Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Microsoft Security Essentials will not re-install


  • This topic is locked This topic is locked
31 replies to this topic

#1 soulguru

soulguru

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:41 AM

Posted 31 May 2013 - 12:53 PM

Hello. I installed something in error and ever since then I cannot re-install MSE.

 

At present I get the error message and box appear.

 

CANNOT COMPLETE THE SECURITY ESSENTIALS INSTALLATION

 

ERROR CODE: 0x80070643

 

Please help ... I have tried all sorts of things but nothing has resolved the situations.

 

I have restored back to the furthest point and this still does not go back far enough.

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16537  BrowserJavaVersion: 10.15.2
Run by Soulguru at 18:46:10 on 2013-05-31
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.3758.1704 [GMT 1:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\ProgramData\Premium\OptimizerPro1\OptimizerPro1.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\HPSIsvc.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\Soulguru\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files (x86)\AirPort\APAgent.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Sony\VAIO Care\VCPerfService.exe
C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Sony\VAIO Care\VCService.exe
C:\Program Files\Sony\VAIO Care\VCAgent.exe
C:\Windows\System32\vds.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
c:\program files\windows defender\MpCmdRun.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2737658
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SVEE&bmod=SVEE
uProxyOverride = <local>;*.local
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll
uURLSearchHooks: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll
mURLSearchHooks: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: SMART Notebook Download Utility: {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files (x86)\SMART Technologies\Notebook Interactive Viewer\Win32\NotebookPlugin.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Download and Sa Class: {9FEDF372-3B2E-C229-C993-EDCE0946AB98} - C:\ProgramData\Download and Sa\508efce71714a.ocx
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: uTorrentBar Toolbar: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll
TB: FreeOnlineRadioPlayerRecorder Toolbar: {F999A48B-1950-4D81-9971-79018F807B4B} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll
TB: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [AirPort Base Station Agent] "C:\Program Files (x86)\AirPort\APAgent.exe"
mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Soulguru\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Soulguru\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{F3593B11-7940-4EF9-BF6F-C86A919D5698} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{F3593B11-7940-4EF9-BF6F-C86A919D5698}\140707C65602E4564777F627B602333333834353 : DHCPNameServer = 10.0.1.1
TCP: Interfaces\{F3593B11-7940-4EF9-BF6F-C86A919D5698}\244584572633D274A44534 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{F3593B11-7940-4EF9-BF6F-C86A919D5698}\244584572633D275453585 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{F3593B11-7940-4EF9-BF6F-C86A919D5698}\244584F6D65684572623D2A42343A4 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{F3593B11-7940-4EF9-BF6F-C86A919D5698}\35F657C676572757723702E4564777F627B6 : DHCPNameServer = 10.0.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= c:\progra~2\appsar~1\sprote~1.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: SMART Notebook Download Utility: {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files (x86)\SMART Technologies\Notebook Interactive Viewer\Win64\NotebookPlugin.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3 
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Soulguru\AppData\Roaming\Mozilla\Firefox\Profiles\d3hv01ny.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017325.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Soulguru\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Users\Soulguru\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Soulguru\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\Soulguru\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-10-26 55024]
R2 HPSIService;HP SI Service;C:\Windows\System32\HPSIsvc.exe [2011-2-6 127800]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-10-12 13336]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-6-1 367456]
R2 rimspci;rimspci;C:\Windows\System32\drivers\rimssne64.sys [2010-10-12 94208]
R2 risdsnpe;risdsnpe;C:\Windows\System32\drivers\risdsne64.sys [2010-10-12 78848]
R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2011-11-27 259192]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-26 2320920]
R2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2010-10-26 575856]
R2 VSNService;VSNService;C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2011-2-4 845312]
R3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\System32\drivers\btwampfl.sys [2010-10-26 342056]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-6-4 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-10-12 158976]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-8-26 287232]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2010-6-2 12032]
R3 TotRec8;Total Recorder WDM audio filter driver;C:\Windows\System32\drivers\TotRec8.sys [2012-10-7 122128]
R3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2011-6-12 44736]
R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update Common\VUAgent.exe [2012-1-13 1256040]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2010-10-12 402720]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-9 169312]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-10-26 39464]
S3 FlyUsb;FLY Fusion;C:\Windows\System32\drivers\FlyUsb.sys [2011-11-12 24576]
S3 mvusbews;USB EWS Device;C:\Windows\System32\drivers\mvusbews.sys [2011-2-6 20480]
S3 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-6-20 108400]
S3 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-6-18 423280]
S3 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-6-20 67952]
S3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-6-6 304496]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-2 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-6-17 851824]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-6-9 537456]
S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-6-9 384880]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-6-9 101232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-2-6 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== Created Last 30 ================
.
2013-05-30 22:44:58 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{556AEC42-9621-4D2A-91E2-B427BCAFC306}\offreg.dll
2013-05-30 22:32:28 9460464 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{556AEC42-9621-4D2A-91E2-B427BCAFC306}\mpengine.dll
2013-05-30 22:25:32 -------- d-----w- C:\Users\Soulguru\AppData\Roaming\Malwarebytes
2013-05-30 22:25:21 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-05-30 22:25:21 -------- d-----w- C:\ProgramData\Malwarebytes
2013-05-30 22:25:21 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-05-30 22:13:15 -------- d-----w- C:\Users\Soulguru\AppData\Local\ApplicationHistory
2013-05-30 22:04:36 -------- d-----w- C:\Windows\SysWow64\URTTEMP
2013-05-30 21:21:36 16356 ----a-w- C:\FixitRegBackup.reg
2013-05-21 21:43:24 -------- d-----w- C:\Program Files (x86)\x264 Video Codec
.
==================== Find3M  ====================
.
2013-05-30 22:07:37 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-30 22:07:37 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-02 01:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe
.
============= FINISH: 18:46:59.01 ===============
 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:41 PM

Posted 01 June 2013 - 12:48 AM


Hello soulguru

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 soulguru

soulguru
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:41 AM

Posted 01 June 2013 - 04:09 AM

Thanks so much Gringo ;-)

 

# AdwCleaner v2.301 - Logfile created 06/01/2013 at 09:47:10
# Updated 16/05/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Soulguru - SOULGURU-VAIO
# Boot Mode : Normal
# Running from : C:\Users\Soulguru\Downloads\AdwCleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
Deleted on reboot : C:\ProgramData\Premium
Folder Deleted : C:\Program Files (x86)\Complitly
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder
Folder Deleted : C:\Program Files (x86)\uTorrentBar
Folder Deleted : C:\Program Files (x86)\Yontoo
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Download and Sa
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Download and Sa
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\Soulguru\AppData\Local\Conduit
Folder Deleted : C:\Users\Soulguru\AppData\Local\Smartbar
Folder Deleted : C:\Users\Soulguru\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Soulguru\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Soulguru\AppData\LocalLow\Download and Sa
Folder Deleted : C:\Users\Soulguru\AppData\LocalLow\FreeOnlineRadioPlayerRecorder
Folder Deleted : C:\Users\Soulguru\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Soulguru\AppData\LocalLow\uTorrentBar
Folder Deleted : C:\Users\Soulguru\AppData\Roaming\Babylon
 
***** [Registry] *****
 
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\FreeOnlineRadioPlayerRecorder
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentBar
Key Deleted : HKCU\Software\AppDataLow\SProtector
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F999A48B-1950-4D81-9971-79018F807B4B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8D2A52FC-C348-47A5-A3D7-173214C6B823}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F999A48B-1950-4D81-9971-79018F807B4B}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2645238
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2737658
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DeviceVM
Key Deleted : HKLM\Software\FreeOnlineRadioPlayerRecorder
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8D2A52FC-C348-47A5-A3D7-173214C6B823}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{92C8E427-3E76-490F-944A-DA5064A307CC}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\Software\uTorrentBar
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8D2A52FC-C348-47A5-A3D7-173214C6B823}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{92C8E427-3E76-490F-944A-DA5064A307CC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F999A48B-1950-4D81-9971-79018F807B4B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0A52A939-D8ED-4047-80F8-B63AAC451257}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4CB4E214-D5D0-4612-9694-35987D7AA40F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6E1CD93F-DDEF-4B16-AA6D-BD3BFDF9C4EA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D04F245E-0E7F-46E2-AE89-EAF0D0D6FA4F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F999A48B-1950-4D81-9971-79018F807B4B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{20E7BC40-33F6-4A81-9D52-B58349326206}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FreeOnlineRadioPlayerRecorder Toolbar
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{F999A48B-1950-4D81-9971-79018F807B4B}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{F999A48B-1950-4D81-9971-79018F807B4B}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{F999A48B-1950-4D81-9971-79018F807B4B}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{F999A48B-1950-4D81-9971-79018F807B4B}]
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v10.0.9200.16537
 
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT2737658 --> hxxp://www.google.com
 
-\\ Mozilla Firefox v20.0.1 (en-GB)
 
File : C:\Users\Soulguru\AppData\Roaming\Mozilla\Firefox\Profiles\d3hv01ny.default\prefs.js
 
Deleted : user_pref("aol_toolbar.default.homepage.check", false);
Deleted : user_pref("aol_toolbar.default.search.check", false);
Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");
 
-\\ Google Chrome v27.0.1453.94
 
File : C:\Users\Soulguru\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[S1].txt - [10086 octets] - [01/06/2013 09:47:10]
 
########## EOF - C:\AdwCleaner[S1].txt - [10147 octets] ##########
 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Soulguru on 01/06/2013 at 10:02:23.35
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\download and sa"
Successfully deleted: [Folder] "C:\ProgramData\premium"
Successfully deleted: [Empty Folder] C:\Users\Soulguru\appdata\local\{0E735603-8770-4314-B084-EF4016DDEAF1}
Successfully deleted: [Empty Folder] C:\Users\Soulguru\appdata\local\{0F0E8F6C-5A14-4591-81CB-D4FC5D6487DC}
Successfully deleted: [Empty Folder] C:\Users\Soulguru\appdata\local\{2E43084D-3A14-469D-B634-FBCA49C5A08D}
Successfully deleted: [Empty Folder] C:\Users\Soulguru\appdata\local\{413FB3BC-11EA-4436-ACCA-C880DAA2D7E6}
Successfully deleted: [Empty Folder] C:\Users\Soulguru\appdata\local\{6FD7E63B-6947-493F-B81D-4442FCBEF07B}
Successfully deleted: [Empty Folder] C:\Users\Soulguru\appdata\local\{8F64CE65-BF54-4C9C-915B-13CE4561C05F}
Successfully deleted: [Empty Folder] C:\Users\Soulguru\appdata\local\{B8006FA3-2C1D-46E0-999F-9EC33FFB10A3}
Successfully deleted: [Empty Folder] C:\Users\Soulguru\appdata\local\{BD26BB2E-7D79-46C5-BF76-DA2F863432C3}
Successfully deleted: [Empty Folder] C:\Users\Soulguru\appdata\local\{F027B4D2-27D0-4020-90A6-9DA50F1CEE1F}
 
 
 
~~~ FireFox
 
Emptied folder: C:\Users\Soulguru\AppData\Roaming\mozilla\firefox\profiles\d3hv01ny.default\minidumps [7 files]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01/06/2013 at 10:07:52.73
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:41 PM

Posted 01 June 2013 - 12:45 PM


Hello soulguru

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 soulguru

soulguru
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:41 AM

Posted 02 June 2013 - 02:18 AM

Hello, I am not experiencing any issues at present. I have not tried to re-install MSE just yeat, I will await your instructions. Thanks ;-)
 
 
 
ComboFix 13-06-02.01 - Soulguru 02/06/2013   8:03.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.3758.2117 [GMT 1:00]
Running from: c:\users\Soulguru\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-02 to 2013-06-02  )))))))))))))))))))))))))))))))
.
.
2013-06-02 07:11 . 2013-06-02 07:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-02 07:04 . 2013-06-02 07:04 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{556AEC42-9621-4D2A-91E2-B427BCAFC306}\offreg.dll
2013-06-01 09:02 . 2013-06-01 09:02 -------- d-----w- c:\windows\ERUNT
2013-06-01 09:02 . 2013-06-01 09:02 -------- d-----w- C:\JRT
2013-06-01 08:47 . 2013-06-01 08:47 90 ----a-w- c:\windows\DeleteOnReboot.bat
2013-05-30 22:32 . 2013-05-14 00:48 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{556AEC42-9621-4D2A-91E2-B427BCAFC306}\mpengine.dll
2013-05-30 22:25 . 2013-05-30 22:25 -------- d-----w- c:\users\Soulguru\AppData\Roaming\Malwarebytes
2013-05-30 22:25 . 2013-05-30 22:25 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-05-30 22:25 . 2013-05-30 22:25 -------- d-----w- c:\programdata\Malwarebytes
2013-05-30 22:25 . 2013-04-04 13:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-05-30 22:13 . 2013-05-30 22:13 -------- d-----w- c:\users\Soulguru\AppData\Local\ApplicationHistory
2013-05-30 21:21 . 2013-05-30 21:21 16356 ----a-w- C:\FixitRegBackup.reg
2013-05-21 21:43 . 2013-05-30 20:38 -------- d-----w- c:\program files (x86)\x264 Video Codec
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-30 22:16 . 2011-02-06 14:39 75016696 ----a-w- c:\windows\system32\MRT.exe
2013-05-30 22:07 . 2013-02-27 20:29 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-30 22:07 . 2011-09-26 20:34 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-11 07:06 . 2010-06-24 11:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 01:06 . 2011-02-04 22:36 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-12 14:45 . 2013-04-23 20:56 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-03-19 06:04 . 2013-04-10 09:19 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 09:19 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 09:19 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 09:19 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 09:19 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 09:19 112640 ----a-w- c:\windows\system32\smss.exe
2013-03-14 23:15 . 2013-03-14 23:15 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-03-14 23:15 . 2013-03-14 23:15 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-03-14 23:15 . 2013-03-14 23:15 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-03-14 23:15 . 2013-03-14 23:15 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-03-14 23:15 . 2013-03-14 23:15 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-03-14 23:15 . 2013-03-14 23:15 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-03-14 23:15 . 2013-03-14 23:15 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-03-14 23:15 . 2013-03-14 23:15 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-03-14 23:15 . 2013-03-14 23:15 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-03-14 23:15 . 2013-03-14 23:15 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-03-14 23:15 . 2013-03-14 23:15 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-03-14 23:15 . 2013-03-14 23:15 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-03-14 23:15 . 2013-03-14 23:15 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-03-14 23:15 . 2013-03-14 23:15 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-03-14 23:15 . 2013-03-14 23:15 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-03-14 23:15 . 2013-03-14 23:15 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-03-14 23:15 . 2013-03-14 23:15 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-03-14 23:15 . 2013-03-14 23:15 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-03-14 23:15 . 2013-03-14 23:15 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-03-14 23:15 . 2013-03-14 23:15 81408 ----a-w- c:\windows\system32\icardie.dll
2013-03-14 23:15 . 2013-03-14 23:15 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-03-14 23:15 . 2013-03-14 23:15 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-03-14 23:15 . 2013-03-14 23:15 441856 ----a-w- c:\windows\system32\html.iec
2013-03-14 23:15 . 2013-03-14 23:15 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-03-14 23:15 . 2013-03-14 23:15 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-03-14 23:15 . 2013-03-14 23:15 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-03-14 23:15 . 2013-03-14 23:15 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-03-14 23:15 . 2013-03-14 23:15 235008 ----a-w- c:\windows\system32\url.dll
2013-03-14 23:15 . 2013-03-14 23:15 216064 ----a-w- c:\windows\system32\msls31.dll
2013-03-14 23:15 . 2013-03-14 23:15 197120 ----a-w- c:\windows\system32\msrating.dll
2013-03-14 23:15 . 2013-03-14 23:15 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-03-14 23:15 . 2013-03-14 23:15 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-03-14 23:15 . 2013-03-14 23:15 102912 ----a-w- c:\windows\system32\inseng.dll
2013-03-14 23:15 . 2013-03-14 23:15 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-03-14 23:15 . 2013-03-14 23:15 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-03-14 23:15 . 2013-03-14 23:15 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-03-14 23:15 . 2013-03-14 23:15 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-03-14 23:15 . 2013-03-14 23:15 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-03-14 23:15 . 2013-03-14 23:15 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-03-14 23:15 . 2013-03-14 23:15 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-03-14 23:15 . 2013-03-14 23:15 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-03-14 23:15 . 2013-03-14 23:15 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-03-14 23:15 . 2013-03-14 23:15 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-03-14 23:15 . 2013-03-14 23:15 149504 ----a-w- c:\windows\system32\occache.dll
2013-03-14 23:15 . 2013-03-14 23:15 144896 ----a-w- c:\windows\system32\wextract.exe
2013-03-14 23:15 . 2013-03-14 23:15 13824 ----a-w- c:\windows\system32\mshta.exe
2013-03-14 23:15 . 2013-03-14 23:15 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-03-14 23:15 . 2013-03-14 23:15 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-03-14 23:15 . 2013-03-14 23:15 12800 ----a-w- c:\windows\system32\msfeedssync.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Soulguru\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Soulguru\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Soulguru\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-10-26 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2010-05-31 673136]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-06-01 600928]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2012-09-28 298376]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"AirPort Base Station Agent"="c:\program files (x86)\AirPort\APAgent.exe" [2009-11-11 771360]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\Soulguru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Soulguru\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-5-25 27776968]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-6-8 1128224]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 sdpiosys;sdpiosys;c:\windows\system32\drivers\sdpiosys.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312]
R3 FlyUsb;FLY Fusion;c:\windows\system32\DRIVERS\FlyUsb.sys [2011-11-12 24576]
R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys [2010-03-05 20480]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-06-20 108400]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-06-18 423280]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-06-20 67952]
R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-06-06 304496]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-06-17 851824]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-06-09 537456]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-06-09 384880]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-06-09 101232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-06 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2008-06-16 55024]
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2010-04-07 127800]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-06-01 367456]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [2010-06-23 94208]
S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [2010-06-23 78848]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 259192]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-05-28 2320920]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2010-06-21 575856]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2010-08-11 845312]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-06-23 342056]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-06-23 39464]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [2010-05-28 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-05-28 158976]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-08-26 287232]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2010-04-26 12032]
S3 TotRec8;Total Recorder WDM audio filter driver;c:\windows\system32\drivers\TotRec8.sys [2012-08-13 122128]
S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2012-01-13 1256040]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2010-05-31 402720]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-05-31 17:57 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.94\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-27 22:07]
.
2013-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-26 09:21]
.
2013-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-26 09:21]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Soulguru\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Soulguru\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Soulguru\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Soulguru\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-05-31 10775584]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-05-31 2040352]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Soulguru\AppData\Roaming\Mozilla\Firefox\Profiles\d3hv01ny.default\
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{9FEDF372-3B2E-C229-C993-EDCE0946AB98} - c:\programdata\Download and Sa\508efce71714a.ocx
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-06-02  08:14:26
ComboFix-quarantined-files.txt  2013-06-02 07:14
.
Pre-Run: 140,469,231,616 bytes free
Post-Run: 140,505,772,032 bytes free
.
- - End Of File - - 9C6176BA41F5556324E1788FFB971076


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:41 PM

Posted 02 June 2013 - 02:40 AM


Hello soulguru



Please download Farbar Recovery Scan Tool and save it to your desktop.


Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 soulguru

soulguru
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:41 AM

Posted 02 June 2013 - 03:34 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-06-2013 02
Ran by Soulguru (administrator) on 02-06-2013 09:29:51
Running from C:\Users\Soulguru\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(HP) C:\Windows\system32\HPSIsvc.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Dropbox, Inc.) C:\Users\Soulguru\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(Apple Inc.) C:\Program Files (x86)\AirPort\APAgent.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
(Sony of America Corporation) C:\Program Files\Sony\VAIO Care\listener.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCsystray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\Admload.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10775584 2010-05-31] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3  [2040352 2010-05-31] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2057000 2010-05-31] (Synaptics Incorporated)
HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation)
HKCU\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-10-26] (Google Inc.)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe" [673136 2010-05-31] (Sony Corporation)
HKLM-x32\...\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [600928 2010-06-01] (Sony Corporation)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [41208 2012-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [298376 2012-09-28] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [AirPort Base Station Agent] "C:\Program Files (x86)\AirPort\APAgent.exe" [771360 2009-11-11] (Apple Inc.)
HKLM-x32\...\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon [1185112 2010-04-02] (CANON INC.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-09-09] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Soulguru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Soulguru\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -  No File
SSODL-x32: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -  No File
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {11C271D3-93D6-4868-9988-D844FE34CC4B} URL = http://uk.shopping.com/?linkin_id=8056359
SearchScopes: HKCU - {B717B715-E500-4A99-A959-2D6488A2CA7B} URL = http://services.zinio.com/search?s={searchTerms}&rf=sonyslices
SearchScopes: HKCU - {C81DB31D-8C4D-475C-8E0D-38EBCCA38D80} URL = http://rover.ebay.com/rover/1/710-42480-16445-15/4?satitle={searchTerms}
BHO: SMART Notebook Download Utility - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files (x86)\SMART Technologies\Notebook Interactive Viewer\Win64\NotebookPlugin.dll (SMART Technologies ULC.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: SMART Notebook Download Utility - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files (x86)\SMART Technologies\Notebook Interactive Viewer\Win32\NotebookPlugin.dll (SMART Technologies ULC.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Download and Sa Class - {9FEDF372-3B2E-C229-C993-EDCE0946AB98} - C:\ProgramData\Download and Sa\508efce71714a.ocx No File
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF ProfilePath: C:\Users\Soulguru\AppData\Roaming\Mozilla\Firefox\Profiles\d3hv01ny.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.15.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.15.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: artur.dubovoy - C:\Users\Soulguru\AppData\Roaming\Mozilla\Firefox\Profiles\d3hv01ny.default\Extensions\artur.dubovoy@gmail.com.xpi
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.co.uk/
CHR RestoreOnStartup: "hxxp://www.google.co.uk/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.300.12) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U30) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Extension: (YouTube) - C:\Users\Soulguru\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1
CHR Extension: (Google Search) - C:\Users\Soulguru\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1
CHR Extension: (SoundCloud Downloader) - C:\Users\Soulguru\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndmjkapccdjaajegggkopajaabdkjmag\0.31_0
CHR Extension: (Gmail) - C:\Users\Soulguru\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
 
==================== Services (Whitelisted) =================
 
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [259192 2011-01-29] (Sony Corporation)
S3 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [x]
S2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [x]
 
==================== Drivers (Whitelisted) ====================
 
S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [24576 2011-11-12] (LeapFrog)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2010-03-06] (Marvell Semiconductor, Inc.)
R3 TotRec8; C:\Windows\system32\drivers\TotRec8.sys [122128 2012-08-13] (High Criteria inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S1 sdpiosys; \SystemRoot\system32\drivers\sdpiosys.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-06-02 09:29 - 2013-06-02 09:29 - 00000000 ____D C:\FRST
2013-06-02 08:47 - 2013-06-02 08:47 - 01916164 ____A (Farbar) C:\Users\Soulguru\Downloads\FRST64.exe
2013-06-02 08:14 - 2013-06-02 08:14 - 00025453 ____A C:\Users\Soulguru\Desktop\combofix.txt
2013-06-02 08:14 - 2013-06-02 08:14 - 00025453 ____A C:\ComboFix.txt
2013-06-02 08:01 - 2013-06-02 08:14 - 00000000 ____D C:\Qoobox
2013-06-02 08:01 - 2013-06-02 08:13 - 00000000 ____D C:\Windows\erdnt
2013-06-02 08:01 - 2011-06-26 07:45 - 00256000 ____A C:\Windows\PEV.exe
2013-06-02 08:01 - 2010-11-07 18:20 - 00208896 ____A C:\Windows\MBR.exe
2013-06-02 08:01 - 2009-04-20 05:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-06-02 08:01 - 2000-08-31 01:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-06-02 08:01 - 2000-08-31 01:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-06-02 08:01 - 2000-08-31 01:00 - 00098816 ____A C:\Windows\sed.exe
2013-06-02 08:01 - 2000-08-31 01:00 - 00080412 ____A C:\Windows\grep.exe
2013-06-02 08:01 - 2000-08-31 01:00 - 00068096 ____A C:\Windows\zip.exe
2013-06-02 08:00 - 2013-06-02 08:00 - 05076686 ____R (Swearware) C:\Users\Soulguru\Downloads\ComboFix.exe
2013-06-02 07:59 - 2013-06-02 07:59 - 00001476 ____A C:\Users\Soulguru\Desktop\Gringo.txt
2013-06-01 20:21 - 2013-06-01 20:23 - 123174324 ____A C:\Users\Soulguru\Downloads\Phineas and Ferb Bowl R Rama Season 1 Episode 32 (SD).mpg
2013-06-01 19:18 - 2013-06-01 19:19 - 36426716 ____A C:\Users\Soulguru\Downloads\Phineas and Ferb Bowl R Rama Season 1 Episode 32 (SD).mp4
2013-06-01 19:17 - 2013-06-01 19:19 - 100705049 ____A C:\Users\Soulguru\Downloads\Therapy Music   Relaxing Music  with beach sounds (HD).mp4
2013-06-01 10:07 - 2013-06-01 10:08 - 00001996 ____A C:\Users\Soulguru\Desktop\JRT.txt
2013-06-01 10:02 - 2013-06-01 10:02 - 00000000 ____D C:\Windows\ERUNT
2013-06-01 10:02 - 2013-06-01 10:02 - 00000000 ____D C:\JRT
2013-06-01 10:01 - 2013-06-01 10:01 - 00010199 ____A C:\Users\Soulguru\Desktop\AdwCleaner[S1].txt
2013-06-01 09:47 - 2013-06-01 09:47 - 00010199 ____A C:\AdwCleaner[S1].txt
2013-06-01 09:47 - 2013-06-01 09:47 - 00000090 ____A C:\Windows\DeleteOnReboot.bat
2013-06-01 08:47 - 2013-06-01 08:47 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Soulguru\Downloads\JRT.exe
2013-06-01 08:04 - 2013-06-01 08:05 - 00632031 ____A C:\Users\Soulguru\Downloads\AdwCleaner.exe
2013-05-31 22:01 - 2013-05-31 22:01 - 00262672 ____A C:\Users\Soulguru\Downloads\Brand Nubian - Take It To The Head [CDS].jpeg
2013-05-31 19:35 - 2013-05-31 19:36 - 83775156 ____A C:\Users\Soulguru\Downloads\Sheree Brown - Messages From The Heart - 2013 Gigi Smooth®.rar
2013-05-31 18:47 - 2013-05-31 18:47 - 00012838 ____A C:\Users\Soulguru\Desktop\attach.txt
2013-05-31 18:47 - 2013-05-31 18:46 - 00023416 ____A C:\Users\Soulguru\Desktop\dds.txt
2013-05-31 18:45 - 2013-05-31 18:45 - 00688992 ____R (Swearware) C:\Users\Soulguru\Downloads\dds.com
2013-05-30 23:25 - 2013-05-30 23:25 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-05-30 23:25 - 2013-05-30 23:25 - 00000000 ____D C:\Users\Soulguru\AppData\Roaming\Malwarebytes
2013-05-30 23:25 - 2013-05-30 23:25 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-05-30 23:25 - 2013-05-30 23:25 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-05-30 23:25 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-05-30 22:23 - 2013-05-30 22:23 - 331214516 ____A C:\Users\Soulguru\Documents\Registry.reg
2013-05-30 22:21 - 2013-05-30 22:21 - 00016356 ____A C:\FixitRegBackup.reg
2013-05-30 21:44 - 2013-05-30 21:45 - 13475464 ____A (Microsoft Corporation) C:\Users\Soulguru\Downloads\mseinstall.exe
2013-05-30 18:01 - 2013-05-30 18:01 - 00004393 ____A C:\Users\Soulguru\Downloads\soulguru.jpeg
2013-05-28 11:02 - 2013-05-28 11:02 - 00257024 ____A C:\Users\Soulguru\Downloads\advertisements.ppt
2013-05-28 09:49 - 2013-05-29 16:13 - 00000000 ____D C:\Users\Soulguru\Downloads\1994 - Pete Rock & C.L. Smooth - Never Coming Out EP
2013-05-28 09:49 - 2013-05-29 15:37 - 00000000 ____D C:\Users\Soulguru\Downloads\2001 - Richard Burton - Ballamore [Unreleased]
2013-05-28 09:48 - 2013-05-28 09:48 - 00000000 ____D C:\Users\Soulguru\Downloads\Richard Show 22
2013-05-28 08:50 - 2013-05-28 13:57 - 00000000 ____D C:\Users\Soulguru\Desktop\Disco
2013-05-28 00:50 - 2013-05-28 00:56 - 00000000 ____D C:\Users\Soulguru\Downloads\1988 - Al B. Sure! - If I'm Not Your Lover (Mini CD)
2013-05-27 22:20 - 2013-05-31 23:34 - 00000558 ____A C:\Users\Soulguru\Desktop\Spring 2013.txt
2013-05-22 20:38 - 2013-05-30 21:37 - 00000000 ____D C:\Users\Soulguru\Downloads\2013 - PJ Morton - New Orleans
2013-05-22 20:38 - 2013-05-29 15:17 - 00000000 ____D C:\Users\Soulguru\Downloads\1994 - Brian Moore - Stay Awhile [CDM]
2013-05-22 00:02 - 2013-05-29 15:59 - 00000000 ____D C:\Users\Soulguru\Downloads\1988 - LeVert - Pull Over (12 Remix)
2013-05-21 22:43 - 2013-05-30 21:38 - 00000000 ____D C:\Program Files (x86)\x264 Video Codec
2013-05-14 19:48 - 2013-05-29 15:58 - 00000000 ____D C:\Users\Soulguru\Downloads\File048
2013-05-12 20:17 - 2013-05-29 16:02 - 00000000 ____D C:\Users\Soulguru\Downloads\1991 - Public Enemy - Shut Em Down [CDM]
2013-05-12 19:39 - 2013-05-29 15:44 - 00000000 ____D C:\Users\Soulguru\Downloads\2013 - Glenn Lewis - Moment Of Truth
2013-05-12 00:20 - 2013-05-29 23:11 - 00000000 ____D C:\Users\Soulguru\Downloads\Keith Sweat
2013-05-11 23:50 - 2013-05-29 15:41 - 00000000 ____D C:\Users\Soulguru\Downloads\1997 - Dean Phil - Personal - [Soulmate]
2013-05-11 19:13 - 2013-05-30 21:38 - 00000000 ____D C:\Users\Soulguru\Downloads\File042
2013-05-11 19:13 - 2013-05-29 16:28 - 00000000 ____D C:\Users\Soulguru\Downloads\GUY
2013-05-11 18:26 - 2013-05-29 15:36 - 00000000 ____D C:\Users\Soulguru\Downloads\1995 - Jamal - Fades Em All [CDM]
2013-05-09 22:56 - 2013-05-29 16:00 - 00000000 ____D C:\Users\Soulguru\Downloads\1992 - Public Enemy - Nighttrain [CDM]
2013-05-09 22:56 - 2013-05-29 15:14 - 00000000 ____D C:\Users\Soulguru\Downloads\1997 - Absoulute - Absoulute [Unreleased]
2013-05-09 22:33 - 2013-05-29 15:19 - 00000000 ____D C:\Users\Soulguru\Downloads\1994 - Champ MC - Keep It On The Real [Promo CDM]
2013-05-09 22:26 - 2013-05-29 15:21 - 00000000 ____D C:\Users\Soulguru\Downloads\1993 - Da Youngsta's - Iz U Wit Me [Promo CD]
2013-05-08 22:27 - 2013-05-29 16:12 - 00000000 ____D C:\Users\Soulguru\Downloads\1993 - Run DMC - Down With The King
2013-05-08 21:31 - 2013-05-29 15:34 - 00000000 ____D C:\Users\Soulguru\Downloads\1983 - Debra Hurd - Debra Hurd
2013-05-08 19:57 - 2013-05-08 19:57 - 00821392 ____A C:\Windows\Minidump\050813-79622-01.dmp
2013-05-05 22:24 - 2013-05-05 22:28 - 00000000 ___HD C:\Users\Soulguru\Downloads\_gsdata_
 
==================== One Month Modified Files and Folders =======
 
2013-06-02 09:29 - 2013-06-02 09:29 - 00000000 ____D C:\FRST
2013-06-02 09:07 - 2013-02-27 21:30 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-02 08:55 - 2010-10-26 10:21 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-02 08:47 - 2013-06-02 08:47 - 01916164 ____A (Farbar) C:\Users\Soulguru\Downloads\FRST64.exe
2013-06-02 08:24 - 2009-07-14 05:45 - 00013872 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-02 08:24 - 2009-07-14 05:45 - 00013872 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-02 08:22 - 2011-02-04 21:54 - 01611107 ____A C:\Windows\WindowsUpdate.log
2013-06-02 08:22 - 2009-07-14 06:13 - 00737172 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-02 08:16 - 2011-03-30 20:34 - 00000000 ___RD C:\Users\Soulguru\Dropbox
2013-06-02 08:16 - 2011-03-30 20:28 - 00000000 ____D C:\Users\Soulguru\AppData\Roaming\Dropbox
2013-06-02 08:16 - 2010-10-26 10:21 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-02 08:15 - 2010-10-26 10:52 - 00131652 ____A C:\Windows\PFRO.log
2013-06-02 08:15 - 2009-07-14 06:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-02 08:15 - 2009-07-14 05:51 - 00124627 ____A C:\Windows\setupact.log
2013-06-02 08:14 - 2013-06-02 08:14 - 00025453 ____A C:\Users\Soulguru\Desktop\combofix.txt
2013-06-02 08:14 - 2013-06-02 08:14 - 00025453 ____A C:\ComboFix.txt
2013-06-02 08:14 - 2013-06-02 08:01 - 00000000 ____D C:\Qoobox
2013-06-02 08:13 - 2013-06-02 08:01 - 00000000 ____D C:\Windows\erdnt
2013-06-02 08:11 - 2009-07-14 03:34 - 00000215 ____A C:\Windows\system.ini
2013-06-02 08:00 - 2013-06-02 08:00 - 05076686 ____R (Swearware) C:\Users\Soulguru\Downloads\ComboFix.exe
2013-06-02 07:59 - 2013-06-02 07:59 - 00001476 ____A C:\Users\Soulguru\Desktop\Gringo.txt
2013-06-01 21:45 - 2011-02-05 02:02 - 00000000 ____D C:\Users\Soulguru\AppData\Roaming\Audacity
2013-06-01 20:23 - 2013-06-01 20:21 - 123174324 ____A C:\Users\Soulguru\Downloads\Phineas and Ferb Bowl R Rama Season 1 Episode 32 (SD).mpg
2013-06-01 19:56 - 2011-02-05 01:17 - 00000000 ____D C:\Users\Soulguru\Documents\Recordings
2013-06-01 19:19 - 2013-06-01 19:18 - 36426716 ____A C:\Users\Soulguru\Downloads\Phineas and Ferb Bowl R Rama Season 1 Episode 32 (SD).mp4
2013-06-01 19:19 - 2013-06-01 19:17 - 100705049 ____A C:\Users\Soulguru\Downloads\Therapy Music   Relaxing Music  with beach sounds (HD).mp4
2013-06-01 13:05 - 2012-11-25 20:00 - 00000000 ____D C:\Users\Soulguru\AppData\Roaming\MediaMonkey
2013-06-01 13:02 - 2011-04-09 12:00 - 00000000 ____D C:\ProgramData\Soulseek
2013-06-01 10:08 - 2013-06-01 10:07 - 00001996 ____A C:\Users\Soulguru\Desktop\JRT.txt
2013-06-01 10:02 - 2013-06-01 10:02 - 00000000 ____D C:\Windows\ERUNT
2013-06-01 10:02 - 2013-06-01 10:02 - 00000000 ____D C:\JRT
2013-06-01 10:01 - 2013-06-01 10:01 - 00010199 ____A C:\Users\Soulguru\Desktop\AdwCleaner[S1].txt
2013-06-01 09:47 - 2013-06-01 09:47 - 00010199 ____A C:\AdwCleaner[S1].txt
2013-06-01 09:47 - 2013-06-01 09:47 - 00000090 ____A C:\Windows\DeleteOnReboot.bat
2013-06-01 08:47 - 2013-06-01 08:47 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Soulguru\Downloads\JRT.exe
2013-06-01 08:05 - 2013-06-01 08:04 - 00632031 ____A C:\Users\Soulguru\Downloads\AdwCleaner.exe
2013-05-31 23:34 - 2013-05-27 22:20 - 00000558 ____A C:\Users\Soulguru\Desktop\Spring 2013.txt
2013-05-31 22:01 - 2013-05-31 22:01 - 00262672 ____A C:\Users\Soulguru\Downloads\Brand Nubian - Take It To The Head [CDS].jpeg
2013-05-31 19:36 - 2013-05-31 19:35 - 83775156 ____A C:\Users\Soulguru\Downloads\Sheree Brown - Messages From The Heart - 2013 Gigi Smooth®.rar
2013-05-31 18:47 - 2013-05-31 18:47 - 00012838 ____A C:\Users\Soulguru\Desktop\attach.txt
2013-05-31 18:46 - 2013-05-31 18:47 - 00023416 ____A C:\Users\Soulguru\Desktop\dds.txt
2013-05-31 18:45 - 2013-05-31 18:45 - 00688992 ____R (Swearware) C:\Users\Soulguru\Downloads\dds.com
2013-05-31 18:37 - 2011-02-20 22:56 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-05-31 00:03 - 2011-02-20 22:49 - 00002150 ____A C:\Windows\epplauncher.mif
2013-05-30 23:25 - 2013-05-30 23:25 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-05-30 23:25 - 2013-05-30 23:25 - 00000000 ____D C:\Users\Soulguru\AppData\Roaming\Malwarebytes
2013-05-30 23:25 - 2013-05-30 23:25 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-05-30 23:25 - 2013-05-30 23:25 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-05-30 23:20 - 2011-02-06 15:51 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-05-30 23:16 - 2011-02-06 15:39 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-30 23:09 - 2011-02-20 22:56 - 00732824 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-05-30 23:09 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2013-05-30 23:07 - 2013-02-27 21:29 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-05-30 23:07 - 2011-09-26 21:34 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-05-30 22:59 - 2012-03-15 23:02 - 00000000 ____D C:\Users\Soulguru\AppData\Roaming\vlc
2013-05-30 22:23 - 2013-05-30 22:23 - 331214516 ____A C:\Users\Soulguru\Documents\Registry.reg
2013-05-30 22:21 - 2013-05-30 22:21 - 00016356 ____A C:\FixitRegBackup.reg
2013-05-30 21:49 - 2013-02-28 23:00 - 00000000 ____D C:\Users\Soulguru\AppData\Roaming\Mozilla
2013-05-30 21:49 - 2011-02-04 21:58 - 00000000 ____D C:\Users\Soulguru\AppData\Local\Google
2013-05-30 21:45 - 2013-05-30 21:44 - 13475464 ____A (Microsoft Corporation) C:\Users\Soulguru\Downloads\mseinstall.exe
2013-05-30 21:39 - 2011-02-04 21:54 - 00000000 ____D C:\users\Soulguru
2013-05-30 21:38 - 2013-05-21 22:43 - 00000000 ____D C:\Program Files (x86)\x264 Video Codec
2013-05-30 21:38 - 2013-05-11 19:13 - 00000000 ____D C:\Users\Soulguru\Downloads\File042
2013-05-30 21:38 - 2013-02-27 21:29 - 00000000 ____D C:\Windows\System32\Macromed
2013-05-30 21:38 - 2010-10-26 10:11 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-05-30 21:38 - 2010-10-12 18:48 - 00000000 ____D C:\ProgramData\Sony Corporation
2013-05-30 21:38 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-05-30 21:38 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-05-30 21:38 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\AppCompat
2013-05-30 21:38 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-05-30 21:37 - 2013-05-22 20:38 - 00000000 ____D C:\Users\Soulguru\Downloads\2013 - PJ Morton - New Orleans
2013-05-30 21:33 - 2011-02-06 15:50 - 00000000 ___RD C:\MSOCache
2013-05-30 21:33 - 2011-02-04 21:58 - 00000000 ____D C:\Users\Soulguru\AppData\Roaming\Adobe
2013-05-30 21:33 - 2010-10-26 10:10 - 00000000 ____D C:\ProgramData\Adobe
2013-05-30 18:01 - 2013-05-30 18:01 - 00004393 ____A C:\Users\Soulguru\Downloads\soulguru.jpeg
2013-05-29 23:11 - 2013-05-12 00:20 - 00000000 ____D C:\Users\Soulguru\Downloads\Keith Sweat
2013-05-29 16:30 - 2013-03-28 00:40 - 00000000 ____D C:\Users\Soulguru\Downloads\Stevie to Soulguru
2013-05-29 16:28 - 2013-05-11 19:13 - 00000000 ____D C:\Users\Soulguru\Downloads\GUY
2013-05-29 16:13 - 2013-05-28 09:49 - 00000000 ____D C:\Users\Soulguru\Downloads\1994 - Pete Rock & C.L. Smooth - Never Coming Out EP
2013-05-29 16:12 - 2013-05-08 22:27 - 00000000 ____D C:\Users\Soulguru\Downloads\1993 - Run DMC - Down With The King
2013-05-29 16:02 - 2013-05-12 20:17 - 00000000 ____D C:\Users\Soulguru\Downloads\1991 - Public Enemy - Shut Em Down [CDM]
2013-05-29 16:00 - 2013-05-09 22:56 - 00000000 ____D C:\Users\Soulguru\Downloads\1992 - Public Enemy - Nighttrain [CDM]
2013-05-29 15:59 - 2013-05-22 00:02 - 00000000 ____D C:\Users\Soulguru\Downloads\1988 - LeVert - Pull Over (12 Remix)
2013-05-29 15:58 - 2013-05-14 19:48 - 00000000 ____D C:\Users\Soulguru\Downloads\File048
2013-05-29 15:44 - 2013-05-12 19:39 - 00000000 ____D C:\Users\Soulguru\Downloads\2013 - Glenn Lewis - Moment Of Truth
2013-05-29 15:41 - 2013-05-11 23:50 - 00000000 ____D C:\Users\Soulguru\Downloads\1997 - Dean Phil - Personal - [Soulmate]
2013-05-29 15:37 - 2013-05-28 09:49 - 00000000 ____D C:\Users\Soulguru\Downloads\2001 - Richard Burton - Ballamore [Unreleased]
2013-05-29 15:36 - 2013-05-11 18:26 - 00000000 ____D C:\Users\Soulguru\Downloads\1995 - Jamal - Fades Em All [CDM]
2013-05-29 15:34 - 2013-05-08 21:31 - 00000000 ____D C:\Users\Soulguru\Downloads\1983 - Debra Hurd - Debra Hurd
2013-05-29 15:21 - 2013-05-09 22:26 - 00000000 ____D C:\Users\Soulguru\Downloads\1993 - Da Youngsta's - Iz U Wit Me [Promo CD]
2013-05-29 15:19 - 2013-05-09 22:33 - 00000000 ____D C:\Users\Soulguru\Downloads\1994 - Champ MC - Keep It On The Real [Promo CDM]
2013-05-29 15:17 - 2013-05-22 20:38 - 00000000 ____D C:\Users\Soulguru\Downloads\1994 - Brian Moore - Stay Awhile [CDM]
2013-05-29 15:14 - 2013-05-09 22:56 - 00000000 ____D C:\Users\Soulguru\Downloads\1997 - Absoulute - Absoulute [Unreleased]
2013-05-28 17:00 - 2011-08-02 22:28 - 00016490 ____A C:\Users\Soulguru\Desktop\LP Project.xlsx
2013-05-28 13:57 - 2013-05-28 08:50 - 00000000 ____D C:\Users\Soulguru\Desktop\Disco
2013-05-28 11:02 - 2013-05-28 11:02 - 00257024 ____A C:\Users\Soulguru\Downloads\advertisements.ppt
2013-05-28 09:48 - 2013-05-28 09:48 - 00000000 ____D C:\Users\Soulguru\Downloads\Richard Show 22
2013-05-28 00:56 - 2013-05-28 00:50 - 00000000 ____D C:\Users\Soulguru\Downloads\1988 - Al B. Sure! - If I'm Not Your Lover (Mini CD)
2013-05-24 06:43 - 2012-09-16 14:40 - 00000000 ____D C:\Users\Soulguru\Documents\iSkysoft DVD Ripper
2013-05-16 23:01 - 2011-08-02 14:49 - 00000000 ____D C:\Users\Soulguru\AppData\Roaming\GoodSync
2013-05-08 19:57 - 2013-05-08 19:57 - 00821392 ____A C:\Windows\Minidump\050813-79622-01.dmp
2013-05-08 19:57 - 2011-02-06 17:27 - 00000000 ____D C:\Windows\Minidump
2013-05-08 19:56 - 2011-02-06 17:27 - 609724050 ____A C:\Windows\MEMORY.DMP
2013-05-05 22:28 - 2013-05-05 22:24 - 00000000 ___HD C:\Users\Soulguru\Downloads\_gsdata_
 
ZeroAccess:
C:\Windows\Installer\{5e5d55c1-2029-b5d3-a76e-9ec9eac9e29d}
C:\Windows\Installer\{5e5d55c1-2029-b5d3-a76e-9ec9eac9e29d}\L
C:\Windows\Installer\{5e5d55c1-2029-b5d3-a76e-9ec9eac9e29d}\U
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\en-US => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
C:\Program Files\Microsoft Security Client\Backup => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
 
 
Last Boot: 2013-05-27 23:25
 
==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-06-2013 02
Ran by Soulguru at 2013-06-02 09:31:04 Run:
Running from C:\Users\Soulguru\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Installed Programs =======================
 
Adobe AIR (Version: 1.5.3.9130)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.202)
Adobe Flash Player 11 Plugin (Version: 11.7.700.202)
Adobe Photoshop Elements 8.0 (Version: 8.0)
Adobe Premiere Elements 8.0 (Version: 8.0)
Adobe Reader 9.5.4 (Version: 9.5.4)
AirPort (Version: 5.6.1.2)
Amazon MP3 Downloader 1.0.17 (Version: 1.0.17)
Apple Application Support (Version: 2.2.2)
Apple Mobile Device Support (Version: 6.0.0.59)
Apple Software Update (Version: 2.1.3.127)
ArcSoft WebCam Companion 3 (Version: 3.0.21.368)
Audacity 1.2.6
Audacity 1.3.12
Avi to Mpeg 3.2 (Version: 3.0)
BBC iPlayer Desktop (Version: 2.1.21228)
Bonjour (Version: 3.0.0.10)
Bonjour Print Services (Version: 2.0.2.0)
Canon MP Navigator EX 4.0
Canon Solution Menu EX
CanoScan LiDE 210 Scanner Driver
CDex - Open Source Digital Audio CD Extractor (Version: 1.70.4.2009)
Clear Clipboard 1.0 (Version: 1.0)
ClickRepair 3.8.4 and ClickRepairRT 1.3
Convert FLV to MP3 1.0
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DeNoise 2.6.5 and DeNoiseLF 2.6.5
DHTML Editing Component (Version: 6.02.0001)
DJS (Version: 1.600.000)
Dropbox (Version: 2.0.22)
Equalizer 1.8.3
Evernote (Version: 3.5.4.2224)
Free RAR Extract Frog (Version: 2.50)
Free Video to DVD Converter version 5.0.22.128 (Version: 5.0.22.128)
GEAR driver installer for AMD64 and Intel EM64T (Version: 2.003.1)
GoodSync (Version: 8.7.5.5)
Google Chrome (Version: 27.0.1453.94)
Google Earth Plug-in (Version: 7.0.3.8542)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3607.2246)
Google Update Helper (Version: 1.3.21.145)
HP LaserJet Professional P1100-P1560-P1600 Series
iExplorer 2.2.1.3
Intel® Control Center (Version: 1.2.1.1007)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.2182)
Intel® Integrated Performance Primitives RTI 4.0 (Version: 4.0.23)
Intel® Management Engine Components (Version: 6.0.0.1179)
Intel® Rapid Storage Technology (Version: 9.6.0.1014)
iSkysoft DVD Ripper(Build 2.2.0.0)
iTunes (Version: 10.7.0.21)
Java 7 Update 15 (Version: 7.0.150)
Java Auto Updater (Version: 2.1.9.0)
Java™ 6 Update 20 (64-bit) (Version: 6.0.200)
Junk Mail filter update (Version: 15.4.3502.0922)
LAME v3.98.3 for Audacity
LeapFrog Connect (Version: 4.2.9.15649)
LeapFrog Tag Junior Plugin (Version: 4.2.9.15649)
Legitmix 1.0.0.1 (Version: 1.0.0.1)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Media Gallery (Version: 1.3.0)
Media Gallery (Version: 1.3.0.06230)
MediaMonkey 4.0 (Version: 4.0)
Medieval CUE Splitter (Version: 1.2.0)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
MixMeister BPM Analyzer 1.0
MixMeister Express 6.1.10
Mozilla Firefox 20.0.1 (x86 en-GB) (Version: 20.0.1)
Mozilla Maintenance Service (Version: 20.0.1)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
Music Editor Free
Norton Online Backup (Version: 2.1.17869)
OptimizerPro1 (Version: 1.0)
PMB (Version: 5.3.00.06040)
PMB VAIO Edition plug-in (Click to Disc) (Version: 3.3.00)
PMB VAIO Edition plug-in (VAIO Movie Story) (Version: 2.3.00)
Quick Web Access (Version: 1.4.7.0)
QuickTime (Version: 7.72.80.56)
Realtek High Definition Audio Driver (Version: 6.0.1.6098)
Remote Keyboard with PlayStation 3 (Version: 1.0.2.06170)
Remote Play with PlayStation 3 (Version: 1.0.2.06210)
Remote Play with PlayStation®3 (Version: 1.0.2.06210)
Search Assistant AppsAreFun 1.66
Skype™ 5.10 (Version: 5.10.116)
SMART Common Files (Version: 11.1.11.0)
SMART English (United Kingdom) Language Pack (Version: 11.0.50.1)
SMART Notebook Interactive Viewer (Version: 2.0.103.0)
SmartSound Quicktracks for Premiere Elements 8.0 (Version: 3.11.3090)
SopCast 3.5.0 (Version: 3.5.0)
SoulSeek 157 NS 13e
Synaptics Pointing Device Driver (Version: 15.0.9.0)
Tag&Rename 3.6.1 (Version: 3.6.1)
Total Recorder 8.3 Standard Edition
Turbo Lister 2 (Version: 2.00.0000)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Junior Plugin)
VAIO - Media Gallery (Version: 1.3.0.06230)
VAIO - PMB VAIO Edition Guide (Version: 1.5.00.03020)
VAIO - PMB VAIO Edition plug-in (Click to Disc) (Version: 3.3.00.06180)
VAIO - PMB VAIO Edition plug-in (VAIO Image Optimizer) (Version: 1.3.00.06110)
VAIO - PMB VAIO Edition plug-in (VAIO Movie Story) (Version: 2.3.00.06180)
VAIO Care (Version: 6.4.2.11150)
VAIO Control Center (Version: 4.3.0.05310)
VAIO Data Restore Tool (Version: 1.4.0.05240)
VAIO DVD Menu Data (Version: 2.2.00.05120)
VAIO Gate (Version: 2.4.1.09230)
VAIO Gate Default (Version: 2.2.0.07020)
VAIO Hardware Diagnostics (Version: 4.0.0.06230)
VAIO Manual (Version: 1.1.0.05280)
VAIO Media plus (Version: 2.1.0)
VAIO Media plus (Version: 2.1.0.18210)
VAIO Media plus Opening Movie (Version: 2.1.0.13220)
VAIO Movie Story Template Data (Version: 2.3.00.06040)
VAIO Sample Contents (Version: 1.3.0.06041)
VAIO screensaver (Version: 1.0.0.0)
VAIO Smart Network (Version: 3.3.1.08110)
VAIO Transfer Support (Version: 1.2.0.06230)
VAIO Update (Version: 5.6.1.02150)
VAIO Update Merge Module x64 (Version: 5.5.19220)
VAIO Update Merge Module x64 (Version: 5.6.10270)
VAIO Update Merge Module x64 (Version: 5.7.13130)
VideoPad Video Editor
VinylStudio
VLC media player 2.0.0 (Version: 2.0.0)
VU5x64 (Version: 1.0.0)
VU5x86 (Version: 1.0.0)
WIDCOMM Bluetooth Software (Version: 6.3.0.5600)
Windows Driver Package - LeapFrog (FlyUsb) USB  (11/05/2008 1.1.1.0) (Version: 11/05/2008 1.1.1.0)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (Version: 09/10/2009 02.03.05.012)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3502.0922)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Movie Maker 2.6 (Version: 2.6.4037.0)
WinRAR archiver
YouSendIt Express (Version: 2.11.2)
 
==================== Restore Points  =========================
 
30-05-2013 22:02:55 Installed Microsoft .NET Framework 1.1
30-05-2013 22:14:21 Windows Update
30-05-2013 22:33:57 Windows Update
30-05-2013 22:36:46 Windows Update
30-05-2013 22:39:01 Windows Update
30-05-2013 22:39:14 Windows Update
30-05-2013 22:41:30 Windows Update
30-05-2013 22:42:03 Windows Update
30-05-2013 22:43:54 Windows Update
30-05-2013 22:44:54 Windows Update
30-05-2013 22:51:43 Windows Update
31-05-2013 17:35:22 Windows Update
31-05-2013 22:41:01 Windows Update
01-06-2013 06:24:19 Windows Update
01-06-2013 09:12:25 Windows Update
01-06-2013 20:52:23 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/01/2013 09:42:10 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.
 
 
System errors:
=============
Error: (06/02/2013 08:16:18 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
sdpiosys
 
Error: (06/02/2013 08:15:55 AM) (Source: Service Control Manager) (User: )
Description: The Microsoft Antimalware Service service failed to start due to the following error: 
%%2
 
Error: (06/02/2013 08:15:41 AM) (Source: Application Popup) (User: )
Description: \SystemRoot\SysWow64\drivers\sdpiosys.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (06/02/2013 08:11:29 AM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (06/02/2013 08:10:47 AM) (Source: Application Popup) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (06/02/2013 08:08:02 AM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (06/02/2013 07:51:42 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
sdpiosys
 
Error: (06/02/2013 07:51:27 AM) (Source: Service Control Manager) (User: )
Description: The Microsoft Antimalware Service service failed to start due to the following error: 
%%2
 
Error: (06/02/2013 07:51:11 AM) (Source: Application Popup) (User: )
Description: \SystemRoot\SysWow64\drivers\sdpiosys.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (06/01/2013 09:47:58 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
sdpiosys
 
 
Microsoft Office Sessions:
=========================
Error: (06/01/2013 09:42:10 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-06-02 08:10:47.973
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-06-02 08:10:47.802
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-05-09 06:58:35.547
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-05-09 06:58:35.453
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-05-09 06:58:22.074
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-05-09 06:58:21.871
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2011-02-20 20:19:17.008
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-02-17 01:15:52.344
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-02-16 20:45:35.697
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-02-15 22:25:34.437
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 34%
Total physical RAM: 3758.1 MB
Available physical RAM: 2474.64 MB
Total Pagefile: 7514.38 MB
Available Pagefile: 5687.21 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:284.9 GB) (Free:130.83 GB) NTFS (Disk=0 Partition=3)
Drive g: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
Drive h: () (Removable) (Total:14.92 GB) (Free:5.44 GB) FAT32 (Disk=1 Partition=1)
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: F999A93E)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=285 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 15 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=15 GB) - (Type=0C)
 
==================== End Of Log ============================


#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:41 PM

Posted 02 June 2013 - 05:22 AM

Hello soulguru



I need you to download this script I have made for you --> Attached File  fixlist.txt   256bytes   5 downloads

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

Run FRST again but this time press the Fix button just once and wait.


When finished, it will make a log (fixlog.txt) next to FRST. Please copy and paste the content of this file to your reply.


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 soulguru

soulguru
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:41 AM

Posted 02 June 2013 - 12:36 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-06-2013 02
Ran by Soulguru at 2013-06-02 18:33:46 Run:1
Running from C:\Users\Soulguru\Downloads
Boot Mode: Normal
==============================================
 
"C:\Program Files\Windows Defender" => Deleting junctions and unlocking files completed successfully.
"C:\Program Files\Microsoft Security Client" => Deleting junctions and unlocking files completed successfully.
C:\Windows\Installer\{5e5d55c1-2029-b5d3-a76e-9ec9eac9e29d} => Moved successfully.
 
=========  Dir /b /a:l "C:\Program Files" /s =========
 
File Not Found
 
========= End of CMD: =========
 
 
==== End of Fixlog ====


#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:41 PM

Posted 02 June 2013 - 01:16 PM

try to install MSE now and let me know



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 soulguru

soulguru
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:41 AM

Posted 02 June 2013 - 02:16 PM

Sadly I got exactly the same error message that I was getting right at the start. It stops installing at the same point and issues the exact same error message.

 

So sorry ;(



#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:41 PM

Posted 02 June 2013 - 03:58 PM




Hello soulguru

Malwarebytes Anti-Rootkit

1.Download Malwarebytes Anti-Rootkit
2.Unzip the contents to a folder in a convenient location.
3.Open the folder where the contents were unzipped and run mbar.exe
4.Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
5.Click on the Cleanup button to remove any threats and reboot if prompted to do so.
6.Wait while the system shuts down and the cleanup process is performed.
7.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
8.If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:
  • •Internet access
    •Windows Update
    •Windows Firewall
9.If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included with Malwarebytes Anti-Rootkit and reboot.
10.Verify that your system is now functioning normally.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.
When you are complete please send me both reports

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 soulguru

soulguru
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:41 AM

Posted 03 June 2013 - 03:04 AM

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-06-03 08:40:30
-----------------------------
08:40:30.555    OS Version: Windows x64 6.1.7601 Service Pack 1
08:40:30.555    Number of processors: 4 586 0x2505
08:40:30.555    ComputerName: SOULGURU-VAIO  UserName: Soulguru
08:40:31.865    Initialize success
08:41:58.993    AVAST engine defs: 13060201
08:43:02.901    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
08:43:02.911    Disk 0 Vendor: ST932032 0006 Size: 305245MB BusType: 3
08:43:03.081    Disk 0 MBR read successfully
08:43:03.091    Disk 0 MBR scan
08:43:03.101    Disk 0 Windows 7 default MBR code
08:43:03.111    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        13407 MB offset 2048
08:43:03.131    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 27459584
08:43:03.151    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       291736 MB offset 27664384
08:43:03.291    Disk 0 scanning C:\Windows\system32\drivers
08:43:20.053    Service scanning
08:43:58.521    Modules scanning
08:43:58.521    Disk 0 trace - called modules:
08:43:58.581    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys 
08:43:58.581    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800638b060]
08:43:58.581    3 CLASSPNP.SYS[fffff88001b0a43f] -> nt!IofCallDriver -> [0xfffffa800356be40]
08:43:58.581    5 ACPI.sys[fffff88000f6d7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004352050]
08:44:00.891    AVAST engine scan C:\Windows
08:44:04.822    AVAST engine scan C:\Windows\system32
08:48:30.485    AVAST engine scan C:\Windows\system32\drivers
08:48:50.563    AVAST engine scan C:\Users\Soulguru
09:04:10.514    Disk 0 MBR has been saved successfully to "C:\Users\Soulguru\Desktop\MBR.dat"
09:04:10.521    The log file has been saved successfully to "C:\Users\Soulguru\Desktop\aswMBR.txt"


#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:41 PM

Posted 03 June 2013 - 08:47 PM

Hello soulguru

 

 

did you run the MBAR tool and the fix damage component of it

 

 

 

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 soulguru

soulguru
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:41 AM

Posted 04 June 2013 - 01:43 PM

MBAR Tool Fix? 

 

Malwarebytes Anti-Rootkit did not say that there were any errors? 

 

Please advise.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users