Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Run DLL Error at startup


  • Please log in to reply
9 replies to this topic

#1 Jamiee9488

Jamiee9488

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia
  • Local time:03:24 PM

Posted 10 December 2013 - 05:34 PM

 
Scan saved at 5:31:31 PM, on 12/10/2013
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16520)
Boot mode: Normal
 
Running processes:
C:\Windows\system32\taskeng.exe
C:\Program Files\Uniblue\MaxiDisk\mdmonitor.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Sony\VAIO Care\VCSpt.exe
C:\Windows\Explorer.EXE
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Innovative Solutions\DriverMax\drivermax.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\Users\Jamie.OURS\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jamie.OURS\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jamie.OURS\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jamie.OURS\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jamie.OURS\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jamie.OURS\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jamie.OURS\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\SearchFilterHost.exe
 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
O2 - BHO: (no name) - {6C8DB2EC-499B-4897-A784-0E3186C97E9D} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DriverMax] "C:\Program Files\Innovative Solutions\DriverMax\drivermax.exe" -agent
O4 - HKCU\..\Run: [HP Deskjet 3050A J611 series (NET)] "C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN18A4419H05PJ:NW" -scfn "HP Deskjet 3050A J611 series (NET)" -AutoStart 1
O4 - HKCU\..\Run: [DriverMax_RESTART] "C:\Program Files\Innovative Solutions\DriverMax\drivermax.exe" -RESTART
O4 - HKCU\..\Run: [ConduitFloatingPlugin_banjjklfojcdbofbhbgiedekefohoaff] "C:\Windows\system32\Rundll32.exe" "C:\Users\JAMIE~1.OUR\AppData\Local\Temp\CT3310511\plugins\TBVerifier.dll",RunConduitFloatingPlugin banjjklfojcdbofbhbgiedekefohoaff
O4 - HKCU\..\Run: [TBHostSupport] "C:\Windows\system32\Rundll32.exe" "C:\Users\Jamie.OURS\AppData\Local\TBHostSupport\TBHostSupport.dll",DLLRunTBHostSupportPlugin
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: AutorunsDisabled
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FBDiskOptimizer - FixBee., (www.fixbee.com) - C:\Program Files\FixBee\FBDefragSrv.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: VAIO Care Performance Service (SampleCollector) - Sony Corporation - C:\Program Files\Sony\VAIO Care\VCPerfService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VUAgent - Sony Corporation - C:\Program Files\Sony\VAIO Update\VUAgent.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
 
--
End of file - 8566 bytes
 


BC AdBot (Login to Remove)

 


#2 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:09:24 PM

Posted 13 December 2013 - 06:14 PM

Hi Jamie

Please take note of the following:

1. Please do not run any other tools unless instructed.
2. The cleaning process is not instant. Please continue to review my answers until I tell you that your computer is clean.
3. If there's anything that you don't understand, please ask your question(s) before proceeding with the fixes.
4. Please reply to this thread. Do not start a new topic.



Step 1
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
Step 2
Note:
There are both 32-bit and 64-bit versions of Farbar Recovery Scan Tool available. Please pick the version that matches your operating system's bit type.

If you are unsure what you're system bit type is..... click Here for help.

For x32 bit systems download Farbar Recovery Scan Tool and save it to your Desktop.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your Desktop.
  • Double-click the downloaded icon to run the tool.

    frsticon_zpsdc3cbdc3.png
  • When the tool opens click Yes to disclaimer.

    frstdis_zps7f598f12.png
  • Press Scan button.

    frst_zps6548371f.png
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also.
In your next reply, please submit:
JRT.txt
AdwCleaner[S0].txt
and both reports from FRST


Thanks.

BBPP6nz.png


#3 Jamiee9488

Jamiee9488
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia
  • Local time:03:24 PM

Posted 14 December 2013 - 11:06 PM

~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows Vista ™ Home Premium x86
Ran by Jamie on Sat 12/14/2013 at 22:28:01.06
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ConduitFloatingPlugin_banjjklfojcdbofbhbgiedekefohoaff
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113}
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\\Default
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\searchURL\\Default
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\dsiteproducts
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\im
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminent
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminstaller
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sparktrust
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\speedypc software
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\wecarereminder
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\dynconie
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\lyricsdroid
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\iminent
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\installiq
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sparktrust
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\speedypc software
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\tarma installer
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylntlbr.bbylntlbrhlpr
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylntlbr.bbylntlbrhlpr.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\driverscanner
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\ftdownloader
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\speedupmypc
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\openit open it!
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{e55b3271-7ca8-4d0c-ae06-69a24856e996}_is1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3287810
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3310511
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501158}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501158}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{91607fa7-3c2f-4f90-93e3-d5337a6b0ac2}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{F140B410-8787-4A2D-9AD6-C9CF59A0F835}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C8DB2EC-499B-4897-A784-0E3186C97E9D}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\Windows\Tasks\spmonitor.job
Successfully deleted: [File] "C:\Users\Jamie.OURS\appdata\local\google\chrome\user data\default\local storage\http_app.mam.conduit.com_0.localstorage"
Successfully deleted: [File] "C:\Users\Jamie.OURS\appdata\local\google\chrome\user data\default\local storage\http_app.mam.conduit.com_0.localstorage-journal"
Successfully deleted: [File] "C:\Users\Jamie.OURS\appdata\locallow\SkwConfig.bin"
Successfully deleted: [File] "C:\Users\Public\Desktop\open it!.lnk"
Successfully deleted: [File] "C:\Users\Public\Desktop\speedupmypc.lnk"
Successfully deleted: [File] "C:\Users\Jamie.OURS\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\speedupmypc.lnk"
Successfully deleted: [File] "C:\end"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\ammyy"
Successfully deleted: [Folder] "C:\ProgramData\conduit"
Successfully deleted: [Folder] "C:\ProgramData\sparktrust"
Successfully deleted: [Folder] "C:\ProgramData\visualbee"
Successfully deleted: [Folder] "C:\Users\Jamie.OURS\AppData\Roaming\drivercure"
Successfully deleted: [Folder] "C:\Users\Jamie.OURS\AppData\Roaming\dsite"
Successfully deleted: [Folder] "C:\Users\Jamie.OURS\appdata\local\apn"
Successfully deleted: [Folder] "C:\Users\Jamie.OURS\appdata\local\babylon"
Successfully deleted: [Folder] "C:\Users\Jamie.OURS\appdata\local\blekkotb_soc"
Successfully deleted: [Folder] "C:\Users\Jamie.OURS\appdata\local\browsersafeguard"
Successfully deleted: [Folder] "C:\Users\Jamie.OURS\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\Jamie.OURS\appdata\local\cre"
Successfully deleted: [Folder] "C:\Users\Jamie.OURS\appdata\local\searchprotect"
Successfully deleted: [Folder] "C:\Users\Jamie.OURS\appdata\local\swvupdater"
Successfully deleted: [Folder] "C:\Users\Jamie.OURS\appdata\locallow\blekkotb_soc"
Successfully deleted: [Folder] "C:\Users\Jamie.OURS\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Jamie.OURS\appdata\locallow\dealio"
Successfully deleted: [Folder] "C:\Users\Jamie.OURS\appdata\locallow\searchqutoolbar"
Successfully deleted: [Folder] "C:\Program Files\conduit"
Successfully deleted: [Folder] "C:\Program Files\coupons"
Successfully deleted: [Folder] "C:\Program Files\mypc backup"
Successfully deleted: [Folder] "C:\Program Files\openit"
Successfully deleted: [Folder] "C:\Program Files\regwork"
Successfully deleted: [Folder] "C:\Program Files\searchprotect"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\open it!"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\uniblue"
Successfully deleted: [Folder] "C:\Windows\system32\ai_recyclebin"
Successfully deleted: [Folder] "C:\ai_recyclebin"
Successfully deleted: [Folder] "C:\Users\Jamie.OURS\documents\smart pc cleaner"
 
 
 
~~~ Chrome
 
Successfully deleted: [Folder] C:\Users\Jamie.OURS\appdata\local\Google\Chrome\User Data\Default\Extensions\mpcknfcdcgpffjddjeceioobdelceffo
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\banjjklfojcdbofbhbgiedekefohoaff
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\banjjklfojcdbofbhbgiedekefohoaff
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 12/14/2013 at 22:31:38.13
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# AdwCleaner v3.015 - Report created 14/12/2013 at 22:46:56
# Updated 10/12/2013 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : Jamie - JAMIEEDMONDS
# Running from : C:\Users\Jamie.OURS\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Deleted : C:\Windows\System32\Tasks\NCH Software
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\Software\Uniblue
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16520
 
 
-\\ Mozilla Firefox v
 
-\\ Google Chrome v
 
*************************
 
AdwCleaner[R0].txt - [9050 octets] - [14/12/2013 22:36:13]
AdwCleaner[R1].txt - [1005 octets] - [14/12/2013 22:45:59]
AdwCleaner[S0].txt - [9016 octets] - [14/12/2013 22:37:24]
AdwCleaner[S1].txt - [836 octets] - [14/12/2013 22:46:56]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [895 octets] ##########
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-12-2013 01
Ran by Jamie (administrator) on JAMIEEDMONDS on 14-12-2013 23:00:49
Running from C:\Users\Jamie.OURS\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
==================== Processes (Whitelisted) ===================
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(FixBee., (www.fixbee.com)) C:\Program Files\FixBee\FBDefragSrv.exe
(Uniblue Systems Limited) C:\Program Files\Uniblue\MaxiDisk\mdmonitor.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSpt.exe
(Sony Corporation) C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Sony Corporation) C:\Program Files\Sony\ISB Utility\ISBMgr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.21.165\GoogleCrashHandler.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Innovative Solutions) C:\Program Files\Innovative Solutions\DriverMax\drivermax.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Sony Corporation) C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Google Inc.) C:\Users\Jamie.OURS\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jamie.OURS\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jamie.OURS\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jamie.OURS\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jamie.OURS\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jamie.OURS\AppData\Local\Google\Chrome\Application\chrome.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
(Sony of America Corporation) C:\Program Files\Sony\VAIO Care\listener.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCsystray.exe
(Google Inc.) C:\Users\Jamie.OURS\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [] - [x]
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4317184 2007-02-05] (Realtek Semiconductor)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [ISBMgr.exe] - C:\Program Files\Sony\ISB Utility\ISBMgr.exe [321656 2007-01-22] (Sony Corporation)
HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\hpwuschd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint\Apoint.exe [118784 2006-11-13] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
Winlogon\Notify\VESWinlogon: C:\Windows\system32\VESWinlogon.dll (Sony Corporation)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [125952 2008-01-19] (Microsoft Corporation)
HKCU\...\Run: [HP Deskjet 3050A J611 series (NET)] - C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe [1837672 2012-10-17] (Hewlett-Packard Co.)
HKCU\...\Run: [DriverMax] - C:\Program Files\Innovative Solutions\DriverMax\drivermax.exe [8220536 2013-12-02] (Innovative Solutions)
HKCU\...\Run: [DriverMax_RESTART] - [x]
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKCU\...\Policies\Explorer: [NoRecentDocsMenu] 0
HKCU\...\Policies\Explorer: [HideSCAHealth] 1
HKU\Guest\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Guest\...\Run: [HP Deskjet 3050A J611 series (NET)] - C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe [ 2012-10-17] (Hewlett-Packard Co.)
HKU\Guest\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [ 2008-01-19] (Microsoft Corporation)
HKU\Guest\...\Policies\system: [LogonHoursAction] 2
HKU\Guest\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.symantecstore.com/promo=147023/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
URLSearchHook: HKLM - (No Name) - {7093ee04-f2e4-4637-a667-0f730797b3a0} -  No File
URLSearchHook: HKCU - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} -  No File
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - OldDefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5}
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.226
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.4 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Jamie.OURS\AppData\Local\Google\Update\1.3.21.129\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Jamie.OURS\AppData\Local\Google\Update\1.3.21.129\npGoogleUpdate3.dll (Google Inc.)
FF Extension: No Name - C:\Users\Jamie.OURS\AppData\Roaming\Mozilla\Firefox\profiles\extensions\searchplugins
FF Extension: No Name - C:\Users\Jamie.OURS\AppData\Roaming\Mozilla\Firefox\profiles\extensions\extensions.sqlite
FF Extension: ftdownloader3 - C:\Users\Jamie.OURS\AppData\Roaming\Mozilla\Firefox\profiles\extensions\ftdownloader3@ftdownloader.com.xpi
FF Extension: mp3rocketdownloader - C:\Users\Jamie.OURS\AppData\Roaming\Mozilla\Firefox\profiles\extensions\mp3rocketdownloader@mp3rocket.me.xpi
FF Extension: No Name - C:\Users\Jamie.OURS\AppData\Roaming\Mozilla\Firefox\profiles\extensions\prefs.js
FF Extension: No Name - C:\Users\Jamie.OURS\AppData\Roaming\Mozilla\Firefox\profiles\extensions\search.sqlite
FF Extension: No Name - C:\Users\Jamie.OURS\AppData\Roaming\Mozilla\Firefox\profiles\extensions\user.js
FF Extension: No Name - C:\Users\Jamie.OURS\AppData\Roaming\Mozilla\Firefox\profiles\extensions\user.js.orig
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
 
Chrome: 
=======
CHR HomePage: hxxp://yahoo.com/
CHR RestoreOnStartup: "hxxp://websearch.pu-results.info/?pid=708&r=2013/04/07&hid=4080140176&lg=EN&cc=US", "hxxp://search.conduit.com/?ctid=CT3287810&SearchSource=48&CUI=UN17208243651458826&UM=2", "
CHR DefaultSearchKeyword: google.com
CHR DefaultSearchProvider: Google
CHR DefaultSearchURL: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultNewTabURL: {google:baseURL}_/chrome/newtab?{google:RLZ}{google:instantExtendedEnabledParameter}{google:ntpIsThemedParameter}ie={inputEncoding}
CHR Extension: (Google Docs) - C:\Users\Jamie.OURS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (YouTube) - C:\Users\Jamie.OURS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Jamie.OURS\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Integrated Search for Android Market™) - C:\Users\Jamie.OURS\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgepkjdngmojgfdefflbpehffeglobmg\1.1_0
CHR Extension: (Morpheon Dark - Aero) - C:\Users\Jamie.OURS\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpnbbonpgadmkipdlclghcekaklebdpi\1.2_0
CHR Extension: (Weather Watcher Live) - C:\Users\Jamie.OURS\AppData\Local\Google\Chrome\User Data\Default\Extensions\migekhbneabjkfadmgpimohcoclbbcfp\1.0.17_0
CHR Extension: (Google Wallet) - C:\Users\Jamie.OURS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_1
CHR Extension: (Offline Solitaire) - C:\Users\Jamie.OURS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojldfpglenpceffckkjhajofdbpkfgmn\8_0
CHR StartMenuInternet: Google Chrome - C:\Users\bob\AppData\Local\Google\Chrome\Application\chrome.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
========================== Services (Whitelisted) =================
 
R2 FBDiskOptimizer; C:\Program Files\FixBee\FBDefragSrv.exe [608568 2011-08-11] (FixBee., (www.fixbee.com))
S4 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S4 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
S3 MSSQL$VAIO_VEDB; C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft Corporation)
S3 PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [57344 2006-12-14] ()
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [187792 2010-08-12] (Sony Corporation)
S3 SPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [69632 2006-12-14] (Sony Corporation)
R2 VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [182392 2007-02-13] (Sony Corporation)
S3 VAIOMediaPlatform-IntegratedServer-AppServer; C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe [2818048 2007-09-23] (Sony Corporation)
S3 VAIOMediaPlatform-IntegratedServer-UPnP; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [1089536 2007-08-08] (Sony Corporation)
S3 VAIOMediaPlatform-UCLS-AppServer; C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe [745472 2007-01-10] (Sony Corporation)
S3 VAIOMediaPlatform-UCLS-UPnP; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [1089536 2007-08-08] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1020976 2013-09-25] (Sony Corporation)
S4 HPHNDUSVC; C:\Users\JAMIE~1.OUR\AppData\Local\Temp\7zS7D7A\HPHNDUSVC.dll [x]
S2 SymAppCore; 
S3 VAIOMediaPlatform-IntegratedServer-HTTP; "C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP" [x]
S3 VAIOMediaPlatform-Mobile-Gateway; "C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server" [x]
S3 VAIOMediaPlatform-UCLS-HTTP; "C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-UCLS-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\UCLS\HTTP" [x]
 
==================== Drivers (Whitelisted) ====================
 
S0 amdkmafd; C:\Windows\System32\DRIVERS\amdkmafd.sys [15968 2013-03-14] (Advanced Micro Devices, Inc.)
R3 HSFHWAZL; C:\Windows\System32\DRIVERS\HSF_HWAZL.sys [210688 2008-05-08] (Conexant Systems, Inc.)
S4 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 motport; C:\Windows\System32\DRIVERS\motport.sys [23680 2007-06-18] (Motorola)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
R0 MxEFUF; C:\Windows\System32\DRIVERS\MxEFUF32.sys [102728 2010-11-04] (Matrox Graphics Inc.)
R3 ti21sony; C:\Windows\System32\drivers\ti21sony.sys [812544 2007-04-23] (Texas Instruments)
S3 usbbus; C:\Windows\System32\DRIVERS\lgusbbus.sys [13056 2008-11-11] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgusbdiag.sys [19968 2008-11-11] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgusbmodem.sys [24832 2008-11-11] (LG Electronics Inc.)
S3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2006-11-01] (America Online, Inc.)
S4 blbdrive; No ImagePath
S4 Cdr4_xp; No ImagePath
S4 Cdralw2k; No ImagePath
S3 esgiguard; No ImagePath
S4 HSXHWAZL; No ImagePath
S4 IpInIp; No ImagePath
S4 MCSTRM; No ImagePath
S4 mdmxsdk; No ImagePath
S4 NwlnkFlt; No ImagePath
S4 NwlnkFwd; No ImagePath
S4 XAudio; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-12-14 23:00 - 2013-12-14 23:01 - 00017400 _____ C:\Users\Jamie.OURS\Desktop\FRST.txt
2013-12-14 23:00 - 2013-12-14 23:00 - 00000000 ____D C:\FRST
2013-12-14 22:59 - 2013-12-14 22:59 - 01060897 _____ (Farbar) C:\Users\Jamie.OURS\Desktop\FRST.exe
2013-12-14 22:36 - 2013-12-14 22:46 - 00000000 ____D C:\AdwCleaner
2013-12-14 22:35 - 2013-12-14 22:35 - 01226802 _____ C:\Users\Jamie.OURS\Desktop\AdwCleaner.exe
2013-12-14 22:31 - 2013-12-14 22:31 - 00009780 _____ C:\Users\Jamie.OURS\Desktop\JRT.txt
2013-12-14 22:27 - 2013-12-14 22:27 - 00000000 ____D C:\Windows\ERUNT
2013-12-14 22:26 - 2013-12-14 22:26 - 01034531 _____ (Thisisu) C:\Users\Jamie.OURS\Desktop\JRT.exe
2013-12-14 17:39 - 2013-12-14 17:40 - 08448192 _____ (Innovative Solutions                                        ) C:\Users\Jamie.OURS\Desktop\drivermax_7_25_cnet.exe
2013-12-10 16:52 - 2013-12-10 17:31 - 00002493 _____ C:\Users\Jamie.OURS\Desktop\HiJackThis.lnk
2013-12-10 16:52 - 2013-12-10 16:52 - 00000000 ____D C:\Users\Jamie.OURS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2013-12-10 12:36 - 2010-11-04 15:18 - 00102728 _____ (Matrox Graphics Inc.) C:\Windows\system32\Drivers\MxEFUF32.sys
2013-12-10 12:34 - 2010-06-02 14:49 - 00738360 _____ (Conexant Systems, Inc.) C:\Windows\system32\Drivers\HSF_CNXT.sys
2013-12-10 12:34 - 2008-05-08 14:53 - 00985472 _____ (Conexant Systems, Inc.) C:\Windows\system32\Drivers\HSF_DP.sys
2013-12-10 12:34 - 2008-05-08 14:52 - 00210688 _____ (Conexant Systems, Inc.) C:\Windows\system32\Drivers\HSF_HWAZL.sys
2013-12-10 12:34 - 2008-03-27 12:33 - 00146146 _____ C:\Windows\system32\Drivers\HSFLProf.cty
2013-12-10 12:34 - 2007-08-03 10:40 - 00143792 _____ C:\Windows\system32\Drivers\HSFProf.cty
2013-12-10 12:34 - 2006-09-19 06:42 - 00141572 _____ C:\Windows\system32\Drivers\HSFSProf.cty
2013-12-10 12:34 - 2006-09-19 06:42 - 00141392 _____ C:\Windows\system32\Drivers\HSFTProf.cty
2013-12-10 12:34 - 2006-09-19 06:42 - 00133972 _____ C:\Windows\system32\Drivers\HSFDProf.cty
2013-12-10 12:34 - 2006-09-19 06:42 - 00133528 _____ C:\Windows\system32\Drivers\HSFEProf.cty
2013-12-10 11:42 - 2013-12-10 22:56 - 00000000 ____D C:\Program Files\OpenDownloaderManager
2013-12-09 23:34 - 2013-12-10 11:20 - 00009408 _____ C:\Users\Jamie.OURS\Desktop\PoolLiveTour 7-6.ct
2013-12-09 21:18 - 2013-12-09 21:28 - 91840784 _____ (Microsoft Corporation) C:\Users\Jamie.OURS\Desktop\Microsoft Safety Scanner.exe
2013-12-09 20:46 - 2013-12-09 20:46 - 00000000 ____D C:\Users\Jamie.OURS\AppData\Roaming\TeamViewer
2013-12-09 20:45 - 2013-12-09 20:46 - 04555312 _____ (TeamViewer) C:\Users\Jamie.OURS\Documents\TeamViewerQS_en.exe
2013-12-09 14:12 - 2013-12-09 14:12 - 00117660 _____ C:\Users\Jamie.OURS\Documents\jeep wiring diagram
2013-12-09 09:11 - 2013-12-09 09:11 - 00000000 ____D C:\Users\Jamie
2013-12-09 09:07 - 2013-09-09 02:57 - 00554832 _____ (Microsoft Corporation) C:\Windows\system32\msvcp80.dll
2013-12-09 09:07 - 2013-09-09 02:57 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\msvcm80.dll
2013-12-09 09:07 - 2013-09-09 02:57 - 00001870 _____ C:\Windows\system32\Microsoft.VC80.CRT.manifest
2013-12-09 07:22 - 2013-12-09 07:22 - 00000000 ____D C:\Users\Jamie.OURS\AppData\Roaming\FixBee
2013-12-09 04:02 - 2013-03-14 22:17 - 00015968 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\amdkmafd.sys
2013-12-08 17:12 - 2013-12-08 17:12 - 00000000 _____ C:\Windows\Model.log
2013-12-03 21:15 - 2013-12-03 21:15 - 00020480 _____ C:\Users\Jamie.OURS\Documents\Paul Walkers Car.jpeg
2013-12-03 17:07 - 2013-12-03 17:07 - 00002033 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-12-03 17:03 - 2013-12-14 22:51 - 00000880 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-03 17:03 - 2013-12-03 21:08 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-03 17:03 - 2013-12-03 17:03 - 00819152 _____ (Google Inc.) C:\Users\Jamie.OURS\Documents\GoogleEarthSetup.exe
2013-12-03 15:42 - 2013-12-14 18:54 - 00000795 _____ C:\Windows\setupact.log
2013-12-03 15:42 - 2013-12-03 15:42 - 00000000 _____ C:\Windows\setuperr.log
2013-12-03 15:33 - 2013-12-10 12:37 - 00040102 _____ C:\Windows\DPINST.LOG
2013-12-02 18:33 - 2013-08-09 10:24 - 00203776 _____ (Hewlett-Packard) C:\Windows\system32\hpbprtmonui.dll
2013-12-02 18:33 - 2013-08-09 10:23 - 00516608 _____ (Hewlett-Packard) C:\Windows\system32\hpbrprtmon.dll
2013-12-02 18:33 - 2013-08-09 10:23 - 00335360 _____ (Hewlett-Packard) C:\Windows\system32\hpbprtmon.dll
2013-12-02 18:32 - 2013-12-02 18:32 - 00000000 ____D C:\Users\Jamie.OURS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP
2013-12-02 18:29 - 2013-12-02 18:30 - 00000000 ____D C:\HP_ePrint
2013-12-02 18:24 - 2013-12-02 18:29 - 58738880 _____ C:\Users\Jamie.OURS\Documents\HP-ePrint-win-4.5.52.12202.exe
2013-12-02 18:04 - 2013-12-02 18:04 - 00001748 _____ C:\Users\Public\Desktop\HP Photo Creations.lnk
2013-12-02 18:04 - 2013-12-02 18:04 - 00000000 ____D C:\ProgramData\HP Photo Creations
2013-12-02 18:04 - 2013-12-02 18:04 - 00000000 ____D C:\Program Files\HP Photo Creations
2013-12-02 18:03 - 2013-12-02 18:03 - 00002147 _____ C:\Users\Public\Desktop\HP Deskjet 3050A J611 series.lnk
2013-12-02 18:03 - 2013-12-02 18:03 - 00001817 _____ C:\Users\Public\Desktop\HP ePrintCenter - HP Deskjet 3050A J611 series.lnk
2013-12-02 18:03 - 2013-12-02 18:03 - 00001064 _____ C:\Users\Public\Desktop\Shop for Supplies - HP Deskjet 3050A J611 series.lnk
2013-12-02 18:03 - 2012-10-17 04:04 - 00580712 ____N (Hewlett-Packard Co.) C:\Windows\system32\HPDiscoPMa011.dll
2013-12-02 17:47 - 2013-12-02 17:55 - 57044320 _____ C:\Users\Jamie.OURS\Documents\DJ3050A_J611_1315.exe
2013-12-02 17:44 - 2013-12-02 17:45 - 00001753 _____ C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk
2013-12-02 17:43 - 2013-12-02 17:45 - 06123336 _____ C:\Users\Jamie.OURS\Documents\HPPSdr.exe
2013-12-02 10:29 - 2013-12-14 17:34 - 00043492 _____ C:\Windows\PFRO.log
2013-12-02 09:09 - 2013-12-14 17:42 - 00000987 _____ C:\Users\Jamie.OURS\Desktop\DriverMax.lnk
2013-12-02 09:09 - 2013-12-02 09:09 - 00000000 ____D C:\Program Files\Innovative Solutions
2013-12-02 09:07 - 2013-12-02 09:08 - 08431184 _____ (Innovative Solutions                                        ) C:\Users\Jamie.OURS\Documents\drivermax_7_24_cnet_dealply.exe
2013-12-02 04:32 - 2013-12-02 04:32 - 00000000 ____D C:\Users\Jamie.OURS\AppData\Local\Innovative Solutions
2013-11-19 18:01 - 2013-12-10 12:10 - 00000000 ____D C:\Users\Jamie.OURS\AppData\Roaming\Open Download Manager
2013-11-19 17:58 - 2013-11-19 17:58 - 00299736 _____ (My Company) C:\Users\Jamie.OURS\Documents\Setup_ODM.exe
2013-11-19 16:55 - 2013-12-02 06:49 - 00000000 ____D C:\Users\Jamie.OURS\Documents\1999 DT466E sputter vibration power loss - TheDieselGarage.com_files
2013-11-19 16:55 - 2013-11-19 16:55 - 00129415 _____ C:\Users\Jamie.OURS\Documents\1999 DT466E sputter vibration power loss - TheDieselGarage.com.htm
 
==================== One Month Modified Files and Folders =======
 
2013-12-14 23:01 - 2013-12-14 23:00 - 00017400 _____ C:\Users\Jamie.OURS\Desktop\FRST.txt
2013-12-14 23:00 - 2013-12-14 23:00 - 00000000 ____D C:\FRST
2013-12-14 23:00 - 2012-10-01 17:27 - 00000000 ____D C:\Users\Default
2013-12-14 22:59 - 2013-12-14 22:59 - 01060897 _____ (Farbar) C:\Users\Jamie.OURS\Desktop\FRST.exe
2013-12-14 22:58 - 2013-06-08 23:29 - 01985500 _____ C:\Windows\WindowsUpdate.log
2013-12-14 22:58 - 2012-12-25 11:33 - 00000779 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2013-12-14 22:52 - 2006-11-02 07:47 - 00003952 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-14 22:52 - 2006-11-02 07:47 - 00003952 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-14 22:51 - 2013-12-03 17:03 - 00000880 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-14 22:50 - 2013-10-18 21:52 - 00000318 _____ C:\Windows\Tasks\mdmonitor.job
2013-12-14 22:50 - 2008-08-27 19:45 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2013-12-14 22:50 - 2006-11-02 08:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-14 22:50 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\registration
2013-12-14 22:47 - 2006-11-02 08:01 - 00032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-14 22:46 - 2013-12-14 22:36 - 00000000 ____D C:\AdwCleaner
2013-12-14 22:37 - 2012-07-25 04:19 - 00000000 ____D C:\Program Files\Uniblue
2013-12-14 22:35 - 2013-12-14 22:35 - 01226802 _____ C:\Users\Jamie.OURS\Desktop\AdwCleaner.exe
2013-12-14 22:31 - 2013-12-14 22:31 - 00009780 _____ C:\Users\Jamie.OURS\Desktop\JRT.txt
2013-12-14 22:27 - 2013-12-14 22:27 - 00000000 ____D C:\Windows\ERUNT
2013-12-14 22:26 - 2013-12-14 22:26 - 01034531 _____ (Thisisu) C:\Users\Jamie.OURS\Desktop\JRT.exe
2013-12-14 18:55 - 2006-11-02 05:33 - 00897340 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-14 18:54 - 2013-12-03 15:42 - 00000795 _____ C:\Windows\setupact.log
2013-12-14 17:42 - 2013-12-02 09:09 - 00000987 _____ C:\Users\Jamie.OURS\Desktop\DriverMax.lnk
2013-12-14 17:40 - 2013-12-14 17:39 - 08448192 _____ (Innovative Solutions                                        ) C:\Users\Jamie.OURS\Desktop\drivermax_7_25_cnet.exe
2013-12-14 17:40 - 2012-07-19 03:53 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-12-14 17:40 - 2012-01-06 15:00 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-12-14 17:34 - 2013-12-02 10:29 - 00043492 _____ C:\Windows\PFRO.log
2013-12-14 17:34 - 2013-03-11 00:22 - 00000000 ____D C:\Windows\MATS
2013-12-10 22:56 - 2013-12-10 11:42 - 00000000 ____D C:\Program Files\OpenDownloaderManager
2013-12-10 22:56 - 2012-06-21 17:08 - 00000000 ____D C:\Program Files\FrostWire 5
2013-12-10 20:15 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\tracing
2013-12-10 17:31 - 2013-12-10 16:52 - 00002493 _____ C:\Users\Jamie.OURS\Desktop\HiJackThis.lnk
2013-12-10 16:52 - 2013-12-10 16:52 - 00000000 ____D C:\Users\Jamie.OURS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2013-12-10 12:37 - 2013-12-03 15:33 - 00040102 _____ C:\Windows\DPINST.LOG
2013-12-10 12:37 - 2011-12-27 20:11 - 00000000 ____D C:\Users\Jamie.OURS
2013-12-10 12:10 - 2013-11-19 18:01 - 00000000 ____D C:\Users\Jamie.OURS\AppData\Roaming\Open Download Manager
2013-12-10 11:46 - 2011-07-11 00:04 - 00000000 ____D C:\Users\Guest
2013-12-10 11:20 - 2013-12-09 23:34 - 00009408 _____ C:\Users\Jamie.OURS\Desktop\PoolLiveTour 7-6.ct
2013-12-10 09:39 - 2013-11-01 07:06 - 00000000 ____D C:\Users\Jamie.OURS\Documents\My Cheat Tables
2013-12-09 21:28 - 2013-12-09 21:18 - 91840784 _____ (Microsoft Corporation) C:\Users\Jamie.OURS\Desktop\Microsoft Safety Scanner.exe
2013-12-09 20:46 - 2013-12-09 20:46 - 00000000 ____D C:\Users\Jamie.OURS\AppData\Roaming\TeamViewer
2013-12-09 20:46 - 2013-12-09 20:45 - 04555312 _____ (TeamViewer) C:\Users\Jamie.OURS\Documents\TeamViewerQS_en.exe
2013-12-09 14:12 - 2013-12-09 14:12 - 00117660 _____ C:\Users\Jamie.OURS\Documents\jeep wiring diagram
2013-12-09 10:55 - 2011-12-27 20:45 - 00000000 ____D C:\Users\Jamie.OURS\AppData\Local\Google
2013-12-09 09:45 - 2011-12-27 20:12 - 00000000 ____D C:\Users\Jamie.OURS\AppData\Roaming\Sony Corporation
2013-12-09 09:44 - 2009-04-19 08:43 - 00000000 ____D C:\Program Files\Google
2013-12-09 09:44 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\system32\spool
2013-12-09 09:11 - 2013-12-09 09:11 - 00000000 ____D C:\Users\Jamie
2013-12-09 09:09 - 2013-10-31 22:42 - 00000000 ____D C:\Users\Jamie.OURS\AppData\Local\NativeMessaging
2013-12-09 07:22 - 2013-12-09 07:22 - 00000000 ____D C:\Users\Jamie.OURS\AppData\Roaming\FixBee
2013-12-09 07:21 - 2011-12-27 20:16 - 00000000 ____D C:\Users\Jamie.OURS\AppData\Roaming\Adobe
2013-12-09 03:35 - 2012-02-07 18:23 - 00000000 ____D C:\Users\Jamie.OURS\AppData\Local\Adobe
2013-12-09 02:58 - 2013-06-09 00:11 - 00000680 _____ C:\Users\Jamie.OURS\AppData\Local\d3d9caps.dat
2013-12-08 17:52 - 2011-12-28 21:23 - 00000000 ____D C:\Users\Jamie.OURS\AppData\Roaming\HpUpdate
2013-12-08 17:36 - 2012-03-13 21:04 - 00002109 _____ C:\Users\Jamie.OURS\Desktop\Google Chrome.lnk
2013-12-08 17:12 - 2013-12-08 17:12 - 00000000 _____ C:\Windows\Model.log
2013-12-08 17:12 - 2010-01-05 13:24 - 00000021 _____ C:\Windows\Model.txt
2013-12-03 21:15 - 2013-12-03 21:15 - 00020480 _____ C:\Users\Jamie.OURS\Documents\Paul Walkers Car.jpeg
2013-12-03 21:08 - 2013-12-03 17:03 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-03 17:07 - 2013-12-03 17:07 - 00002033 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-12-03 17:03 - 2013-12-03 17:03 - 00819152 _____ (Google Inc.) C:\Users\Jamie.OURS\Documents\GoogleEarthSetup.exe
2013-12-03 15:42 - 2013-12-03 15:42 - 00000000 _____ C:\Windows\setuperr.log
2013-12-02 18:32 - 2013-12-02 18:32 - 00000000 ____D C:\Users\Jamie.OURS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP
2013-12-02 18:31 - 2011-12-28 21:18 - 00000000 ____D C:\ProgramData\HP
2013-12-02 18:31 - 2011-12-28 21:18 - 00000000 ____D C:\Program Files\HP
2013-12-02 18:30 - 2013-12-02 18:29 - 00000000 ____D C:\HP_ePrint
2013-12-02 18:29 - 2013-12-02 18:24 - 58738880 _____ C:\Users\Jamie.OURS\Documents\HP-ePrint-win-4.5.52.12202.exe
2013-12-02 18:04 - 2013-12-02 18:04 - 00001748 _____ C:\Users\Public\Desktop\HP Photo Creations.lnk
2013-12-02 18:04 - 2013-12-02 18:04 - 00000000 ____D C:\ProgramData\HP Photo Creations
2013-12-02 18:04 - 2013-12-02 18:04 - 00000000 ____D C:\Program Files\HP Photo Creations
2013-12-02 18:03 - 2013-12-02 18:03 - 00002147 _____ C:\Users\Public\Desktop\HP Deskjet 3050A J611 series.lnk
2013-12-02 18:03 - 2013-12-02 18:03 - 00001817 _____ C:\Users\Public\Desktop\HP ePrintCenter - HP Deskjet 3050A J611 series.lnk
2013-12-02 18:03 - 2013-12-02 18:03 - 00001064 _____ C:\Users\Public\Desktop\Shop for Supplies - HP Deskjet 3050A J611 series.lnk
2013-12-02 18:00 - 2006-11-02 07:37 - 00000000 ____D C:\Windows\twain_32
2013-12-02 17:55 - 2013-12-02 17:47 - 57044320 _____ C:\Users\Jamie.OURS\Documents\DJ3050A_J611_1315.exe
2013-12-02 17:45 - 2013-12-02 17:44 - 00001753 _____ C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk
2013-12-02 17:45 - 2013-12-02 17:43 - 06123336 _____ C:\Users\Jamie.OURS\Documents\HPPSdr.exe
2013-12-02 16:54 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-12-02 10:41 - 2013-11-01 02:23 - 00000000 ____D C:\Program Files\Cheat Engine 6.2
2013-12-02 10:41 - 2013-11-01 01:35 - 00000000 ____D C:\Users\Jamie.OURS\AppData\Local\Mobogenie
2013-12-02 10:41 - 2013-11-01 01:35 - 00000000 ____D C:\Users\Jamie.OURS\AppData\Local\cache
2013-12-02 10:41 - 2007-02-24 13:51 - 00000000 ____D C:\ProgramData\Sony Corporation
2013-12-02 10:22 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\system32\LogFiles
2013-12-02 10:16 - 2012-07-28 04:16 - 00257747 _____ C:\test.xml
2013-12-02 09:09 - 2013-12-02 09:09 - 00000000 ____D C:\Program Files\Innovative Solutions
2013-12-02 09:08 - 2013-12-02 09:07 - 08431184 _____ (Innovative Solutions                                        ) C:\Users\Jamie.OURS\Documents\drivermax_7_24_cnet_dealply.exe
2013-12-02 08:50 - 2013-05-18 22:46 - 00000000 ____D C:\Users\Jamie.OURS\AppData\Local\Windows Live
2013-12-02 06:53 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\system32\Msdtc
2013-12-02 06:51 - 2006-11-02 05:22 - 50331648 _____ C:\Windows\system32\config\software_previous
2013-12-02 06:51 - 2006-11-02 05:22 - 37965824 _____ C:\Windows\system32\config\components_previous
2013-12-02 06:51 - 2006-11-02 05:22 - 26476544 _____ C:\Windows\system32\config\system_previous
2013-12-02 06:51 - 2006-11-02 05:22 - 00487424 _____ C:\Windows\system32\config\default_previous
2013-12-02 06:51 - 2006-11-02 05:22 - 00061440 _____ C:\Windows\system32\config\sam_previous
2013-12-02 06:51 - 2006-11-02 05:22 - 00032768 _____ C:\Windows\system32\config\security_previous
2013-12-02 06:49 - 2013-11-19 16:55 - 00000000 ____D C:\Users\Jamie.OURS\Documents\1999 DT466E sputter vibration power loss - TheDieselGarage.com_files
2013-12-02 06:49 - 2013-10-31 22:40 - 00000000 ____D C:\Users\Jamie.OURS\AppData\Local\emaze
2013-12-02 06:49 - 2013-10-21 19:14 - 00000000 ____D C:\Program Files\LG Electronics
2013-12-02 06:49 - 2013-10-04 00:31 - 00000000 ____D C:\Users\Jamie.OURS\Downloads\Autoruns
2013-12-02 06:49 - 2013-07-05 19:52 - 00000000 ____D C:\Users\Jamie.OURS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFixer
2013-12-02 06:49 - 2013-06-08 17:47 - 00000000 ____D C:\Users\Jamie.OURS\AppData\Roaming\dNRLff9R
2013-12-02 06:49 - 2013-06-02 02:49 - 00000000 ____D C:\Users\Jamie.OURS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FrostWire 5
2013-12-02 06:49 - 2013-04-22 03:41 - 00000000 ____D C:\Users\Jamie.OURS\Downloads\SZ6-VAIO Central 1.1.02.032706
2013-12-02 06:49 - 2013-04-21 23:10 - 00000000 ____D C:\Users\Jamie.OURS\Downloads\Homemade vinegar uses_files
2013-12-02 06:49 - 2013-04-21 23:06 - 00000000 ____D C:\Users\Jamie.OURS\Downloads\Homemade febreeze_files
2013-12-02 06:49 - 2013-03-17 17:36 - 00000000 ____D C:\Users\Jamie.OURS\Downloads\dotnetfx_cleanup_tool (1)
2013-12-02 06:49 - 2012-08-05 08:54 - 00000000 ____D C:\Users\Jamie.OURS\Documents\WhoIs
2013-12-02 06:49 - 2012-08-05 08:37 - 00000000 ____D C:\Users\Jamie.OURS\Downloads\WhoIs
2013-12-02 06:49 - 2012-06-21 02:26 - 00000000 ___RD C:\Users\Jamie.OURS\754
2013-12-02 06:49 - 2012-03-13 21:03 - 00000000 ____D C:\Users\Jamie.OURS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2013-12-02 06:49 - 2012-02-18 07:49 - 00000000 ____D C:\Users\Jamie.OURS\.frostwire5
2013-12-02 06:49 - 2012-01-08 02:24 - 00000000 ____D C:\Users\Jamie.OURS\AppData\Roaming\vlc
2013-12-02 06:49 - 2012-01-05 18:39 - 00000000 ____D C:\Users\Jamie.OURS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PDFViewer
2013-12-02 06:49 - 2011-12-27 20:12 - 00000000 ___RD C:\Users\Jamie.OURS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-12-02 06:49 - 2011-12-27 20:12 - 00000000 ___RD C:\Users\Jamie.OURS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-12-02 06:49 - 2007-02-24 13:34 - 00000000 ____D C:\Program Files\Sony
2013-12-02 04:32 - 2013-12-02 04:32 - 00000000 ____D C:\Users\Jamie.OURS\AppData\Local\Innovative Solutions
2013-11-19 17:58 - 2013-11-19 17:58 - 00299736 _____ (My Company) C:\Users\Jamie.OURS\Documents\Setup_ODM.exe
2013-11-19 16:55 - 2013-11-19 16:55 - 00129415 _____ C:\Users\Jamie.OURS\Documents\1999 DT466E sputter vibration power loss - TheDieselGarage.com.htm
2013-11-19 05:21 - 2009-10-03 07:09 - 00230048 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-11-15 20:57 - 2013-03-05 22:46 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-11-15 20:57 - 2012-07-20 18:17 - 00001945 _____ C:\Windows\epplauncher.mif
 
Files to move or delete:
====================
C:\ProgramData\pswi_preloaded.exe
C:\Users\Jamie.OURS\msicuu2.exe
 
 
Some content of TEMP:
====================
C:\Users\Jamie.OURS\AppData\Local\Temp\GLF482F.EXE
C:\Users\Jamie.OURS\AppData\Local\Temp\Quarantine.exe
C:\Users\Jamie.OURS\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Jamie.OURS\AppData\Local\Temp\tbSwee.dll
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-12-14 22:57
 
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14-12-2013 01
Ran by Jamie at 2013-12-14 23:02:37
Running from C:\Users\Jamie.OURS\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 
==================== Installed Programs ======================
 
Adobe Flash Player 11 ActiveX (Version: 11.9.900.170)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Adobe Reader X (10.1.8) (Version: 10.1.8)
Alps Pointing-device for VAIO
Apple Application Support (Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (Version: 2.1.3.127)
Bonjour (Version: 3.0.0.10)
CCleaner (Version: 3.27)
Cheat Engine 6.2
Coupon Printer for Windows (Version: 5.0.0.1)
D3DX10 (Version: 15.4.2368.0902)
DriverMax 7 (Version: 7.25.0.201)
Files Opened (Version: 1.0)
FixBee Disk Optimizer
FreeFixer (Version: 1.04)
FrostWire 5.6.6 (Version: 5.6.6.1)
Google Chrome (HKCU Version: 31.0.1650.63)
Google Earth (Version: 7.1.2.2041)
Google Update Helper (Version: 1.3.21.165)
HiJackThis (Version: 1.0.0)
HP Deskjet 3050A J611 series Basic Device Software (Version: 28.0.1315.0)
HP Deskjet 3050A J611 series Help (Version: 140.0.2.2)
HP Deskjet 3050A J611 series Product Improvement Study (Version: 28.0.1315.0)
HP ePrint (Version: 10.0.13228.1563)
HP Photo Creations (Version: 1.0.0.7702)
HP Postscript Converter (Version: 4.5.12202)
HP Product Detection (Version: 11.15.0008)
HP Unified IO (Version: 2.0.0.479)
HP Update (Version: 5.005.000.002)
HPDiagnosticAlert (Version: 1.00.0000)
HPDiagnosticCoreDll (Version: 1.0.3.0)
HyperCD
Intel® Graphics Media Accelerator Driver
iTunes (Version: 11.1.3.8)
Java 7 Update 45 (Version: 7.0.450)
Java Auto Updater (Version: 2.1.9.8)
LAN-Express AS IEEE 802.11 Wireless LAN (Version: 7.1.0.116)
LG USB Modem driver
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
MaxiDisk (Version: 1.0.5.1)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Fix it Center (Version: 1.0.0100)
Microsoft Office Live Add-in 1.4 (Version: 2.0.3008.0)
Microsoft Security Client (Version: 4.4.0304.0)
Microsoft Security Essentials (Version: 4.4.304.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft SQL Server 2005 Express Edition (VAIO_VEDB) (Version: 9.4.5000.00)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.5000.00)
Microsoft SQL Server VSS Writer (Version: 9.00.5000.00)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works (Version: 08.05.0818)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
OpenMG Secure Module 4.7.00 (Version: 4.7.00.12140)
PDF Viewer 0.1 (Version: 0.1)
QuickBooks Product Listing Service (Version: 2.0.148)
Realtek High Definition Audio Driver (Version: 6.0.1.5350)
Remove Empty Directories version 2.2 (Version: 2.2)
Resumes
RTC Client API v1.2 (Version: 1.2.0000)
Segoe UI (Version: 15.4.2271.0615)
Setting Utility Series (Version: 2.1.00.14150)
Simple Start Entice (Version: 1.00.0000)
Sony Utilities DLL (Version: 7.1.00.13300)
SupportSoft Assisted Service (Version: 15)
System Requirements Lab
SystemTweaker (Version: 2.0.7.1)
The Weather Channel App
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
VAIO Azure Float Wallpaper (Version: 1.0.00.10100)
VAIO Care (Version: 6.3.0.09020)
VAIO Care Update (Version: 1.00.1119)
VAIO Content Importer  VAIO Content Exporter (Version: 1.4.73.04270)
VAIO Content Importer / VAIO Content Exporter (Version: 1.4.73.04270)
VAIO Database Converter Ver 1.0 (Version: 1.0.00.00000)
VAIO Event Service (Version: 3.1.00.14130)
VAIO Floral Dusk Wallpaper (Version: 1.0.00.10100)
VAIO Help And Support (Version: 2.00.0223)
VAIO Media (Version: 6.0.10)
VAIO Media 6.0 (Version: 6.0.10)
VAIO Media AC3 Decoder 1.0
VAIO Media Content Collection 6.0
VAIO Media Integrated Server 6.2
VAIO Media Redistribution 6.0 (Version: 6.0.10)
VAIO Media Registration Tool (Version: 6.0.10)
VAIO Media Registration Tool 6.0 (Version: 6.0.10)
VAIO Power Management (Version: 2.1.00.14090)
VAIO Service Utility (Version: 1.1.1.1)
VAIO Survey (Version: 5.00.2607)
VAIO Teal Whisper Wallpaper (Version: 1.0.00.10100)
VAIO Update (Version: 6.3.1.10120)
VU5x86 (Version: 1.1.0)
Windows Installer Clean Up (Version: 3.00.00.0000)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live Family Safety (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Wireless Switch Setting Utility (Version: 3.6.00.13120)
 
==================== Restore Points  =========================
 
10-12-2013 17:36:52 Device Driver Package Install: Matrox Graphics Inc. System devices
10-12-2013 21:51:46 Installed HiJackThis
14-12-2013 22:59:38 Windows Update
 
==================== Hosts content: ==========================
 
2006-11-02 05:23 - 2013-02-12 23:42 - 00000734 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {0B1F84AC-0F47-4E4B-BFCE-44A3C4E1CA9C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-01-23] (Piriform Ltd)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {1E73133F-2910-4810-A68E-43C6247E0E46} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
Task: {2BFFE970-E40A-4442-A667-651560623CAC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-12-03] (Google Inc.)
Task: {3345A7EA-D0CD-4E48-ADAC-9847C0ACA794} - System32\Tasks\Sony Corporation\VAIO Care\AutoCheckMessage => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
Task: {34E5598E-ADCF-4B78-B6C1-5EF055FE0158} - System32\Tasks\ScanToPCActivationApp.exe_{BF70DE80-95C0-407D-AA22-B66B9FED6FA9} => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {3A07F18B-6462-42A5-9BAF-7EDEC677822A} - System32\Tasks\VAIO Care Support => C:\Program Files\Sony\VAIO Care\VCSpt.exe [2010-08-12] (Sony Corporation)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {449099FC-D5B3-47B5-A352-D167528CA333} - System32\Tasks\Norton PC Checkup Setup => C:\Users\JAMIE~1.OUR\AppData\Local\Temp\SymcPCCUInstaller.exe
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\System32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {4A2EFE27-1F00-445A-AE21-14C3D6E2AA33} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-12-03] (Google Inc.)
Task: {4C59214D-25C4-4C5D-B5B0-5FADED9AB2BF} - System32\Tasks\Vaio Service Utility => C:\Program Files\Sony\VAIO Service Utility\VAIO-SU.exe [2007-02-16] ()
Task: {5A4A176C-75A1-48CE-B0BB-CA24591E64A0} - System32\Tasks\Disk Cleanup => C:\Windows\System32\cleanmgr.exe [2006-11-02] (Microsoft Corporation)
Task: {5D5C991E-9D14-4A4A-B408-860D715094E1} - System32\Tasks\Sony Corporation\VAIO Care\VAU => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
Task: {62D090B3-78A6-410C-9B22-B5814599EA55} - System32\Tasks\hpUrlLauncher.exe_{DED3A740-433C-4077-9899-3898E75D9A4B} => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\utils\hpUrlLauncher.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {63819B79-DB44-4B8C-AF95-73276F95F945} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
Task: {6BEFA751-58EC-4F1E-8D68-3D1BD569AA0C} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {7790302D-410D-4A6F-A86F-C38246B94F7B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-321920003-2470283383-3655613267-1007Core => C:\Users\Jamie.OURS\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-27] (Google Inc.)
Task: {7C125346-ABB7-421A-B5F8-2EF6AE87D736} - System32\Tasks\VCOneClick => C:\Program Files\Sony\VAIO Care\VCOneClick.exe [2010-08-12] ()
Task: {7CD97E8E-0185-4DDC-8587-2B9E27133D28} - System32\Tasks\VAIO Care => C:\Program Files\Sony\VAIO Care\VCsystray.exe [2010-09-02] (Sony Corporation)
Task: {7CE154CD-6108-443C-A8A1-08F689E47D3D} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
Task: {7E8862D0-D888-43B8-AC8D-5464A200358C} - System32\Tasks\Microsoft\Support\Microsoft Fix it Center\OSUpgrade => C:\Program Files\Microsoft Fix it Center\MatsApi.dll [2011-06-13] (Microsoft Corporation)
Task: {80F8D1CD-CA6A-4346-AFBB-C2D571701553} - \Adobe Flash Player Updater No Task File
Task: {832AC42D-BD97-4F7F-B052-A445F91F28DE} - System32\Tasks\Schedule Disk Cleanup => C:\Windows\System32\cleanmgr.exe [2006-11-02] (Microsoft Corporation)
Task: {84964449-9C8C-4EB4-8D1E-A221133F19BE} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\MessageCheck.exe
Task: {899865AE-9907-45D9-A70B-EAF8967805F3} - System32\Tasks\Sony Corporation\VAIO Update\Launch Application => C:\Program Files\Sony\VAIO Update\ShellExeProxy.exe [2013-08-29] (Sony Corporation)
Task: {8E92F505-023B-4C93-847E-9A186D5D494A} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2013-09-19] (Sony Corporation)
Task: {9A7F463E-5FCD-4F75-B7DA-1CC4FB2904D3} - System32\Tasks\SONY\WSSU\WSSU => C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe [2007-01-11] (Sony Corporation)
Task: {9F28E179-6667-4CCE-A9D2-43BEF084DB96} - System32\Tasks\Microsoft\Support\Microsoft Fix it Center\MatSvc\DataUpload => C:\Program Files\Microsoft Fix it Center\MatsApi.dll [2011-06-13] (Microsoft Corporation)
Task: {B812DE1B-6D0D-42B4-BDBE-88D67D7DF851} - System32\Tasks\Toolbox.exe_{67539E12-6095-4ADD-8F99-CCDC1928295E} => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\Toolbox.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {B9DE48F7-13E7-4826-AD77-8B70AC536E2A} - System32\Tasks\HPCustParticipation HP Deskjet 3050A J611 series => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {BB792D52-339F-4CF7-9841-8EC1FACBE905} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
Task: {C2A1DA8F-C8D5-4413-8745-875703EF30FD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-321920003-2470283383-3655613267-1007UA => C:\Users\Jamie.OURS\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-27] (Google Inc.)
Task: {CB12680A-4AB1-4A29-AA50-74E36E7D7BB3} - System32\Tasks\FreeFixer background scan => C:\Program Files\FreeFixer\freefixer.exe [2013-03-26] (Kephyr)
Task: {CD0B6510-2A2C-431B-97B8-AC3CFA302459} - System32\Tasks\Sony Corporation\VAIO Care\CRMReminder => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
Task: {CF22613C-E77D-4E63-9279-46CDA8DD6E7F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D2D18897-FFED-4A2C-91B1-6DD142B23C97} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-321920003-2470283383-3655613267-1007Core1cd0bf95eba51cb => C:\Users\Jamie.OURS\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-27] (Google Inc.)
Task: {D3927851-73EE-45E3-AAC0-387F0EA94920} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-321920003-2470283383-3655613267-1007UA1cd0bf95feaf9fb => C:\Users\Jamie.OURS\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-27] (Google Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\System32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: {E84B7D18-618C-4D45-954A-0D97CB9AE90F} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2013-09-27] (Sony Corporation)
Task: {F6458878-D353-4CBE-8911-76A4488CD12D} - System32\Tasks\Microsoft\Support\Microsoft Fix it Center\ConfigExec => C:\Program Files\Microsoft Fix it Center\MatsApi.dll [2011-06-13] (Microsoft Corporation)
Task: {F78553BD-2930-48F4-9D6F-B5C35099B0E0} - System32\Tasks\mdmonitor => C:\Program Files\Uniblue\MaxiDisk\mdmonitor.exe [2013-09-06] (Uniblue Systems Limited)
Task: C:\Windows\Tasks\FreeFixer background scan.job => C:\Program Files\FreeFixer\freefixer.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-321920003-2470283383-3655613267-1007Core1cd0bf95eba51cb.job => C:\Users\Jamie.OURS\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-321920003-2470283383-3655613267-1007UA1cd0bf95feaf9fb.job => C:\Users\Jamie.OURS\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\mdmonitor.job => C:\Program Files\Uniblue\MaxiDisk\mdmonitor.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{23FE837B-E81F-4113-B6BF-0DB5E0D06456}.job => C:\Windows\system32\msfeedssync.exe
Task: C:\Windows\Tasks\Vaio Service Utility.job => C:\Program Files\Sony\Vaio Service Utility\VAIO-SU.exe
 
==================== Loaded Modules (whitelisted) =============
 
2008-02-24 11:56 - 2007-06-26 07:55 - 00249856 _____ () C:\Windows\system32\igfxTMM.dll
2013-04-21 20:44 - 2013-04-21 20:44 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 20:44 - 2013-04-21 20:44 - 01242952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-12-02 09:09 - 2013-12-02 11:26 - 00009088 _____ () C:\Program Files\Innovative Solutions\DriverMax\sync.dll
2013-12-08 17:36 - 2013-12-03 21:48 - 04055504 _____ () C:\Users\Jamie.OURS\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll
2013-12-08 17:36 - 2013-12-03 21:48 - 00399312 _____ () C:\Users\Jamie.OURS\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
2013-12-08 17:36 - 2013-12-03 21:47 - 01619408 _____ () C:\Users\Jamie.OURS\AppData\Local\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/14/2013 10:44:34 PM) (Source: MsiInstaller) (User: JAMIEEDMONDS)
Description: Product: OpenMG Secure Module -- Error 1706.No valid source could be found for product OpenMG Secure Module.  The Windows Installer cannot continue.
 
Error: (12/14/2013 10:44:07 PM) (Source: MsiInstaller) (User: JAMIEEDMONDS)
Description: Product: OpenMG Secure Module -- Error 1706.No valid source could be found for product OpenMG Secure Module.  The Windows Installer cannot continue.
 
Error: (12/14/2013 10:43:18 PM) (Source: MsiInstaller) (User: JAMIEEDMONDS)
Description: Product: OpenMG Secure Module -- Error 1706.No valid source could be found for product OpenMG Secure Module.  The Windows Installer cannot continue.
 
 
System errors:
=============
Error: (12/14/2013 10:59:26 PM) (Source: ipnathlp) (User: )
Description: The DHCP allocator encountered a network error while attempting to reply on IP address 0.0.0.0 to a request from a client. The data is the error code.
 
Error: (12/14/2013 10:59:26 PM) (Source: ipnathlp) (User: )
Description: The DHCP allocator has detected a DHCP server with IP address 192.168.0.1 on the same network as the interface with IP address 192.168.0.8. The allocator has disabled itself on the interface to avoid confusing DHCP clients.
 
Error: (12/14/2013 10:56:25 PM) (Source: ipnathlp) (User: )
Description: The DHCP allocator has disabled itself on IP address 169.254.214.124, since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
 
Error: (12/14/2013 10:53:46 PM) (Source: Service Control Manager) (User: )
Description: Windows Process Activation Service%%3
 
Error: (12/14/2013 10:53:45 PM) (Source: WAS) (User: )
Description: Windows Process Activation Service (WAS) is stopping because it encountered an error. The data field contains the error number.
 
Error: (12/14/2013 10:53:45 PM) (Source: WAS) (User: )
Description: The directory specified for the temporary application pool config files is either missing or is not accessible by the Windows Process Activation Service. Please specify an existing directory and/or ensure that it has proper access flags. The data field contains the error number.
 
Error: (12/14/2013 10:53:36 PM) (Source: Service Control Manager) (User: )
Description: Net.Msmq Listener Adaptermsmq
 
Error: (12/14/2013 10:52:18 PM) (Source: ipnathlp) (User: )
Description: The DHCP allocator has disabled itself on IP address 169.254.214.124, since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
 
Error: (12/14/2013 10:51:25 PM) (Source: Service Control Manager) (User: )
Description: amdkmafd
 
Error: (12/14/2013 10:51:25 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058
 
 
Microsoft Office Sessions:
=========================
Error: (12/14/2013 10:44:34 PM) (Source: MsiInstaller)(User: JAMIEEDMONDS)
Description: Product: OpenMG Secure Module -- Error 1706.No valid source could be found for product OpenMG Secure Module.  The Windows Installer cannot continue.(NULL)(NULL)(NULL)(NULL)
 
Error: (12/14/2013 10:44:07 PM) (Source: MsiInstaller)(User: JAMIEEDMONDS)
Description: Product: OpenMG Secure Module -- Error 1706.No valid source could be found for product OpenMG Secure Module.  The Windows Installer cannot continue.(NULL)(NULL)(NULL)(NULL)
 
Error: (12/14/2013 10:43:18 PM) (Source: MsiInstaller)(User: JAMIEEDMONDS)
Description: Product: OpenMG Secure Module -- Error 1706.No valid source could be found for product OpenMG Secure Module.  The Windows Installer cannot continue.(NULL)(NULL)(NULL)(NULL)
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-12-10 22:45:23.801
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-12-10 22:45:23.192
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-12-10 22:45:22.568
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-12-10 22:45:21.929
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-12-10 22:45:21.305
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-12-10 22:45:20.681
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-12-10 22:40:20.100
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-12-10 22:40:19.460
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-12-10 22:40:18.805
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-12-10 22:40:18.166
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 54%
Total physical RAM: 2037.45 MB
Available physical RAM: 937.19 MB
Total Pagefile: 5045.7 MB
Available Pagefile: 3916.04 MB
Total Virtual: 2047.88 MB
Available Virtual: 1909.35 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:105.18 GB) (Free:54.12 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 112 GB) (Disk ID: 7F41EB71)
Partition 1: (Not Active) - (Size=7 GB) - (Type=27)
Partition 2: (Active) - (Size=105 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#4 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:09:24 PM

Posted 15 December 2013 - 01:02 PM

Hi Jamiee

P2P Warning
Please note that as long as you're using any form of Peer-to-Peer networking ( Frostwire, Limewire, Bit Torrent etc.) and downloading files from non-documented sources, you can expect infestations of malware to occur.
Once upon a time, P2P file sharing was fairly safe. That is no longer true.
P2P programmes form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P programme is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured programme.

Many of the programmes come bundled with other unwanted programmes, but even the ones free of any bundled software are not safe to use.
When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.

You may decide to continue P2P sharing, but keep in mind that this practice may be the source of future malware infestation.
If we clean your computer of infection, and you return to us a short time later with an infection contracted by the use of P2P programmes, we may refuse to help you.

If do you do decide (unwisely) to keep these programs, please refrain from using them until we have finished cleaning your system.


Step 1
Please download the attached fixlist.txt file and save it to the Desktop.
NOTE.
It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Re-run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post this in your next reply.



Step 2
Download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista/Win7, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.
In your next reply, please submit:
Fixlog.txt
and also let me know how the system is running now.



Thanks.

Attached Files


Edited by Starbuck, 15 December 2013 - 01:23 PM.

BBPP6nz.png


#5 Jamiee9488

Jamiee9488
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia
  • Local time:03:24 PM

Posted 15 December 2013 - 06:41 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 15-12-2013
Ran by Jamie at 2013-12-15 18:09:55 Run:1
Running from C:\Users\Jamie.OURS\Desktop
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
HKLM\...\Run: [] - [x]
HKCU\...\Run: [DriverMax_RESTART] - [x]
URLSearchHook: HKLM - (No Name) - {7093ee04-f2e4-4637-a667-0f730797b3a0} -  No File
URLSearchHook: HKCU - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} -  No File
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - OldDefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5}
CHR RestoreOnStartup: "hxxp://websearch.pu-results.info/?pid=708&r=2013/04/07&hid=4080140176&lg=EN&cc=US", "hxxp://search.conduit.com/?ctid=CT3287810&SearchSource=48&CUI=UN17208243651458826&UM=2", "
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
C:\ProgramData\pswi_preloaded.exe
C:\Users\Jamie.OURS\msicuu2.exe
Task: {80F8D1CD-CA6A-4346-AFBB-C2D571701553} - \Adobe Flash Player Updater No Task File
 
*****************
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\DriverMax_RESTART => Value deleted successfully.
HKLM\Software\Microsoft\Internet Explorer\URLSearchHooks\\{7093ee04-f2e4-4637-a667-0f730797b3a0} => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\OldDefaultScope => Value deleted successfully.
CHR RestoreOnStartup: "hxxp://websearch.pu-results.info/?pid=708&r=2013/04/07&hid=4080140176&lg=EN&cc=US", "hxxp://search.conduit.com/?ctid=CT3287810&SearchSource=48&CUI=UN17208243651458826&UM=2", " ==> The Chrome "Settings" can be used to fix the entry.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
C:\ProgramData\pswi_preloaded.exe => Moved successfully.
C:\Users\Jamie.OURS\msicuu2.exe => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{80F8D1CD-CA6A-4346-AFBB-C2D571701553} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{80F8D1CD-CA6A-4346-AFBB-C2D571701553} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater => Key deleted successfully.
 
==== End of Fixlog ====
 
System is running much better now thanks so much for all of your help greatly appreciated.


#6 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:09:24 PM

Posted 16 December 2013 - 04:50 PM

Hi Jamiee

I'm glad to hear that the system is running much better now.
Let's run a double check on things........

I'd like you to do an ESET OnlineScan

You may find it beneficial to close your resident AV program before running the scan.
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetSmartInstall.png to download the ESET Smart Installer.
      Save it to your desktop.
    • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
  • Click the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Click esetExport.png, and save the file to your desktop using a unique name, such as ESETScan.
    Include the contents of this report in your next reply.
  • Click the esetBack.png button.
  • Click esetFinish.png
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt


Note:
It's been found that on some systems the Eset's Online Scan fails during the database download ( around 20% )
To prevent this happening:
When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):

Enable Anti-Stealth technology

eset.png


Please post the report if anything is found.


Thanks

BBPP6nz.png


#7 Jamiee9488

Jamiee9488
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia
  • Local time:03:24 PM

Posted 16 December 2013 - 10:15 PM

C:\AdwCleaner\Quarantine\C\Program Files\Uniblue\SpeedUpMyPC\spmonitor.exe.vir Win32/SpeedUpMyPC application
C:\AdwCleaner\Quarantine\C\Program Files\Uniblue\SpeedUpMyPC\spnotifier.exe.vir Win32/SpeedUpMyPC application
C:\AdwCleaner\Quarantine\C\Program Files\Uniblue\SpeedUpMyPC\sp_move_serial.exe.vir Win32/SpeedUpMyPC application
C:\AdwCleaner\Quarantine\C\Program Files\Uniblue\SpeedUpMyPC\sump.exe.vir Win32/SpeedUpMyPC application
C:\Users\Jamie.OURS\AppData\LocalLow\Google\GoogleEarth\webdata\f_0000f1 Win32/Toolbar.Inbox.A application
C:\Users\Jamie.OURS\AppData\LocalLow\VisualBee_V.11\ldrtbVisu.dll a variant of Win32/Toolbar.Conduit.P application
C:\Users\Jamie.OURS\AppData\LocalLow\VisualBee_V.11\tbVisu.dll a variant of Win32/Toolbar.Conduit.B application


#8 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:09:24 PM

Posted 17 December 2013 - 11:52 AM

Hi Jamiee,

Nothing to worry about there:
Most had already been removed by ADWCleaner and had been placed in quarantine.
The other 2 seem to be leftovers from the Conduit Adware.... which had already been removed as well.

If you are happy with the way the system is running we can finish off the cleaning process.

Edited by Starbuck, 17 December 2013 - 11:53 AM.

BBPP6nz.png


#9 Jamiee9488

Jamiee9488
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia
  • Local time:03:24 PM

Posted 20 December 2013 - 07:13 PM

I am very happy with the way the system is running thank you very much for your help.



#10 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:09:24 PM

Posted 21 December 2013 - 11:26 AM

Hi Jamiee

Ok, let's finish off the cleaning then.

Step 1
Start MBAM.
Click on the Quarantine tab

malwqua_zps3f437f52.png

If there are items in quarantine.....
Make sure everything is selected and then click Delete All.
Close MBAM.


Step 2
Double click on AdwCleaner.exe to run the tool again.
  • Click on the Uninstall button.
  • Click Yes when asked are you sure you want to uninstall.
  • Both AdwCleaner.exe, its folder and all logs will be removed.
JRT, FRST and Eset Online Scanner can now be removed also.



Step 3
Now you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the Restore Point a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Select the drive for cleaning then click OK (usually 'C' drive)
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
To find out how you may have been infected....read this topic:
How did i get infected?



Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Use an AntiVirus Software

Only install one AntiVirus program

Update your AntiVirus Software regularly

Use a Firewall

Only install one software Firewall


Scan regularly with a 'Stand Alone' Anti-Malware scanner:
Installing another scanner that you can run once or twice a week is always beneficial.
Something like:
Malwarebytes Anti-Malware
SUPERAntiSypware
Remember to update these programs each time before running.
You can install more than one of these if you only run them as stand alone programs.

Use an alternative browser to Internet Explorer:
Some excellent alternatives to MS Internet Explorer are:

Firefox
For added security, add the NoScript extension to this browser:
Allow active content to run only from sites you trust, and protect yourself against XSS and Clickjacking attacks
also consider adding:
WOT - Safe Browsing Tool

Web of Trust warns you about risky sites that cheat customers, deliver malware or send spam. Millions of members of the WOT community rate sites based on their experience, giving you an extra layer of protection when browsing or searching the Web.
Btw: you don't have to make a contribution.

Opera

They offer better security, more stability, and better speed.

Keep a backup of your registry
Keeping a regular backup of your registry will help when something goes wrong.
Use a program like:
Erunt

A full tutorial on how to set up and use Erunt can be found here:
Erunt tutorial

Keep your system clean of temp files etc, using a 'Cleaner':

Cleaners are programs that will help to clean out your:
Windows temp files
Current user temp files
Cookies
Temporary Internet flies
Browser history
Recycle bin
Etc.......
In other words.... all the rubbish that you accumalate over the course of your browsing and day to day usage of your pc.
Programs like:
TFC by OldTimer
ATF Cleaner

Visit Microsoft's Windows Update Site Frequently - It is important that you visit Windowsupdate regularly.
Alternatively, turn on the Automatic Updates.

Peer to Peer programs
Don't be tempted to use Peer to Peer programs.
Many of the downloads are bundled with malware.

Update all your 'Security' programs regularly - Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Glad I was able to help.

Safe surfing. Computer_addict__by_Sinister_Starfeesh.g

Edited by Starbuck, 21 December 2013 - 11:27 AM.

BBPP6nz.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users