Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Infection


  • This topic is locked This topic is locked
14 replies to this topic

#1 nexus6ca

nexus6ca

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:44 PM

Posted 29 August 2014 - 11:29 AM

Since my main workstation is infected, I wanted to have this one looked at as well.  It had an infection awhile that I thought was removed, but possibly not.
 
Here are the DDS logs:
 
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 9.0.8112.16555
Run by Sony at 9:09:28 on 2014-08-29
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.2938.796 [GMT -7:00]
.
AV: ZoneAlarm Antivirus *Enabled/Updated* {23B6D20A-C2DE-B3F5-C67D-07ECD854E6A9}
SP: ZoneAlarm Anti-Spyware *Enabled/Updated* {98D733EE-E4E4-BC7B-FCCD-3C9EA3D3AC14}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Firewall *Enabled* {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\RtkAudioService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Care\VAIOCareService.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Users\Sony\AppData\LocalLow\QuickTime\IE\QuickTimeUpdater.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\ehome\ehsched.exe
C:\Users\Sony\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehRecvr.exe
C:\Users\Sony\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\system32\RunDll32.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicatorCom.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k wdisvc
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uProxyServer = 24.64.223.208:8080
uProxyOverride = <local>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: QuickTime: {D26AE2EA-3F14-42DF-AC75-14380C4ACFD0} - c:\users\sony\appdata\locallow\quicktime\ie\QuickTime.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - 
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
uRun: [Akamai NetSession Interface] "c:\users\sony\appdata\local\akamai\netsession_win.exe"
uRun: [HP Deskjet 3520 series (NET)] "c:\program files\hp\hp deskjet 3520 series\bin\ScanToPCActivationApp.exe" -deviceID "CN3531G5N205SY:NW" -scfn "HP Deskjet 3520 series (NET)" -AutoStart 1
uRun: [GoogleDriveSync] "c:\program files\google\drive\googledrivesync.exe" /autostart
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [GoogleChromeAutoLaunch_DA7D37028981E2A348A8009700DEA9B2] "c:\program files\google\chrome\application\chrome.exe" --no-startup-window
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ISBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [DivXMediaServer] c:\program files\divx\divx media server\DivXMediaServer.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [ZoneAlarm] "c:\program files\checkpoint\zonealarm\zatray.exe"
StartupFolder: c:\users\sony\appdata\roaming\micros~1\windows\startm~1\programs\startup\monito~1.lnk - c:\windows\system32\RunDll32.exe
StartupFolder: c:\users\sony\appdata\roaming\micros~1\windows\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony\sony picture utility\volumewatcher\SPUVolumeWatcher.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Download with &Media Finder - c:\program files\media finder\hook.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.13.0.cab
TCP: NameServer = 192.168.1.254 75.153.176.1
TCP: Interfaces\{B92231C8-AE9D-495C-A88C-8BCBA3C9264F} : DHCPNameServer = 64.71.255.198 64.71.255.253
TCP: Interfaces\{D10402C1-9CDE-4582-A6B7-6C0D33B0E7BC} : DHCPNameServer = 192.168.1.254 75.153.176.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\35.0.1916.153\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [2008-11-15 17920]
.
=============== File Associations ===============
.
ShellExec: VCExporterLaunch.exe: open="c:\program files\sony\vaio vp utilities\VCELaunch.exe" "%1"
.
=============== Created Last 30 ================
.
2014-08-29 16:12:15 8581864 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{53729615-ad13-45ce-8f5d-94801eb34772}\mpengine.dll
2014-08-05 17:20:22 227728 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M  ====================
.
2014-08-05 16:20:02 231584 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH:  9:14:28.61 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 7/5/2009 11:58:52 AM
System Uptime: 8/29/2014 8:37:44 AM (1 hours ago)
.
Motherboard: Sony Corporation | | VAIO
Processor: Intel® Pentium® Dual CPU T3400 @ 2.16GHz | N/A | 1000/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 224 GiB total, 94.693 GiB free.
D: is Removable
E: is Removable
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Acrobat.com
Adobe AIR
Adobe Flash Player 13 ActiveX
Adobe Flash Player 13 Plugin
Adobe Reader XI (11.0.08)
Akamai NetSession Interface
ArcSoft Magic-i Visual Effects 2
ArcSoft WebCam Companion 2
Chikka Messenger V4
Click to Disc
Click to Disc Editor
Compatibility Pack for the 2007 Office system
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
Facebook Plug-In
Google Chrome
Google Drive
Google Earth
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Deskjet 3520 series Basic Device Software
HP Deskjet 3520 series Help
HP Deskjet 3520 series Product Improvement Study
HP Deskjet 3520 series Setup Guide
HP FWUpdateEDO2
HP Photo Creations
HP Update
HPDiagnosticAlert
InstantShareAlert
Intel® Graphics Media Accelerator Driver
Java™ SE Runtime Environment 6
K-Lite Codec Pack 10.0.5 Full
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music Transfer
OpenMG Secure Module 5.1.00
Primo
PS_AIO_ProductContext
QuickTime
Realtek High Definition Audio Driver
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio Easy Media Creator 10 LJ
Roxio Easy Media Creator Home
RPS CRT
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2767915) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2878284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Setting Utility Series
Shared C Run-time for x86
Skype Click to Call
Skype™ 6.16
Sony Picture Utility
Sony USB Driver
Sony Video Shared Library
Spelling Dictionaries Support For Adobe Reader 9
Synaptics Pointing Device Driver
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition
VAIO Care
VAIO Content Folder Setting
VAIO Content Folder Watcher
VAIO Content Metadata Intelligent Analyzing Manager
VAIO Content Metadata Manager Setting
VAIO Content Metadata XML Interface Library
VAIO Control Center
VAIO Data Restore Tool
VAIO DVD Menu Data Basic
VAIO Entertainment Platform
VAIO Event Service
VAIO Help and Support
VAIO Launcher
VAIO Media plus
VAIO Media plus Opening Movie
VAIO Movie Story
VAIO Movie Story Template Data
VAIO MusicBox
VAIO MusicBox Sample Music
VAIO My Memory Center
VAIO OOBE and Welcome Center
VAIO Original Function Setting
VAIO Power Management
VAIO Presentation Support
VAIO Update 4
VAIO Wallpaper Contents
VC80CRTRedist - 8.0.50727.6195
Visual C++ 9.0 ATL (x86) WinSXS MSM
VLC media player 2.0.6
Windows Media Player Firefox Plugin
WinDVD for VAIO
Yahoo! Messenger
Yahoo! Search Protection
Yahoo! Software Update
ZoneAlarm Antivirus
ZoneAlarm Firewall
ZoneAlarm Free Antivirus + Firewall
ZoneAlarm Security
.
==== End Of File ===========================

Attached Files


Edited by Oh My!, 29 August 2014 - 11:49 AM.
Posted Attach.txt


BC AdBot (Login to Remove)

 


m

#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,580 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:44 PM

Posted 29 August 2014 - 11:45 AM

Greetings nexus6ca and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. While I review our situation please run the below for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 nexus6ca

nexus6ca
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:44 PM

Posted 29 August 2014 - 12:40 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:26-08-2014
Ran by Sony (administrator) on SONY-PC on 29-08-2014 10:34:19
Running from C:\Users\Sony\Downloads
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Realtek Semiconductor) C:\Windows\RTKAUDIOSERVICE.EXE
(Check Point Software Technologies Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VAIOCareService.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
() C:\Users\Sony\AppData\LocalLow\QuickTime\IE\QuickTimeUpdater.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(ArcSoft, Inc.) C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Check Point Software Technologies, Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Sony Corporation) C:\Program Files\Sony\ISB Utility\ISBMgr.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Check Point Software Technologies Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(Akamai Technologies, Inc.) C:\Users\Sony\AppData\Local\Akamai\netsession_win.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Akamai Technologies, Inc.) C:\Users\Sony\AppData\Local\Akamai\netsession_win.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCsystray.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Sony Corporation) C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicatorCom.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6295552 2008-10-17] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [835584 2007-03-09] (Synaptics, Inc.)
HKLM\...\Run: [ISBMgr.exe] => C:\Program Files\Sony\ISB Utility\ISBMgr.exe [317280 2008-04-03] (Sony Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2007-03-11] (Hewlett-Packard Co.)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-01-29] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-12] ()
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [ZoneAlarm] => C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe [137352 2014-05-30] (Check Point Software Technologies Ltd.)
Winlogon\Notify\VESWinlogon: C:\Windows\system32\VESWinlogon.dll (Sony Corporation)
HKU\S-1-5-21-4053413996-3777074439-3961029037-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [135680 2008-07-02] (Microsoft Corporation)
HKU\S-1-5-21-4053413996-3777074439-3961029037-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [6591800 2012-02-22] (Yahoo! Inc.)
HKU\S-1-5-21-4053413996-3777074439-3961029037-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Sony\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-4053413996-3777074439-3961029037-1000\...\Run: [HP Deskjet 3520 series (NET)] => C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe [1837672 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-4053413996-3777074439-3961029037-1000\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [24474752 2014-06-05] (Google)
HKU\S-1-5-21-4053413996-3777074439-3961029037-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-4053413996-3777074439-3961029037-1000\...\Run: [GoogleChromeAutoLaunch_DA7D37028981E2A348A8009700DEA9B2] => C:\Program Files\Google\Chrome\Application\chrome.exe [860488 2014-06-05] (Google Inc.)
HKU\S-1-5-21-4053413996-3777074439-3961029037-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-4053413996-3777074439-3961029037-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
Startup: C:\Users\Sony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3520 series (Network).lnk
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 3520 series (Network).lnk -> C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Sony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk
ShortcutTarget: Picture Motion Browser Media Check Tool.lnk -> C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: 24.64.223.208:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.sonystyle.ca/vaio
SearchScopes: HKLM - DefaultScope {CB6F4CEA-263B-465B-BB5B-D3F5DFBB3970} URL = 
SearchScopes: HKLM - {8A96AF9E-4074-43b7-BEA3-87217BDA74C8} URL = http://www.searchqu.com/web?src=ieb&q={searchTerms}
SearchScopes: HKCU - DefaultScope {CB6F4CEA-263B-465B-BB5B-D3F5DFBB3970} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3286042&CUI=UN32980553902943940&UM=1
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = 
SearchScopes: HKCU - {8666CF7E-9A06-442A-8C5D-3C1DEA7D9DAD} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
SearchScopes: HKCU - {8A96AF9E-4074-43b7-BEA3-87217BDA74C8} URL = 
SearchScopes: HKCU - {BD8DE8C6-74FD-4E25-8CD1-9D22B40F0429} URL = http://ca.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKCU - {D9120634-DD0F-4019-99D9-71580BF008C7} URL = 
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://ca.search.yahoo.com/search?p={searchTerms}
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: QuickTime -> {D26AE2EA-3F14-42DF-AC75-14380C4ACFD0} -> C:\Users\Sony\AppData\LocalLow\QuickTime\IE\QuickTime.dll (Apple Inc.)
BHO: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll No File
Toolbar: HKLM - No Name - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} -  No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 75.153.176.1
 
FireFox:
========
FF ProfilePath: C:\Users\Sony\AppData\Roaming\Mozilla\Firefox\Profiles\d3y9zury.default
FF DefaultSearchEngine: Secure Search
FF SearchEngineOrder.1: Secure Search
FF SelectedSearchEngine: Secure Search
FF Homepage: hxxp://search.conduit.com/?ctid=CT3286042&CUI=UN13710758510544175&UM=2&SearchSource=13
FF Keyword.URL: hxxp://ca.search.yahoo.com/search?fr=mcafee&p=
FF NetworkProxy: "ftp", "24.64.223.208"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "gopher", "24.64.223.208"
FF NetworkProxy: "gopher_port", 8080
FF NetworkProxy: "http", "24.64.223.208"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "no_proxies_on", "localhost,127.0.0.1"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "24.64.223.208"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "ssl", "24.64.223.208"
FF NetworkProxy: "ssl_port", 8080
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 -> C:\Users\Sony\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF user.js: detected! => C:\Users\Sony\AppData\Roaming\Mozilla\Firefox\Profiles\d3y9zury.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Sony\AppData\Roaming\mozilla\plugins\np-mswmp.dll (Microsoft Corporation)
FF SearchPlugin: C:\Users\Sony\AppData\Roaming\Mozilla\Firefox\Profiles\d3y9zury.default\searchplugins\bing-zugo.xml
FF SearchPlugin: C:\Users\Sony\AppData\Roaming\Mozilla\Firefox\Profiles\d3y9zury.default\searchplugins\browsemngr.xml
FF SearchPlugin: C:\Users\Sony\AppData\Roaming\Mozilla\Firefox\Profiles\d3y9zury.default\searchplugins\google--infoaxe.xml
FF SearchPlugin: C:\Users\Sony\AppData\Roaming\Mozilla\Firefox\Profiles\d3y9zury.default\searchplugins\mywebsearch.xml
FF SearchPlugin: C:\Users\Sony\AppData\Roaming\Mozilla\Firefox\Profiles\d3y9zury.default\searchplugins\SearchquWebSearch.xml
FF SearchPlugin: C:\Users\Sony\AppData\Roaming\Mozilla\Firefox\Profiles\d3y9zury.default\searchplugins\SearchYa!.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
FF Extension: No Name - C:\Users\Sony\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com [2012-05-28]
FF Extension: I Want This - C:\Users\Sony\AppData\Roaming\Mozilla\Firefox\Profiles\d3y9zury.default\Extensions\crossriderapp2258@crossrider.com [2012-05-28]
FF Extension: No Name - C:\Users\Sony\AppData\Roaming\Mozilla\Firefox\Profiles\d3y9zury.default\Extensions\ffxtlbr@babylon.com [2012-05-28]
FF Extension: No Name - C:\Users\Sony\AppData\Roaming\Mozilla\Firefox\Profiles\d3y9zury.default\Extensions\firefox@bandoo.com [2012-11-12]
FF Extension: QuickTime - C:\Users\Sony\AppData\Roaming\Mozilla\Firefox\Profiles\d3y9zury.default\Extensions\quicktime@apple.com [2011-07-31]
FF Extension: No Name - C:\Users\Sony\AppData\Roaming\Mozilla\Firefox\Profiles\d3y9zury.default\Extensions\staged [2012-10-22]
FF Extension: TranslatorBar 1 Toolbar - C:\Users\Sony\AppData\Roaming\Mozilla\Firefox\Profiles\d3y9zury.default\Extensions\{00bf7b9c-acd2-4080-bea8-b1c41987070f} [2010-07-13]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Sony\AppData\Roaming\Mozilla\Firefox\Profiles\d3y9zury.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-05-25]
FF Extension: Yahoo! Toolbar - C:\Users\Sony\AppData\Roaming\Mozilla\Firefox\Profiles\d3y9zury.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2012-03-10]
FF Extension: Zynga Toolbar - C:\Users\Sony\AppData\Roaming\Mozilla\Firefox\Profiles\d3y9zury.default\Extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822} [2010-09-13]
FF Extension: KeyBar 1.8  - C:\Users\Sony\AppData\Roaming\Mozilla\Firefox\Profiles\d3y9zury.default\Extensions\{9ed31f84-c8b3-4926-b950-dff74047ff79} [2013-07-10]
FF Extension: DownloadHelper - C:\Users\Sony\AppData\Roaming\Mozilla\Firefox\Profiles\d3y9zury.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010-09-27]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-09-23]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-09-23]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-07-05]
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-03-07]
 
Chrome: 
=======
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}
CHR CustomProfile: C:\Users\Sony\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Sony\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-10]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Sony\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Users\Sony\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-10]
CHR Extension: (Google Search) - C:\Users\Sony\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-10]
CHR Extension: (KeyBar 1.8) - C:\Users\Sony\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpaiibklhaneknloaoccoidbaffjjlnb [2014-05-10]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Sony\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2014-05-10]
CHR Extension: (QuickTime) - C:\Users\Sony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pefkpmedghceeahfjcpnoplmpjnfcmfc [2014-05-10]
CHR Extension: (Gmail) - C:\Users\Sony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-10]
CHR HKLM\...\Chrome\Extension: [dednnpigldgdbpgcdpfppmlcnnbjciel] - C:\Users\Sony\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.crx []
CHR HKLM\...\Chrome\Extension: [gpaiibklhaneknloaoccoidbaffjjlnb] - C:\Users\Sony\AppData\Local\CRE\gpaiibklhaneknloaoccoidbaffjjlnb.crx [2013-06-05]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-07-12]
CHR HKLM\...\Chrome\Extension: [lpmkgpnbiojfaoklbkpfneikocaobfai] - C:\Users\Sony\AppData\Roaming\Media Finder\Extensions\mf_plugin_gc.crx [2013-07-12]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-02-06]
CHR HKLM\...\Chrome\Extension: [pefkpmedghceeahfjcpnoplmpjnfcmfc] - C:\Users\Sony\AppData\LocalLow\QuickTime\CHROME\QuickTime.crx [2011-07-12]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Sony\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-09-15]
CHR HKCU\...\Chrome\Extension: [gpaiibklhaneknloaoccoidbaffjjlnb] - C:\Users\Sony\AppData\Local\CRE\gpaiibklhaneknloaoccoidbaffjjlnb.crx [2013-06-05]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 gupdate1ca7c2767c0f95; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-12-13] (Google Inc.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [53248 2008-05-20] (Sony Corporation) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
S3 PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [53248 2008-05-20] (Sony Corporation) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 QuickTimeUpdater; C:\Users\Sony\AppData\LocalLow\QuickTime\IE\QuickTimeUpdater.exe [18432 2011-07-12] () [File not signed]
S3 SampleCollector; C:\Program Files\Sony\VAIO Care\collsvc.exe [122880 2009-09-16] (Intel Corporation) [File not signed]
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3289472 2013-07-12] (Skype Technologies S.A.)
S3 SOHCImp; C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe [103712 2008-10-21] (Sony Corporation)
S3 SOHDms; C:\Program Files\Sony\VAIO Media plus\SOHDms.exe [353568 2008-10-21] (Sony Corporation)
S3 SOHDs; C:\Program Files\Sony\VAIO Media plus\SOHDs.exe [62752 2008-10-21] (Sony Corporation)
S3 SPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [77824 2008-05-20] (Sony Corporation) [File not signed]
R2 uCamMonitor; C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [73728 2008-09-08] (Sony Corporation) [File not signed]
R2 VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [203616 2008-10-17] (Sony Corporation)
R2 VAIO Power Management; C:\Program Files\Sony\VAIO Power Management\SPMService.exe [415584 2008-10-17] (Sony Corporation)
R2 VCFw; C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [446464 2008-09-03] (Sony Corporation) [File not signed]
S3 VcmIAlzMgr; C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [337184 2008-06-12] (Sony Corporation)
R3 Vcsw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [279848 2008-09-08] (Sony Corporation)
R2 vsmon; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe [3592120 2014-05-30] (Check Point Software Technologies Ltd.)
R2 VzCdbSvc; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [192512 2008-09-08] (Sony Corporation) [File not signed]
R2 ZAPrivacyService; C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [90936 2014-05-29] (Check Point Software Technologies, Ltd.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [17920 2008-04-24] (ArcSoft, Inc.)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2014-04-30] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [488032 2014-04-30] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-08] (Microsoft Corporation)
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [456088 2014-05-30] (Check Point Software Technologies Ltd.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 HSXHWAZL; No ImagePath
S3 IpInIp; No ImagePath
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [74848 2014-04-30] (Kaspersky Lab ZAO)
S2 mdmxsdk; No ImagePath
S3 Netaapl; system32\DRIVERS\netaapl.sys [X]
S3 NwlnkFlt; No ImagePath
S3 NwlnkFwd; No ImagePath
S4 UIUSys; No ImagePath
S3 USBAAPL; System32\Drivers\usbaapl.sys [X]
U3 mbr; \??\C:\Users\Sony\AppData\Local\Temp\mbr.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-29 10:34 - 2014-08-29 10:35 - 00028410 _____ () C:\Users\Sony\Downloads\FRST.txt
2014-08-29 10:34 - 2014-08-29 10:34 - 00000000 ____D () C:\FRST
2014-08-29 10:33 - 2014-08-29 10:33 - 02103296 _____ (Farbar) C:\Users\Sony\Downloads\FRST64 (1).exe
2014-08-29 10:33 - 2014-08-29 10:33 - 01095168 _____ (Farbar) C:\Users\Sony\Downloads\FRST.exe
2014-08-29 10:32 - 2014-08-29 10:32 - 02103296 _____ (Farbar) C:\Users\Sony\Downloads\FRST64.exe
2014-08-29 10:25 - 2014-08-29 10:25 - 19421473 _____ () C:\Users\Sony\Downloads\Realtek_LAN_V5792_V6250_V748_XPVistaWin7.zip
2014-08-29 09:29 - 2014-08-29 09:29 - 00007381 _____ () C:\Users\Sony\Documents\Attach.txt
2014-08-29 09:18 - 2014-08-29 09:18 - 00007381 _____ () C:\Users\Sony\Desktop\attach.txt
2014-08-29 09:18 - 2014-08-29 09:14 - 00010836 _____ () C:\Users\Sony\Desktop\dds.txt
2014-08-29 09:16 - 2014-08-29 09:16 - 00000034 _____ () C:\Windows\setupact.log
2014-08-29 09:16 - 2014-08-29 09:16 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-29 09:08 - 2014-08-29 09:08 - 00688992 ____R (Swearware) C:\Users\Sony\Downloads\dds.com
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-29 10:35 - 2014-08-29 10:34 - 00028410 _____ () C:\Users\Sony\Downloads\FRST.txt
2014-08-29 10:34 - 2014-08-29 10:34 - 00000000 ____D () C:\FRST
2014-08-29 10:33 - 2014-08-29 10:33 - 02103296 _____ (Farbar) C:\Users\Sony\Downloads\FRST64 (1).exe
2014-08-29 10:33 - 2014-08-29 10:33 - 01095168 _____ (Farbar) C:\Users\Sony\Downloads\FRST.exe
2014-08-29 10:32 - 2014-08-29 10:32 - 02103296 _____ (Farbar) C:\Users\Sony\Downloads\FRST64.exe
2014-08-29 10:26 - 2012-04-11 06:57 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-08-29 10:26 - 2012-04-11 06:57 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-29 10:26 - 2011-05-19 09:58 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-08-29 10:25 - 2014-08-29 10:25 - 19421473 _____ () C:\Users\Sony\Downloads\Realtek_LAN_V5792_V6250_V748_XPVistaWin7.zip
2014-08-29 10:24 - 2010-03-17 06:03 - 00000000 ____D () C:\Users\Sony\AppData\Roaming\Skype
2014-08-29 10:24 - 2006-11-02 03:33 - 00784612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-29 10:22 - 2009-07-05 09:04 - 02072999 _____ () C:\Windows\WindowsUpdate.log
2014-08-29 10:21 - 2014-06-06 10:35 - 00017929 ____H () C:\Windows\system32\BTImages.dat
2014-08-29 09:55 - 2014-01-05 14:21 - 00000322 _____ () C:\Windows\Tasks\HP Photo Creations Communicator.job
2014-08-29 09:43 - 2009-10-03 09:08 - 00084568 _____ () C:\test.xml
2014-08-29 09:29 - 2014-08-29 09:29 - 00007381 _____ () C:\Users\Sony\Documents\Attach.txt
2014-08-29 09:18 - 2014-08-29 09:18 - 00007381 _____ () C:\Users\Sony\Desktop\attach.txt
2014-08-29 09:16 - 2014-08-29 09:16 - 00000034 _____ () C:\Windows\setupact.log
2014-08-29 09:16 - 2014-08-29 09:16 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-29 09:14 - 2014-08-29 09:18 - 00010836 _____ () C:\Users\Sony\Desktop\dds.txt
2014-08-29 09:08 - 2014-08-29 09:08 - 00688992 ____R (Swearware) C:\Users\Sony\Downloads\dds.com
2014-08-29 08:47 - 2013-09-15 12:36 - 00000000 ___RD () C:\Users\Sony\Google Drive
2014-08-29 08:39 - 2006-11-02 06:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-29 08:39 - 2006-11-02 05:37 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-08-29 08:38 - 2006-11-02 05:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-29 08:38 - 2006-11-02 05:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-05 09:20 - 2011-07-12 17:14 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-29 08:57
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version:26-08-2014
Ran by Sony at 2014-08-29 10:35:46
Running from C:\Users\Sony\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: ZoneAlarm Antivirus (Enabled - Up to date) {23B6D20A-C2DE-B3F5-C67D-07ECD854E6A9}
AS: ZoneAlarm Anti-Spyware (Enabled - Up to date) {98D733EE-E4E4-BC7B-FCCD-3C9EA3D3AC14}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Firewall (Enabled) {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)
Acrobat.com (Version: 2.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.4.0.2540 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.4.0.2540 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
ArcSoft Magic-i Visual Effects 2 (HKLM\...\{7BB90344-0647-468E-925A-7F69F7983421}) (Version: 2.0.1.39 - ArcSoft)
ArcSoft WebCam Companion 2 (HKLM\...\{9973498D-EA29-4A68-BE0B-C88D6E03E928}) (Version:  - ArcSoft)
Chikka Messenger V4 (HKLM\...\Chikka Messenger V4) (Version: Chikka Instant Messenger v4.0 - Chikka Asia Inc.)
Click to Disc (HKLM\...\{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}) (Version: 1.2.52.09250 - Sony Corporation)
Click to Disc (Version: 1.2.52.09250 - Sony Corporation) Hidden
Click to Disc Editor (HKLM\...\InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}) (Version: 1.2.51 - Sony Corporation)
Click to Disc Editor (Version: 1.2.51 - Sony Corporation) Hidden
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{CA75CBF9-B078-47CB-ABA3-74EFD4FC9A43}) (Version:  - Microsoft)
DivX Converter (HKLM\...\{B13A7C41581B411290FBC0395694E2A9}) (Version: 7.1.0 - DivX, Inc.)
DivX Plus DirectShow Filters (HKLM\...\DivX Plus DirectShow Filters) (Version:  - DivX, Inc.)
DivX Setup (HKLM\...\DivX Setup) (Version: 2.6.1.24 - DivX, LLC)
Facebook Plug-In (HKCU\...\Facebook Plug-In) (Version:  - Facebook, Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Drive (HKLM\...\{D9F75285-4864-461D-83DA-8D056BAC44D1}) (Version: 1.16.6866.4367 - Google, Inc.)
Google Earth (HKLM\...\{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}) (Version: 6.1.0.5001 - Google)
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
HP Deskjet 3520 series Basic Device Software (HKLM\...\{5C2ECF15-B7FF-4E0E-9D00-2000354BD9C2}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3520 series Help (HKLM\...\{C13E1F46-84FE-4D3B-8581-0F2F624C7EEC}) (Version: 27.0.0 - Hewlett Packard)
HP Deskjet 3520 series Product Improvement Study (HKLM\...\{64A90D6D-E741-4BCD-935C-BB09F3AEBF98}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3520 series Setup Guide (HKLM\...\{AEEDCEB7-00B8-4BE1-B492-AB04803D5F1E}) (Version: 27.0.0 - Hewlett Packard)
HP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.12412 - HP)
HP Update (HKLM\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
InstantShareAlert (Version: 1.00.0000 - HP) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1872 - Intel Corporation)
Java™ SE Runtime Environment 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160000}) (Version: 1.6.0.0 - Sun Microsystems, Inc.)
K-Lite Codec Pack 10.0.5 Full (HKLM\...\KLiteCodecPack_is1) (Version: 10.0.5 - )
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{67E03279-F703-408F-B4BF-46B5FC8D70CD}) (Version: 9.7.0621 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Music Transfer (HKLM\...\{CE2121C6-C94D-4A73-8EA4-6943F33EE335}) (Version: 1.2.00.17290 - Sony Corporation)
OpenMG Secure Module 5.1.00 (HKLM\...\InstallShield_{C1083DBC-C541-4E8C-91EA-D92397AB9A2C}) (Version: 5.1.00.05200 - Sony Corporation)
OpenMG Secure Module 5.1.00 (Version: 5.1.00.05200 - Sony Corporation) Hidden
Primo (Version: 1.00.0000 - Your Company Name) Hidden
PS_AIO_ProductContext (Version: 82.0.203.000 - Hewlett-Packard) Hidden
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5653 - Realtek Semiconductor Corp.)
Roxio Central Audio (Version: 3.7.0 - Roxio) Hidden
Roxio Central Copy (Version: 3.7.0 - Roxio) Hidden
Roxio Central Core (Version: 3.7.0 - Roxio) Hidden
Roxio Central Data (Version: 3.7.0 - Roxio) Hidden
Roxio Central Tools (Version: 3.7.0 - Roxio) Hidden
Roxio Easy Media Creator 10 LJ (HKLM\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.1 - Roxio)
Roxio Easy Media Creator Home (Version: 10.1.296 - Roxio) Hidden
RPS CRT (Version: 9.0.48 - TELUS) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version:  - Microsoft) Hidden
Setting Utility Series (HKLM\...\{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}) (Version: 4.2.0.10150 - Sony Corporation)
Shared C Run-time for x86 (Version: 10.0.0 - McAfee) Hidden
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.10.13089 - Skype Technologies S.A.)
Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Sony Picture Utility (HKLM\...\{D5068583-D569-468B-9755-5FBF5848F46F}) (Version: 2.0.03.13170 - Sony Corporation)
Sony USB Driver (HKLM\...\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}) (Version: 2.00 - Sony Corporation)
Sony Video Shared Library (HKLM\...\{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}) (Version: 3.5.00 - Sony Corporation)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 9.1.13.0 - Synaptics)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
VAIO Care (HKLM\...\{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}) (Version: 5.1.0.13200 - Sony Corporation)
VAIO Care (Version: 5.1.0.13200 - Sony Corporation) Hidden
VAIO Content Folder Setting (HKLM\...\{23825B69-36DF-4DAD-9CFD-118D11D80F16}) (Version: 2.1.0.08260 - Sony Corporation)
VAIO Content Folder Watcher (HKLM\...\{327B75F0-92AF-420A-988F-FA596A218E0B}) (Version: 1.0.01.09030 - Sony Corporation)
VAIO Content Folder Watcher (Version: 1.0.01.09030 - Sony Corporation) Hidden
VAIO Content Metadata Intelligent Analyzing Manager (HKLM\...\{FD72E69E-CF34-4071-BFD6-FD081A365E2C}) (Version: 3.2.00.06115 - Sony Corporation)
VAIO Content Metadata Intelligent Analyzing Manager (Version: 3.2.00.06115 - Sony Corporation) Hidden
VAIO Content Metadata Manager Setting (HKLM\...\{FE697886-F392-4E0D-A0C0-47587BF60992}) (Version: 3.2.00.06062 - Sony Corporation)
VAIO Content Metadata Manager Setting (Version: 3.2.00.06062 - Sony Corporation) Hidden
VAIO Content Metadata XML Interface Library (HKLM\...\{CB8A8696-93EC-414E-A752-850AB133F68A}) (Version: 3.2.00.06112 - Sony Corporation)
VAIO Content Metadata XML Interface Library (Version: 3.2.00.06112 - Sony Corporation) Hidden
VAIO Control Center (HKLM\...\{72042FA6-5609-489F-A8EA-3C2DD650F667}) (Version: 3.2.0.09120 - Sony Corporation)
VAIO Data Restore Tool (HKLM\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.0.04.01170 - Sony Corporation)
VAIO DVD Menu Data Basic (HKLM\...\{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}) (Version: 1.0.00.08130 - Sony Corporation)
VAIO Entertainment Platform (HKLM\...\{6B1F20F2-6321-4669-A58C-33DF8E7517FF}) (Version: 3.2.3.10070 - Sony Corporation)
VAIO Entertainment Platform (Version: 3.2.3.10070 - Sony Corporation) Hidden
VAIO Event Service (HKLM\...\{C7477742-DDB4-43E5-AC8D-0259E1E661B1}) (Version: 4.2.0.10172 - Sony Corporation)
VAIO Help and Support (HKLM\...\{2F839384-6AB0-449B-8772-25E607036357}) (Version: 7.10.1013.ENCA - Sony Corporation)
VAIO Launcher (HKLM\...\{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}) (Version: 2.2.0.09090 - Sony Corporation)
VAIO Media plus (HKLM\...\{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}) (Version: 1.2.0.10230 - Sony Corporation)
VAIO Media plus (Version: 1.2.0.10230 - Sony Corporation) Hidden
VAIO Media plus Opening Movie (HKLM\...\{6BF03C88-C06A-48DC-B9A1-FE72B24E5FA9}) (Version: 1.2.0.09050 - Sony Corporation)
VAIO Movie Story (HKLM\...\{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}) (Version: 1.3.01.08060 - Sony Corporation)
VAIO Movie Story (Version: 1.3.01.08060 - Sony Corporation) Hidden
VAIO Movie Story Template Data (HKLM\...\{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}) (Version: 1.3.00.06120 - Sony Corporation)
VAIO MusicBox (HKLM\...\{4EA55D20-27FB-45D7-8726-147E8A5F6C62}) (Version: 2.1.1.09160 - Sony Corporation)
VAIO MusicBox Sample Music (HKLM\...\{98FC7A64-774B-49B5-B046-4B4EBC053FA9}) (Version: 1.1.00.14140 - Sony Corporation)
VAIO My Memory Center (HKLM\...\{72B5983C-80C7-4225-BA72-E92AE1D59C62}) (Version: 2.00.1029 - Sony)
VAIO OOBE and Welcome Center (HKLM\...\{1B500D37-E7CF-480B-8054-8A563594EC4E}) (Version: 7.10.1020.ENCA - Sony Corporation)
VAIO Original Function Setting (HKLM\...\{A63E7492-A0BC-4BB9-89A7-352965222380}) (Version: 1.4.00.04230 - Sony Corporation)
VAIO Power Management (HKLM\...\{5F5867F0-2D23-4338-A206-01A76C823924}) (Version: 3.2.0.10200 - Sony Corporation)
VAIO Presentation Support (HKLM\...\{2018C019-30D9-4240-8C01-0865C10DCF5A}) (Version: 1.1.0.08250 - Sony Corporation)
VAIO Update 4 (HKLM\...\{83CDA18E-0BF3-4ACA-872C-B4CDABF2360E}) (Version: 4.0.0.08280 - Sony Corporation)
VAIO Wallpaper Contents (HKLM\...\{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}) (Version: 1.3.0.10310 - Sony Corporation)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Visual C++ 9.0 ATL (x86) WinSXS MSM (Version: 9.0 - Microsoft Corporation) Hidden
VLC media player 2.0.6 (HKLM\...\VLC media player) (Version: 2.0.6 - VideoLAN)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinDVD for VAIO (HKLM\...\InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}) (Version: 8.0-B9.602 - InterVideo Inc.)
WinDVD for VAIO (Version: 8.0-B9.602 - InterVideo Inc.) Hidden
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Search Protection (HKLM\...\Yahoo! Search Defender) (Version:  - ) <==== ATTENTION
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version:  - )
ZoneAlarm Antivirus (Version: 13.2.015.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Firewall (Version: 13.2.015.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Antivirus + Firewall (HKLM\...\ZoneAlarm Free Antivirus + Firewall) (Version: 13.2.015.000 - Check Point)
ZoneAlarm Security (Version: 13.2.015.000 - Check Point Software Technologies Ltd.) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-4053413996-3777074439-3961029037-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-4053413996-3777074439-3961029037-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-4053413996-3777074439-3961029037-1000_Classes\CLSID\{49BBAA3C-C574-419E-8378-783C362E9C15}\InprocServer32 -> C:\Program Files\HP\Common\FWUpdateEDO2.dll (Hewlett-Packard Co.)
CustomCLSID: HKU\S-1-5-21-4053413996-3777074439-3961029037-1000_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-4053413996-3777074439-3961029037-1000_Classes\CLSID\{C98FE784-B96E-41e1-8399-1337AE3E539F}\InprocServer32 -> C:\Users\Sony\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
CustomCLSID: HKU\S-1-5-21-4053413996-3777074439-3961029037-1000_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-4053413996-3777074439-3961029037-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-4053413996-3777074439-3961029037-1000_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-4053413996-3777074439-3961029037-1000_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Users\Sony\AppData\Local\Google\Update\1.3.21.65\psuser.dll No File
 
==================== Restore Points  =========================
 
11-05-2014 22:31:33 VAIO Care Automatic Restore Point
21-05-2014 19:12:09 Windows Update
23-05-2014 18:30:52 Windows Modules Installer
24-05-2014 07:00:08 Scheduled Checkpoint
24-05-2014 10:00:28 Windows Update
01-06-2014 20:16:15 Removed Safari
01-06-2014 20:30:59 Removed iTunes
01-06-2014 20:35:10 Removed Apple Application Support
01-06-2014 20:39:07 Removed Apple Software Update
01-06-2014 20:40:19 Removed Apple Mobile Device Support
01-06-2014 20:41:57 Removed Bonjour
01-06-2014 20:48:43 Windows Update
02-06-2014 02:56:14 Windows Update
02-06-2014 02:58:52 Device Driver Package Install: Check Point Software Technologies Ltd. Network Service
03-06-2014 07:00:08 Scheduled Checkpoint
06-06-2014 17:34:33 Windows Update
09-06-2014 09:46:55 Scheduled Checkpoint
26-06-2014 02:04:51 Windows Update
28-06-2014 12:49:14 Windows Update
29-06-2014 22:56:23 VAIO Care Automatic Restore Point
02-07-2014 16:23:41 Windows Update
03-07-2014 20:55:58 Scheduled Checkpoint
29-08-2014 15:59:22 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 03:23 - 2014-06-01 19:29 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {5EE8687A-57E1-4427-82DF-1A0D13096B97} - System32\Tasks\SONY\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe [2008-08-28] (Sony Corporation)
Task: {61566135-3814-4391-99E4-ADF07C2CD4EE} - System32\Tasks\{A011F8AB-2D94-42F4-A1BC-84A69DFBCA3C} => C:\Program Files\Skype\Phone\Skype.exe [2014-05-08] (Skype Technologies S.A.)
Task: {6BF47F74-720C-4372-8146-DA2A836D1235} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {8142D98A-225E-4776-B1A7-51BE22AFE913} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2014-01-05] ()
Task: {8F0CBB50-A618-43C6-897B-E31B620D3201} - System32\Tasks\VAIO Care Service => C:\Program Files\Sony\VAIO Care\VAIOCareService.exe [2009-12-04] (Sony Corporation)
Task: {8FFEEDBC-4BBE-4159-85E0-4866AAABE798} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-12-13] (Google Inc.)
Task: {9EA5C7B6-4B33-42CD-BB2C-65836A4DA687} - System32\Tasks\SONY\VAIO Wallpaper Setting Tool\VAIO Wallpaper Setting Tool => C:\Program Files\Sony\VAIO Wallpaper Setting Tool\VWSet.exe [2008-06-27] (Sony Corporation)
Task: {CFE90559-DB7B-4DAA-8690-00F2D32ADC30} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-12-13] (Google Inc.)
Task: {D2E845F3-50ED-40CC-9DDB-EACD499E5666} - System32\Tasks\HPCustParticipation HP Deskjet 3520 series => C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {DD867303-E387-4A55-B4CC-84FAC9A7EF7F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-29] (Adobe Systems Incorporated)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {EF5FEAAA-4EB5-45AD-8379-1EE91915DE9C} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {EF94F9C3-C1D5-43F5-B477-4D4EBE44AFF3} - System32\Tasks\VAIO Care => C:\Program Files\Sony\VAIO Care\VCsystray.exe [2009-12-04] (Sony Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{CE5964CA-C260-47C5-BC01-442E9C326241}.job => C:\Windows\system32\msfeedssync.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2011-07-12 09:08 - 2011-07-12 09:08 - 00018432 _____ () C:\Users\Sony\AppData\LocalLow\QuickTime\IE\QuickTimeUpdater.exe
2008-11-15 00:51 - 2008-10-17 19:19 - 00010752 _____ () C:\Program Files\Sony\VAIO Event Service\VESBasePS.dll
2008-11-15 00:51 - 2008-10-17 19:19 - 00009728 _____ () C:\Program Files\Sony\VAIO Event Service\VESMgrSubPS.dll
2013-02-12 19:37 - 2013-02-12 19:37 - 01263952 _____ () C:\Program Files\DivX\DivX Update\DivXUpdate.exe
2013-02-12 19:38 - 2013-02-12 19:38 - 00100688 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
2014-08-29 08:39 - 2014-08-29 08:39 - 00098816 _____ () C:\Users\Sony\AppData\Local\Temp\_MEI43202\win32api.pyd
2014-08-29 08:40 - 2014-08-29 08:40 - 00110080 _____ () C:\Users\Sony\AppData\Local\Temp\_MEI43202\pywintypes27.dll
2014-08-29 08:39 - 2014-08-29 08:39 - 00364544 _____ () C:\Users\Sony\AppData\Local\Temp\_MEI43202\pythoncom27.dll
2014-08-29 08:39 - 2014-08-29 08:39 - 00045568 _____ () C:\Users\Sony\AppData\Local\Temp\_MEI43202\_socket.pyd
2014-08-29 08:40 - 2014-08-29 08:40 - 01160704 _____ () C:\Users\Sony\AppData\Local\Temp\_MEI43202\_ssl.pyd
2014-08-29 08:39 - 2014-08-29 08:39 - 00320512 _____ () C:\Users\Sony\AppData\Local\Temp\_MEI43202\win32com.shell.shell.pyd
2014-08-29 08:40 - 2014-08-29 08:40 - 00713216 _____ () C:\Users\Sony\AppData\Local\Temp\_MEI43202\_hashlib.pyd
2014-08-29 08:39 - 2014-08-29 08:39 - 01175040 _____ () C:\Users\Sony\AppData\Local\Temp\_MEI43202\wx._core_.pyd
2014-08-29 08:40 - 2014-08-29 08:40 - 00805888 _____ () C:\Users\Sony\AppData\Local\Temp\_MEI43202\wx._gdi_.pyd
2014-08-29 08:40 - 2014-08-29 08:40 - 00811008 _____ () C:\Users\Sony\AppData\Local\Temp\_MEI43202\wx._windows_.pyd
2014-08-29 08:39 - 2014-08-29 08:39 - 01062400 _____ () C:\Users\Sony\AppData\Local\Temp\_MEI43202\wx._controls_.pyd
2014-08-29 08:39 - 2014-08-29 08:39 - 00735232 _____ () C:\Users\Sony\AppData\Local\Temp\_MEI43202\wx._misc_.pyd
2014-08-29 08:39 - 2014-08-29 08:39 - 00128512 _____ () C:\Users\Sony\AppData\Local\Temp\_MEI43202\_elementtree.pyd
2014-08-29 08:39 - 2014-08-29 08:39 - 00127488 _____ () C:\Users\Sony\AppData\Local\Temp\_MEI43202\pyexpat.pyd
2014-08-29 08:39 - 2014-08-29 08:39 - 00557056 _____ () C:\Users\Sony\AppData\Local\Temp\_MEI43202\pysqlite2._sqlite.pyd
2014-08-29 08:40 - 2014-08-29 08:40 - 00007168 _____ () C:\Users\Sony\AppData\Local\Temp\_MEI43202\hashobjs_ext.pyd
2014-08-29 08:39 - 2014-08-29 08:39 - 00087552 _____ () C:\Users\Sony\AppData\Local\Temp\_MEI43202\_ctypes.pyd
2014-08-29 08:39 - 2014-08-29 08:39 - 00119808 _____ () C:\Users\Sony\AppData\Local\Temp\_MEI43202\win32file.pyd
2014-08-29 08:39 - 2014-08-29 08:39 - 00108544 _____ () C:\Users\Sony\AppData\Local\Temp\_MEI43202\win32security.pyd
2014-08-29 08:39 - 2014-08-29 08:39 - 00018432 _____ () C:\Users\Sony\AppData\Local\Temp\_MEI43202\win32event.pyd
2014-08-29 08:39 - 2014-08-29 08:39 - 00038912 _____ () C:\Users\Sony\AppData\Local\Temp\_MEI43202\win32inet.pyd
2014-08-29 08:39 - 2014-08-29 08:40 - 00070656 _____ () C:\Users\Sony\AppData\Local\Temp\_MEI43202\wx._html2.pyd
2014-08-29 08:39 - 2014-08-29 08:39 - 00167936 _____ () C:\Users\Sony\AppData\Local\Temp\_MEI43202\win32gui.pyd
2014-08-29 08:39 - 2014-08-29 08:39 - 00011264 _____ () C:\Users\Sony\AppData\Local\Temp\_MEI43202\win32crypt.pyd
2014-08-29 08:40 - 2014-08-29 08:40 - 00027136 _____ () C:\Users\Sony\AppData\Local\Temp\_MEI43202\_multiprocessing.pyd
2014-08-29 08:39 - 2014-08-29 08:39 - 00122368 _____ () C:\Users\Sony\AppData\Local\Temp\_MEI43202\wx._wizard.pyd
2014-08-29 08:39 - 2014-08-29 08:39 - 00010240 _____ () C:\Users\Sony\AppData\Local\Temp\_MEI43202\select.pyd
2014-08-29 08:39 - 2014-08-29 08:39 - 00024064 _____ () C:\Users\Sony\AppData\Local\Temp\_MEI43202\win32pipe.pyd
2014-08-29 08:39 - 2014-08-29 08:39 - 00686080 _____ () C:\Users\Sony\AppData\Local\Temp\_MEI43202\unicodedata.pyd
2014-08-29 08:39 - 2014-08-29 08:39 - 00025600 _____ () C:\Users\Sony\AppData\Local\Temp\_MEI43202\win32pdh.pyd
2014-08-29 08:39 - 2014-08-29 08:39 - 00525640 _____ () C:\Users\Sony\AppData\Local\Temp\_MEI43202\windows._lib_cacheinvalidation.pyd
2014-08-29 08:39 - 2014-08-29 08:39 - 00035840 _____ () C:\Users\Sony\AppData\Local\Temp\_MEI43202\win32process.pyd
2014-08-29 08:39 - 2014-08-29 08:39 - 00017408 _____ () C:\Users\Sony\AppData\Local\Temp\_MEI43202\win32profile.pyd
2014-08-29 08:39 - 2014-08-29 08:39 - 00022528 _____ () C:\Users\Sony\AppData\Local\Temp\_MEI43202\win32ts.pyd
2014-08-29 08:39 - 2014-08-29 08:39 - 00078336 _____ () C:\Users\Sony\AppData\Local\Temp\_MEI43202\wx._animate.pyd
2009-10-04 17:29 - 2012-02-22 18:49 - 00921600 _____ () C:\Program Files\Yahoo!\Messenger\yui.dll
2014-06-25 19:51 - 2014-06-05 06:58 - 04217672 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\pdf.dll
2014-06-25 19:51 - 2014-06-05 06:58 - 00414536 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
2014-06-25 19:51 - 2014-06-05 06:58 - 01732424 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
2014-05-09 17:55 - 2014-02-10 13:44 - 04592128 _____ () C:\Users\Sony\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-05-09 17:55 - 2014-02-10 13:44 - 00112128 _____ () C:\Users\Sony\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:D287FACF
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: ACDaemon => 3
MSCONFIG\Services: tvMobiliService => 2
MSCONFIG\startupfolder: C:^Users^Sony^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Jacquie Lawson London Advent Calendar.lnk => C:\Windows\pss\Jacquie Lawson London Advent Calendar.lnk.Startup
MSCONFIG\startupreg: OtShot => C:\Program Files\OtShot\otshot.exe -minimize
MSCONFIG\startupreg: Search Protection => C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
MSCONFIG\startupreg: YSearchProtection => "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/29/2014 08:49:12 AM) (Source: MsiInstaller) (EventID: 1024) (User: Sony-PC)
Description: Product: Adobe Reader XI (11.0.07) - Update '{AC76BA86-7AD7-0000-2550-7A8C40011008}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
 
Error: (08/29/2014 08:39:30 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/29/2014 08:39:21 AM) (Source: VzCdbSvc) (EventID: 7) (User: )
Description: Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error code = 0x80042019)
 
Error: (08/16/2014 10:12:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/16/2014 10:11:18 PM) (Source: VzCdbSvc) (EventID: 7) (User: )
Description: Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error code = 0x80042019)
 
Error: (07/04/2014 10:45:26 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/04/2014 10:44:30 AM) (Source: VzCdbSvc) (EventID: 7) (User: )
Description: Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error code = 0x80042019)
 
Error: (06/29/2014 06:36:44 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/29/2014 06:36:27 AM) (Source: VzCdbSvc) (EventID: 7) (User: )
Description: Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error code = 0x80042019)
 
Error: (06/28/2014 06:11:47 AM) (Source: VzCdbSvc) (EventID: 7) (User: )
Description: Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error code = 0x80042019)
 
 
System errors:
=============
Error: (11/03/2009 07:37:45 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:35:20 PM on 11/3/2009 was unexpected.
 
Error: (11/03/2009 00:34:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
 
Error: (11/03/2009 00:34:44 PM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos
 
Error: (11/03/2009 00:34:44 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: C:\Windows\system32\athihvs.dll126
 
Error: (11/03/2009 00:34:35 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY)
Description: 0x8000002a62\??\C:\Users\Sony\AppData\Local\Microsoft\Windows\UsrClass.dat
 
Error: (11/03/2009 00:33:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Windows Search%%1053
 
Error: (11/03/2009 00:33:25 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Windows Search
 
Error: (11/03/2009 00:33:25 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
Error: (11/03/2009 08:19:32 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
 
Error: (11/03/2009 08:19:07 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: C:\Windows\system32\athihvs.dll126
 
 
Microsoft Office Sessions:
=========================
Error: (08/29/2014 08:49:12 AM) (Source: MsiInstaller) (EventID: 1024) (User: Sony-PC)
Description: Adobe Reader XI (11.0.07){AC76BA86-7AD7-0000-2550-7A8C40011008}1625(NULL)(NULL)
 
Error: (08/29/2014 08:39:30 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/29/2014 08:39:21 AM) (Source: VzCdbSvc) (EventID: 7) (User: )
Description: {56F9312C-C989-4E04-8C23-299DEE3A36F5}0x80042019
 
Error: (08/16/2014 10:12:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/16/2014 10:11:18 PM) (Source: VzCdbSvc) (EventID: 7) (User: )
Description: {56F9312C-C989-4E04-8C23-299DEE3A36F5}0x80042019
 
Error: (07/04/2014 10:45:26 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/04/2014 10:44:30 AM) (Source: VzCdbSvc) (EventID: 7) (User: )
Description: {56F9312C-C989-4E04-8C23-299DEE3A36F5}0x80042019
 
Error: (06/29/2014 06:36:44 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/29/2014 06:36:27 AM) (Source: VzCdbSvc) (EventID: 7) (User: )
Description: {56F9312C-C989-4E04-8C23-299DEE3A36F5}0x80042019
 
Error: (06/28/2014 06:11:47 AM) (Source: VzCdbSvc) (EventID: 7) (User: )
Description: {56F9312C-C989-4E04-8C23-299DEE3A36F5}0x80042019
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-08-29 10:35:42.512
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\kl1.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-29 10:35:41.719
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\kl1.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-29 10:35:40.931
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\kl1.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-29 10:35:40.183
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\kl1.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-29 10:35:27.573
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\kl1.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-29 10:35:26.737
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\kl1.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-29 10:35:25.789
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\kl1.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-29 10:35:24.776
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\kl1.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-29 10:34:49.830
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\klif.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-29 10:34:49.170
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\klif.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® Dual CPU T3400 @ 2.16GHz
Percentage of memory in use: 70%
Total physical RAM: 2938.31 MB
Available physical RAM: 867.75 MB
Total Pagefile: 6096.84 MB
Available Pagefile: 3872.14 MB
Total Virtual: 2047.88 MB
Available Virtual: 1918.83 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:224.41 GB) (Free:95.01 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: 2F010377)
Partition 1: (Not Active) - (Size=8.5 GB) - (Type=27)
Partition 2: (Active) - (Size=224.4 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

 

Attached Files



#4 nexus6ca

nexus6ca
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:44 PM

Posted 29 August 2014 - 01:43 PM

And sure Gary you can call me Jason.  :)



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,580 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:44 PM

Posted 29 August 2014 - 01:59 PM

Hi Jason and thanks for providing the information. Although there are some things we need to address, it does not appear you have the same type of infection you had on your other computer.

Please do this.

===================================================

Uninstalling a Program using Add/Remove Program

--------------------
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type appwiz.cpl and press Enter
  • A list of installed programs will be displayed
  • Uninstall the following by clicking on the program(s) below (and any other similar names) and selecting Remove or Uninstall

Yahoo! Search Protection


===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on Scan
  • Upon completion click Report
  • Review the entries and uncheck any items you would like to keep on your computer (leaving an item checked will cause its deletion)
  • Click Clean to remove the items still checked
  • Click OK twice to reboot your computer
  • Copy and paste the contents of the text file on your desktop upon reboot in your reply
  • You can also find the logfile at C:\AdwCleaner\AdwCleaner.txt
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message attempt to run the program in Safe Mode
  • Press any key to start the program
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 HSXHWAZL; No ImagePath
S3 IpInIp; No ImagePath
S2 mdmxsdk; No ImagePath
S3 Netaapl; system32\DRIVERS\netaapl.sys [X]
S3 NwlnkFlt; No ImagePath
S3 NwlnkFwd; No ImagePath
S4 UIUSys; No ImagePath
S3 USBAAPL; System32\Drivers\usbaapl.sys [X]
U3 mbr; \??\C:\Users\Sony\AppData\Local\Temp\mbr.sys [X]
CustomCLSID: HKU\S-1-5-21-4053413996-3777074439-3961029037-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-4053413996-3777074439-3961029037-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-4053413996-3777074439-3961029037-1000_Classes\CLSID\{49BBAA3C-C574-419E-8378-783C362E9C15}\InprocServer32 -> C:\Program Files\HP\Common\FWUpdateEDO2.dll (Hewlett-Packard Co.)
CustomCLSID: HKU\S-1-5-21-4053413996-3777074439-3961029037-1000_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-4053413996-3777074439-3961029037-1000_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-4053413996-3777074439-3961029037-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-4053413996-3777074439-3961029037-1000_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-4053413996-3777074439-3961029037-1000_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Users\Sony\AppData\Local\Google\Update\1.3.21.65\psuser.dll No File
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:D287FACF
EmptyTemp:
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Did Yahoo Search Protection uninstall properly?
  • Junkware log
  • AdwCleaner log
  • Security Check log
  • Fixlog
  • Are you currently experiencing any issues?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 nexus6ca

nexus6ca
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:44 PM

Posted 29 August 2014 - 02:59 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows Vista ™ Home Premium x86
Ran by Sony on Fri 08/29/2014 at 12:02:52.22
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\bandoocore.bandoocore
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\bandoocore.bandoocore.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\bandoocore.resourcesmngr
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\bandoocore.resourcesmngr.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\bandoocore.settingsmngr
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\bandoocore.settingsmngr.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\bandoocore.statisticmngr
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\bandoocore.statisticmngr.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{A01A3335-0C30-4312-A430-92356CC37A92}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\bandoocore.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escort.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{6F43FA77-C18F-4D0C-9C7E-958876FE2061}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{DF948646-8BF4-450E-A059-CF8A4E0FE2BE}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{E96B49B0-E11F-48FC-984A-EEC29A4F57E1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{62E5C9E1-A0E8-4F8C-8EAF-0F9250CC5786}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\mediafinder
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\searchqumediabartb
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\download with &media finder
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\bandoo
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylntlbr.bbylntlbrhlpr
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylntlbr.bbylntlbrhlpr.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\driverscanner
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mf
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3286042
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CB6F4CEA-263B-465B-BB5B-D3F5DFBB3970}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\Sony\AppData\Roaming\media finder"
Successfully deleted: [Folder] "C:\Users\Sony\appdata\locallow\babylontoolbar"
Successfully deleted: [Folder] "C:\Users\Sony\appdata\locallow\boost_interprocess"
Successfully deleted: [Folder] "C:\Users\Sony\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Sony\appdata\locallow\funwebproducts"
Successfully deleted: [Folder] "C:\Users\Sony\appdata\locallow\ironsource"
Successfully deleted: [Folder] "C:\Users\Sony\appdata\locallow\searchqutb"
Successfully deleted: [Folder] "C:\Users\Sony\Local Settings\Application Data\cre"
Successfully deleted: [Folder] "C:\Program Files\otshot"
 
 
 
~~~ Chrome
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 08/29/2014 at 12:07:38.03
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

# AdwCleaner v3.308 - Report created 29/08/2014 at 12:10:02
# Updated 20/08/2014 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : Sony - SONY-PC
# Running from : C:\Users\Sony\Downloads\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\Users\Sony\AppData\Roaming\Mozilla\Firefox\Profiles\d3y9zury.default\searchplugins\browsemngr.xml
File Found : C:\Users\Sony\AppData\Roaming\Mozilla\Firefox\Profiles\d3y9zury.default\searchplugins\mywebsearch.xml
File Found : C:\Users\Sony\AppData\Roaming\Mozilla\Firefox\Profiles\d3y9zury.default\searchplugins\SearchquWebSearch.xml
File Found : C:\Users\Sony\AppData\Roaming\Mozilla\Firefox\Profiles\d3y9zury.default\searchplugins\SearchYa!.xml
File Found : C:\Users\Sony\AppData\Roaming\Mozilla\Firefox\Profiles\d3y9zury.default\user.js
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\otshot
Folder Found : C:\Users\Sony\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com
Folder Found : C:\Users\Sony\AppData\Roaming\Mozilla\Firefox\Profiles\d3y9zury.default\Conduit
Folder Found : C:\Users\Sony\AppData\Roaming\Mozilla\Firefox\Profiles\d3y9zury.default\CT2392836
Folder Found : C:\Users\Sony\AppData\Roaming\Mozilla\Firefox\Profiles\d3y9zury.default\CT2438727
Folder Found : C:\Users\Sony\AppData\Roaming\Mozilla\Firefox\Profiles\d3y9zury.default\CT3286042
Folder Found : C:\Users\Sony\AppData\Roaming\Mozilla\Firefox\Profiles\d3y9zury.default\Extensions\{00bf7b9c-acd2-4080-bea8-b1c41987070f}
Folder Found : C:\Users\Sony\AppData\Roaming\Mozilla\Firefox\Profiles\d3y9zury.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Folder Found : C:\Users\Sony\AppData\Roaming\Mozilla\Firefox\Profiles\d3y9zury.default\Extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
Folder Found : C:\Users\Sony\AppData\Roaming\Mozilla\Firefox\Profiles\d3y9zury.default\Extensions\{9ed31f84-c8b3-4926-b950-dff74047ff79}
Folder Found : C:\Users\Sony\AppData\Roaming\Mozilla\Firefox\Profiles\d3y9zury.default\Extensions\ffxtlbr@babylon.com
Folder Found : C:\Users\Sony\AppData\Roaming\Mozilla\Firefox\Profiles\d3y9zury.default\Extensions\firefox@bandoo.com
Folder Found : C:\Users\Sony\AppData\Roaming\Mozilla\Firefox\Profiles\d3y9zury.default\Extensions\staged\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\AppDataLow\Software\searchqutb
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43B7-BEA3-87217BDA74C8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\I Want This
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mywebsearch bar uninstall
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Found : HKLM\SOFTWARE\Classes\AppID\{50F7F0BE-31BA-4145-BD8B-6B0DECFED804}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Found : HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}
Key Found : HKLM\SOFTWARE\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
Key Found : HKLM\SOFTWARE\Classes\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
Key Found : HKLM\SOFTWARE\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3E720451-B472-4954-B7AA-33069EB53906}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
Key Found : HKLM\SOFTWARE\Classes\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7FF99715-3016-4381-84CE-E4E4C9673020}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494
Key Found : HKLM\SOFTWARE\Uniblue
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16555
 
 
-\\ Mozilla Firefox v
 
[ File : C:\Users\Sony\AppData\Roaming\Mozilla\Firefox\Profiles\d3y9zury.default\prefs.js ]
 
Line Found : user_pref("CT2392836.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Found : user_pref("CT2392836.CTID", "CT2392836");
Line Found : user_pref("CT2392836.CurrentServerDate", "23-12-2010");
Line Found : user_pref("CT2392836.DialogsAlignMode", "LTR");
Line Found : user_pref("CT2392836.DownloadReferralCookieData", "");
Line Found : user_pref("CT2392836.EMailNotifierPollDate", "Thu Dec 23 2010 18:16:29 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2392836.ExternalComponentPollDate129173813012786425", "Wed Dec 22 2010 03:00:02 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2392836.FirstServerDate", "13-7-2010");
Line Found : user_pref("CT2392836.FirstTime", true);
Line Found : user_pref("CT2392836.FirstTimeFF3", true);
Line Found : user_pref("CT2392836.FirstTimeSettingsDone", true);
Line Found : user_pref("CT2392836.FixPageNotFoundErrors", true);
Line Found : user_pref("CT2392836.GroupingServerCheckInterval", 1440);
Line Found : user_pref("CT2392836.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Found : user_pref("CT2392836.Initialize", true);
Line Found : user_pref("CT2392836.InitializeCommonPrefs", true);
Line Found : user_pref("CT2392836.InstallationAndCookieDataSentCount", 3);
Line Found : user_pref("CT2392836.InstalledDate", "Wed Jul 14 2010 09:52:04 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT2392836.InvalidateCache", false);
Line Found : user_pref("CT2392836.IsGrouping", false);
Line Found : user_pref("CT2392836.IsMulticommunity", false);
Line Found : user_pref("CT2392836.IsOpenThankYouPage", true);
Line Found : user_pref("CT2392836.IsOpenUninstallPage", true);
Line Found : user_pref("CT2392836.LanguagePackLastCheckTime", "Sun Dec 19 2010 22:45:48 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2392836.LanguagePackReloadIntervalMM", 1440);
Line Found : user_pref("CT2392836.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Found : user_pref("CT2392836.LastLogin_2.7.1.3", "Thu Dec 23 2010 15:07:23 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2392836.LatestVersion", "3.2.5.2");
Line Found : user_pref("CT2392836.Locale", "en");
Line Found : user_pref("CT2392836.LoginCache", 4);
Line Found : user_pref("CT2392836.MCDetectTooltipHeight", "83");
Line Found : user_pref("CT2392836.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Found : user_pref("CT2392836.MCDetectTooltipWidth", "295");
Line Found : user_pref("CT2392836.RadioIsPodcast", false);
Line Found : user_pref("CT2392836.RadioLastCheckTime", "Thu Dec 23 2010 03:01:02 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2392836.RadioLastUpdateIPServer", "3");
Line Found : user_pref("CT2392836.RadioLastUpdateServer", "3");
Line Found : user_pref("CT2392836.RadioMediaID", "9962");
Line Found : user_pref("CT2392836.RadioMediaType", "Media Player");
Line Found : user_pref("CT2392836.RadioMenuSelectedID", "EBRadioMenu_CT23928369962");
Line Found : user_pref("CT2392836.RadioStationName", "California%20Rock");
Line Found : user_pref("CT2392836.RadioStationURL", "hxxp://feedlive.net/california.asx");
Line Found : user_pref("CT2392836.SHRINK_TOOLBAR", 1);
Line Found : user_pref("CT2392836.SavedHomepage", "hxxp://www.searchqu.com/");
Line Found : user_pref("CT2392836.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2392836&octid=EB_ORIGINAL_CTID&SearchSource=1");
Line Found : user_pref("CT2392836.SearchFromAddressBarIsInit", true);
Line Found : user_pref("CT2392836.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2392836&q=");
Line Found : user_pref("CT2392836.SearchInNewTabEnabled", true);
Line Found : user_pref("CT2392836.SearchInNewTabIntervalMM", 1440);
Line Found : user_pref("CT2392836.SearchInNewTabLastCheckTime", "Sun Dec 19 2010 22:45:47 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2392836.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Line Found : user_pref("CT2392836.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
Line Found : user_pref("CT2392836.SettingsCheckIntervalMin", 120);
Line Found : user_pref("CT2392836.SettingsLastCheckTime", "Sun Dec 19 2010 22:45:45 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2392836.SettingsLastUpdate", "1287770368");
Line Found : user_pref("CT2392836.ThirdPartyComponentsInterval", 504);
Line Found : user_pref("CT2392836.ThirdPartyComponentsLastCheck", "Sun Dec 19 2010 22:45:45 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2392836.ThirdPartyComponentsLastUpdate", "1279025911");
Line Found : user_pref("CT2392836.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=101&sealid=112");
Line Found : user_pref("CT2392836.UserID", "UN13615914203452784");
Line Found : user_pref("CT2392836.ValidationData_Search", 2);
Line Found : user_pref("CT2392836.ValidationData_Toolbar", 2);
Line Found : user_pref("CT2392836.WeatherNetwork", "");
Line Found : user_pref("CT2392836.WeatherPollDate", "Thu Dec 23 2010 18:01:37 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2392836.WeatherUnit", "C");
Line Found : user_pref("CT2392836.alertChannelId", "787548");
Line Found : user_pref("CT2392836.backendstorage.appbuttondisablenull", "30");
Line Found : user_pref("CT2392836.clientLogIsEnabled", true);
Line Found : user_pref("CT2392836.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Found : user_pref("CT2392836.components.1000034", true);
Line Found : user_pref("CT2392836.myStuffEnabled", true);
Line Found : user_pref("CT2392836.myStuffPublihserMinWidth", 400);
Line Found : user_pref("CT2392836.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Found : user_pref("CT2392836.myStuffServiceIntervalMM", 1440);
Line Found : user_pref("CT2392836.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Found : user_pref("CT2392836.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Found : user_pref("CT2438727.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Found : user_pref("CT2438727.CTID", "CT2438727");
Line Found : user_pref("CT2438727.CurrentServerDate", "23-12-2010");
Line Found : user_pref("CT2438727.DialogsAlignMode", "LTR");
Line Found : user_pref("CT2438727.DownloadReferralCookieData", "");
Line Found : user_pref("CT2438727.FirstServerDate", "17-3-2010");
Line Found : user_pref("CT2438727.FirstTime", true);
Line Found : user_pref("CT2438727.FirstTimeFF3", true);
Line Found : user_pref("CT2438727.FirstTimeSettingsDone", true);
Line Found : user_pref("CT2438727.GroupingServerCheckInterval", 1440);
Line Found : user_pref("CT2438727.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Found : user_pref("CT2438727.Initialize", true);
Line Found : user_pref("CT2438727.InitializeCommonPrefs", true);
Line Found : user_pref("CT2438727.InstallationAndCookieDataSentCount", 3);
Line Found : user_pref("CT2438727.InstalledDate", "Thu Mar 18 2010 06:37:09 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT2438727.IsGrouping", false);
Line Found : user_pref("CT2438727.IsMulticommunity", false);
Line Found : user_pref("CT2438727.IsOpenThankYouPage", true);
Line Found : user_pref("CT2438727.IsOpenUninstallPage", true);
Line Found : user_pref("CT2438727.LanguagePackLastCheckTime", "Sun Dec 19 2010 22:45:40 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2438727.LanguagePackReloadIntervalMM", 1440);
Line Found : user_pref("CT2438727.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Found : user_pref("CT2438727.LastLogin_2.5.7.3", "Tue Jul 13 2010 20:45:36 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT2438727.LastLogin_2.7.1.3", "Thu Dec 23 2010 15:07:23 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2438727.LatestVersion", "2.7.1.3");
Line Found : user_pref("CT2438727.Locale", "en");
Line Found : user_pref("CT2438727.LoginCache", 4);
Line Found : user_pref("CT2438727.MCDetectTooltipHeight", "83");
Line Found : user_pref("CT2438727.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Found : user_pref("CT2438727.MCDetectTooltipWidth", "295");
Line Found : user_pref("CT2438727.SHRINK_TOOLBAR", 1);
Line Found : user_pref("CT2438727.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2438727&octid=EB_ORIGINAL_CTID&SearchSource=1");
Line Found : user_pref("CT2438727.SearchFromAddressBarIsInit", true);
Line Found : user_pref("CT2438727.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2438727&q=");
Line Found : user_pref("CT2438727.SearchInNewTabEnabled", true);
Line Found : user_pref("CT2438727.SearchInNewTabIntervalMM", 1440);
Line Found : user_pref("CT2438727.SearchInNewTabLastCheckTime", "Sun Dec 19 2010 22:45:38 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2438727.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Line Found : user_pref("CT2438727.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
Line Found : user_pref("CT2438727.SettingsCheckIntervalMin", 120);
Line Found : user_pref("CT2438727.SettingsLastCheckTime", "Sun Dec 19 2010 22:45:37 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2438727.SettingsLastUpdate", "1287517459");
Line Found : user_pref("CT2438727.ThirdPartyComponentsInterval", 504);
Line Found : user_pref("CT2438727.ThirdPartyComponentsLastCheck", "Sun Dec 19 2010 22:45:37 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2438727.ThirdPartyComponentsLastUpdate", "1278548974");
Line Found : user_pref("CT2438727.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=101&sealid=112");
Line Found : user_pref("CT2438727.UserID", "UN31933296527014654");
Line Found : user_pref("CT2438727.ValidationData_Search", 2);
Line Found : user_pref("CT2438727.ValidationData_Toolbar", 2);
Line Found : user_pref("CT2438727.alertChannelId", "832836");
Line Found : user_pref("CT2438727.clientLogIsEnabled", true);
Line Found : user_pref("CT2438727.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Found : user_pref("CT2438727.myStuffEnabled", true);
Line Found : user_pref("CT2438727.myStuffPublihserMinWidth", 400);
Line Found : user_pref("CT2438727.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Found : user_pref("CT2438727.myStuffServiceIntervalMM", 1440);
Line Found : user_pref("CT2438727.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Found : user_pref("CT2438727.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Found : user_pref("CT3286042.FF19Solved", "true");
Line Found : user_pref("CT3286042.UserID", "UN13710758510544175");
Line Found : user_pref("CT3286042.addressUrlXPETakeover", "true");
Line Found : user_pref("CT3286042.autoDisableScopes", 0);
Line Found : user_pref("CT3286042.browser.search.defaultthis.engineName", "true");
Line Found : user_pref("CT3286042.defaultSearchXPETakeover", "true");
Line Found : user_pref("CT3286042.fullUserID", "UN13710758510544175.IN.20130710130913");
Line Found : user_pref("CT3286042.installDate", "10/07/2013 13:09:12");
Line Found : user_pref("CT3286042.installSessionId", "-1");
Line Found : user_pref("CT3286042.installSp", "TRUE");
Line Found : user_pref("CT3286042.installerVersion", "1.5.4.1");
Line Found : user_pref("CT3286042.keyword", "true");
Line Found : user_pref("CT3286042.originalHomepage", "hxxp://search.babylon.com/?affID=113480&babsrc=HP_ss&mntrId=e2c4bba700000000000000242bedc1f4");
Line Found : user_pref("CT3286042.originalSearchAddressUrl", "hxxp://search.babylon.com/?affID=113480&babsrc=KW_ss&mntrId=e2c4bba700000000000000242bedc1f4&q=");
Line Found : user_pref("CT3286042.originalSearchEngine", "");
Line Found : user_pref("CT3286042.searchRevert", "false");
Line Found : user_pref("CT3286042.searchUserMode", "2");
Line Found : user_pref("CT3286042.smartbar.homepage", "true");
Line Found : user_pref("CT3286042.startPageXPETakeover", "true");
Line Found : user_pref("CT3286042.versionFromInstaller", "10.16.4.19");
Line Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZJfox000&fl=0&ptb=OOUBxbdP3oMaWlqigqWp_w&url=hxxp://search.mywebsearch.com/mywebsearch/dft_[...]
Line Found : user_pref("CommunityToolbar.ToolbarsList", "CT2438727,CT2392836");
Line Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2438727,CT2392836");
Line Found : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Line Found : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sun Dec 19 2010 22:45:37 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Found : user_pref("CommunityToolbar.alert.locale", "en");
Line Found : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Line Found : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sun Dec 19 2010 22:45:37 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1291052234");
Line Found : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Line Found : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Found : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Line Found : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Line Found : user_pref("CommunityToolbar.alert.userId", "{fa407e54-c039-4ad5-8604-f095d56c839c}");
Line Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2392836");
Line Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.babylon.com/?affID=113480&babsrc=KW_ss&mntrId=e2c4bba700000000000000242bedc1f4&q=");
Line Found : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Line Found : user_pref("browser.search.defaultthis.engineName", "KeyBar 1.8 Customized Web Search");
Line Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3286042&CUI=UN13710758510544175&UM=2&SearchSource=3&q={searchTerms}");
Line Found : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3286042&CUI=UN13710758510544175&UM=2&SearchSource=13");
Line Found : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Line Found : user_pref("extensions.BabylonToolbar_i.babExt", "");
Line Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=113480");
Line Found : user_pref("extensions.BabylonToolbar_i.hardId", "e2c4bba700000000000000242bedc1f4");
Line Found : user_pref("extensions.BabylonToolbar_i.id", "e2c4bba700000000000000242bedc1f4");
Line Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15488");
Line Found : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Line Found : user_pref("extensions.BabylonToolbar_i.newTab", false);
Line Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Line Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Line Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Line Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Line Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Line Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Line Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1718:46:30");
Line Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Line Found : user_pref("extensions.crossriderapp2258.adsOldValue", -1);
Line Found : user_pref("extensions.enabledItems", "firefox@bandoo.com:5.0,{00bf7b9c-acd2-4080-bea8-b1c41987070f}:2.7.1.3,{20a82645-c095-46ed-80e3-08825760534b}:1.2.1,{635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20[...]
Line Found : user_pref("extensions.mywebsearch.openSearchURL", "hxxp://search.mywebsearch.com/mywebsearch/opensearch.jhtml?id=ZJfox000&ptb=OOUBxbdP3oMaWlqigqWp_w");
Line Found : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
Line Found : user_pref("extensions.mywebsearch.prevKwdURL", "chrome://browser-region/locale/region.properties");
Line Found : user_pref("smartbar.addressBarOwnerCTID", "CT3286042");
Line Found : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3286042&CUI=UN13710758510544175&UM=2&SearchSource=13");
Line Found : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3286042&SearchSource=2&CUI=UN13710758510544175&UM=2&q=");
Line Found : user_pref("smartbar.defaultSearchOwnerCTID", "CT3286042");
Line Found : user_pref("smartbar.homePageOwnerCTID", "CT3286042");
Line Found : user_pref("smartbar.machineId", "3ZJG9HMHWPM+GJKWP/1MDB1ITJQJAQ97CN2J6LIRILKX0EOLSJANZ8EYA+ECXGOTMNDWLKFM1YSIHO7NBXQNYA");
 
-\\ Google Chrome v37.0.2062.102
 
[ File : C:\Users\Sony\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [24674 octets] - [29/08/2014 12:10:02]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [24735 octets] ##########
 

 Results of screen317's Security Check version 0.99.87  
 Windows Vista Service Pack 2 x86 (UAC is enabled)  
 Internet Explorer 9  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
 Windows Firewall Enabled!  
ZoneAlarm Antivirus   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java™ SE Runtime Environment 6 
 Java version out of Date! 
 Adobe Flash Player 14.0.0.145  
 Adobe Reader 9  
 Adobe Reader XI  
 Google Chrome 37.0.2062.102  
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:29-08-2014
Ran by Sony at 2014-08-29 12:33:56 Run:1
Running from C:\Users\Sony\Desktop
Boot Mode: Safe Mode (with Networking)
 
==============================================
 
Content of fixlist:
*****************
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 HSXHWAZL; No ImagePath
S3 IpInIp; No ImagePath
S2 mdmxsdk; No ImagePath
S3 Netaapl; system32\DRIVERS\netaapl.sys [X]
S3 NwlnkFlt; No ImagePath
S3 NwlnkFwd; No ImagePath
S4 UIUSys; No ImagePath
S3 USBAAPL; System32\Drivers\usbaapl.sys [X]
U3 mbr; \??\C:\Users\Sony\AppData\Local\Temp\mbr.sys [X]
CustomCLSID: HKU\S-1-5-21-4053413996-3777074439-3961029037-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-4053413996-3777074439-3961029037-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-4053413996-3777074439-3961029037-1000_Classes\CLSID\{49BBAA3C-C574-419E-8378-783C362E9C15}\InprocServer32 -> C:\Program Files\HP\Common\FWUpdateEDO2.dll (Hewlett-Packard Co.)
CustomCLSID: HKU\S-1-5-21-4053413996-3777074439-3961029037-1000_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-4053413996-3777074439-3961029037-1000_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-4053413996-3777074439-3961029037-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-4053413996-3777074439-3961029037-1000_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-4053413996-3777074439-3961029037-1000_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Users\Sony\AppData\Local\Google\Update\1.3.21.65\psuser.dll No File
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:D287FACF
EmptyTemp:
*****************
 
catchme => Service deleted successfully.
HSXHWAZL => Service deleted successfully.
IpInIp => Service deleted successfully.
mdmxsdk => Service deleted successfully.
Netaapl => Service deleted successfully.
NwlnkFlt => Service deleted successfully.
NwlnkFwd => Service deleted successfully.
UIUSys => Service deleted successfully.
USBAAPL => Service deleted successfully.
mbr => Service not found.
"HKU\S-1-5-21-4053413996-3777074439-3961029037-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}" => Key deleted successfully.
"HKU\S-1-5-21-4053413996-3777074439-3961029037-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}" => Key deleted successfully.
"HKU\S-1-5-21-4053413996-3777074439-3961029037-1000_Classes\CLSID\{49BBAA3C-C574-419E-8378-783C362E9C15}" => Key deleted successfully.
"HKU\S-1-5-21-4053413996-3777074439-3961029037-1000_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}" => Key deleted successfully.
"HKU\S-1-5-21-4053413996-3777074439-3961029037-1000_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}" => Key deleted successfully.
"HKU\S-1-5-21-4053413996-3777074439-3961029037-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}" => Key deleted successfully.
"HKU\S-1-5-21-4053413996-3777074439-3961029037-1000_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}" => Key deleted successfully.
"HKU\S-1-5-21-4053413996-3777074439-3961029037-1000_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}" => Key deleted successfully.
C:\ProgramData\TEMP => ":373E1720" ADS removed successfully.
C:\ProgramData\TEMP => ":D287FACF" ADS removed successfully.
EmptyTemp: => Removed 674.8 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
 
As to issues, some performance slow downs etc, but I did do a clean on this machine about 6 months ago and it was pretty badly infected at that time.


#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,580 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:44 PM

Posted 29 August 2014 - 03:09 PM

Greetings,

You may be doing a little better now because there were 675MB of temporary files removed. Rerun AdwCleaner and delete all the entries. Following that please do this.

===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click Run ESET Online Scanner.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check YES, I accept the Terms of Use.
  • Click the Start button.
  • Click Enable detection of potentially unwanted applications
  • Accept any security warnings from your browser.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. Note: If no malware was found you will not get a log.
  • Click the Back button.
  • Check Uninstall application on close and Delete quarantined files
  • Click the Finish button.
  • Close the ESET window and reboot your computer
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • AdwCleaner log
  • ESET log
  • How is the computer running now?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 nexus6ca

nexus6ca
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:44 PM

Posted 29 August 2014 - 06:08 PM

# AdwCleaner v3.308 - Report created 29/08/2014 at 13:45:03

# Updated 20/08/2014 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : Sony - SONY-PC
# Running from : C:\Users\Sony\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\otshot
Folder Deleted : C:\Users\Sony\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com
Folder Deleted : C:\Users\Sony\AppData\Roaming\Mozilla\Firefox\Profiles\d3y9zury.default\Conduit
Folder Deleted : C:\Users\Sony\AppData\Roaming\Mozilla\Firefox\Profiles\d3y9zury.default\CT2392836
Folder Deleted : C:\Users\Sony\AppData\Roaming\Mozilla\Firefox\Profiles\d3y9zury.default\CT2438727
Folder Deleted : C:\Users\Sony\AppData\Roaming\Mozilla\Firefox\Profiles\d3y9zury.default\CT3286042
Folder Deleted : C:\Users\Sony\AppData\Roaming\Mozilla\Firefox\Profiles\d3y9zury.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Folder Deleted : C:\Users\Sony\AppData\Roaming\Mozilla\Firefox\Profiles\d3y9zury.default\Extensions\staged\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
Folder Deleted : C:\Users\Sony\AppData\Roaming\Mozilla\Firefox\Profiles\d3y9zury.default\Extensions\ffxtlbr@babylon.com
Folder Deleted : C:\Users\Sony\AppData\Roaming\Mozilla\Firefox\Profiles\d3y9zury.default\Extensions\firefox@bandoo.com
Folder Deleted : C:\Users\Sony\AppData\Roaming\Mozilla\Firefox\Profiles\d3y9zury.default\Extensions\{00bf7b9c-acd2-4080-bea8-b1c41987070f}
Folder Deleted : C:\Users\Sony\AppData\Roaming\Mozilla\Firefox\Profiles\d3y9zury.default\Extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
Folder Deleted : C:\Users\Sony\AppData\Roaming\Mozilla\Firefox\Profiles\d3y9zury.default\Extensions\{9ed31f84-c8b3-4926-b950-dff74047ff79}
Folder Deleted : C:\Users\Sony\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
File Deleted : C:\Users\Sony\AppData\Roaming\Mozilla\Firefox\Profiles\d3y9zury.default\searchplugins\browsemngr.xml
File Deleted : C:\Users\Sony\AppData\Roaming\Mozilla\Firefox\Profiles\d3y9zury.default\searchplugins\mywebsearch.xml
File Deleted : C:\Users\Sony\AppData\Roaming\Mozilla\Firefox\Profiles\d3y9zury.default\searchplugins\SearchquWebSearch.xml
File Deleted : C:\Users\Sony\AppData\Roaming\Mozilla\Firefox\Profiles\d3y9zury.default\searchplugins\SearchYa!.xml
File Deleted : C:\Users\Sony\AppData\Roaming\Mozilla\Firefox\Profiles\d3y9zury.default\user.js
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Search Protection]
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{50F7F0BE-31BA-4145-BD8B-6B0DECFED804}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E720451-B472-4954-B7AA-33069EB53906}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7FF99715-3016-4381-84CE-E4E4C9673020}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43B7-BEA3-87217BDA74C8}
Key Deleted : HKCU\Software\AppDataLow\Software\searchqutb
Key Deleted : HKLM\SOFTWARE\Uniblue
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\I Want This
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mywebsearch bar uninstall
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16555
 
 
-\\ Mozilla Firefox v
 
[ File : C:\Users\Sony\AppData\Roaming\Mozilla\Firefox\Profiles\d3y9zury.default\prefs.js ]
 
Line Deleted : user_pref("CT2392836.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Deleted : user_pref("CT2392836.CTID", "CT2392836");
Line Deleted : user_pref("CT2392836.CurrentServerDate", "23-12-2010");
Line Deleted : user_pref("CT2392836.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT2392836.DownloadReferralCookieData", "");
Line Deleted : user_pref("CT2392836.EMailNotifierPollDate", "Thu Dec 23 2010 18:16:29 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2392836.ExternalComponentPollDate129173813012786425", "Wed Dec 22 2010 03:00:02 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2392836.FirstServerDate", "13-7-2010");
Line Deleted : user_pref("CT2392836.FirstTime", true);
Line Deleted : user_pref("CT2392836.FirstTimeFF3", true);
Line Deleted : user_pref("CT2392836.FirstTimeSettingsDone", true);
Line Deleted : user_pref("CT2392836.FixPageNotFoundErrors", true);
Line Deleted : user_pref("CT2392836.GroupingServerCheckInterval", 1440);
Line Deleted : user_pref("CT2392836.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Deleted : user_pref("CT2392836.Initialize", true);
Line Deleted : user_pref("CT2392836.InitializeCommonPrefs", true);
Line Deleted : user_pref("CT2392836.InstallationAndCookieDataSentCount", 3);
Line Deleted : user_pref("CT2392836.InstalledDate", "Wed Jul 14 2010 09:52:04 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2392836.InvalidateCache", false);
Line Deleted : user_pref("CT2392836.IsGrouping", false);
Line Deleted : user_pref("CT2392836.IsMulticommunity", false);
Line Deleted : user_pref("CT2392836.IsOpenThankYouPage", true);
Line Deleted : user_pref("CT2392836.IsOpenUninstallPage", true);
Line Deleted : user_pref("CT2392836.LanguagePackLastCheckTime", "Sun Dec 19 2010 22:45:48 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2392836.LanguagePackReloadIntervalMM", 1440);
Line Deleted : user_pref("CT2392836.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Deleted : user_pref("CT2392836.LastLogin_2.7.1.3", "Thu Dec 23 2010 15:07:23 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2392836.LatestVersion", "3.2.5.2");
Line Deleted : user_pref("CT2392836.Locale", "en");
Line Deleted : user_pref("CT2392836.LoginCache", 4);
Line Deleted : user_pref("CT2392836.MCDetectTooltipHeight", "83");
Line Deleted : user_pref("CT2392836.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Deleted : user_pref("CT2392836.MCDetectTooltipWidth", "295");
Line Deleted : user_pref("CT2392836.RadioIsPodcast", false);
Line Deleted : user_pref("CT2392836.RadioLastCheckTime", "Thu Dec 23 2010 03:01:02 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2392836.RadioLastUpdateIPServer", "3");
Line Deleted : user_pref("CT2392836.RadioLastUpdateServer", "3");
Line Deleted : user_pref("CT2392836.RadioMediaID", "9962");
Line Deleted : user_pref("CT2392836.RadioMediaType", "Media Player");
Line Deleted : user_pref("CT2392836.RadioMenuSelectedID", "EBRadioMenu_CT23928369962");
Line Deleted : user_pref("CT2392836.RadioStationName", "California%20Rock");
Line Deleted : user_pref("CT2392836.RadioStationURL", "hxxp://feedlive.net/california.asx");
Line Deleted : user_pref("CT2392836.SHRINK_TOOLBAR", 1);
Line Deleted : user_pref("CT2392836.SavedHomepage", "hxxp://www.searchqu.com/");
Line Deleted : user_pref("CT2392836.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2392836&octid=EB_ORIGINAL_CTID&SearchSource=1");
Line Deleted : user_pref("CT2392836.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("CT2392836.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2392836&q=");
Line Deleted : user_pref("CT2392836.SearchInNewTabEnabled", true);
Line Deleted : user_pref("CT2392836.SearchInNewTabIntervalMM", 1440);
Line Deleted : user_pref("CT2392836.SearchInNewTabLastCheckTime", "Sun Dec 19 2010 22:45:47 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2392836.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT2392836.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT2392836.SettingsCheckIntervalMin", 120);
Line Deleted : user_pref("CT2392836.SettingsLastCheckTime", "Sun Dec 19 2010 22:45:45 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2392836.SettingsLastUpdate", "1287770368");
Line Deleted : user_pref("CT2392836.ThirdPartyComponentsInterval", 504);
Line Deleted : user_pref("CT2392836.ThirdPartyComponentsLastCheck", "Sun Dec 19 2010 22:45:45 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2392836.ThirdPartyComponentsLastUpdate", "1279025911");
Line Deleted : user_pref("CT2392836.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=101&sealid=112");
Line Deleted : user_pref("CT2392836.UserID", "UN13615914203452784");
Line Deleted : user_pref("CT2392836.ValidationData_Search", 2);
Line Deleted : user_pref("CT2392836.ValidationData_Toolbar", 2);
Line Deleted : user_pref("CT2392836.WeatherNetwork", "");
Line Deleted : user_pref("CT2392836.WeatherPollDate", "Thu Dec 23 2010 18:01:37 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2392836.WeatherUnit", "C");
Line Deleted : user_pref("CT2392836.alertChannelId", "787548");
Line Deleted : user_pref("CT2392836.backendstorage.appbuttondisablenull", "30");
Line Deleted : user_pref("CT2392836.clientLogIsEnabled", true);
Line Deleted : user_pref("CT2392836.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Deleted : user_pref("CT2392836.components.1000034", true);
Line Deleted : user_pref("CT2392836.myStuffEnabled", true);
Line Deleted : user_pref("CT2392836.myStuffPublihserMinWidth", 400);
Line Deleted : user_pref("CT2392836.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Deleted : user_pref("CT2392836.myStuffServiceIntervalMM", 1440);
Line Deleted : user_pref("CT2392836.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Deleted : user_pref("CT2392836.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Deleted : user_pref("CT2438727.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Deleted : user_pref("CT2438727.CTID", "CT2438727");
Line Deleted : user_pref("CT2438727.CurrentServerDate", "23-12-2010");
Line Deleted : user_pref("CT2438727.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT2438727.DownloadReferralCookieData", "");
Line Deleted : user_pref("CT2438727.FirstServerDate", "17-3-2010");
Line Deleted : user_pref("CT2438727.FirstTime", true);
Line Deleted : user_pref("CT2438727.FirstTimeFF3", true);
Line Deleted : user_pref("CT2438727.FirstTimeSettingsDone", true);
Line Deleted : user_pref("CT2438727.GroupingServerCheckInterval", 1440);
Line Deleted : user_pref("CT2438727.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Deleted : user_pref("CT2438727.Initialize", true);
Line Deleted : user_pref("CT2438727.InitializeCommonPrefs", true);
Line Deleted : user_pref("CT2438727.InstallationAndCookieDataSentCount", 3);
Line Deleted : user_pref("CT2438727.InstalledDate", "Thu Mar 18 2010 06:37:09 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2438727.IsGrouping", false);
Line Deleted : user_pref("CT2438727.IsMulticommunity", false);
Line Deleted : user_pref("CT2438727.IsOpenThankYouPage", true);
Line Deleted : user_pref("CT2438727.IsOpenUninstallPage", true);
Line Deleted : user_pref("CT2438727.LanguagePackLastCheckTime", "Sun Dec 19 2010 22:45:40 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2438727.LanguagePackReloadIntervalMM", 1440);
Line Deleted : user_pref("CT2438727.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Deleted : user_pref("CT2438727.LastLogin_2.5.7.3", "Tue Jul 13 2010 20:45:36 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2438727.LastLogin_2.7.1.3", "Thu Dec 23 2010 15:07:23 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2438727.LatestVersion", "2.7.1.3");
Line Deleted : user_pref("CT2438727.Locale", "en");
Line Deleted : user_pref("CT2438727.LoginCache", 4);
Line Deleted : user_pref("CT2438727.MCDetectTooltipHeight", "83");
Line Deleted : user_pref("CT2438727.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Deleted : user_pref("CT2438727.MCDetectTooltipWidth", "295");
Line Deleted : user_pref("CT2438727.SHRINK_TOOLBAR", 1);
Line Deleted : user_pref("CT2438727.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2438727&octid=EB_ORIGINAL_CTID&SearchSource=1");
Line Deleted : user_pref("CT2438727.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("CT2438727.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2438727&q=");
Line Deleted : user_pref("CT2438727.SearchInNewTabEnabled", true);
Line Deleted : user_pref("CT2438727.SearchInNewTabIntervalMM", 1440);
Line Deleted : user_pref("CT2438727.SearchInNewTabLastCheckTime", "Sun Dec 19 2010 22:45:38 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2438727.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT2438727.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT2438727.SettingsCheckIntervalMin", 120);
Line Deleted : user_pref("CT2438727.SettingsLastCheckTime", "Sun Dec 19 2010 22:45:37 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2438727.SettingsLastUpdate", "1287517459");
Line Deleted : user_pref("CT2438727.ThirdPartyComponentsInterval", 504);
Line Deleted : user_pref("CT2438727.ThirdPartyComponentsLastCheck", "Sun Dec 19 2010 22:45:37 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2438727.ThirdPartyComponentsLastUpdate", "1278548974");
Line Deleted : user_pref("CT2438727.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=101&sealid=112");
Line Deleted : user_pref("CT2438727.UserID", "UN31933296527014654");
Line Deleted : user_pref("CT2438727.ValidationData_Search", 2);
Line Deleted : user_pref("CT2438727.ValidationData_Toolbar", 2);
Line Deleted : user_pref("CT2438727.alertChannelId", "832836");
Line Deleted : user_pref("CT2438727.clientLogIsEnabled", true);
Line Deleted : user_pref("CT2438727.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Deleted : user_pref("CT2438727.myStuffEnabled", true);
Line Deleted : user_pref("CT2438727.myStuffPublihserMinWidth", 400);
Line Deleted : user_pref("CT2438727.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Deleted : user_pref("CT2438727.myStuffServiceIntervalMM", 1440);
Line Deleted : user_pref("CT2438727.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Deleted : user_pref("CT2438727.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Deleted : user_pref("CT3286042.FF19Solved", "true");
Line Deleted : user_pref("CT3286042.UserID", "UN13710758510544175");
Line Deleted : user_pref("CT3286042.addressUrlXPETakeover", "true");
Line Deleted : user_pref("CT3286042.autoDisableScopes", 0);
Line Deleted : user_pref("CT3286042.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3286042.defaultSearchXPETakeover", "true");
Line Deleted : user_pref("CT3286042.fullUserID", "UN13710758510544175.IN.20130710130913");
Line Deleted : user_pref("CT3286042.installDate", "10/07/2013 13:09:12");
Line Deleted : user_pref("CT3286042.installSessionId", "-1");
Line Deleted : user_pref("CT3286042.installSp", "TRUE");
Line Deleted : user_pref("CT3286042.installerVersion", "1.5.4.1");
Line Deleted : user_pref("CT3286042.keyword", "true");
Line Deleted : user_pref("CT3286042.originalHomepage", "hxxp://search.babylon.com/?affID=113480&babsrc=HP_ss&mntrId=e2c4bba700000000000000242bedc1f4");
Line Deleted : user_pref("CT3286042.originalSearchAddressUrl", "hxxp://search.babylon.com/?affID=113480&babsrc=KW_ss&mntrId=e2c4bba700000000000000242bedc1f4&q=");
Line Deleted : user_pref("CT3286042.originalSearchEngine", "");
Line Deleted : user_pref("CT3286042.searchRevert", "false");
Line Deleted : user_pref("CT3286042.searchUserMode", "2");
Line Deleted : user_pref("CT3286042.smartbar.homepage", "true");
Line Deleted : user_pref("CT3286042.startPageXPETakeover", "true");
Line Deleted : user_pref("CT3286042.versionFromInstaller", "10.16.4.19");
Line Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZJfox000&fl=0&ptb=OOUBxbdP3oMaWlqigqWp_w&url=hxxp://search.mywebsearch.com/mywebsearch/dft_[...]
Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2438727,CT2392836");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2438727,CT2392836");
Line Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Line Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sun Dec 19 2010 22:45:37 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Line Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Line Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sun Dec 19 2010 22:45:37 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1291052234");
Line Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Line Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Line Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Line Deleted : user_pref("CommunityToolbar.alert.userId", "{fa407e54-c039-4ad5-8604-f095d56c839c}");
Line Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2392836");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.babylon.com/?affID=113480&babsrc=KW_ss&mntrId=e2c4bba700000000000000242bedc1f4&q=");
Line Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "KeyBar 1.8 Customized Web Search");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3286042&CUI=UN13710758510544175&UM=2&SearchSource=3&q={searchTerms}");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3286042&CUI=UN13710758510544175&UM=2&SearchSource=13");
Line Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=113480");
Line Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "e2c4bba700000000000000242bedc1f4");
Line Deleted : user_pref("extensions.BabylonToolbar_i.id", "e2c4bba700000000000000242bedc1f4");
Line Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15488");
Line Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Line Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false);
Line Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Line Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Line Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Line Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Line Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1718:46:30");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Line Deleted : user_pref("extensions.crossriderapp2258.adsOldValue", -1);
Line Deleted : user_pref("extensions.enabledItems", "firefox@bandoo.com:5.0,{00bf7b9c-acd2-4080-bea8-b1c41987070f}:2.7.1.3,{20a82645-c095-46ed-80e3-08825760534b}:1.2.1,{635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20[...]
Line Deleted : user_pref("extensions.mywebsearch.openSearchURL", "hxxp://search.mywebsearch.com/mywebsearch/opensearch.jhtml?id=ZJfox000&ptb=OOUBxbdP3oMaWlqigqWp_w");
Line Deleted : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
Line Deleted : user_pref("extensions.mywebsearch.prevKwdURL", "chrome://browser-region/locale/region.properties");
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3286042");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3286042&CUI=UN13710758510544175&UM=2&SearchSource=13");
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3286042&SearchSource=2&CUI=UN13710758510544175&UM=2&q=");
Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3286042");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3286042");
Line Deleted : user_pref("smartbar.machineId", "3ZJG9HMHWPM+GJKWP/1MDB1ITJQJAQ97CN2J6LIRILKX0EOLSJANZ8EYA+ECXGOTMNDWLKFM1YSIHO7NBXQNYA");
 
-\\ Google Chrome v37.0.2062.102
 
[ File : C:\Users\Sony\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://www.searchya.com/?q={searchTerms}&s=1&a=foxtab&chnl=tc-100&cd=2XzuyEtN2Y1L1QzutDtDtByEtB0B0E0D0CtC0FyE0B0B0AyBtN0D0Tzu0StBzyyCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1946156832
Deleted [Search Provider] : hxxp://movies.netflix.com/WiSearch?raw_query=salt&ac_category_type=none&ac_rel_posn=-1&ac_abs_posn=-1&v1={searchTerms}&search_submit=
Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN27811541022551457&ctid=CT3286042&UM=2
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=CA&ver=21&locale=en_CA&gct=sb&qsrc=2869
Deleted [Extension] : mkfokfffehpeedafpekjeddnmnjhmcmk
 
*************************
 
AdwCleaner[R0].txt - [24816 octets] - [29/08/2014 12:10:02]
AdwCleaner[R1].txt - [25222 octets] - [29/08/2014 13:32:50]
AdwCleaner[S0].txt - [26418 octets] - [29/08/2014 13:45:03]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [26479 octets] ##########
 
C:\AdwCleaner\Quarantine\C\Users\Sony\AppData\Roaming\Mozilla\Firefox\Profiles\d3y9zury.default\Extensions\staged\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\chrome\content\dealply.xul.vir Win32/DealPly.J potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Sony\AppData\Roaming\Mozilla\Firefox\Profiles\d3y9zury.default\Extensions\{9ed31f84-c8b3-4926-b950-dff74047ff79}\Plugins\npConduitFirefoxPlugin.dll.vir a variant of Win32/Conduit.SearchProtect.N potentially unwanted application deleted - quarantined
C:\Qoobox\Quarantine\C\Program Files\Bandoo\Plugins\IE\iePLugin.dll.vir a variant of Win32/Adware.Bandoo.AA application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR.vir Win32/Toolbar.MyWebSearch potentially unwanted application deleted - quarantined
C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\ToolBar\SearchquDx.dll.vir Win32/Adware.Bandoo application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\ToolBar\SearchquTb.dll.vir Win32/Adware.Bandoo application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\ToolBar\chrome\content\.#searchqutb.js.1.3.vir Win32/Adware.Bandoo application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\ToolBar\chrome\content\searchqutb.js.vir Win32/Adware.Bandoo application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\ToolBar\chrome\content\toolbar.htm.vir Win32/Adware.Bandoo application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\ToolBar\chrome\content\toolbar.xul.vir Win32/Adware.Bandoo application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Sony\AppData\Roaming\Mozilla\Firefox\Profiles\d3y9zury.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\.#searchqutb.js.1.3.vir Win32/Adware.Bandoo application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Sony\AppData\Roaming\Mozilla\Firefox\Profiles\d3y9zury.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\searchqutb.js.vir Win32/Adware.Bandoo application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Sony\AppData\Roaming\Mozilla\Firefox\Profiles\d3y9zury.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\toolbar.htm.vir Win32/Adware.Bandoo application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Sony\AppData\Roaming\Mozilla\Firefox\Profiles\d3y9zury.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\toolbar.xul.vir Win32/Adware.Bandoo application cleaned by deleting - quarantined
C:\Users\Sony\Downloads\BandooV6(2).exe multiple threats cleaned by deleting - quarantined
C:\Users\Sony\Downloads\BandooV6.exe multiple threats cleaned by deleting - quarantined
C:\Users\Sony\Downloads\CT3080215_ChatVibes.exe Win32/Toolbar.Conduit potentially unwanted application deleted - quarantined
C:\Users\Sony\Downloads\RadiosSetup.exe Win32/Toolbar.Crawler.A potentially unwanted application deleted - quarantined
C:\Users\Sony\Downloads\zaSetupWeb_132_015_000.exe Win32/Toolbar.Conduit potentially unwanted application deleted - quarantined
 

As to how it is running, time will tell.  :)  Thanks for the help.

 

Is there an uninstall that I should run for the legacy combofix files?



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,580 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:44 PM

Posted 29 August 2014 - 06:13 PM

You can download a new copy of Combofix, rename the icon uninstall, then launch it. It will appear as if it is running again but it is uninstalling. I would wait until you are sure things are fine because uninstalling the program will uninstall any quarantined files, etc.

Lets give it a day and see how we do.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,580 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:44 PM

Posted 01 September 2014 - 07:42 AM

Greetings,

 

How are we doing?


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 nexus6ca

nexus6ca
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:44 PM

Posted 01 September 2014 - 09:46 PM

Ahh sorry to not have replied earlier.  It appers to be ok now.  Thanks for you help.



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,580 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:44 PM

Posted 01 September 2014 - 09:53 PM

Excellent. :thumbsup2:

We have just one more thing to do.

===================================================

Update Java

-------------------

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

Please follow these steps to update Java and remove any existing older versions:
  • Click here to evaluate your current version of Java
  • Click Free Java Download
  • Click the Agree and Start Free Download
  • Save jxpiinstall.exe to your desktop
  • Double click the icon then click Run
  • Click Install
  • Uncheck any Ask Toolbar offers
  • Click Next
  • You should be notified You have successfully installed Java
Go to StartBtn.gif > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • In addition, check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Did Java install correctly?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 nexus6ca

nexus6ca
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:44 PM

Posted 01 September 2014 - 10:41 PM

Ok Java is updated and the 2008 version removed.



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,580 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:44 PM

Posted 01 September 2014 - 10:50 PM

Very good. It looks like we have crossed the finish line. :)

Now that your computer is running well it is my great pleasure to proclaim to you the Good News!

===================================================

All Clean!

--------------

Your machine appears to be clean and you may delete any programs or logs on your computer as a result of our efforts. Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :thumbsup:

Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read:In addition, here are some more links you might find of interest:I will leave this topic open for just a day or so in case you have any further issues then it will be closed shortly thereafter.

Thank you for placing your trust in BleepingComputer. It was a pleasure serving you. OhMy_done.gif
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,580 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:44 PM

Posted 03 September 2014 - 08:29 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users