18 21:41 - 2015-04-18 21:41 - 0000064 _____ () C:\Users\Shelley\AppData\Local\e47e00864d60f26a598b359baecf41e7
2013-08-23 07:00 - 2013-08-23 07:26 - 0007642 _____ () C:\Users\Shelley\AppData\Local\Resmon.ResmonCfg

Some content of TEMP:
====================
C:\Users\Shelley\AppData\Local\Temp\{13348318-619F-42AB-9012-716D7819C036}.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-18 04:08

==================== End Of Log ============================
 
Here is the addition log...

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-04-2015 01
Ran by Shelley at 2015-04-24 13:26:53
Running from D:\
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.4 - Hewlett-Packard) Hidden
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Alps Pointing-device for VAIO (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: - ALPS ELECTRIC CO., LTD.)
Apple Application Support (32-bit) (HKLM-x32\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{28791292-D18D-42FA-AE66-3D3D20AA8618}) (Version: 3.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5ED7462B-EF58-4757-B609-53755021EC34}) (Version: 8.1.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft WebCam Companion 3 (HKLM-x32\...\{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}) (Version: 3.0.21.368 - ArcSoft)
BingoCabin (HKU\S-1-5-21-989391033-3763930807-2314399830-1001\...\BingoCabin) (Version: - )
BingoLiner (HKU\S-1-5-21-989391033-3763930807-2314399830-1001\...\BingoLiner) (Version: - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version: - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: - )
Canon MP Navigator EX 3.1 (HKLM-x32\...\MP Navigator EX 3.1) (Version: - )
Canon MX870 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX870_series) (Version: - )
Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )
Citrix Online Launcher (HKLM-x32\...\{1EFF9E6C-76E1-43F9-81FB-BC8C037B0902}) (Version: 1.0.258 - Citrix)
CrashPlan (HKLM\...\{F738120D-8C78-4F79-9E1B-CA4527B9837A}) (Version: 3.0 - CrashPlan)
Evernote (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 3.5.4.2224 - Evernote Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Drive (HKLM-x32\...\{6C36881B-0E51-4231-9D02-BF2149664D34}) (Version: 1.20.8672.3137 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GoToMeeting 7.1.8.2553 (HKU\S-1-5-21-989391033-3763930807-2314399830-1001\...\GoToMeeting) (Version: 7.1.8.2553 - CitrixOnline)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.240 - SurfRight B.V.)
HP LaserJet Professional CM1410 Series (HKLM-x32\...\{0EF0EA0D-F945-4958-85CC-60FF1E86D216}) (Version: - Hewlett-Packard)
HP LJ CM1410 MFP Series HP Scan (HKLM-x32\...\{21749F4E-02A1-4828-9A1E-BBDF5929C5D0}) (Version: 1.0.302.0 - Hewlett-Packard Co.)
HP Support Solutions Framework (HKLM-x32\...\{E35601C0-BA8E-4F32-919A-C7EF4CA81F67}) (Version: 11.51.0048 - Hewlett-Packard Company)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2555 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{4327107B-E95E-415C-9194-458FCED6BF12}) (Version: 13.03.0000 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
Intel(R) Wireless Display (HKLM\...\{0D9917CE-1C77-4B58-A153-DCB5A854ED82}) (Version: 1.2.15.0 - Intel Corporation)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
iTunes (HKLM\...\{7B8D4E8A-EA2B-4A71-BFEB-A4AAAB87C5D0}) (Version: 12.1.0.71 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Live Meeting 2007 (HKLM-x32\...\{E30E7561-A466-4393-B8BF-FD93E733EF3C}) (Version: 8.0.6362.202 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mighty Slots (HKLM-x32\...\{565493c1-3580-4f39-ba73-f4c375f5e9bd}) (Version: 14.0.0-RTG - RealTimeGaming Software)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Norton Identity Safe (HKLM-x32\...\NST) (Version: 2014.7.11.42 - Symantec Corporation)
Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.04 - Panda Security)
Panda Devices Agent (x32 Version: 1.05.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 15.01.00.0004 - Panda Security)
Panda Free Antivirus (Version: 7.82.00.0000 - Panda Security) Hidden
PMB VAIO Edition plug-in (Click to Disc) (Version: 3.3.00 - Sony Corporation) Hidden
PMB VAIO Edition plug-in (Click to Disc) (x32 Version: 3.3.00 - Sony Corporation) Hidden
PMB VAIO Edition plug-in (Click to Disc) (x32 Version: 3.3.00.06180 - Sony Corporation) Hidden
PMB VAIO Edition plug-in (VAIO Image Optimizer) (x32 Version: 1.3.00.06110 - Sony Corporation) Hidden
PMB VAIO Edition plug-in (VAIO Movie Story) (Version: 2.3.00 - Sony Corporation) Hidden
PMB VAIO Edition plug-in (VAIO Movie Story) (x32 Version: 2.3.00 - Sony Corporation) Hidden
PMB VAIO Edition plug-in (VAIO Movie Story) (x32 Version: 2.3.00.06180 - Sony Corporation) Hidden
Quatro Casino (HKLM-x32\...\quatro) (Version: 16.10.1.1475 - )
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Rapport (x32 Version: 3.5.1404.75 - Trusteer) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6098 - Realtek Semiconductor Corp.)
Remote Keyboard with PlayStation 3 (HKLM-x32\...\{65B138AE-F636-4D4C-BA5D-A06E21E47C53}) (Version: 1.0.2.06170 - Sony Corporation)
Remote Play with PlayStation 3 (x32 Version: 1.0.2.06210 - Sony Corporation) Hidden
Remote Play with PlayStation®3 (HKLM-x32\...\{07441A52-E208-478A-92B7-5C337CA8C131}) (Version: 1.0.2.06210 - Sony Corporation)
Royal Vegas (HKLM-x32\...\royalvegas) (Version: 16.9.2.739 - )
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SmartWi Connection Utility (HKLM-x32\...\{9B5F85CA-90D4-4AFC-BB37-32477FD0D2B9}) (Version: 4.11.4.20100722.2739 - Sony Corporation)
TrayClient (HKLM-x32\...\TrayClient_is1) (Version: - TrayClient)
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1404.75 - Trusteer)
VAIO - PMB VAIO Edition plug-in (Click to Disc) (HKLM-x32\...\InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}) (Version: 3.3.00.06180 - Sony Corporation)
VAIO - PMB VAIO Edition plug-in (VAIO Image Optimizer) (HKLM-x32\...\InstallShield_{1873FFC1-FDCB-47E1-B7C7-F418211E3530}) (Version: 1.3.00.06110 - Sony Corporation)
VAIO - PMB VAIO Edition plug-in (VAIO Movie Story) (HKLM-x32\...\InstallShield_{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}) (Version: 2.3.00.06180 - Sony Corporation)
VAIO Care (HKLM\...\{D9FFE40D-1A85-4541-992C-5EF505F391A4}) (Version: 8.4.2.12041 - Sony Corporation)
VAIO Care Recovery (HKLM\...\{6ED1750E-F44F-4635-8F0D-B76B9262B7FB}) (Version: 1.1.1.13230 - Sony Corporation)
VAIO Control Center (HKLM-x32\...\{72042FA6-5609-489F-A8EA-3C2DD650F667}) (Version: 4.3.0.05310 - Sony Corporation)
VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.4.0.05240 - Sony Corporation)
VAIO Data Restore Tool (x32 Version: 1.4.0.05240 - Sony Corporation) Hidden
VAIO Gate (HKLM-x32\...\{A7C30414-2382-4086-B0D6-01A88ABA21C3}) (Version: 2.4.2.02200 - Sony Corporation)
VAIO Gate Default (HKLM-x32\...\{B7546697-2A80-4256-A24B-1C33163F535B}) (Version: 2.2.0.07020 - Sony Corporation)
VAIO Hardware Diagnostics (x32 Version: 4.0.0.06230 - Sony Corporation) Hidden
VAIO Help and Support (HKLM-x32\...\{AD3E7141-A22E-40F1-A7A4-55E898AE35E3}) (Version: 12.00.0622 - Sony Corporation)
VAIO Manual (HKLM-x32\...\{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}) (Version: 1.1.0.05280 - Sony Corporation)
VAIO Survey (HKLM-x32\...\{34B37A74-125E-4406-87BA-E4BD3D097AE5}) (Version: 6.00.1028 - Sony Corporation)
VAIO Transfer Support (HKLM-x32\...\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}) (Version: 1.2.0.06230 - Sony Corporation)
VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 7.0.1.02280 - Sony Corporation)
VGClientX64 (Version: 1.0.0 - Sony Corporation) Hidden
VGClientX86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VSO Inspector 2.1.0.4 (HKLM-x32\...\VSO Inspector_is1) (Version: 2.1.0.4 - VSO-Software)
VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.5600 - Broadcom Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Wizard101 (HKLM-x32\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-989391033-3763930807-2314399830-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Shelley\AppData\Local\Citrix\GoToMeeting\2331\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

==================== Restore Points =========================

21-04-2015 15:31:56 Windows Update
21-04-2015 17:18:12 Checkpoint by HitmanPro
21-04-2015 17:19:21 Checkpoint by HitmanPro
24-04-2015 11:40:26 After Malware cleanup

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2015-04-24 12:34 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0452E7B2-617B-459F-89BD-97AE05C8E2F8} - System32\Tasks\{5E900D03-438F-4A6B-975C-BFC6D8765ED3} => pcalua.exe -a E:\AUTORUN.EXE -d E:\
Task: {08633AF1-548C-4560-97D8-318A34B6CCD3} - System32\Tasks\{BF9DF373-2968-4ECE-A9E8-EE8FEDB8C649} => pcalua.exe -a C:\Windows\system32\pcwrun.exe -c "C:\Program Files (x86)\NeatWorks\exec\NeatWorks.exe"
Task: {0916427D-7605-49E5-8530-1D95D2ED6BAF} - System32\Tasks\Sony Corporation\VAIO Care\ActiveStatusCollect => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {0D8A095F-08F8-43FC-9CC6-BC98333701DC} - System32\Tasks\SONY\VAIO Power Management\VPM Logon Start => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-06-21] (Sony Corporation)
Task: {170D5E99-794D-4145-B45F-5CE40E0BD51E} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {2201046B-E585-4EC1-BD5A-0A4905C166B7} - System32\Tasks\Sony Corporation\VAIO Care\CheckSystemInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {22148094-6FF0-4DF8-9666-F82F2CEF510E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {255FF5DB-239E-4C26-874E-AE822AD6DE8D} - System32\Tasks\Sony\Java Update => C:\Program Files\Java\jre6\bin\jusched.exe
Task: {28A9927E-5ECC-4A4E-A0A3-2F2B5B0F625A} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2014-03-01] (Sony Corporation)
Task: {2EC1564F-D6BC-4EDE-867C-4CA69C569D71} - System32\Tasks\Sony Corporation\VAIO Care\UpdateSolution => C:\Program Files\Sony\VAIO Care\Solution.Updater.exe [2014-12-03] (Sony Corporation)
Task: {3472CA5F-2208-4825-ABF7-6FBD435FFC69} - System32\Tasks\Sony Corporation\VAIO Gate\StartExecuteProxy => C:\Program Files\Sony\VAIO Gate\ExecutionProxy.exe [2012-02-20] (Sony Corporation)
Task: {349C32BE-F928-4473-8D19-74463B3A6769} - System32\Tasks\SONY\VAIO Wallpaper Setting Tool\VAIO Wallpaper Setting Tool => C:\Program Files (x86)\Sony\VAIO Wallpaper Setting Tool\VWSet.exe
Task: {377910DB-EC90-47C9-86D7-D20A428D2F9F} - System32\Tasks\Sony Corporation\VAIO Care\UploadPOT => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {3F6E5599-4950-4985-AFD9-A21CB7109F6F} - System32\Tasks\G2MUpdateTask-S-1-5-21-989391033-3763930807-2314399830-1001 => C:\Users\Shelley\AppData\Local\Citrix\GoToMeeting\2553\g2mupdate.exe [2015-04-13] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {462A50FA-E2B5-4758-8130-60B03380DB7C} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {509C88C0-1745-4695-9641-A267E7F03AAD} - System32\Tasks\Sony\VAIO Survey => C:\Program Files (x86)\Sony\VAIO Survey\VAIO Sat Survey.exe [2009-10-26] ()
Task: {55872428-FB9D-40AF-9F9B-DE1743A8E623} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2012-02-20] (Sony Corporation)
Task: {59638E1D-0C13-4576-A515-75F98C571D00} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2014-02-28] (Sony Corporation)
Task: {5C1DAEF8-22F1-416A-AE1C-B6A6226A0A6E} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {6133BBDF-F297-4CB0-810B-6DBFF90375EB} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {71863445-F1D3-4482-B6EC-D13A0D5A3F78} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated)
Task: {79948A71-997A-400F-B6CE-9731B9491B2F} - System32\Tasks\{0591ECD8-BCCF-4872-8EA6-466A16F3364F} => C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe [2014-10-07] (Apple Inc.)
Task: {85AA05FB-54C1-4E02-B063-AEEDC6245EF0} - System32\Tasks\SONY\VAIO Power Management\VPM Session Change => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-06-21] (Sony Corporation)
Task: {A41399DB-A65B-4437-B777-4B0C59FD436A} - System32\Tasks\Sony Corporation\VAIO Care\VCSelfHeal => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {A51FC367-FDE9-4547-BB60-3ED0895FD6B7} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {A844B822-2F3B-4765-A9C2-FC762054FCC8} - System32\Tasks\SONY\VAIO Power Management\VPM Unlock => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-06-21] (Sony Corporation)
Task: {A9C22B8A-500F-4242-8800-9CDCA9DDA8A9} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {B6580629-A0DB-4068-A062-83BDEF52E3AD} - System32\Tasks\{D975E0E7-319F-477A-BCE5-C322687A8B69} => C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe [2014-10-07] (Apple Inc.)
Task: {BE0A4746-CD66-4CA5-BF65-347EF97D3D12} - System32\Tasks\Sony Corporation\VAIO Care\GetPOTInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {BFAA82A4-0A1B-4AB3-8F63-013BDCEA0C78} - \avaavaevy No Task File <==== ATTENTION
Task: {C1415D3C-C4A7-4050-8DFA-DEA786D8BB02} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {C4DD80BE-1FBB-4E15-9F20-B560E3DC6556} - System32\Tasks\GoogleUpdateTaskMachineUA1cef285a2e6c3d9 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {C67586A3-4E1D-4843-9383-A09E9E46C1A8} - System32\Tasks\{6EB49574-3F96-4973-BBA1-E3064ABF9AA9} => pcalua.exe -a C:\Windows\system32\pcwrun.exe -c "C:\Program Files (x86)\NeatWorks\exec\NeatWorks.exe"
Task: {CC046A39-5663-46AD-8813-648F2EF0A501} - System32\Tasks\Sony Corporation\VAIO Care\VCRLog => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {CC8F4940-8C7A-426C-9BEE-19569AEA9EF1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {CF6B8635-3D80-4F2D-AC19-8F4748E51D83} - System32\Tasks\SONY\SUS-BCF\Level4Daily => C:\Program Files (x86)\Sony\Setting Utility Series\WBCBatteryCare.exe [2010-05-31] (Sony Corporation)
Task: {D3713157-AFD3-4EEB-A66F-A60CC8A594B4} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {D6345BEE-10C6-4CFD-ACF5-58C271F0F95F} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate Restart => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2012-02-20] (Sony Corporation)
Task: {E6D71B95-91ED-4AE5-8A93-D60741589604} - System32\Tasks\{04FB1B18-88D8-4684-9982-432710162FF9} => C:\Program Files (x86)\NeatWorks\exec\NeatWorks.exe
Task: {E9F977EF-3464-4268-B3F5-D84BD4BD11B9} - System32\Tasks\GoogleUpdateTaskMachineCore1ce797e38c49566 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {EE750174-FCA3-419C-93ED-8EDE5BECD09A} - System32\Tasks\{15AE394A-B8D4-4DAA-AEE2-C2337265213A} => pcalua.exe -a C:\PROGRA~2\Yahoo!\MESSEN~1\UNWISE.EXE -c /U C:\PROGRA~2\Yahoo!\MESSEN~1\INSTALL.LOG
Task: {F208D618-8EC5-42C2-9802-F129AE6BABC1} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {F6FECD61-FAB0-46A6-95EC-DD3C7C10705E} - System32\Tasks\SONY\Remote Keyboard with PlayStation 3\Remote Keyboard with PlayStation 3 => C:\Program Files\Sony\Remote Keyboard with PlayStation 3\VBTKBUtil.exe [2010-06-17] (Sony Corporation)
Task: {FADFD7BB-6C5E-4C5A-A196-C6FA74BEE479} - System32\Tasks\Sony Corporation\VAIO Care\DeployCRMflag => C:\Program Files\Sony\VAIO Care\DeployCRMflag.exe [2014-01-16] (Sony Corporation)
Task: {FD60A4E5-C192-4877-A882-D3DC1B033A9B} - System32\Tasks\SONY\SUS-BCF\Level4Month => C:\Program Files (x86)\Sony\Setting Utility Series\WBCBatteryCare.exe [2010-05-31] (Sony Corporation)
Task: {FDE6EB90-6CC8-4BA9-9AAA-9CA53E715952} - System32\Tasks\USER_ESRV_SVC => Wscript.exe //B //NoLogo "C:\Program Files\Sony\VAIO Care\ESRV\task.vbs"
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-989391033-3763930807-2314399830-1001.job => C:\Users\Shelley\AppData\Local\Citrix\GoToMeeting\2553\g2mupdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ce797e38c49566.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cef285a2e6c3d9.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2010-07-19 16:48 - 2010-07-19 16:48 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-03-26 22:45 - 2012-03-26 22:45 - 00014848 _____ () C:\Program Files\CrashPlan\md564.dll
2015-01-13 10:28 - 2015-01-13 10:28 - 00230400 _____ () C:\Program Files\CrashPlan\cpnative64.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2010-07-19 16:48 - 2010-07-19 16:48 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2013-11-01 15:59 - 2013-11-01 15:59 - 00062464 _____ () C:\Program Files\Sony\VAIO Care\listener.exe
2014-03-23 17:04 - 2014-03-23 17:04 - 00557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:45 - 2010-10-20 16:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2010-08-03 20:43 - 2010-05-31 19:18 - 00013824 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESBasePS.dll
2010-08-03 20:43 - 2010-05-31 19:18 - 00013312 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSubPS.dll
2014-10-18 03:35 - 2014-10-18 03:35 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\3d576cbc4ffc5ad06fd61510c5d8f326\IsdiInterop.ni.dll
2010-07-12 17:29 - 2010-03-03 23:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2015-04-16 00:12 - 2015-04-13 17:55 - 01252680 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\libglesv2.dll
2015-04-16 00:12 - 2015-04-13 17:55 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\libegl.dll
2015-04-16 00:12 - 2015-04-13 17:55 - 14980424 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\PepperFlash\pepflashplayer.dll
2013-04-12 13:23 - 2013-04-12 13:23 - 00612664 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-989391033-3763930807-2314399830-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Shelley\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BingDesktop => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
MSCONFIG\startupreg: GoToMeeting => "C:\Program Files (x86)\Citrix\GoToMeeting\723\g2mstart.exe" "/Trigger RunAtLogon"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: MobileDocuments => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
MSCONFIG\startupreg: PMBVolumeWatcher => C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RIMBBLaunchAgent.exe => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
MSCONFIG\startupreg: SmartWiHelper => "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

==================== Accounts: =============================

Administrator (S-1-5-21-989391033-3763930807-2314399830-500 - Administrator - Disabled)
Guest (S-1-5-21-989391033-3763930807-2314399830-501 - Limited - Disabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-989391033-3763930807-2314399830-1002 - Limited - Enabled)
Shelley (S-1-5-21-989391033-3763930807-2314399830-1001 - Administrator - Enabled) => C:\Users\Shelley

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/24/2015 11:35:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_Schedule, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: ntdll.dll, version: 6.1.7601.18798, time stamp: 0x5507b864
Exception code: 0xc0000005
Fault offset: 0x0000000000003007
Faulting process id: 0x318
Faulting application start time: 0xsvchost.exe_Schedule0
Faulting application path: svchost.exe_Schedule1
Faulting module path: svchost.exe_Schedule2
Report Id: svchost.exe_Schedule3

Error: (04/24/2015 08:19:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: VCAgent.exe, version: 8.4.2.12030, time stamp: 0x5476d099
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000007fe93bbb5c1
Faulting process id: 0x1aa0
Faulting application start time: 0xVCAgent.exe0
Faulting application path: VCAgent.exe1
Faulting module path: VCAgent.exe2
Report Id: VCAgent.exe3

Error: (04/24/2015 08:19:57 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: VCAgent.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
Stack:
at VCAgent.View.MainWindow.WindowProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at System.Windows.Interop.HwndSource.PublicHooksFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.HwndSubclass.DefWndProcWrapper(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.IntGetMessageW(System.Windows.Interop.MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32)
at MS.Win32.UnsafeNativeMethods.IntGetMessageW(System.Windows.Interop.MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32)
at System.Windows.Threading.Dispatcher.GetMessage(System.Windows.Interop.MSG ByRef, IntPtr, Int32, Int32)
at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
at System.Windows.Application.RunInternal(System.Windows.Window)
at System.Windows.Application.Run()
at VCAgent.App.Main()

Error: (04/24/2015 06:52:33 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (04/24/2015 06:12:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 18192992

Error: (04/24/2015 06:12:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 18192992

Error: (04/24/2015 06:12:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/24/2015 01:09:18 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6271

Error: (04/24/2015 01:09:18 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6271

Error: (04/24/2015 01:09:18 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (04/24/2015 01:20:32 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (04/24/2015 01:03:16 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (04/24/2015 00:35:06 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (04/24/2015 00:32:49 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (04/24/2015 00:18:08 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (04/24/2015 11:38:39 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error:
%%1056

Error: (04/24/2015 11:37:08 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error: (04/24/2015 11:36:39 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (04/24/2015 11:36:39 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (04/24/2015 11:36:39 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.


Microsoft Office Sessions:
=========================
Error: (04/24/2015 11:35:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_Schedule6.1.7600.163854a5bc3c1ntdll.dll6.1.7601.187985507b864c0000005000000000000300731801d07e8921488557C:\Windows\system32\svchost.exeC:\Windows\SYSTEM32\ntdll.dll8b8229fd-ea97-11e4-9536-c0cb38eb3b45

Error: (04/24/2015 08:19:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: VCAgent.exe8.4.2.120305476d099unknown0.0.0.000000000c0000005000007fe93bbb5c11aa001d07e867c90c1fbC:\Program Files\Sony\VAIO Care\VCAgent.exeunknown38f37e4e-ea7c-11e4-af47-c0cb38eb3b45

Error: (04/24/2015 08:19:57 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: VCAgent.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
Stack:
at VCAgent.View.MainWindow.WindowProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at System.Windows.Interop.HwndSource.PublicHooksFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.HwndSubclass.DefWndProcWrapper(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.IntGetMessageW(System.Windows.Interop.MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32)
at MS.Win32.UnsafeNativeMethods.IntGetMessageW(System.Windows.Interop.MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32)
at System.Windows.Threading.Dispatcher.GetMessage(System.Windows.Interop.MSG ByRef, IntPtr, Int32, Int32)
at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
at System.Windows.Application.RunInternal(System.Windows.Window)
at System.Windows.Application.Run()
at VCAgent.App.Main()

Error: (04/24/2015 06:52:33 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.ExeC:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL8

Error: (04/24/2015 06:12:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 18192992

Error: (04/24/2015 06:12:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 18192992

Error: (04/24/2015 06:12:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/24/2015 01:09:18 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6271

Error: (04/24/2015 01:09:18 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6271

Error: (04/24/2015 01:09:18 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


CodeIntegrity Errors:
===================================
Date: 2015-04-24 12:32:49.219
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-04-24 12:32:49.094
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz
Percentage of memory in use: 71%
Total physical RAM: 3758.1 MB
Available physical RAM: 1077.4 MB
Total Pagefile: 7514.39 MB
Available Pagefile: 4040.97 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:455.32 GB) (Free:285.17 GB) NTFS
Drive d: () (Removable) (Total:0.96 GB) (Free:0.15 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 61EB3EF9)
Partition 1: (Not Active) - (Size=10.3 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=455.3 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 984 MB) (Disk ID: 6F20736B)
No partition Table on disk 1.
Disk 1 is a removable device.

==================== End Of Log ============================
 
I am seeing the adware pop-up "urgent action required, security thread found, contact 343-700-2863".
Which browser?
See if still happens after running following fix.

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    3.5 KB · Views: 2
The pop-up isn't tied to a browser. I shut-down all browsers and confirmed that they were closed in task manager (I.e. no browsers listed under applications). So, the "pop-up" appears to be running on its own.

See below for the fixlog...

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-04-2015 01
Ran by Shelley at 2015-04-24 14:43:01 Run:6
Running from C:\Users\Shelley\Desktop
Loaded Profiles: Shelley (Available profiles: Shelley & Guest)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Replace: C:\Windows\winsxs\amd64_microsoft-windows-explorerframe_31bf3856ad364e35_6.1.7600.16623_none_1eb0dfb08d530aa2\ExplorerFrame.dll C:\Windows\System32\ExplorerFrame.dll
*****************

C:\Windows\System32\ExplorerFrame.dll => Moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-explorerframe_31bf3856ad364e35_6.1.7600.16623_none_1eb0dfb08d530aa2\ExplorerFrame.dll copied successfully to C:\Windows\System32\ExplorerFrame.dll

==== End of Fixlog 14:43:01 ====
 
You ran wrong "fixlist".
Delete all "fixlists" you have there, download one from my previous reply and try again.
 
Sorry about that. Here's the re-run log...

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-04-2015 01
Ran by Shelley at 2015-04-24 14:53:04 Run:7
Running from C:\Users\Shelley\Desktop
Loaded Profiles: Shelley (Available profiles: Shelley & Guest)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-989391033-3763930807-2314399830-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Safe Web Lite\Engine64\2014.7.11.42\coIEPlg.dll No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Safe Web Lite\Engine\2014.7.11.42\coIEPlg.dll No File
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Safe Web Lite\Engine64\2014.7.11.42\coIEPlg.dll No File
Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\2014.7.11.42\coIEPlg.dll No File
Toolbar: HKU\S-1-5-21-989391033-3763930807-2314399830-1001 -> Norton Identity Safe Toolbar - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Safe Web Lite\Engine64\2014.7.11.42\coIEPlg.dll No File
C:\Users\Shelley\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif
U3 catchme; \??\C:\ComboFix\catchme.sys [X]
U2 MSSQL$DDNI; No ImagePath
2015-04-21 15:28 - 2015-04-24 01:33 - 00000000 ____D () C:\Users\Shelley\AppData\Roaming\zjroinbm
2015-04-21 15:22 - 2015-04-24 01:33 - 00000000 ____D () C:\Users\Shelley\AppData\Roaming\bqraerag
2015-04-20 11:00 - 2015-04-24 01:33 - 00000000 ____D () C:\Users\Shelley\AppData\Roaming\mxlfwwvq
2015-04-19 22:11 - 2015-04-24 01:33 - 00000000 ____D () C:\Users\Shelley\AppData\Roaming\sdbbziuz
2015-04-19 21:14 - 2015-04-24 01:33 - 00000000 ____D () C:\Users\Shelley\AppData\Roaming\tgyydpwn
2015-04-19 19:17 - 2015-04-24 01:33 - 00000000 ____D () C:\Users\Shelley\AppData\Roaming\utkbetwm
2015-04-19 19:16 - 2015-04-24 01:33 - 00000000 ____D () C:\Users\Shelley\AppData\Roaming\xkazcuut
2015-04-19 19:16 - 2015-04-24 01:33 - 00000000 ____D () C:\Users\Shelley\AppData\Roaming\jowubgbm
2015-04-19 04:06 - 2015-04-21 15:17 - 00000004 _____ () C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-04-18 21:41 - 2015-04-24 01:32 - 00000000 ____D () C:\Program Files (x86)\user extensions
2015-04-18 21:41 - 2015-04-18 21:41 - 00000064 _____ () C:\Users\Shelley\AppData\Local\e47e00864d60f26a598b359baecf41e7
2015-04-18 21:12 - 2015-04-24 12:32 - 00000000 ____D () C:\Program Files (x86)\fbbf7ad2-3426-4d05-8d7c-fc1e7c02d584
2011-09-05 09:44 - 2013-02-02 10:16 - 0000231 _____ () C:\Users\Shelley\AppData\Roaming\Rim.Desktop.Exception.log
2011-09-05 09:32 - 2013-08-23 06:21 - 0002021 _____ () C:\Users\Shelley\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2011-09-05 09:45 - 2013-02-02 10:16 - 0000231 _____ () C:\Users\Shelley\AppData\Roaming\Rim.DesktopHelper.Exception.log
2015-04-18 21:41 - 2015-04-18 21:41 - 0000064 _____ () C:\Users\Shelley\AppData\Local\e47e00864d60f26a598b359baecf41e7
2013-08-23 07:00 - 2013-08-23 07:26 - 0007642 _____ () C:\Users\Shelley\AppData\Local\Resmon.ResmonCfg
C:\Users\Shelley\AppData\Local\Temp\{13348318-619F-42AB-9012-716D7819C036}.exe
Task: {BFAA82A4-0A1B-4AB3-8F63-013BDCEA0C78} - \avaavaevy No Task File <==== ATTENTION


*****************

"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-989391033-3763930807-2314399830-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AB4C7833-A6EC-433f-B9FE-6B14B1A2F836}" => Key deleted successfully.
"HKCR\CLSID\{AB4C7833-A6EC-433f-B9FE-6B14B1A2F836}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
"HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AB4C7833-A6EC-433f-B9FE-6B14B1A2F836}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{AB4C7833-A6EC-433f-B9FE-6B14B1A2F836}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{A13C2648-91D4-4bf3-BC6D-0079707C4389} => value deleted successfully.
"HKCR\CLSID\{A13C2648-91D4-4bf3-BC6D-0079707C4389}" => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{A13C2648-91D4-4bf3-BC6D-0079707C4389} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{A13C2648-91D4-4bf3-BC6D-0079707C4389}" => Key deleted successfully.
HKU\S-1-5-21-989391033-3763930807-2314399830-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A13C2648-91D4-4BF3-BC6D-0079707C4389} => value deleted successfully.
HKCR\CLSID\{A13C2648-91D4-4BF3-BC6D-0079707C4389} => Key not found.
C:\Users\Shelley\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif => Moved successfully.
catchme => Service deleted successfully.
MSSQL$DDNI => Service deleted successfully.
C:\Users\Shelley\AppData\Roaming\zjroinbm => Moved successfully.
C:\Users\Shelley\AppData\Roaming\bqraerag => Moved successfully.
C:\Users\Shelley\AppData\Roaming\mxlfwwvq => Moved successfully.
C:\Users\Shelley\AppData\Roaming\sdbbziuz => Moved successfully.
C:\Users\Shelley\AppData\Roaming\tgyydpwn => Moved successfully.
C:\Users\Shelley\AppData\Roaming\utkbetwm => Moved successfully.
C:\Users\Shelley\AppData\Roaming\xkazcuut => Moved successfully.
C:\Users\Shelley\AppData\Roaming\jowubgbm => Moved successfully.
C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7 => Moved successfully.
C:\Program Files (x86)\user extensions => Moved successfully.
C:\Users\Shelley\AppData\Local\e47e00864d60f26a598b359baecf41e7 => Moved successfully.
C:\Program Files (x86)\fbbf7ad2-3426-4d05-8d7c-fc1e7c02d584 => Moved successfully.
C:\Users\Shelley\AppData\Roaming\Rim.Desktop.Exception.log => Moved successfully.
C:\Users\Shelley\AppData\Roaming\Rim.Desktop.HttpServerSetup.log => Moved successfully.
C:\Users\Shelley\AppData\Roaming\Rim.DesktopHelper.Exception.log => Moved successfully.
"C:\Users\Shelley\AppData\Local\e47e00864d60f26a598b359baecf41e7" => File/Directory not found.
C:\Users\Shelley\AppData\Local\Resmon.ResmonCfg => Moved successfully.
C:\Users\Shelley\AppData\Local\Temp\{13348318-619F-42AB-9012-716D7819C036}.exe => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BFAA82A4-0A1B-4AB3-8F63-013BDCEA0C78}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BFAA82A4-0A1B-4AB3-8F63-013BDCEA0C78}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avaavaevy" => Key deleted successfully.

==== End of Fixlog 14:53:07 ====
 
Back