Internet Explorer has been hijacked - i suspect Muvic Sidebar

R

robertleach

New Member
Thread author
Nov 3, 2014
1
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-11-2014
Ran by Heather at 2014-11-03 13:31:59
Running from C:\Users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KRTJMIPC
Boot Mode: Normal
==========================================================

==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Reader XI MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5557 - AVG Technologies)
AVG 2015 (Version: 15.0.4189 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5557 - AVG Technologies) Hidden
Azteca (x32 Version: 2.2.0.97 - WildTangent) Hidden
Behind The Reflection 2: Witch's Revenge (x32 Version: 3.0.2.32 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Broadcom Wireless Utility (HKLM\...\{4CDA59B9-7AD3-4283-9F5C-BC469FF975B6}) (Version: 6.30.59.125 - Broadcom Corporation)
Build-a-lot: On Vacation (x32 Version: 2.2.0.110 - WildTangent) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Classic Menu for Office Enterprise 2010 (HKLM-x32\...\{DF4ED63C-D32A-4F0C-AC6A-224C83184D8B}) (Version: 2.25 - Detong Technology Ltd.)
Cut the Rope (x32 Version: 3.0.2.38 - WildTangent) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.2529 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.6201.52 - CyberLink Corp.)
Enchanted Cavern 2 (x32 Version: 2.2.0.110 - WildTangent) Hidden
ESDL (x32 Version: 1.0.0 - Sony Corporation) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
FDUx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Heroes of Hellas 3: Athens (x32 Version: 3.0.2.32 - WildTangent) Hidden
Intel AppUp(R) center (HKLM-x32\...\Intel AppUp(R) center 41800) (Version: 3.8.0.41800.66 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2963 - Intel Corporation)
Intel(R) PROSet/Wireless NFC Software (HKLM\...\Intel(R) PROSet/Wireless NFC Software) (Version: 1.0.1.003 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Java 7 Update 13 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417013FF}) (Version: 7.0.130 - Oracle)
Luxor HD (x32 Version: 2.2.0.110 - WildTangent) Hidden
Mahjongg Artifacts (x32 Version: 2.2.0.110 - WildTangent) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Muvic Smartbar Engine (HKCU\...\{239ea179-cecc-463d-beb0-52683a542201}) (Version: 11.113.58.19232 - PinWid Ltd.) <==== ATTENTION
My Kingdom for the Princess 3 (x32 Version: 2.2.0.110 - WildTangent) Hidden
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayMemories Home (HKLM-x32\...\{1E5C7043-09C5-4974-A69F-A5271FD82BBC}) (Version: 7.0.02.14060 - Sony Corporation)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.10.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7177 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{0D61A55C-3ADC-409F-BF5B-A1766D1F5944}) (Version: 6.2.9200.28135 - Realtek Semiconductor Corp.)
RegHunter (HKLM\...\{F94A63D7-9A61-403B-8F6F-90B1BF77211A}) (Version: 1.3.3.1613 - Enigma Software Group USA, LLC)
Restore (x32 Version: 1.0.0 - Sony Corporation) Hidden
Secure Global Desktop Client (HKLM-x32\...\{211F1392-98E9-4C29-96F0-5318D4512F72}) (Version: 5.00.909 - Oracle)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SSLx64 (Version: 1.0.0 - Sony Corporation ) Hidden
SSLx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.4.0.1 - Synaptics Incorporated)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
VAIO - Xperia Link (HKLM-x32\...\{D91558BF-D1F3-411F-AEFE-8774CB406512}) (Version: 1.3.2.07020 - Sony Corporation)
VAIO BIOS Data Transfer Utility (x32 Version: 1.0.0.02050 - Sony Corporation) Hidden
VAIO Care (HKLM\...\{92907606-B2FC-4193-B0CE-A21159DA3ABB}) (Version: 8.4.0.14286 - Sony Corporation)
VAIO Care Hardware Diagnostics Plugin (HKLM-x32\...\{EC153498-00E1-4C9C-89BE-81527C6750BE}) (Version: 4.8.0.13250 - Sony Corporation)
VAIO Care Recovery (HKLM\...\{15B9204E-BA09-485E-8F2C-094AC0077664}) (Version: 1.1.2.13230 - Sony Corporation)
VAIO Control Center (HKLM-x32\...\{8E797841-A110-41FD-B17A-3ABC0641187A}) (Version: 6.2.0.03070 - Sony Corporation)
VAIO CPU Fan Diagnostic (HKLM-x32\...\{BCE6E3D7-B565-4E1B-AC77-F780666A35FB}) (Version: 1.2.0.03050 - Sony Corporation)
VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.11.0.13250 - Sony Corporation)
VAIO Easy Connect (x32 Version: 8.2.0.14170 - Sony Corporation) Hidden
VAIO Gesture Control (HKLM-x32\...\{692955F2-DE9F-4078-8FAA-858D6F3A1776}) (Version: 2.2.0.01230 - Sony Corporation)
VAIO Gesture Control (x32 Version: 2.2.0.01230 - Sony Corporation) Hidden
VAIO Image Optimizer (HKLM-x32\...\InstallShield_{5597C927-029A-46A7-A0C0-8DABD9891A50}) (Version: 3.1.00.14260 - Sony Corporation)
VAIO Image Optimizer (x32 Version: 3.1.00.14260 - Sony Corporation) Hidden
VAIO Improvement (HKLM-x32\...\{3A26D9BD-0F73-432D-B522-2BA18138F7EF}) (Version: 2.2.0.01240 - Sony Corporation)
VAIO Media Server Settings (HKLM\...\{62A172B2-550E-499D-9A82-5190D18390AA}) (Version: 1.1.0.02220 - Sony Corporation)
VAIO Movie Creator (HKLM-x32\...\InstallShield_{C2CC5822-32E6-4D21-88EA-DE8CED09EE2F}) (Version: 4.1.01.15140 - Sony Corporation)
VAIO Movie Creator (x32 Version: 4.1.01.15140 - Sony Corporation) Hidden
VAIO Sample Music (HKLM-x32\...\{FBEE3D44-0933-4B84-BB6A-49957F89187F}) (Version: 1.0.0.03051 - Sony Corporation)
VAIO Transfer Support (HKLM-x32\...\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}) (Version: 1.9.0.11060 - Sony Corporation)
VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 7.0.1.02280 - Sony Corporation)
VCCx64 (Version: 1.0.0 - Sony Corporation) Hidden
VCCx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VHD (x32 Version: 1.0.0 - Sony Corporation) Hidden
Virtual Villagers 5 - New Believers (x32 Version: 3.0.2.32 - WildTangent) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VIx64 (Version: 1.0.0 - Sony Corporation) Hidden
VIx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VPMx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSSTx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden
VWSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.4900 - Broadcom Corporation)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.10.5 - WildTangent) Hidden
XperiaLinkx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-4131840621-843332639-1238327281-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AC}\InprocServer32 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel)
CustomCLSID: HKU\S-1-5-21-4131840621-843332639-1238327281-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AD}\InprocServer32 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel)
==================== Restore Points =========================
14-10-2014 16:03:17 Windows Update
19-10-2014 23:01:37 Windows Update
28-10-2014 14:36:42 Removed VAIO Update
29-10-2014 20:28:34 Installed AVG 2015
01-11-2014 07:08:42 zoek.exe restore point
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2012-07-26 05:26 - 2014-11-01 06:20 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {04C4DD14-2355-4842-B845-869369E1A8D3} - System32\Tasks\Sony Corporation\VAIO Care\GetPOTInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {08F1D484-AA03-45CE-B057-299078C85C46} - System32\Tasks\Sony Corporation\VAIO Hardware Diagnostics\VHDInformationCheck => C:\Program Files (x86)\Sony\VAIO Recovery\plugins\InformationCheck.exe [2013-01-25] (Sony Corporation)
Task: {0ADB3193-FC9F-40F4-8214-7D550B509012} - System32\Tasks\FCQSK => C:\Users\Heather\AppData\Roaming\FCQSK.exe <==== ATTENTION
Task: {0DF6E874-9050-4544-9E65-151FFE2B08F5} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2014-03-01] (Sony Corporation)
Task: {170C984A-3577-44A2-8CE2-FE7A78D004D3} - System32\Tasks\Microsoft\Windows\Setup\8.1 auto install v2 => C:\Windows\system32\AutoUpdate.exe [2014-10-22] (Microsoft Corporation)
Task: {17F954B7-8D4F-4277-8D1B-FEF7730D8419} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Daily => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2013-02-02] (Sony Corporation)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2421E22A-62EB-4314-9330-B95250A085FC} - System32\Tasks\Microsoft\Windows\Setup\8.1 auto install ping => C:\Windows\system32\AutoUpdate.exe [2014-10-22] (Microsoft Corporation)
Task: {2BE511D2-7073-4B16-A98D-38C7CBA2DC23} - System32\Tasks\Sony Corporation\VAIO Gesture Control\VCGULogonTask => C:\Program Files (x86)\Sony\VAIO Camera Gesture Utility\VCGU.exe [2013-01-23] (Sony Corporation)
Task: {3A7D4F0F-F8E8-4DD0-AA50-CA11B77FD236} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-10-29] (Microsoft Corporation)
Task: {59B94595-7AC1-47CE-9D17-1071E868DF3F} - System32\Tasks\Sony Corporation\VAIO Care\VCSelfHeal => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {5F131022-482F-4B33-9E63-9160D1D54F12} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Month => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2013-02-02] (Sony Corporation)
Task: {6FC83B37-5DF0-4F45-BF47-928A1BA891BF} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-03-14] (Synaptics Incorporated)
Task: {70C36B0A-D431-4FA6-8C05-6B314AB47514} - System32\Tasks\USER_ESRV_SVC => Wscript.exe //B //NoLogo "C:\Program Files\Sony\VAIO Care\ESRV\task.vbs"
Task: {796AF2C6-C179-421F-A03B-6AF2BAAF8FB4} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {805C32AE-A848-4BAC-8CFA-DDD656A14C84} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\viuploader.exe [2013-01-24] (Sony Corporation)
Task: {8835FB8B-04AA-48DD-B875-810DD38E44EE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-30] (Piriform Ltd)
Task: {8B90097A-8FA5-4936-9456-3BE929C19856} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {936635D4-3650-4D38-AED4-699CA669304C} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {A21697BD-6A96-4B57-A5E2-061C30B65446} - System32\Tasks\Sony Corporation\VAIO Control Center\VAIOControlCenterUser => C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe [2013-03-08] (Sony Corporation)
Task: {A50883CD-DD75-4DBC-A269-DE59FDAA8371} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-07-24] (CyberLink Corp.)
Task: {A6A117F4-1A07-4053-B990-3731D9A23F60} - System32\Tasks\Sony Corporation\VAIO Care\CheckSystemInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {AF8E5460-497E-45B8-826D-978F7E65A241} - System32\Tasks\Sony Corporation\VAIO Care\UpdateContacts => %ProgramData%\Sony Corporation\VAIO Care\UpdateContacts.exe
Task: {B3BACC4A-6FE0-41DE-96B2-F170B7CD6836} - System32\Tasks\Sony Corporation\VAIO Care\VCRLog => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {BB7F30B7-738E-48EF-B944-259BF007E21D} - System32\Tasks\Sony Corporation\VAIO Control Center\VAIOControlCenterSystem => C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe [2013-03-08] (Sony Corporation)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {C74B1911-C1DF-45D1-AFCD-B0009BD7B923} - System32\Tasks\Sony Corporation\VAIO Care\DeployCRMflag => C:\Program Files\Sony\VAIO Care\DeployCRMflag.exe [2014-01-16] (Sony Corporation)
Task: {C9D6AA3E-9CF9-4153-B5B5-70F88D72BF50} - System32\Tasks\Sony Corporation\VAIO Control Center\NetworkSetting\NetworkSetting Logon Start => C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient
Task: {D0B0527B-6931-4A25-B6C2-B50549E6F72F} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {D3BCBD00-3D7B-41CD-B87F-CF56655C35A1} - System32\Tasks\Sony Corporation\VAIO Care\UploadPOT => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {EA1D720E-6173-4893-BA33-6DC4D9618254} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2014-02-28] (Sony Corporation)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {EE2C4F91-E4B6-40C2-8E35-A75E81464852} - System32\Tasks\Sony Corporation\Xperia Link\Xperia Link Logon Start => C:\Program Files (x86)\Sony\Xperia Link\Xperia Link.exe [2014-07-03] (Sony Corporation)
Task: {F29631BC-2D40-49ED-A923-D59718CB6845} - System32\Tasks\LMWLJKY => C:\Users\Heather\AppData\Roaming\LMWLJKY.exe <==== ATTENTION
Task: {FF9BA6EB-3612-4055-9347-C9C40D64D64A} - System32\Tasks\Sony Corporation\VAIO Care\UpdateSolution => C:\Program Files\Sony\VAIO Care\Solution.Updater.exe [2014-02-27] (Sony Corporation)
Task: C:\Windows\Tasks\FCQSK.job => C:\Users\Heather\AppData\Roaming\FCQSK.exe <==== ATTENTION
Task: C:\Windows\Tasks\LMWLJKY.job => C:\Users\Heather\AppData\Roaming\LMWLJKY.exe <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2012-12-14 13:27 - 2012-12-14 13:27 - 00049520 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btwleapi.dll
2013-09-04 23:17 - 2013-09-04 23:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-11-19 09:21 - 2013-11-19 09:21 - 00062464 _____ () C:\Program Files\Sony\VAIO Care\listener.exe
2013-05-27 00:16 - 2013-01-23 09:26 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:58A5270D
AlternateDataStreams: C:\ProgramData\Temp:A5C00DEE
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run32: => "ConvertAd"
HKLM\...\StartupApproved\Run32: => "mbot_gb_143"
========================= Accounts: ==========================
Administrator (S-1-5-21-4131840621-843332639-1238327281-500 - Administrator - Disabled)
Guest (S-1-5-21-4131840621-843332639-1238327281-501 - Limited - Disabled)
Heather (S-1-5-21-4131840621-843332639-1238327281-1001 - Administrator - Enabled) => C:\Users\Heather
HomeGroupUser$ (S-1-5-21-4131840621-843332639-1238327281-1003 - Limited - Enabled)
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================
Application errors:
==================
Error: (11/03/2014 01:32:36 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2114-10-10T13:32:36Z. Error Code: 0x80041316.
Error: (11/03/2014 01:32:06 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2114-10-10T13:32:06Z. Error Code: 0x80041316.
Error: (11/03/2014 01:31:36 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2114-10-10T13:30:36Z. Error Code: 0x80041316.
Error: (11/03/2014 01:31:05 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2114-10-10T13:31:05Z. Error Code: 0x80041316.
Error: (11/03/2014 01:30:35 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2114-10-10T13:30:35Z. Error Code: 0x80041316.
Error: (11/03/2014 01:30:05 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2114-10-10T13:30:05Z. Error Code: 0x80041316.
Error: (11/03/2014 01:29:35 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2114-10-10T13:29:35Z. Error Code: 0x80041316.
Error: (11/03/2014 01:29:05 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2114-10-10T13:29:05Z. Error Code: 0x80041316.
Error: (11/03/2014 01:28:35 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2114-10-10T13:28:35Z. Error Code: 0x80041316.
Error: (11/03/2014 01:28:05 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2114-10-10T13:28:05Z. Error Code: 0x80041316.

System errors:
=============
Error: (11/03/2014 00:10:16 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:32:35 on ‎03/‎11/‎2014 was unexpected.
Error: (11/02/2014 01:20:10 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:41:55 on ‎02/‎11/‎2014 was unexpected.
Error: (11/02/2014 07:23:27 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 06:31:01 on ‎02/‎11/‎2014 was unexpected.
Error: (11/01/2014 06:50:23 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
Error: (11/01/2014 06:50:23 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with the following service-specific error:
%%2147749123
Error: (11/01/2014 10:24:07 AM) (Source: DCOM) (EventID: 10010) (User: VAIO)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
Error: (11/01/2014 06:44:32 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee OOBE Service2 service failed to start due to the following error:
%%2
Error: (10/31/2014 02:43:23 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "VAIO :0" could not be registered on the interface with IP address 10.26.157.43.
The computer with the IP address 193.61.80.220 did not allow the name to be claimed by
this computer.
Error: (10/31/2014 02:43:23 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "VAIO :20" could not be registered on the interface with IP address 10.26.157.43.
The computer with the IP address 193.61.80.220 did not allow the name to be claimed by
this computer.
Error: (10/31/2014 02:43:23 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "VAIO :0" could not be registered on the interface with IP address 10.26.157.43.
The computer with the IP address 193.61.80.220 did not allow the name to be claimed by
this computer.

Microsoft Office Sessions:
=========================
Error: (11/03/2014 01:32:36 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800413162114-10-10T13:32:36Z
Error: (11/03/2014 01:32:06 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800413162114-10-10T13:32:06Z
Error: (11/03/2014 01:31:36 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800413162114-10-10T13:30:36Z
Error: (11/03/2014 01:31:05 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800413162114-10-10T13:31:05Z
Error: (11/03/2014 01:30:35 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800413162114-10-10T13:30:35Z
Error: (11/03/2014 01:30:05 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800413162114-10-10T13:30:05Z
Error: (11/03/2014 01:29:35 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800413162114-10-10T13:29:35Z
Error: (11/03/2014 01:29:05 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800413162114-10-10T13:29:05Z
Error: (11/03/2014 01:28:35 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800413162114-10-10T13:28:35Z
Error: (11/03/2014 01:28:05 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800413162114-10-10T13:28:05Z

CodeIntegrity Errors:
===================================
Date: 2014-10-29 20:33:59.748
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\AVG\AVG2015\avghooka.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3-3227U CPU @ 1.90GHz
Percentage of memory in use: 65%
Total physical RAM: 3974.8 MB
Available physical RAM: 1362.04 MB
Total Pagefile: 5062.8 MB
Available Pagefile: 2056.4 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:671.42 GB) (Free:613.42 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: C7236BEA)
Partition: GPT Partition Type.
==================== End Of Log ============================

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-11-2014
Ran by Heather (administrator) on VAIO on 03-11-2014 13:30:12
Running from C:\Users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KRTJMIPC
Loaded Profile: Heather (Available profiles: Heather)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\BCMWLTRY.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\SUSSoundProxy.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
() C:\Program Files\Sony\VAIO Care\listener.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe

==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe [10590208 2013-03-14] (Broadcom Corporation)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744 2014-02-11] (Realtek Semiconductor)
HKLM\...\Run: [Bluetooth] => C:\Program Files\WIDCOMM\Bluetooth Software\bttray.exe [526704 2012-12-14] (Broadcom Corporation.)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [740376 2013-02-06] (Sony Corporation)
HKLM-x32\...\Run: [Adobe ARM] => c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Intel AppUp(R) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2013-02-19] (Intel Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3649040 2014-10-16] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4131840621-843332639-1238327281-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-30] (Piriform Ltd)
HKU\S-1-5-21-4131840621-843332639-1238327281-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyServer: http=127.0.0.1:59002;https=127.0.0.1:59002
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sony13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://vaioportal.sony.eu
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sony13.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://vaioportal.sony.eu
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://sony13.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://vaioportal.sony.eu
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4131840621-843332639-1238327281-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.13.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.13.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> c:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: intel.com/AppUp -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll (Intel)
FF Plugin HKCU: intel.com/AppUpx64 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel)
Chrome:
=======
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3487248 2014-10-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-10-16] (AVG Technologies CZ, s.r.o.)
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2227992 2013-01-23] (Broadcom Corporation.)
R2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-19] (Intel Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129824 2013-01-23] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166688 2013-01-23] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-26] (Microsoft Corporation)
S3 McComponentHostServiceSony; C:\Program Files (x86)\Sony\MSS\3.8.130\McCHSvc.exe [235216 2013-10-16] (McAfee, Inc.)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-26] (Microsoft Corporation)
S3 NetworkSupport; C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe [629336 2013-09-04] (Sony Corporation)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [483864 2013-02-06] (Sony Corporation)
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [266168 2013-11-19] (Intel Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-26] (Microsoft Corporation)
S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-19] (Intel Corporation)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [972000 2013-01-06] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-28] (Sony Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe [6070272 2013-03-14] (Broadcom Corporation) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [262424 2014-10-07] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [277784 2014-09-24] (AVG Technologies CZ, s.r.o.)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [169240 2013-01-23] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [6971056 2013-03-14] (Broadcom Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 semav6thermal64ro; C:\Windows\system32\drivers\semav6thermal64ro.sys [13792 2014-06-23] ()
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-03-14] (Synaptics Incorporated)
R2 webinstrNew; C:\Windows\system32\Drivers\webinstrNew.sys [58040 2014-10-28] (Corsica)
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-03 13:29 - 2014-11-03 13:30 - 00000000 ____D () C:\FRST
2014-11-03 12:49 - 2014-11-03 13:06 - 00000000 ____D () C:\Users\Heather\AppData\Roaming\FreeFixer
2014-11-03 12:49 - 2014-11-03 13:06 - 00000000 ____D () C:\Program Files\FreeFixer
2014-11-03 12:49 - 2014-11-03 12:58 - 00000000 ____D () C:\Users\Heather\AppData\Local\FreeFixer
2014-11-03 09:00 - 2014-11-03 09:00 - 02998656 _____ (Enigma Software Group USA, LLC.) C:\Users\Heather\Desktop\SpyHunter-Installer.exe
2014-11-02 09:01 - 2014-11-02 13:34 - 00000000 ____D () C:\Windows\system32\log
2014-11-01 18:43 - 2014-11-01 18:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegHunter
2014-11-01 18:36 - 2014-11-01 18:36 - 00001467 _____ () C:\Users\Heather\Desktop\iexplore - Shortcut.lnk
2014-11-01 10:26 - 2014-11-02 13:47 - 00000000 ____D () C:\Users\Heather\Desktop\VIRUS CHECKERS
2014-11-01 10:25 - 2014-11-02 13:35 - 00002220 _____ () C:\Windows\PFRO.log
2014-11-01 10:23 - 2014-11-01 07:35 - 00014680 _____ () C:\Windows\system32\sh4native.exe
2014-11-01 07:36 - 2014-11-01 07:36 - 00000000 _____ () C:\autoexec.bat
2014-11-01 07:35 - 2014-11-03 09:00 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-11-01 07:08 - 2014-11-01 07:16 - 00030947 _____ () C:\zoek-results.log
2014-11-01 07:06 - 2014-11-01 07:06 - 00000000 ____D () C:\zoek_backup
2014-11-01 06:54 - 2014-11-01 06:54 - 00746862 _____ () C:\Users\Heather\Documents\cc_20141101_065428.reg
2014-11-01 06:52 - 2014-11-01 06:52 - 00002776 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-11-01 06:52 - 2014-11-01 06:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-11-01 06:52 - 2014-11-01 06:52 - 00000000 ____D () C:\Program Files\CCleaner
2014-11-01 06:37 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-11-01 06:35 - 2014-11-02 13:34 - 00000000 ____D () C:\AdwCleaner
2014-10-29 20:30 - 2014-10-29 20:30 - 00000000 ____D () C:\Users\Heather\AppData\Roaming\AVG2015
2014-10-29 20:30 - 2014-10-29 20:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-10-29 20:29 - 2014-10-29 20:49 - 00000000 ____D () C:\ProgramData\AVG2015
2014-10-29 20:29 - 2014-10-29 20:29 - 00000000 ___HD () C:\$AVG
2014-10-29 20:29 - 2014-10-29 20:29 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-10-29 20:26 - 2014-10-29 20:34 - 00000000 ____D () C:\Users\Heather\AppData\Local\Avg2015
2014-10-29 20:12 - 2014-11-02 08:24 - 00000000 ____D () C:\Users\Heather\AppData\Local\Deployment
2014-10-29 20:12 - 2014-10-29 20:12 - 00000000 ____D () C:\Users\Heather\AppData\Local\Apps\2.0
2014-10-29 18:46 - 2014-10-29 21:39 - 00000000 ____D () C:\Windows\system32\AutoUpdateLicense
2014-10-29 18:20 - 2014-10-29 21:56 - 00000000 ____D () C:\ProgramData\65cc336fb389e5c8
2014-10-29 17:56 - 2014-10-29 17:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-29 17:19 - 2014-10-22 03:34 - 00010777 _____ () C:\Windows\system32\AutoconfigV2.cab
2014-10-29 17:19 - 2014-10-22 03:33 - 00581016 _____ (Microsoft Corporation) C:\Windows\system32\AutoUpdate.exe
2014-10-29 17:19 - 2014-10-22 03:33 - 00462760 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2014-10-29 17:19 - 2014-10-22 01:08 - 00568832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-10-29 17:19 - 2014-10-22 01:08 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-29 17:19 - 2014-10-22 01:01 - 00695808 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-10-29 17:19 - 2014-10-22 01:01 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2014-10-29 17:19 - 2014-10-22 01:01 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-29 17:19 - 2014-10-22 01:00 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2014-10-29 08:32 - 2014-10-29 08:32 - 00612252 _____ (CMI Limited) C:\Users\Heather\AppData\Local\nsx1A55.tmp
2014-10-29 08:32 - 2014-10-29 08:32 - 00000045 _____ () C:\Users\Heather\AppData\Roaming\WB.CFG
2014-10-28 15:36 - 2014-11-03 10:07 - 00000000 ____D () C:\Users\Heather\AppData\Local\CrashDumps
2014-10-28 15:23 - 2014-10-28 15:23 - 00448240 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-28 14:47 - 2014-10-28 15:22 - 00000000 ____D () C:\ProgramData\Norton
2014-10-28 14:46 - 2014-10-28 14:46 - 00612252 _____ (CMI Limited) C:\Users\Heather\AppData\Local\nsmD6CE.tmp
2014-10-28 14:43 - 2014-10-28 15:24 - 00001905 _____ () C:\Windows\patsearch.bin
2014-10-28 14:43 - 2014-10-28 14:43 - 00058040 _____ (Corsica) C:\Windows\system32\Drivers\webinstrNew.sys
2014-10-28 14:43 - 2014-10-28 14:43 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstrNew_01009.Wdf
2014-10-28 14:41 - 2014-10-29 08:32 - 00000000 ____D () C:\ProgramData\Unchecky
2014-10-28 14:38 - 2014-10-28 14:38 - 00000982 _____ () C:\Users\Public\Desktop\VAIO Update.lnk
2014-10-28 14:38 - 2014-10-28 14:38 - 00000982 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk
2014-10-28 14:33 - 2014-11-01 10:25 - 00001702 _____ () C:\Windows\Tasks\LMWLJKY.job
2014-10-28 14:33 - 2014-11-01 10:25 - 00001354 _____ () C:\Windows\Tasks\FCQSK.job
2014-10-28 14:33 - 2014-11-01 06:58 - 00004704 _____ () C:\Windows\System32\Tasks\LMWLJKY
2014-10-28 14:33 - 2014-11-01 06:58 - 00004358 _____ () C:\Windows\System32\Tasks\FCQSK
2014-10-28 14:31 - 2014-11-02 08:28 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-20 13:00 - 2014-09-29 22:49 - 00705480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-20 13:00 - 2014-09-29 22:49 - 00104904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-17 08:06 - 2014-07-12 04:41 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\KBDRUM.DLL
2014-10-17 08:06 - 2014-07-12 04:41 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-10-17 08:06 - 2014-07-12 04:41 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-10-17 08:06 - 2014-07-12 04:41 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-10-17 08:06 - 2014-07-12 04:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-10-17 08:06 - 2014-07-12 04:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-10-17 08:06 - 2014-07-12 04:16 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRUM.DLL
2014-10-17 08:06 - 2014-07-12 04:16 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-10-17 08:06 - 2014-07-12 04:16 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-10-17 08:06 - 2014-07-12 04:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-10-17 08:06 - 2014-07-12 04:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-10-17 08:06 - 2014-07-12 04:15 - 00006144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-10-17 08:06 - 2014-07-12 00:02 - 00478352 _____ () C:\Windows\SysWOW64\locale.nls
2014-10-17 08:06 - 2014-07-12 00:00 - 00478352 _____ () C:\Windows\system32\locale.nls
2014-10-17 08:06 - 2014-07-08 22:33 - 00181248 _____ (Microsoft Corp.) C:\Windows\system32\Defrag.exe
2014-10-17 08:06 - 2014-07-08 22:32 - 01539584 _____ (Microsoft Corporation) C:\Windows\system32\storagewmi.dll
2014-10-17 08:06 - 2014-07-08 22:32 - 00340480 _____ (Microsoft Corporation) C:\Windows\system32\defragsvc.dll
2014-10-17 08:06 - 2014-07-08 22:30 - 01220608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\storagewmi.dll
2014-10-17 08:06 - 2014-07-07 05:52 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll
2014-10-17 08:06 - 2014-07-07 05:52 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\wcmcsp.dll
2014-10-17 08:06 - 2014-07-04 10:52 - 00328000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2014-10-17 08:06 - 2014-07-03 01:59 - 01824784 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-10-17 08:06 - 2014-07-03 00:30 - 01408952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-10-17 08:06 - 2014-06-28 07:01 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2014-10-17 08:06 - 2014-06-28 06:57 - 00209920 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2014-10-17 08:06 - 2014-06-28 06:56 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2014-10-17 08:06 - 2014-06-25 07:09 - 00733184 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2014-10-17 08:06 - 2014-06-25 07:07 - 01023488 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-10-17 08:06 - 2014-06-17 23:27 - 02032640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-10-17 08:06 - 2014-06-17 23:23 - 02238464 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-10-17 08:06 - 2014-06-11 14:47 - 02842112 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2014-10-17 08:06 - 2014-06-11 04:40 - 02620928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2014-10-17 08:06 - 2014-06-10 22:44 - 01403896 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-10-17 08:06 - 2014-05-29 23:31 - 00323072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-10-17 08:06 - 2014-05-29 23:03 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-10-17 08:06 - 2014-02-04 10:57 - 01271664 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-17 07:59 - 2014-10-10 04:47 - 00693248 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-17 07:59 - 2014-10-10 04:47 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-17 07:59 - 2014-10-08 04:26 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-17 07:59 - 2014-09-17 23:24 - 02416128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-17 07:59 - 2014-09-17 22:56 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-17 07:59 - 2014-09-13 05:29 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-17 07:59 - 2014-09-13 04:02 - 00068096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-17 07:58 - 2014-08-30 05:48 - 10115072 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-10-17 07:58 - 2014-08-30 05:46 - 02306560 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-10-17 07:58 - 2014-08-30 04:05 - 08858112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-10-17 07:58 - 2014-08-30 04:03 - 02037760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-10-17 07:58 - 2014-08-01 22:08 - 00388729 _____ () C:\Windows\system32\ApnDatabase.xml
2014-10-17 07:58 - 2014-07-24 13:50 - 00447296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2014-10-17 07:58 - 2014-07-16 23:28 - 00027648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll
2014-10-17 07:58 - 2014-07-16 22:59 - 00305664 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2014-10-17 07:58 - 2014-07-16 22:59 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll
2014-10-17 07:58 - 2014-07-12 06:45 - 01549824 _____ (Microsoft Corporation) C:\Windows\system32\msdtctm.dll
2014-10-17 07:58 - 2014-07-12 04:36 - 00674304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2014-10-17 07:58 - 2014-07-12 04:36 - 00211456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2014-10-17 07:58 - 2014-07-12 04:34 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2014-10-17 07:58 - 2014-07-12 04:34 - 00250368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2014-10-17 07:58 - 2014-07-07 05:53 - 01125376 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-17 07:58 - 2014-07-07 05:52 - 03248128 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-17 07:58 - 2014-07-07 05:52 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-17 07:58 - 2014-07-07 05:52 - 00300544 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-17 07:58 - 2014-07-07 05:51 - 05982208 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-17 07:58 - 2014-07-07 04:01 - 01049600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-17 07:58 - 2014-07-07 04:01 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-17 07:58 - 2014-07-07 04:00 - 05095424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-17 07:58 - 2014-07-07 03:59 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-17 07:58 - 2014-06-28 06:57 - 01341952 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2014-10-17 07:58 - 2014-06-28 02:23 - 01126400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2014-10-17 07:58 - 2014-06-12 23:34 - 00754176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-10-17 07:58 - 2014-06-12 23:29 - 02146304 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-10-17 07:57 - 2014-09-28 04:18 - 04068352 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-17 07:57 - 2014-09-20 05:18 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-17 07:57 - 2014-09-20 05:17 - 02236928 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-17 07:57 - 2014-09-20 05:17 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-17 07:57 - 2014-09-20 05:17 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-10-17 07:57 - 2014-09-20 05:17 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-10-17 07:57 - 2014-09-20 05:16 - 19280896 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-17 07:57 - 2014-09-20 05:16 - 15399424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-17 07:57 - 2014-09-20 05:16 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-17 07:57 - 2014-09-20 05:16 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-17 07:57 - 2014-09-20 05:16 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-10-17 07:57 - 2014-09-20 05:16 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-17 07:57 - 2014-09-20 05:16 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-17 07:57 - 2014-09-20 05:16 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-17 07:57 - 2014-09-20 05:16 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-10-17 07:57 - 2014-09-20 05:16 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-17 07:57 - 2014-09-20 05:16 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-17 07:57 - 2014-09-20 05:16 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-17 07:57 - 2014-09-20 05:16 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-17 07:57 - 2014-09-20 05:15 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-17 07:57 - 2014-09-20 05:15 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-17 07:57 - 2014-09-20 05:15 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-17 07:57 - 2014-09-20 03:57 - 14368768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-17 07:57 - 2014-09-20 03:57 - 13757952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-17 07:57 - 2014-09-20 03:57 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-17 07:57 - 2014-09-20 03:57 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-17 07:57 - 2014-09-20 03:57 - 01762816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-17 07:57 - 2014-09-20 03:57 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-17 07:57 - 2014-09-20 03:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-10-17 07:57 - 2014-09-20 03:57 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-17 07:57 - 2014-09-20 03:57 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-17 07:57 - 2014-09-20 03:57 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-17 07:57 - 2014-09-20 03:57 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-10-17 07:57 - 2014-09-20 03:57 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-17 07:57 - 2014-09-20 03:57 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-17 07:57 - 2014-09-20 03:57 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-10-17 07:57 - 2014-09-20 03:57 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-17 07:57 - 2014-09-20 03:57 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-17 07:57 - 2014-09-20 03:56 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-17 07:57 - 2014-09-20 03:56 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-17 07:57 - 2014-09-20 03:56 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-17 07:57 - 2014-09-20 03:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-17 07:57 - 2014-09-20 03:33 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-17 07:57 - 2014-09-20 01:06 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-10-17 07:56 - 2014-09-03 02:48 - 00510464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-17 07:56 - 2014-09-03 02:21 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-17 07:28 - 2012-08-14 21:43 - 00002143 ___RS () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browser Choice.lnk
2014-10-17 07:27 - 2014-10-17 07:28 - 00003546 _____ () C:\Windows\System32\Tasks\CreateChoiceProcessTask
2014-10-17 02:13 - 2014-10-20 12:57 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-17 02:12 - 2014-10-17 07:26 - 00000000 ___RD () C:\Windows\BrowserChoice
2014-10-12 18:12 - 2014-07-15 22:51 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys
2014-10-11 13:50 - 2014-10-11 13:50 - 00003290 _____ () C:\Windows\System32\Tasks\{228A5CCA-7AC1-4108-A11A-0BD984F78850}
2014-10-11 13:43 - 2014-06-10 22:44 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-10-11 13:43 - 2014-06-10 22:43 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-10-10 14:43 - 2013-06-16 22:41 - 00997632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2014-10-10 14:43 - 2013-06-01 11:34 - 02391280 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2014-10-10 14:43 - 2013-06-01 10:24 - 02106176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2014-10-10 14:43 - 2013-06-01 09:25 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2014-10-10 14:43 - 2013-06-01 09:24 - 01453568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2014-10-10 14:43 - 2013-06-01 09:24 - 00850944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll
2014-10-10 14:43 - 2013-06-01 09:24 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2014-10-10 14:43 - 2013-06-01 09:23 - 01842176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2014-10-10 14:43 - 2013-06-01 09:23 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\vds.exe
2014-10-10 14:43 - 2013-06-01 09:22 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\vdsutil.dll
2014-10-10 14:43 - 2013-06-01 09:22 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\MbaeParserTask.exe
2014-10-10 14:43 - 2013-06-01 09:21 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2014-10-10 14:43 - 2013-06-01 09:21 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2014-10-10 14:43 - 2013-06-01 09:20 - 02219520 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2014-10-10 14:43 - 2013-06-01 09:20 - 01527808 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2014-10-10 14:43 - 2013-06-01 09:20 - 01048576 _____ (Microsoft Corporation) C:\Windows\system32\mfasfsrcsnk.dll
2014-10-10 14:43 - 2013-06-01 09:20 - 00583168 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2014-10-10 14:43 - 2013-06-01 09:19 - 00785408 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-10 14:43 - 2013-06-01 09:19 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupManager.dll
2014-10-10 14:43 - 2013-06-01 03:08 - 00037632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BthAvrcpTg.sys
2014-10-10 14:43 - 2013-05-24 22:09 - 01217352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-10-10 14:43 - 2013-05-24 22:09 - 01093904 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-10 14:42 - 2012-10-17 04:32 - 01172992 _____ (Microsoft Corporation) C:\Windows\system32\mfnetsrc.dll
2014-10-10 14:42 - 2012-10-17 04:32 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\mfnetcore.dll
2014-10-10 14:42 - 2012-10-17 04:32 - 00673280 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll
2014-10-10 14:42 - 2012-10-17 03:57 - 00929792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetsrc.dll
2014-10-10 14:42 - 2012-10-17 03:57 - 00568832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetcore.dll
2014-10-10 14:42 - 2012-10-17 03:57 - 00513024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll
2014-10-10 14:41 - 2012-10-24 04:54 - 00396008 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2014-10-10 14:41 - 2012-10-12 06:13 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\dskquota.dll
2014-10-10 14:41 - 2012-10-12 05:39 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dskquota.dll
2014-10-10 14:38 - 2014-04-03 11:22 - 02233176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-10-10 14:37 - 2013-08-03 06:40 - 01374208 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll
2014-10-10 14:37 - 2013-08-03 06:40 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wvc.dll
2014-10-10 14:37 - 2013-08-03 06:40 - 00462336 _____ (Microsoft Corporation) C:\Windows\system32\sysmon.ocx
2014-10-10 14:37 - 2013-08-03 05:14 - 00399360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysmon.ocx
2014-10-10 14:37 - 2013-08-03 05:13 - 01245696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdc.dll
2014-10-10 14:37 - 2013-08-03 05:13 - 00437248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wvc.dll
2014-10-10 14:37 - 2013-04-09 23:17 - 01125888 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2014-10-10 14:37 - 2013-04-09 22:29 - 00893952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2014-10-10 14:36 - 2013-08-10 05:21 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll
2014-10-10 14:36 - 2013-08-10 05:21 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncInfo.dll
2014-10-10 14:36 - 2013-08-10 03:58 - 00356352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
2014-10-10 14:36 - 2013-08-02 06:28 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2014-10-10 14:36 - 2013-08-02 05:08 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2014-10-10 14:36 - 2013-07-24 23:10 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mbsmsapi.dll
2014-10-10 14:36 - 2013-07-24 23:06 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\mbsmsapi.dll
2014-10-10 14:35 - 2012-11-20 05:24 - 01164800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Display.dll
2014-10-10 14:35 - 2012-11-20 05:17 - 01184256 _____ (Microsoft Corporation) C:\Windows\system32\Display.dll
2014-10-10 14:35 - 2012-11-20 05:02 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDKURD.DLL
2014-10-10 14:35 - 2012-11-20 04:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDKURD.DLL
2014-10-10 14:34 - 2014-03-07 00:47 - 01419264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-10-10 14:34 - 2014-03-07 00:08 - 01845760 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-10-07 21:43 - 2014-10-07 21:43 - 00262424 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-10-06 09:06 - 2014-08-28 11:34 - 00059400 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-10-06 09:06 - 2014-08-28 06:05 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-10-06 09:06 - 2014-08-28 06:05 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-10-06 09:06 - 2014-08-28 06:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-10-06 09:06 - 2014-08-28 06:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-10-06 09:06 - 2014-08-28 06:02 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-10-06 09:06 - 2014-08-28 06:01 - 03285504 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-10-06 09:06 - 2014-08-28 06:01 - 01623552 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-10-06 09:06 - 2014-08-28 06:01 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-10-06 09:06 - 2014-08-28 06:01 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-10-06 09:06 - 2014-08-28 06:01 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2014-10-06 09:06 - 2014-08-28 06:01 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-10-06 09:06 - 2014-08-28 06:01 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-10-06 09:06 - 2014-08-28 06:01 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll
2014-10-06 09:06 - 2014-07-31 23:40 - 01287680 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2014-10-06 09:05 - 2014-06-05 01:12 - 00678600 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
2014-10-06 09:05 - 2014-06-03 23:12 - 00536776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
2014-10-06 09:01 - 2014-07-24 03:33 - 00875688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2014-10-06 09:01 - 2014-07-24 03:33 - 00869544 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2014-10-06 08:58 - 2014-08-09 08:30 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2014-10-06 08:58 - 2014-08-09 08:29 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\tssdisai.dll
2014-10-06 08:58 - 2014-07-15 23:03 - 01300992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-10-06 08:58 - 2014-07-12 02:36 - 01023488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-10-05 21:41 - 2014-10-05 21:41 - 00124184 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys
2014-10-05 17:40 - 2014-10-06 10:56 - 00000000 ____D () C:\Users\Heather\Documents\personal
2014-10-05 17:39 - 2014-10-10 15:27 - 00000000 ____D () C:\Users\Heather\Documents\UNIVERSITY
2014-10-05 17:39 - 2014-10-05 17:51 - 00050176 ___SH () C:\Users\Heather\Documents\Thumbs.db
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-03 13:29 - 2013-05-26 23:41 - 01249212 _____ () C:\Windows\WindowsUpdate.log
2014-11-03 13:27 - 2012-07-26 07:28 - 00848230 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-03 13:22 - 2012-07-26 07:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-03 13:00 - 2012-07-26 08:12 - 00000000 ____D () C:\Windows\system32\sru
2014-11-03 12:12 - 2014-03-29 12:02 - 00000000 ____D () C:\Users\Heather
2014-11-03 09:42 - 2014-04-16 15:07 - 00000000 ____D () C:\ProgramData\MFAData
2014-11-02 08:26 - 2014-03-29 12:13 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4131840621-843332639-1238327281-1001
2014-11-02 08:19 - 2012-07-26 05:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-11-01 11:00 - 2014-06-07 02:13 - 00000000 ____D () C:\Windows\rescache
2014-11-01 06:53 - 2012-08-03 01:59 - 00000000 ____D () C:\Windows\Panther
2014-10-31 14:54 - 2013-05-27 00:45 - 00000000 ____D () C:\ProgramData\Temp
2014-10-29 20:34 - 2012-07-26 05:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-10-29 20:30 - 2012-07-26 08:12 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-10-29 20:01 - 2012-07-26 08:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-29 19:30 - 2014-04-05 02:42 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-29 19:12 - 2014-04-05 02:42 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-29 18:55 - 2012-07-26 07:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-10-29 18:46 - 2012-07-26 08:12 - 00000000 ____D () C:\Windows\WinStore
2014-10-28 15:30 - 2014-03-29 12:09 - 00000000 ____D () C:\Update
2014-10-28 15:00 - 2014-05-11 12:55 - 00000000 ____D () C:\AutoKMS
2014-10-28 14:38 - 2013-05-27 00:32 - 00000000 ____D () C:\Windows\System32\Tasks\Sony Corporation
2014-10-28 14:38 - 2013-05-27 00:29 - 00000000 ____D () C:\ProgramData\Sony Corporation
2014-10-28 14:37 - 2013-05-27 00:17 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-10-20 12:57 - 2012-07-26 08:12 - 00000000 ___RD () C:\Windows\ToastData
2014-10-20 12:57 - 2012-07-26 08:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-17 08:35 - 2014-05-11 10:59 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-17 07:26 - 2014-03-29 12:02 - 00000000 ____D () C:\Users\Heather\AppData\Local\Packages
2014-10-17 07:26 - 2012-08-03 02:25 - 00000000 ____D () C:\ProgramData\PRICache
2014-10-17 02:13 - 2012-07-26 08:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-10-17 02:13 - 2012-07-26 08:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-10-17 02:13 - 2012-07-26 08:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-10-17 02:13 - 2012-07-26 08:12 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-10-17 02:13 - 2012-07-26 08:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-10-17 02:12 - 2012-07-26 08:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-10-17 02:12 - 2012-07-26 08:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-10-17 02:12 - 2012-07-26 08:12 - 00000000 ____D () C:\Windows\system32\SecureBootUpdates
2014-10-17 02:12 - 2012-07-26 08:12 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-10-17 02:12 - 2012-07-26 07:52 - 00000000 ____D () C:\Program Files\Windows Journal
2014-10-17 02:12 - 2012-07-26 05:38 - 00000000 ____D () C:\Windows\system32\oobe
2014-10-17 02:11 - 2012-07-26 08:12 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2014-10-17 02:11 - 2012-07-26 08:12 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2014-10-17 02:11 - 2012-07-26 05:38 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-17 02:11 - 2012-07-26 05:38 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-15 02:11 - 2014-08-18 10:18 - 00394240 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-10-15 02:11 - 2014-08-18 10:18 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-10-15 02:05 - 2014-04-10 12:21 - 02062848 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2014-10-15 02:04 - 2014-04-10 12:21 - 02851840 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2014-10-13 17:45 - 2014-04-16 15:26 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-10-13 17:45 - 2014-04-16 15:26 - 00118784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2014-10-13 17:36 - 2014-04-10 12:44 - 00058200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dam.sys
2014-10-13 17:20 - 2014-04-10 12:44 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-10-13 17:10 - 2014-04-10 12:42 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\resutils.dll
2014-10-13 17:10 - 2014-04-10 12:42 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\clusapi.dll
2014-10-13 17:03 - 2014-04-10 12:38 - 13661696 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2014-10-13 17:03 - 2014-04-10 12:38 - 00061784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crashdmp.sys
2014-10-13 16:58 - 2014-04-10 12:35 - 00439488 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2014-10-13 16:58 - 2014-04-10 12:35 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\winmmbase.dll
2014-10-13 16:58 - 2014-04-10 12:35 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\winmm.dll
2014-10-13 16:56 - 2014-04-13 14:03 - 00951808 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2014-10-13 16:56 - 2014-04-13 14:03 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\drvstore.dll
2014-10-13 16:56 - 2014-04-13 14:03 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\discan.dll
2014-10-13 16:56 - 2014-04-13 14:03 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\DevDispItemProvider.dll
2014-10-13 16:54 - 2014-04-10 12:33 - 01890816 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-13 16:48 - 2014-04-10 12:31 - 01255936 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2014-10-13 16:48 - 2014-04-10 12:31 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2014-10-12 18:08 - 2014-04-10 12:28 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\duser.dll
2014-10-12 18:08 - 2014-04-10 12:28 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\wersvc.dll
2014-10-12 18:06 - 2014-04-10 12:27 - 01838080 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2014-10-12 18:05 - 2014-06-06 12:10 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2014-10-12 18:05 - 2014-06-06 12:10 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-10-12 17:57 - 2014-04-13 14:43 - 00888320 _____ (Microsoft Corporation) C:\Windows\system32\autochk.exe
2014-10-12 17:57 - 2014-04-13 14:43 - 00542208 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
2014-10-12 17:56 - 2014-04-13 14:49 - 01131520 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2014-10-12 17:56 - 2014-04-13 14:49 - 00708096 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.dll
2014-10-12 17:56 - 2014-04-13 14:49 - 00501760 _____ (Microsoft Corporation) C:\Windows\system32\DevicePairing.dll
2014-10-12 17:56 - 2014-04-13 14:49 - 00389120 _____ (Microsoft Corporation) C:\Windows\system32\BCP47Langs.dll
2014-10-12 17:56 - 2014-04-13 14:49 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\bisrv.dll
2014-10-12 17:56 - 2014-04-13 14:49 - 00122368 _____ (Microsoft Corporation) C:\Windows\system32\biwinrt.dll
2014-10-12 17:56 - 2014-04-13 14:49 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\muifontsetup.dll
2014-10-11 13:59 - 2014-04-10 12:21 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\apprepapi.dll
2014-10-11 13:59 - 2014-04-10 12:21 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\apprepsync.dll
2014-10-11 13:59 - 2014-04-10 12:21 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-11 13:58 - 2014-04-10 12:21 - 03842560 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-10-11 13:49 - 2014-04-14 10:04 - 00503080 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-11 13:49 - 2014-04-14 10:04 - 00489576 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-11 13:49 - 2014-04-14 10:04 - 00446792 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-11 13:49 - 2014-04-14 10:04 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2014-10-11 13:49 - 2014-04-14 10:04 - 00306952 _____ (Microsoft Corporation) C:\Windows\system32\kd_02_10ec.dll
2014-10-11 13:49 - 2014-04-14 10:04 - 00253544 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-11 13:49 - 2014-04-14 10:04 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\fhengine.dll
2014-10-11 13:49 - 2014-04-14 10:04 - 00228352 _____ (Microsoft Corporation) C:\Windows\system32\XpsRasterService.dll
2014-10-11 13:49 - 2014-04-14 10:04 - 00196096 _____ (Microsoft Corporation) C:\Windows\system32\dmvdsitf.dll
2014-10-11 13:49 - 2014-04-14 10:04 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\dwmredir.dll
2014-10-11 13:49 - 2014-04-14 10:04 - 00169472 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2014-10-11 13:49 - 2014-04-14 10:04 - 00086280 _____ (Microsoft Corporation) C:\Windows\system32\kdnet.dll
2014-10-11 13:49 - 2014-04-14 10:04 - 00077960 _____ (Microsoft Corporation) C:\Windows\system32\kdvm.dll
2014-10-11 13:49 - 2014-04-14 10:04 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\fmifs.dll
2014-10-11 13:42 - 2014-06-06 11:58 - 01120768 _____ (Microsoft Corporation) C:\Windows\system32\gpedit.dll
2014-10-11 13:41 - 2014-08-18 10:18 - 00328024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2014-10-09 20:31 - 2012-07-26 05:37 - 00000000 ____D () C:\Windows\servicing
Some content of TEMP:
====================
C:\Users\Heather\AppData\Local\Temp\esg_cleanup.exe
C:\Users\Heather\AppData\Local\Temp\Quarantine.exe
C:\Users\Heather\AppData\Local\Temp\RHSetup.exe

==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-29 18:44
==================== End Of Log ============================
 
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Hello,



They call me TwinHeadedEagle around here, and I'll be working with you.



Before we start please read and note the following:
  • At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
  • Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
  • If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
  • I visit forum several times at day, making sure to respond to everyone's topic as fast as possible. But bear in mind that I have private life like everyone and I cannot be here 24/7. So please be patient with me. Also, some infections require less, and some more time to be removed completely, so bear this in mind and be patient.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. If you solved your problem yourself, set aside two minutes to let me know.
  • Please attach all report using
    fjqb1h.png
    button below. Doing this, you make it easier for me to analyze and fix your problem.
  • Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.




FRST.gif
Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.
  • Right-click on
    FRST.gif
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please include their content into your next reply.
 

Similar threads

K
  • Locked
PowerShell/MaleficAms Powershell Infection Please Help
Replies
2
Views
2,018
Windows Malware Removal Help & Support
nasdaq
nasdaq
F
    • Like
  • Locked
Service Host: Network List Service...Virus?
Replies
11
Views
1,912
Windows Malware Removal Help & Support
nasdaq
nasdaq
J
  • Locked
I need help with a Malware Spanish logs
Replies
2
Views
1,873
Windows Malware Removal Help & Support
nasdaq
nasdaq

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top