Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help with BSOD boot loop after removal of Alureon using Defender Offline


  • This topic is locked This topic is locked
14 replies to this topic

#1 dgski9

dgski9

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:51 PM

Posted 14 September 2014 - 06:00 PM

So I'm pretty sure I'm experiencing the same/similar issue as in this closed thread:

http://www.bleepingcomputer.com/forums/t/541049/win-7-64-alureon-defender-offline-bsod/

 

I can't boot in safe mode. I've tried both repairing and restoring with no luck.

 

The machine is Windows 7 Home Premium 64 bit.

 

I have run FRST which produced the FRST.tx file, but I don't know what to do going forward.

 

I'm hoping someone can help. Thanks.



BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:51 PM

Posted 14 September 2014 - 06:18 PM

Hi,

I have run FRST which produced the FRST.tx file, but I don't know what to do going forward.

Post the contents of this FRST.txt here then I can try to provide you a fixlist.

#3 dgski9

dgski9
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:51 PM

Posted 14 September 2014 - 08:17 PM

Here is the contents of the FRST.txt file

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-09-2014 01
Ran by SYSTEM on MININT-5S96CJH on 07-09-2014 20:55:27
Running from g:\
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [ClamWin] => C:\Program Files (x86)\ClamWin\bin\ClamTray.exe [86016 2013-04-27] (alch)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-23] (Apple Inc.)
HKLM-x32\...\Run: [Updater] => C:\ProgramData\Updater\Updater.exe [297336 2013-09-25] (Updater)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\RunOnce: [*Restore] => C:\Windows\system32\rstrui.exe [296960 2010-11-20] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\Chase\...\Run: [Updater] => C:\ProgramData\Updater\updater.exe [297336 2013-09-25] (Updater)
HKU\Chase\...\Run: [Spotify] => C:\Users\Chase\AppData\Roaming\Spotify\Spotify.exe [6621752 2014-08-24] (Spotify Ltd)
HKU\Chase\...\Run: [Spotify Web Helper] => C:\Users\Chase\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-08-24] (Spotify Ltd)
HKU\Chase\...\Run: [BackgroundContainerV2] => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Chase\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S4 DCDhcpService; C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [112256 2012-03-21] (Atheros Communication Inc.)
S4 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-03-13] ()
S4 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-03-13] (Intel Corporation)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
S4 PMBDeviceInfoProvider; c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [473960 2012-02-21] (Sony Corporation)
S4 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [260768 2011-11-30] (Sony Corporation)
S4 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.)
S4 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [960160 2011-12-29] (Sony Corporation)
S4 vToolbarUpdater14.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [968880 2013-02-20] ()
S4 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [158880 2012-02-23] (Atheros)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
S1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [39768 2013-02-20] (AVG Technologies)
S3 BTATH_VDP; C:\Windows\System32\drivers\btath_vdp.sys [421664 2012-02-23] (Atheros)
S3 ElgatoGC658Y; C:\Windows\System32\Drivers\ElgatoGC658.sys [50288 2012-11-12] (UB658)
S3 lehidmini; C:\Windows\system32\drivers\leath_hid.sys [36128 2012-02-23] (Atheros)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-24] (Microsoft Corporation)
S1 MpKsld4462c22; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D49FA307-74E4-41B2-A2AC-9B49B058DAE8}\MpKsld4462c22.sys [45352 2014-09-06] (Microsoft Corporation)
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 SmbDrv; C:\Windows\system32\drivers\Smb_driver.sys [21264 2012-03-13] (Synaptics Incorporated)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-07 20:54 - 2014-09-07 20:55 - 00000000 ____D () C:\FRST
2014-09-06 22:03 - 2014-09-07 18:49 - 00000000 ____D () C:\Windows\Microsoft Antimalware
2014-09-06 17:58 - 2014-09-07 18:49 - 00000000 ____D () C:\9e67603a5d01f77648e9937c308719
2014-09-06 17:12 - 2014-09-06 17:14 - 00886288 _____ (Microsoft Corporation) C:\Users\Chase\Downloads\mssstool64.exe
2014-09-06 16:58 - 2014-09-06 16:58 - 00000000 ____D () C:\Users\Chase\.swt
2014-09-06 16:57 - 2014-09-06 16:57 - 00001794 _____ () C:\Users\Public\Desktop\Vuze.lnk
2014-09-06 16:56 - 2014-09-07 18:49 - 00000000 ____D () C:\Users\Chase\AppData\Roaming\Azureus
2014-09-06 16:56 - 2014-09-07 18:49 - 00000000 ____D () C:\Program Files\Vuze
2014-09-06 16:52 - 2014-09-06 16:52 - 00072008 _____ (Azureus Software, Inc.) C:\Users\Chase\Downloads\VuzeBittorrentClientInstaller.exe
2014-09-06 16:00 - 2014-09-06 16:00 - 00007605 _____ () C:\Users\Chase\AppData\Local\Resmon.ResmonCfg
2014-09-06 15:54 - 2014-09-06 15:54 - 00000000 ____D () C:\Program Files (x86)\doownleoaddITkueep
2014-09-06 15:54 - 2014-09-06 15:54 - 00000000 ____D () C:\Program Files (x86)\DealsaFinderPro
2014-09-06 15:50 - 2014-09-06 15:50 - 00000000 ____D () C:\Program Files (x86)\FlexibleeShopppeer
2014-09-06 15:29 - 2014-09-06 15:29 - 00000000 __SHD () C:\Users\Chase\AppData\Local\EmieUserList
2014-09-06 15:29 - 2014-09-06 15:29 - 00000000 __SHD () C:\Users\Chase\AppData\Local\EmieSiteList
2014-09-06 15:24 - 2014-09-06 15:24 - 00000000 ____D () C:\Program Files (x86)\RoyalShopperAApp
2014-09-06 14:34 - 2014-07-25 08:49 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-09-06 14:32 - 2014-07-25 08:55 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-09-06 14:32 - 2014-07-25 08:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-09-06 14:32 - 2014-07-25 08:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-09-06 14:28 - 2014-09-06 14:32 - 00005618 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-08-25 05:07 - 2014-05-14 08:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2014-08-25 05:07 - 2014-05-14 08:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2014-08-25 05:07 - 2014-05-14 08:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\System32\wups2.dll
2014-08-25 05:07 - 2014-05-14 08:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2014-08-25 05:06 - 2014-05-14 08:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2014-08-25 05:06 - 2014-05-14 08:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-25 05:06 - 2014-05-14 08:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\System32\wups.dll
2014-08-25 05:06 - 2014-05-14 08:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-25 05:06 - 2014-05-14 08:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2014-08-25 05:06 - 2014-05-14 08:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-25 05:06 - 2014-05-14 05:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2014-08-25 05:06 - 2014-05-14 05:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-25 05:06 - 2014-05-14 05:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2014-08-25 05:06 - 2014-05-14 05:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-14 18:25 - 2014-06-30 14:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\System32\icardres.dll
2014-08-14 18:25 - 2014-06-30 14:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-14 18:25 - 2014-03-09 13:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\System32\icardagt.exe
2014-08-14 18:25 - 2014-03-09 13:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\System32\infocardapi.dll
2014-08-14 18:25 - 2014-03-09 13:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-14 18:25 - 2014-03-09 13:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-14 18:24 - 2014-06-05 22:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-14 18:24 - 2014-06-05 22:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\System32\TsWpfWrp.exe
2014-08-14 17:34 - 2014-07-08 18:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\System32\KBDYAK.DLL
2014-08-14 17:34 - 2014-07-08 18:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\System32\KBDTAT.DLL
2014-08-14 17:34 - 2014-07-08 18:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\System32\KBDRU1.DLL
2014-08-14 17:34 - 2014-07-08 18:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\System32\KBDBASH.DLL
2014-08-14 17:34 - 2014-07-08 18:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\System32\KBDRU.DLL
2014-08-14 17:34 - 2014-07-08 17:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-14 17:34 - 2014-07-08 17:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-14 17:34 - 2014-07-08 17:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-14 17:34 - 2014-07-08 17:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-14 17:34 - 2014-07-08 17:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-14 17:34 - 2014-07-08 14:38 - 00419992 _____ () C:\Windows\System32\locale.nls
2014-08-14 17:34 - 2014-07-08 14:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-14 17:31 - 2014-07-15 19:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
2014-08-14 17:31 - 2014-07-15 18:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-14 17:30 - 2014-07-31 15:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2014-08-14 17:30 - 2014-07-31 15:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-14 17:30 - 2014-07-25 06:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-08-14 17:30 - 2014-07-25 06:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2014-08-14 17:30 - 2014-07-25 05:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-14 17:30 - 2014-07-25 05:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-08-14 17:30 - 2014-07-25 05:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-08-14 17:30 - 2014-07-25 05:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-08-14 17:30 - 2014-07-25 05:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-08-14 17:30 - 2014-07-25 05:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-08-14 17:30 - 2014-07-25 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-14 17:30 - 2014-07-25 05:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-08-14 17:30 - 2014-07-25 05:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-08-14 17:30 - 2014-07-25 05:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2014-08-14 17:30 - 2014-07-25 04:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-08-14 17:30 - 2014-07-25 04:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2014-08-14 17:30 - 2014-07-25 04:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-14 17:30 - 2014-07-25 04:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-14 17:30 - 2014-07-25 04:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-14 17:30 - 2014-07-25 04:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-14 17:30 - 2014-07-25 04:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-08-14 17:30 - 2014-07-25 04:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-14 17:30 - 2014-07-25 04:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-14 17:30 - 2014-07-25 04:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-08-14 17:30 - 2014-07-25 04:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-14 17:30 - 2014-07-25 04:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-14 17:30 - 2014-07-25 04:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2014-08-14 17:30 - 2014-07-25 04:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-14 17:30 - 2014-07-25 04:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-14 17:30 - 2014-07-25 04:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-14 17:30 - 2014-07-25 03:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-14 17:30 - 2014-07-25 03:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-08-14 17:30 - 2014-07-25 03:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-14 17:30 - 2014-07-25 03:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-08-14 17:30 - 2014-07-25 03:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-08-14 17:30 - 2014-07-25 03:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2014-08-14 17:30 - 2014-07-25 03:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-14 17:30 - 2014-07-25 03:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-14 17:30 - 2014-07-25 03:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-14 17:30 - 2014-07-25 03:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-08-14 17:30 - 2014-07-25 03:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-14 17:30 - 2014-07-25 03:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-14 17:30 - 2014-07-25 03:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-14 17:30 - 2014-07-25 03:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-14 17:30 - 2014-07-25 02:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-08-14 17:30 - 2014-07-25 02:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-14 17:30 - 2014-07-25 02:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-14 17:30 - 2014-07-25 02:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-14 17:30 - 2014-07-15 19:25 - 00404480 _____ (Microsoft Corporation) C:\Windows\System32\gdi32.dll
2014-08-14 17:30 - 2014-07-15 18:46 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-14 17:30 - 2014-07-15 18:12 - 03163648 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2014-08-14 17:30 - 2014-06-24 18:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2014-08-14 17:30 - 2014-06-24 17:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-14 17:30 - 2014-06-15 18:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2014-08-14 17:30 - 2014-06-03 02:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\System32\msi.dll
2014-08-14 17:30 - 2014-06-03 02:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\System32\authui.dll
2014-08-14 17:30 - 2014-06-03 02:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\System32\msihnd.dll
2014-08-14 17:30 - 2014-06-03 02:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\System32\consent.exe
2014-08-14 17:30 - 2014-06-03 01:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-14 17:30 - 2014-06-03 01:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-14 17:30 - 2014-06-03 01:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-14 17:29 - 2014-07-25 06:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-08-14 17:29 - 2014-07-25 05:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-08-14 17:29 - 2014-07-25 05:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2014-08-14 17:29 - 2014-07-25 04:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2014-08-14 17:29 - 2014-07-25 04:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-08-14 17:29 - 2014-07-25 04:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-08-14 17:29 - 2014-07-25 02:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-08-14 17:29 - 2014-07-25 02:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-08-14 17:25 - 2014-08-06 18:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll
2014-08-14 17:25 - 2014-08-06 18:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2014-08-14 17:25 - 2014-07-13 18:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
2014-08-14 17:25 - 2014-07-13 17:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-07 20:55 - 2014-09-07 20:54 - 00000000 ____D () C:\FRST
2014-09-07 18:49 - 2014-09-06 22:03 - 00000000 ____D () C:\Windows\Microsoft Antimalware
2014-09-07 18:49 - 2014-09-06 17:58 - 00000000 ____D () C:\9e67603a5d01f77648e9937c308719
2014-09-07 18:49 - 2014-09-06 16:56 - 00000000 ____D () C:\Users\Chase\AppData\Roaming\Azureus
2014-09-07 18:49 - 2014-09-06 16:56 - 00000000 ____D () C:\Program Files\Vuze
2014-09-07 18:49 - 2014-06-18 16:01 - 00000000 ____D () C:\Users\Chase\AppData\Roaming\Spotify
2014-09-07 18:49 - 2012-08-21 16:12 - 00000000 ____D () C:\Users\Chase\AppData\Local\Conduit
2014-09-07 18:49 - 2012-08-19 16:30 - 00000000 ____D () C:\Users\Chase\AppData\Roaming\Skype
2014-09-07 18:49 - 2012-08-19 13:59 - 00000000 ____D () C:\users\Chase
2014-09-07 18:49 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\AppCompat
2014-09-06 17:56 - 2013-07-29 15:34 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-06 17:56 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-06 17:56 - 2009-07-13 20:51 - 00069623 _____ () C:\Windows\setupact.log
2014-09-06 17:56 - 2009-07-13 20:45 - 00453112 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-09-06 17:54 - 2014-06-04 14:39 - 00000000 ____D () C:\ProgramData\RoyalShopperAApp
2014-09-06 17:54 - 2014-02-13 17:25 - 00000000 ____D () C:\ProgramData\doownleoaddITkueep
2014-09-06 17:54 - 2014-01-24 14:11 - 00000000 ____D () C:\ProgramData\FlexibleeShopppeer
2014-09-06 17:54 - 2014-01-24 14:10 - 00000000 ____D () C:\ProgramData\DealsaFinderPro
2014-09-06 17:54 - 2012-06-21 19:54 - 02042846 _____ () C:\Windows\WindowsUpdate.log
2014-09-06 17:54 - 2010-11-20 19:47 - 00165382 _____ () C:\Windows\PFRO.log
2014-09-06 17:40 - 2013-07-29 15:34 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-06 17:31 - 2009-07-13 20:45 - 00028576 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-06 17:31 - 2009-07-13 20:45 - 00028576 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-06 17:26 - 2009-07-13 21:13 - 00786622 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-09-06 17:14 - 2014-09-06 17:12 - 00886288 _____ (Microsoft Corporation) C:\Users\Chase\Downloads\mssstool64.exe
2014-09-06 17:14 - 2013-08-16 23:01 - 00000000 ____D () C:\Windows\System32\MRT
2014-09-06 17:02 - 2012-06-15 23:58 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-06 16:58 - 2014-09-06 16:58 - 00000000 ____D () C:\Users\Chase\.swt
2014-09-06 16:57 - 2014-09-06 16:57 - 00001794 _____ () C:\Users\Public\Desktop\Vuze.lnk
2014-09-06 16:52 - 2014-09-06 16:52 - 00072008 _____ (Azureus Software, Inc.) C:\Users\Chase\Downloads\VuzeBittorrentClientInstaller.exe
2014-09-06 16:01 - 2012-09-13 15:49 - 00000000 ____D () C:\Users\Chase\AppData\Local\Adobe
2014-09-06 16:00 - 2014-09-06 16:00 - 00007605 _____ () C:\Users\Chase\AppData\Local\Resmon.ResmonCfg
2014-09-06 15:59 - 2012-06-15 23:58 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-06 15:59 - 2012-06-15 23:58 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-06 15:59 - 2012-06-15 23:58 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-06 15:54 - 2014-09-06 15:54 - 00000000 ____D () C:\Program Files (x86)\doownleoaddITkueep
2014-09-06 15:54 - 2014-09-06 15:54 - 00000000 ____D () C:\Program Files (x86)\DealsaFinderPro
2014-09-06 15:54 - 2014-01-24 14:10 - 00000000 ____D () C:\ProgramData\9e3c7ebbd87082a9
2014-09-06 15:50 - 2014-09-06 15:50 - 00000000 ____D () C:\Program Files (x86)\FlexibleeShopppeer
2014-09-06 15:32 - 2013-11-21 12:52 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro
2014-09-06 15:29 - 2014-09-06 15:29 - 00000000 __SHD () C:\Users\Chase\AppData\Local\EmieUserList
2014-09-06 15:29 - 2014-09-06 15:29 - 00000000 __SHD () C:\Users\Chase\AppData\Local\EmieSiteList
2014-09-06 15:24 - 2014-09-06 15:24 - 00000000 ____D () C:\Program Files (x86)\RoyalShopperAApp
2014-09-06 15:24 - 2014-01-31 19:35 - 00000000 ____D () C:\ProgramData\jfdjcnooccknaajlklmjgfcnlmacdmkl
2014-09-06 14:38 - 2013-11-21 12:53 - 00000000 ____D () C:\ProgramData\TubeDimmer
2014-09-06 14:35 - 2013-11-03 13:03 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-06 14:32 - 2014-09-06 14:28 - 00005618 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-09-06 14:32 - 2013-07-29 15:31 - 00000000 ____D () C:\Program Files (x86)\Java
2014-09-06 14:32 - 2012-08-21 16:13 - 00000000 ____D () C:\Program Files (x86)\PC Speed Maximizer
2014-08-25 04:59 - 2014-06-18 16:02 - 00000000 ____D () C:\Users\Chase\AppData\Local\Spotify
2014-08-19 17:13 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-14 18:47 - 2012-09-07 17:42 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-14 18:31 - 2012-11-03 07:36 - 99218768 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2014-08-14 18:23 - 2014-06-04 13:59 - 00000000 ___SD () C:\Windows\System32\CompatTel
2014-08-14 16:55 - 2012-06-16 00:25 - 00000000 ____D () C:\ProgramData\Skype
C:\Windows\svchost.exe
ATTENTION ====> Check for partition/boot infection.

Some content of TEMP:
====================
C:\Users\Chase\AppData\Local\Temp\-lcyyjg_.dll
C:\Users\Chase\AppData\Local\Temp\5pbrhoxz.dll
C:\Users\Chase\AppData\Local\Temp\60BB_fdminst.exe
C:\Users\Chase\AppData\Local\Temp\air2FA2.exe
C:\Users\Chase\AppData\Local\Temp\air60BC.exe
C:\Users\Chase\AppData\Local\Temp\airA25E.exe
C:\Users\Chase\AppData\Local\Temp\airCC7B.exe
C:\Users\Chase\AppData\Local\Temp\airF5BD.exe
C:\Users\Chase\AppData\Local\Temp\APNStub.exe
C:\Users\Chase\AppData\Local\Temp\COMAP.EXE
C:\Users\Chase\AppData\Local\Temp\contentDATs.exe
C:\Users\Chase\AppData\Local\Temp\i4jdel0.exe
C:\Users\Chase\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Chase\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Chase\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
C:\Users\Chase\AppData\Local\Temp\mssinstaller.exe
C:\Users\Chase\AppData\Local\Temp\oi_{6509B89E-91BE-4B8E-A323-75CAD4E87620}.exe
C:\Users\Chase\AppData\Local\Temp\q143e1ho.dll
C:\Users\Chase\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Chase\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Chase\AppData\Local\Temp\TB_4E5.exe
C:\Users\Chase\AppData\Local\Temp\wqogityn.dll
C:\Users\Chase\AppData\Local\Temp\YontooSetup-S.exe
C:\Users\Chase\AppData\Local\Temp\zo0wmtbx.dll

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

TDL4: custom:26000022 <===== ATTENTION!

==================== Restore Points  =========================

Restore point made on: 2014-06-17 15:51:19
Restore point made on: 2014-06-18 17:25:11
Restore point made on: 2014-06-26 16:57:39
Restore point made on: 2014-06-26 18:20:10
Restore point made on: 2014-07-03 08:14:10
Restore point made on: 2014-07-03 09:21:40
Restore point made on: 2014-07-10 14:53:48
Restore point made on: 2014-07-10 22:48:25
Restore point made on: 2014-07-28 13:38:50
Restore point made on: 2014-07-28 14:19:24
Restore point made on: 2014-07-30 09:27:54
Restore point made on: 2014-07-30 20:27:53
Restore point made on: 2014-08-07 18:39:17
Restore point made on: 2014-08-07 19:30:08
Restore point made on: 2014-08-14 16:59:15
Restore point made on: 2014-08-14 18:23:29
Restore point made on: 2014-08-19 17:40:10
Restore point made on: 2014-08-19 18:30:49
Restore point made on: 2014-08-25 05:06:01
Restore point made on: 2014-08-25 05:11:43
Restore point made on: 2014-09-06 14:18:48

==================== Memory info ===========================

Percentage of memory in use: 16%
Total physical RAM: 3996.36 MB
Available physical RAM: 3347.5 MB
Total Pagefile: 3994.56 MB
Available Pagefile: 3333.77 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:446.92 GB) (Free:360.8 GB) NTFS
Drive e: (Recovery) (Fixed) (Total:18.5 GB) (Free:1.08 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: (WDO_MEDIA64) (Removable) (Total:3.77 GB) (Free:3.49 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.34 GB) (Free:0.3 GB) NTFS ==>[System with boot components (obtained from reading drive)]
ATTENTION: Malware custom entry on BCD on drive y: detected.

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 03107966)
Partition 1: (Not Active) - (Size=18.5 GB) - (Type=27)
Partition 2: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=446.9 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 3.8 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

LastRegBack: 2014-06-11 23:49

==================== End Of Log ============================



#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:51 PM

Posted 15 September 2014 - 06:03 AM

Does the computer boot into normal mode again after this fix in Recovery Environment?


Please download this attached Attached File  fixlist.txt   63bytes   1 downloads and save it on the same flash drive as FRST.
  • Plug in the flash drive to the infected computer, enter the System Recovery Options and open FRST.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) is saved on the flash drive.
    Please copy and paste its contents in your next reply.


#5 dgski9

dgski9
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:51 PM

Posted 15 September 2014 - 10:55 AM

Ran the fix. System boots. Here is the fixlog.txt

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-09-2014 01
Ran by SYSTEM at 2014-09-15 10:31:09 Run:1
Running from g:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
TDL4: custom:26000022 <===== ATTENTION!
C:\Windows\svchost.exe
*****************

The operation completed successfully.
The operation completed successfully.
C:\Windows\svchost.exe => Moved successfully.

==== End of Fixlog ====



#6 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:51 PM

Posted 15 September 2014 - 11:03 AM

Great, but there's still some work to do in normal mode of Windows:


Move FRST from the flashdrive to the Desktop.
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt (under Optional Scan) is checked.
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.


#7 dgski9

dgski9
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:51 PM

Posted 15 September 2014 - 11:26 AM

OK, here is the contents of FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by Chase (administrator) on CHASE-VAIO on 15-09-2014 12:16:44
Running from C:\Users\Chase\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Sony Corporation) C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Updater) C:\ProgramData\Updater\updater.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Spotify Ltd) C:\Users\Chase\AppData\Roaming\Spotify\spotify.exe
(WatchDog) C:\ProgramData\RHelpers\ChromeHelper\ChromeHelper.exe
(WatchDog) C:\ProgramData\RHelpers\FirefoxHelper\FirefoxHelper.exe
(WatchDog) C:\ProgramData\RHelpers\IeHelper\IeHelper.exe
(Spotify Ltd) C:\Users\Chase\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(alch) C:\Program Files (x86)\ClamWin\bin\ClamTray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files (x86)\Sony\Keyboard Shortcuts\KeyboardShortcuts.exe
() C:\Users\Chase\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Chase\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Chase\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Chase\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Chase\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Digital Delivery Networks, Inc.) C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Improvement\vim.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Improvement\vim.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [ClamWin] => C:\Program Files (x86)\ClamWin\bin\ClamTray.exe [86016 2013-04-27] (alch)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-23] (Apple Inc.)
HKLM-x32\...\Run: [Updater] => C:\ProgramData\Updater\Updater.exe [297336 2013-09-25] (Updater)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_171_ActiveX.exe [701808 2013-02-26] (Adobe Systems Incorporated)
HKU\S-1-5-21-2661863286-877191386-513372732-1000\...\Run: [Updater] => C:\ProgramData\Updater\updater.exe [297336 2013-09-25] (Updater)
HKU\S-1-5-21-2661863286-877191386-513372732-1000\...\Run: [Spotify] => C:\Users\Chase\AppData\Roaming\Spotify\Spotify.exe [6621752 2014-08-24] (Spotify Ltd)
HKU\S-1-5-21-2661863286-877191386-513372732-1000\...\Run: [Spotify Web Helper] => C:\Users\Chase\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-08-24] (Spotify Ltd)
HKU\S-1-5-21-2661863286-877191386-513372732-1000\...\Run: [BackgroundContainerV2] => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Chase\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT3237160
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.findwide.com/?guid={60838435-50A1-4C7F-AAB6-8FF3A1AE615C}&serpv=22
URLSearchHook: HKLM-x32 - InternetHelper Toolbar - {9d0f7eb2-452d-4766-b535-8d23e36c300e} - C:\Users\Chase\AppData\LocalLow\InternetHelper\prxtbInt0.dll (ClientConnect Ltd.)
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
URLSearchHook: HKCU - InternetHelper Toolbar - {9d0f7eb2-452d-4766-b535-8d23e36c300e} - C:\Users\Chase\AppData\LocalLow\InternetHelper\prxtbInt0.dll (ClientConnect Ltd.)
SearchScopes: HKCU - DefaultScope {587F34DD-3192-45CF-A273-1226F24D17E6} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3237160
SearchScopes: HKCU - 2B9270672CDE4D3C9958225C80F42C71 URL = http://search.findwide.com/serp?guid={60838435-50A1-4C7F-AAB6-8FF3A1AE615C}&action=default_search&serpv=22&k={searchTerms}
SearchScopes: HKCU - B37F12FC8D9548728AAD16039E06C09E URL = http://isearch.avg.com/search?cid={0FB298C4-E802-49EB-ABB1-B731E96F88A1}&mid=f03469ca672847d08ce7d9a4ff2a9773-7f5dd979fb777c692d27b27390d6e59b6827901c&lang=en&ds=ft011&pr=sa&d=2012-11-17 19:48:42&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {1B2BA2A9-C316-449F-BF1A-4029D7B0C606} URL = http://websearch.ask.com/redirect?client=ie&tb=VDJ&o=41647958&src=kw&q={searchTerms}&locale=&apn_ptnrs=8P&apn_dtid=YYYYYYYYUS&apn_uid=141C09B7-E345-4531-B401-7540673B5783&apn_sauid=EF780F95-C58B-43C8-BD8C-CE8516BBA741
SearchScopes: HKCU - {587F34DD-3192-45CF-A273-1226F24D17E6} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3237160
SearchScopes: HKCU - {8EB31D0F-6F3B-45FA-B0C5-A20F797E1A68} URL = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10741
SearchScopes: HKCU - {8F9EC4D2-76CD-41FA-A59A-606FF577FB29} URL = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20120834,17118,0,18,0
SearchScopes: HKCU - {AF266C68-BB0E-49DA-B313-50A3A12BF3B9} URL = http://www.mysearchresults.com/search?&c=2634&t=03&q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: MPP3Maker -> {91CCD4D3-919C-31A3-20B0-2EAFE935BC81} -> C:\ProgramData\MPP3Maker\m1ltm3H5.x64.dll ()
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: AdobVuIewer -> {EDF5B6BE-FFE7-6ECF-1392-0D66C2816463} -> C:\ProgramData\AdobVuIewer\JkeocBoJpJ.x64.dll ()
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Tube Dimmer -> {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} -> C:\ProgramData\TubeDimmer\IE\common.dll (Creative Island Media, LLC)
BHO-x32: MyWordTool -> {45470599-8237-486D-87B5-E89CD6AED154} -> C:\Users\Chase\AppData\Roaming\MyWordTool\temp.dat ()
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: DefaultTab Browser Helper -> {7F6AFBF1-E065-4627-A2FD-810366367D01} -> C:\Users\Chase\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll No File
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: MPP3Maker -> {91CCD4D3-919C-31A3-20B0-2EAFE935BC81} -> C:\ProgramData\MPP3Maker\m1ltm3H5.dll ()
BHO-x32: AVG Security Toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll ()
BHO-x32: InternetHelper Toolbar -> {9d0f7eb2-452d-4766-b535-8d23e36c300e} -> C:\Users\Chase\AppData\LocalLow\InternetHelper\prxtbInt0.dll (ClientConnect Ltd.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: VirtualDJ Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: AdobVuIewer -> {EDF5B6BE-FFE7-6ECF-1392-0D66C2816463} -> C:\ProgramData\AdobVuIewer\JkeocBoJpJ.dll ()
BHO-x32: Yontoo -> {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} -> C:\Program Files (x86)\Yontoo\YontooIEClient_2.dll No File
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
Toolbar: HKLM-x32 - InternetHelper Toolbar - {9d0f7eb2-452d-4766-b535-8d23e36c300e} - C:\Users\Chase\AppData\LocalLow\InternetHelper\prxtbInt0.dll (ClientConnect Ltd.)
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll ()
Toolbar: HKLM-x32 - VirtualDJ Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKCU - No Name - {9D0F7EB2-452D-4766-B535-8D23E36C300E} -  No File
Toolbar: HKCU - No Name - {2D6C9CCE-5C62-4321-AC12-BC81A1B1D839} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll ()
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\Chase\AppData\Roaming\Mozilla\Firefox\Profiles\c8t1q0my.default
FF NewTab: user_pref("browser.newtab.url", "");
FF DefaultSearchEngine: FindWide
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: FindWide
FF Homepage: hxxp://search.findwide.com/?guid={60838435-50A1-4C7F-AAB6-8FF3A1AE615C}&serpv=22
FF Keyword.URL: hxxp://search.findwide.com/serp?guid={60838435-50A1-4C7F-AAB6-8FF3A1AE615C}&action=default_search&serpv=22&k=
FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll (AVG Technologies)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @playstation.com/PsndlCheck,version=1.00 -> C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF Plugin-x32: @sony.com/ReaderDesktop -> C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF user.js: detected! => C:\Users\Chase\AppData\Roaming\Mozilla\Firefox\Profiles\c8t1q0my.default\user.js
FF SearchPlugin: C:\Users\Chase\AppData\Roaming\Mozilla\Firefox\Profiles\c8t1q0my.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\Chase\AppData\Roaming\Mozilla\Firefox\Profiles\c8t1q0my.default\searchplugins\bingp.xml
FF SearchPlugin: C:\Users\Chase\AppData\Roaming\Mozilla\Firefox\Profiles\c8t1q0my.default\searchplugins\findwide.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF Extension: SalesMMagnnet - C:\Users\Chase\AppData\Roaming\Mozilla\Firefox\Profiles\c8t1q0my.default\Extensions\2848alin@aeeoph.org [2014-09-06]
FF Extension: AdobVuIewer - C:\Users\Chase\AppData\Roaming\Mozilla\Firefox\Profiles\c8t1q0my.default\Extensions\c.zalzqkp@k-oufp.com [2014-09-06]
FF Extension: MyWordTool - C:\Users\Chase\AppData\Roaming\Mozilla\Firefox\Profiles\c8t1q0my.default\Extensions\emily@wilford.biz [2013-11-21]
FF Extension: PdfMMaker - C:\Users\Chase\AppData\Roaming\Mozilla\Firefox\Profiles\c8t1q0my.default\Extensions\fqgd.euu@uiyrwcbq.co.uk [2014-09-06]
FF Extension: FlexibleeShopppeer - C:\Users\Chase\AppData\Roaming\Mozilla\Firefox\Profiles\c8t1q0my.default\Extensions\iyoqtl@uaaoeee.org [2014-09-06]
FF Extension: Tube Dimmer - C:\Users\Chase\AppData\Roaming\Mozilla\Firefox\Profiles\c8t1q0my.default\Extensions\support@tubedimmerapp.com [2013-11-21]
FF Extension: VirtualDJ Toolbar - C:\Users\Chase\AppData\Roaming\Mozilla\Firefox\Profiles\c8t1q0my.default\Extensions\toolbar@ask.com [2012-11-17]
FF Extension: DealsaFinderPro - C:\Users\Chase\AppData\Roaming\Mozilla\Firefox\Profiles\c8t1q0my.default\Extensions\uowc21v8@hgazbm.org [2014-09-06]
FF Extension: doownleoaddITkueep - C:\Users\Chase\AppData\Roaming\Mozilla\Firefox\Profiles\c8t1q0my.default\Extensions\zodznkzj5i5@s-i.org [2014-09-06]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-08-21]
FF Extension: MyWordTool - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\emily@wilford.biz [2013-11-21]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-08-21]
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\14.2.0.1
FF Extension: AVG Security Toolbar - C:\ProgramData\AVG Secure Search\FireFoxExt\14.2.0.1 [2013-02-20]

Chrome:
=======
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-03]
CHR Extension: (Google Drive) - C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-03]
CHR Extension: (YouTube) - C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-03]
CHR Extension: (No Name) - C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Extensions\ceikihncddionlfgggkohfokcnkobpnl [2013-11-23]
CHR Extension: (Last updated at $time$ on $date$) - C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-02-01]
CHR Extension: (PdfMMaker) - C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Extensions\cocbinjcpbmojbbpopnofcpnilhegkel [2014-05-03]
CHR Extension: (Google Search) - C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-03]
CHR Extension: (MyWordTool) - C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Extensions\djgojpphcoccgjoafgdhiomafpcopmfn [2013-11-21]
CHR Extension: (SalesMMagnnet) - C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpmgodoonbmgdfblmfgppfhfnncfjkbk [2014-06-04]
CHR Extension: (No Name) - C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb [2013-11-21]
CHR Extension: (DealsaFinderPro) - C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfobgleljleknejaekcgekepmcefgkgc [2014-01-24]
CHR Extension: (Skype Click to Call) - C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-11-03]
CHR Extension: (Google Wallet) - C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-03]
CHR Extension: (doownleoaddITkueep) - C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Extensions\okendimbmgmdolaefgiflbdgfcmemenl [2014-02-13]
CHR Extension: (Color Icons for Gmail) - C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Extensions\omioomoieildjihcajfoobhhiecjkmfn [2014-06-10]
CHR Extension: (Gmail) - C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-03]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\14.2.0.1\avg.crx [2013-02-20]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S4 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [106144 2012-02-23] (Atheros Commnucations) [File not signed]
S4 DCDhcpService; C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [112256 2012-03-21] (Atheros Communication Inc.)
S4 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-03-13] ()
S4 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-03-13] (Intel Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
S4 Oasis2Service; C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [60416 2012-11-13] (Digital Delivery Networks, Inc.) [File not signed]
S4 PMBDeviceInfoProvider; c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [473960 2012-02-21] (Sony Corporation)
S4 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [260768 2011-11-30] (Sony Corporation)
S4 Sony SCSI Helper Service; C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe [73728 2011-09-23] (Sony Corporation) [File not signed]
S4 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.)
S4 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [960160 2011-12-29] (Sony Corporation)
S4 vToolbarUpdater14.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [968880 2013-02-20] ()
S4 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [158880 2012-02-23] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [39768 2013-02-20] (AVG Technologies)
R3 BTATH_VDP; C:\Windows\System32\drivers\btath_vdp.sys [421664 2012-02-23] (Atheros)
S3 ElgatoGC658Y; C:\Windows\System32\Drivers\ElgatoGC658.sys [50288 2012-11-12] (UB658)
S3 lehidmini; C:\Windows\system32\drivers\leath_hid.sys [36128 2012-02-23] (Atheros)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R1 MpKsld4462c22; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D49FA307-74E4-41B2-A2AC-9B49B058DAE8}\MpKsld4462c22.sys [45352 2014-09-06] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 SmbDrv; C:\Windows\system32\drivers\Smb_driver.sys [21264 2012-03-13] (Synaptics Incorporated)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-15 12:16 - 2014-09-15 12:17 - 00024808 _____ () C:\Users\Chase\Desktop\FRST.txt
2014-09-15 12:15 - 2014-09-15 12:15 - 00000000 ____D () C:\Users\Chase\Desktop\FRST-OlderVersion
2014-09-15 12:14 - 2014-09-15 12:15 - 02105856 _____ (Farbar) C:\Users\Chase\Desktop\FRST64.exe
2014-09-15 11:50 - 2014-09-15 11:50 - 00278920 _____ () C:\Windows\Minidump\091514-89778-01.dmp
2014-09-08 00:54 - 2014-09-15 12:16 - 00000000 ____D () C:\FRST
2014-09-07 02:03 - 2014-09-07 22:49 - 00000000 ____D () C:\Windows\Microsoft Antimalware
2014-09-06 21:58 - 2014-09-07 22:49 - 00000000 ____D () C:\9e67603a5d01f77648e9937c308719
2014-09-06 21:12 - 2014-09-06 21:14 - 00886288 _____ (Microsoft Corporation) C:\Users\Chase\Downloads\mssstool64.exe
2014-09-06 20:58 - 2014-09-06 20:58 - 00000000 ____D () C:\Users\Chase\.swt
2014-09-06 20:57 - 2014-09-06 20:57 - 00001794 _____ () C:\Users\Public\Desktop\Vuze.lnk
2014-09-06 20:57 - 2014-09-06 20:57 - 00001794 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
2014-09-06 20:56 - 2014-09-07 22:49 - 00000000 ____D () C:\Users\Chase\AppData\Roaming\Azureus
2014-09-06 20:56 - 2014-09-07 22:49 - 00000000 ____D () C:\Program Files\Vuze
2014-09-06 20:52 - 2014-09-06 20:52 - 00072008 _____ (Azureus Software, Inc.) C:\Users\Chase\Downloads\VuzeBittorrentClientInstaller.exe
2014-09-06 20:00 - 2014-09-06 20:00 - 00007605 _____ () C:\Users\Chase\AppData\Local\Resmon.ResmonCfg
2014-09-06 19:54 - 2014-09-06 19:54 - 00000000 ____D () C:\Program Files (x86)\doownleoaddITkueep
2014-09-06 19:54 - 2014-09-06 19:54 - 00000000 ____D () C:\Program Files (x86)\DealsaFinderPro
2014-09-06 19:50 - 2014-09-06 19:50 - 00000000 ____D () C:\Program Files (x86)\FlexibleeShopppeer
2014-09-06 19:29 - 2014-09-06 19:29 - 00000000 __SHD () C:\Users\Chase\AppData\Local\EmieUserList
2014-09-06 19:29 - 2014-09-06 19:29 - 00000000 __SHD () C:\Users\Chase\AppData\Local\EmieSiteList
2014-09-06 19:24 - 2014-09-06 19:24 - 00000000 ____D () C:\Program Files (x86)\RoyalShopperAApp
2014-09-06 18:34 - 2014-07-25 12:49 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-09-06 18:32 - 2014-07-25 12:55 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-09-06 18:32 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-09-06 18:32 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-09-06 18:28 - 2014-09-06 18:32 - 00005618 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-08-25 09:07 - 2014-05-14 12:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-25 09:07 - 2014-05-14 12:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-25 09:07 - 2014-05-14 12:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-25 09:07 - 2014-05-14 12:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-25 09:06 - 2014-05-14 12:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-25 09:06 - 2014-05-14 12:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-25 09:06 - 2014-05-14 12:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-25 09:06 - 2014-05-14 12:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-25 09:06 - 2014-05-14 12:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-25 09:06 - 2014-05-14 12:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-25 09:06 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-25 09:06 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-25 09:06 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-25 09:06 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-15 12:17 - 2014-09-15 12:16 - 00024808 _____ () C:\Users\Chase\Desktop\FRST.txt
2014-09-15 12:16 - 2014-09-08 00:54 - 00000000 ____D () C:\FRST
2014-09-15 12:15 - 2014-09-15 12:15 - 00000000 ____D () C:\Users\Chase\Desktop\FRST-OlderVersion
2014-09-15 12:15 - 2014-09-15 12:14 - 02105856 _____ (Farbar) C:\Users\Chase\Desktop\FRST64.exe
2014-09-15 12:15 - 2012-06-21 23:54 - 01159908 _____ () C:\Windows\WindowsUpdate.log
2014-09-15 12:13 - 2014-06-18 20:01 - 00000000 ____D () C:\Users\Chase\AppData\Roaming\Spotify
2014-09-15 12:12 - 2009-07-14 00:45 - 00028576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-15 12:12 - 2009-07-14 00:45 - 00028576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-15 12:05 - 2014-06-18 20:02 - 00000000 ____D () C:\Users\Chase\AppData\Local\Spotify
2014-09-15 12:00 - 2012-06-16 03:58 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-15 11:52 - 2013-07-29 19:34 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-15 11:50 - 2014-09-15 11:50 - 00278920 _____ () C:\Windows\Minidump\091514-89778-01.dmp
2014-09-15 11:50 - 2012-11-24 01:37 - 00000000 ____D () C:\Windows\Minidump
2014-09-15 11:50 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-15 11:50 - 2009-07-14 00:51 - 00069679 _____ () C:\Windows\setupact.log
2014-09-15 11:49 - 2012-11-24 01:36 - 531081513 _____ () C:\Windows\MEMORY.DMP
2014-09-07 22:49 - 2014-09-07 02:03 - 00000000 ____D () C:\Windows\Microsoft Antimalware
2014-09-07 22:49 - 2014-09-06 21:58 - 00000000 ____D () C:\9e67603a5d01f77648e9937c308719
2014-09-07 22:49 - 2014-09-06 20:56 - 00000000 ____D () C:\Users\Chase\AppData\Roaming\Azureus
2014-09-07 22:49 - 2014-09-06 20:56 - 00000000 ____D () C:\Program Files\Vuze
2014-09-07 22:49 - 2013-11-03 17:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-07 22:49 - 2012-08-21 20:12 - 00000000 ____D () C:\Users\Chase\AppData\Local\Conduit
2014-09-07 22:49 - 2012-08-19 20:30 - 00000000 ____D () C:\Users\Chase\AppData\Roaming\Skype
2014-09-07 22:49 - 2012-08-19 17:59 - 00000000 ____D () C:\Users\Chase
2014-09-07 22:49 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat
2014-09-06 21:56 - 2009-07-14 00:45 - 00453112 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-06 21:54 - 2014-06-04 18:39 - 00000000 ____D () C:\ProgramData\RoyalShopperAApp
2014-09-06 21:54 - 2014-02-13 21:25 - 00000000 ____D () C:\ProgramData\doownleoaddITkueep
2014-09-06 21:54 - 2014-01-24 18:11 - 00000000 ____D () C:\ProgramData\FlexibleeShopppeer
2014-09-06 21:54 - 2014-01-24 18:10 - 00000000 ____D () C:\ProgramData\DealsaFinderPro
2014-09-06 21:54 - 2010-11-20 23:47 - 00165382 _____ () C:\Windows\PFRO.log
2014-09-06 21:40 - 2013-07-29 19:34 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-06 21:26 - 2009-07-14 01:13 - 00786622 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-06 21:14 - 2014-09-06 21:12 - 00886288 _____ (Microsoft Corporation) C:\Users\Chase\Downloads\mssstool64.exe
2014-09-06 21:14 - 2013-08-17 03:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-06 20:58 - 2014-09-06 20:58 - 00000000 ____D () C:\Users\Chase\.swt
2014-09-06 20:57 - 2014-09-06 20:57 - 00001794 _____ () C:\Users\Public\Desktop\Vuze.lnk
2014-09-06 20:57 - 2014-09-06 20:57 - 00001794 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
2014-09-06 20:52 - 2014-09-06 20:52 - 00072008 _____ (Azureus Software, Inc.) C:\Users\Chase\Downloads\VuzeBittorrentClientInstaller.exe
2014-09-06 20:01 - 2012-09-13 19:49 - 00000000 ____D () C:\Users\Chase\AppData\Local\Adobe
2014-09-06 20:00 - 2014-09-06 20:00 - 00007605 _____ () C:\Users\Chase\AppData\Local\Resmon.ResmonCfg
2014-09-06 19:59 - 2012-06-16 03:58 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-06 19:59 - 2012-06-16 03:58 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-06 19:59 - 2012-06-16 03:58 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-06 19:54 - 2014-09-06 19:54 - 00000000 ____D () C:\Program Files (x86)\doownleoaddITkueep
2014-09-06 19:54 - 2014-09-06 19:54 - 00000000 ____D () C:\Program Files (x86)\DealsaFinderPro
2014-09-06 19:54 - 2014-01-24 18:10 - 00000000 ____D () C:\ProgramData\9e3c7ebbd87082a9
2014-09-06 19:50 - 2014-09-06 19:50 - 00000000 ____D () C:\Program Files (x86)\FlexibleeShopppeer
2014-09-06 19:32 - 2013-11-21 16:52 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro
2014-09-06 19:29 - 2014-09-06 19:29 - 00000000 __SHD () C:\Users\Chase\AppData\Local\EmieUserList
2014-09-06 19:29 - 2014-09-06 19:29 - 00000000 __SHD () C:\Users\Chase\AppData\Local\EmieSiteList
2014-09-06 19:24 - 2014-09-06 19:24 - 00000000 ____D () C:\Program Files (x86)\RoyalShopperAApp
2014-09-06 19:24 - 2014-01-31 23:35 - 00000000 ____D () C:\ProgramData\jfdjcnooccknaajlklmjgfcnlmacdmkl
2014-09-06 18:38 - 2013-11-21 16:53 - 00000000 ____D () C:\ProgramData\TubeDimmer
2014-09-06 18:35 - 2013-11-03 17:03 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-06 18:32 - 2014-09-06 18:28 - 00005618 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-09-06 18:32 - 2013-07-29 19:31 - 00000000 ____D () C:\Program Files (x86)\Java
2014-09-06 18:32 - 2012-08-21 20:13 - 00000000 ____D () C:\Program Files (x86)\PC Speed Maximizer
2014-08-19 21:13 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

Some content of TEMP:
====================
C:\Users\Chase\AppData\Local\Temp\-lcyyjg_.dll
C:\Users\Chase\AppData\Local\Temp\5pbrhoxz.dll
C:\Users\Chase\AppData\Local\Temp\60BB_fdminst.exe
C:\Users\Chase\AppData\Local\Temp\air2FA2.exe
C:\Users\Chase\AppData\Local\Temp\air60BC.exe
C:\Users\Chase\AppData\Local\Temp\airA25E.exe
C:\Users\Chase\AppData\Local\Temp\airCC7B.exe
C:\Users\Chase\AppData\Local\Temp\airF5BD.exe
C:\Users\Chase\AppData\Local\Temp\APNStub.exe
C:\Users\Chase\AppData\Local\Temp\COMAP.EXE
C:\Users\Chase\AppData\Local\Temp\contentDATs.exe
C:\Users\Chase\AppData\Local\Temp\i4jdel0.exe
C:\Users\Chase\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Chase\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Chase\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
C:\Users\Chase\AppData\Local\Temp\mssinstaller.exe
C:\Users\Chase\AppData\Local\Temp\oi_{6509B89E-91BE-4B8E-A323-75CAD4E87620}.exe
C:\Users\Chase\AppData\Local\Temp\q143e1ho.dll
C:\Users\Chase\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Chase\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Chase\AppData\Local\Temp\TB_4E5.exe
C:\Users\Chase\AppData\Local\Temp\wqogityn.dll
C:\Users\Chase\AppData\Local\Temp\YontooSetup-S.exe
C:\Users\Chase\AppData\Local\Temp\zo0wmtbx.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-06-12 03:49

==================== End Of Log ============================

 

 

Here is the contents of Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2014
Ran by Chase at 2014-09-15 12:17:39
Running from C:\Users\Chase\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-zip v9.20 (HKLM-x32\...\7-zip) (Version: v9.20 - TUGUU SL) <==== ATTENTION
ACID Music Studio 8.0 (x32 Version: 8.0.178 - Sony) Hidden
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.6.602.171 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Adobe Reader X MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)
AdobVuIewer (HKLM-x32\...\{E597EF89-D3DF-7708-E392-3D9C87CAB1AA}) (Version:  - AdobViewEr)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Application Manager for VAIO (HKLM-x32\...\Application Manager for VAIO) (Version:  - )
ArcSoft Magic-i Visual Effects 2 (HKLM-x32\...\{61438020-DDD4-42FA-99A2-50225441980A}) (Version: 2.0.1.161 - ArcSoft)
ArcSoft WebCam Companion 4 (HKLM-x32\...\{C793AD32-2BB8-4CC4-ABD3-A1469C21593C}) (Version: 4.0.21.457 - ArcSoft)
Ask Toolbar (HKLM-x32\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.11.3.0 - Ask.com) <==== ATTENTION
Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.125 - Atheros)
AVG Security Toolbar (HKLM-x32\...\AVG Secure Search) (Version: 14.2.0.1 - AVG Technologies)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
ClamWin Free Antivirus 0.97.8 (HKLM-x32\...\ClamWin Free Antivirus_is1) (Version:  - alch)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.5009.52 - CyberLink Corp.)
CyberLink PowerDVD (x32 Version: 9.0.5009.52 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DVD Architect Studio 5.0 (x32 Version: 5.0.157 - Sony) Hidden
Elgato Game Capture HD (HKLM-x32\...\{0392D055-3112-444D-831A-64DF12D9C151}) (Version: 1.42.19.534 - Elgato Systems GmbH)
Evernote v. 4.5.2 (HKLM-x32\...\{8CE152BA-1D16-11E1-867D-984BE15F174E}) (Version: 4.5.2.5904 - Evernote Corp.)
FDUx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
GIMP 2.6.10 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.146 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2618 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
InternetHelper Toolbar (HKLM-x32\...\InternetHelper Toolbar) (Version: 6.9.0.16 - InternetHelper)
iTunes (HKLM\...\{A04DCB25-7040-4935-A30D-8E0A893ABF2D}) (Version: 11.1.2.32 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Java™ 7 Update 1 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417001FF}) (Version: 7.0.10 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Keyboard_Shortcuts (x32 Version: 1.1.0.12190 - Sony Corporation) Hidden
KUx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
Media Gallery (HKLM\...\{0EB7792D-EFA2-42AB-9A22-F33D9458E974}) (Version: 2.1.0.13300 - Sony Corporation)
Media Go (x32 Version: 2.0.317 - Sony) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 24.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 24.0 (x86 en-US)) (Version: 24.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.0 - Mozilla)
MPP3Maker (HKLM-x32\...\{15E2B6EC-0017-0C28-3205-F19E83F00276}) (Version:  - MP3Maker)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT Redists (x32 Version: 1.0 - Sony Creative Software Inc.) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyWordTool (HKCU\...\MyWordTool) (Version: 1 - http://www.mywordtool.com)
Oasis2Service (HKLM-x32\...\{E50FC5DB-7CBD-407D-A46E-0C13E45BC386}) (Version: 1.0.4 - DDNi)
PlayMemories Home (x32 Version: 6.1.01.14210 - Sony Corporation) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayStation®Network Downloader (x32 Version: 2.07.00849 - Sony Computer Entertainment Inc.) Hidden
PlayStation®Store (x32 Version: 4.5.15.13232 - Sony Computer Entertainment Inc.) Hidden
Qualcomm Atheros Direct Connect (x32 Version: 3.1 - Qualcomm Atheros) Hidden
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{E727B31A-8B24-4C1C-934A-69634E0D2C0B}) (Version: 3.0 - Qualcomm Atheros)
Reader for PC (x32 Version: 1.1.02.10070 - Sony Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6564 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.91 - Realtek Semiconductor Corp.)
Remote Keyboard (x32 Version: 1.2.0.09270 - Sony Corporation) Hidden
Remote Play with PlayStation®3 (x32 Version: 1.1.0.21090 - Sony Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Sound Forge Audio Studio 10.0 (x32 Version: 10.0.176 - Sony) Hidden
Spotify (HKCU\...\Spotify) (Version: 0.9.12.10.g89b2a4fc - Spotify AB)
SSLx64 (Version: 1.0.0 - Sony Corporation ) Hidden
SSLx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.0.1.0 - Synaptics Incorporated)
TrackID™ with BRAVIA (x32 Version: 1.2.0.09270 - Sony Corportaion) Hidden
TriDef 3D (Sony) 2.0.5 (HKLM-x32\...\experience-sony-bundle) (Version: 2.0.5 - Dynamic Digital Depth Australia Pty Ltd)
Tube Dimmer (HKLM-x32\...\TubeDimmer) (Version: 2.6.43 - Creative Island Media, LLC)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883097) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{B2260BC9-D561-46EE-B33D-739CF760A2A9}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Updater (HKLM-x32\...\{D54E3D9F-FEB8-4D2D-A138-B69A5C80080B}) (Version: 2.6.43 - Creative Island Media, LLC) <==== ATTENTION
V3DPx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VAIO - Microsoft Visual C++ 2010 SP1 Runtime 10.0.40219.325 (HKLM\...\{34EB42BE-F4D3-44C1-B28E-9740115DB72C}) (Version: 1.0.00.01300 - Sony Corporation)
VAIO - PlayMemories Home Plug-in (HKLM\...\{886C0C18-F905-49B2-90BA-EFC0FEDF27C6}) (Version: 2.0.00.14200 - Sony Corporation)
VAIO - Remote Keyboard (x32 Version: 1.2.0.09270 - Sony Corporation) Hidden
VAIO - Remote Keyboard with PlayStation®3 (x32 Version: 1.2.0.09210 - Sony Corporation) Hidden
VAIO - Remote Play with PlayStation®3 (x32 Version: 1.1.0.21090 - Sony Corporation) Hidden
VAIO - TrackID™ with BRAVIA (x32 Version: 1.2.0.09270 - Sony Corporation) Hidden
VAIO 3D Portal (x32 Version: 1.2.0.10131 - Sony Corporation) Hidden
VAIO Care (HKLM\...\{471F7C0A-CA3A-4F4C-8346-DE36AD5E23D1}) (Version: 7.3.0.14170 - Sony Corporation)
VAIO Control Center (x32 Version: 5.2.1.15070 - Sony Corporation) Hidden
VAIO CPU Fan Diagnostic (x32 Version: 1.1.0.09200 - Sony Corporation) Hidden
VAIO Data Restore Tool (x32 Version: 1.9.0.13190 - Sony Corporation) Hidden
VAIO Easy Connect (x32 Version: 1.1.2.01120 - Sony Corporation) Hidden
VAIO Gate (x32 Version: 2.4.1.09230 - Sony Corporation) Hidden
VAIO Gate Default (x32 Version: 2.5.2.02090 - Sony Corporation) Hidden
VAIO Gesture Control (x32 Version: 1.0.0.12300 - Sony Corporation) Hidden
VAIO Help and Support (x32 Version: 17.00.0109 - Sony Corporation) Hidden
VAIO Improvement (x32 Version: 1.3.0.12280 - Sony Corporation) Hidden
VAIO Manual (x32 Version: 2.3.0.12300 - Sony Corporation) Hidden
VAIO Messenger (HKLM-x32\...\VAIO Messenger) (Version: 2.0.493.0 - DDNi)
VAIO OOBE (x32 Version: 12.2.1.2483 - Sony Corporation) Hidden
VAIO Sample Contents (x32 Version: 1.4.0.09010 - Sony Corporation) Hidden
VAIO Satisfaction Survey. (x32 Version: 3.0 - Sony Electronics Inc.) Hidden
VAIO Smart Network (x32 Version: 3.11.1.15220 - Sony Corporation) Hidden
VAIO Transfer Support (x32 Version: 1.7.0.02231 - Sony Corporation) Hidden
VAIO Update (x32 Version: 5.7.0.13130 - Sony Corporation) Hidden
VAIO Update Merge Module x64 (Version: 5.7.13130 - Sony Corporation) Hidden
VCCx64 (Version: 1.0.0 - Sony Corporation) Hidden
VCCx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Vegas Movie Studio HD Platinum 11.0 (x32 Version: 11.0.256 - Sony) Hidden
VHD (x32 Version: 1.0.0 - Microsoft) Hidden
VirtualDJ Home FREE (HKLM-x32\...\{5E1375CB-6792-4464-8715-CC3EC83D48FA}) (Version: 7.0.5 - Atomix Productions)
VIx64 (Version: 1.0.0 - Sony Corporation) Hidden
VIx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VMLx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VPMx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSNx64 (Version: 1.0.0 - Sony Corporation) Hidden
VSNx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VSSTx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VU5x64 (Version: 1.0.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.4.0.0 - Azureus Software, Inc.)
VWSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

27-06-2014 02:19:46 Windows Update
03-07-2014 16:13:46 Windows Update
03-07-2014 17:21:36 Windows Update
10-07-2014 22:49:37 Windows Update
11-07-2014 06:48:12 Windows Update
28-07-2014 21:37:33 Windows Update
28-07-2014 22:19:14 Windows Update
30-07-2014 17:27:38 Windows Update
31-07-2014 04:27:46 Windows Update
08-08-2014 02:38:54 Windows Update
08-08-2014 03:30:03 Windows Update
15-08-2014 00:57:42 Windows Update
15-08-2014 02:23:21 Windows Update
20-08-2014 01:39:20 Windows Update
20-08-2014 02:30:44 Windows Update
25-08-2014 13:05:34 Windows Update
25-08-2014 13:11:38 Windows Update
06-09-2014 22:17:56 Windows Update
15-09-2014 15:55:17 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {26F54E8F-A1FF-4A84-9094-94396FFF265D} - System32\Tasks\Sony Corporation\VAIO Smart Network\VSN Logon Start => net
Task: {2B194FEB-BA4A-4FEC-90EF-8972263D1FEB} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Daily => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-03-07] (Sony Corporation)
Task: {3F4B1268-6DD2-402E-8021-CCD9F94F6508} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementMonitorSystem => C:\Program Files\Sony\VAIO Improvement\vim.exe [2011-12-27] (Sony Corporation)
Task: {44C5CFDC-D45D-4F02-88D5-6676FD192676} - System32\Tasks\DDNi Startup => C:\Program Files (x86)\DDNi\Oasis\DDNiStartup.exe [2012-11-13] (Digital Delivery Networks, Inc.)
Task: {480E465A-B64E-43BE-9716-D6AFF0B17B53} - System32\Tasks\VAIO® Messenger (Administrator) => C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe [2012-11-13] (Digital Delivery Networks, Inc.)
Task: {57FF03DE-6861-40C8-933C-4B80C0AF8F2D} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2011-02-01] () <==== ATTENTION
Task: {6457FF23-C850-4ABC-9A94-4C5C3B396270} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-29] (Google Inc.)
Task: {6AC93975-4ED5-4C8C-8690-8A0764C1DD44} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-01-31] (Sony Corporation)
Task: {6EC2BD4A-4B32-46C4-992B-5A587E4C48EE} - System32\Tasks\VHDInformationCheck => C:\Program Files (x86)\Sony\VAIO Recovery\plugins\InformationCheck.exe [2012-02-24] (Sony Corporation)
Task: {8A6C7A35-D1C5-45BA-943A-CF9DDC55FC1B} - System32\Tasks\Sony Corporation\VAIO Gesture Control\VCGULogonTask => C:\Program Files (x86)\Sony\VAIO Camera Gesture Utility\VCGU.exe [2011-12-27] (Sony Corporation)
Task: {8F727693-1E4D-4ADB-874B-641C829B2CAC} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Month => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-03-07] (Sony Corporation)
Task: {91991DC5-DAAF-4B34-830C-A7E1DEFA1BA8} - System32\Tasks\Sony Corporation\VAIO Care\CRMReminder => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-01-31] (Sony Corporation)
Task: {97DEF41C-2FEA-459D-8CB8-484A67FF7755} - System32\Tasks\Sony\Keyboard Shortcuts => C:\Program Files (x86)\Sony\Keyboard Shortcuts\KeyboardShortcuts.exe [2012-03-20] ()
Task: {A2FD54A5-991D-4607-8109-79C5A8A1B20D} - System32\Tasks\VAIO® Messenger (Chase) => C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe [2012-11-13] (Digital Delivery Networks, Inc.)
Task: {A3F65E2B-AC06-4851-882D-D210E66F9A75} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A41FB9F3-8AE4-4522-84C3-AB37598AC62C} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-01-31] (Sony Corporation)
Task: {B0652880-5A8F-4CC8-9A88-B8B3A11053BF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-29] (Google Inc.)
Task: {B0880195-0DCB-4C96-A31A-A0C2DE112D81} - System32\Tasks\Sony Corporation\VAIO Gate\StartExecuteProxy => C:\Program Files\Sony\VAIO Gate\ExecutionProxy.exe [2011-09-23] (Sony Corporation)
Task: {B97E63A4-1383-4513-8F9D-E9CA9A9F9E65} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-01-31] (Sony Corporation)
Task: {C2C771F1-F52C-4750-96AC-A36BCE7EA3E2} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2011-09-23] (Sony Corporation)
Task: {CFB00D25-6DF8-4FB2-B06D-C7100579FC65} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\viuploader.exe [2011-12-27] (Sony Corporation)
Task: {D68E9F19-825C-4E2A-9AAB-EAE2F547FE8D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-06] (Adobe Systems Incorporated)
Task: {E14108EC-2513-494F-9A28-6216DEDB26B2} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-01-31] (Sony Corporation)
Task: {E2ED7F68-6F6D-4A72-B3AC-8412E665A724} - System32\Tasks\Sony Corporation\VAIO Care\AutoCheckMessage => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-01-31] (Sony Corporation)
Task: {E7C9F85B-2896-47AB-95FA-B0BC0E27CA5D} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementMonitorUser => C:\Program Files\Sony\VAIO Improvement\vim.exe [2011-12-27] (Sony Corporation)
Task: {FE786704-8357-4B69-A9E3-902BB0186430} - System32\Tasks\Sony Corporation\VAIO Care\VAU => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-01-31] (Sony Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-07-29 19:16 - 2008-04-19 16:35 - 00080384 _____ () C:\Program Files (x86)\ClamWin\bin\ExpShell64.dll
2012-03-20 16:43 - 2012-03-20 16:43 - 00477816 _____ () C:\Program Files (x86)\Sony\Keyboard Shortcuts\KeyboardShortcuts.exe
2014-06-18 20:01 - 2014-08-24 15:42 - 00610872 _____ () C:\Users\Chase\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
2012-05-30 20:06 - 2012-05-30 20:06 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-05-30 20:06 - 2012-05-30 20:06 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-06-18 20:01 - 2014-08-24 15:42 - 36966968 _____ () C:\Users\Chase\AppData\Roaming\Spotify\Data\libcef.dll
2013-07-29 19:16 - 2005-02-08 16:23 - 00979005 _____ () C:\Program Files (x86)\ClamWin\bin\python23.dll
2013-05-10 22:30 - 2004-11-20 02:27 - 00069632 _____ () C:\Program Files (x86)\ClamWin\lib\win32api.pyd
2013-07-29 19:16 - 2004-10-11 19:21 - 00094208 _____ () C:\Program Files (x86)\ClamWin\lib\pywintypes23.dll
2013-05-10 22:30 - 2004-05-25 20:18 - 00057401 _____ () C:\Program Files (x86)\ClamWin\lib\_sre.pyd
2013-05-10 22:30 - 2004-11-20 02:27 - 00086016 _____ () C:\Program Files (x86)\ClamWin\lib\win32gui.pyd
2013-05-10 22:30 - 2004-11-20 02:27 - 00024576 _____ () C:\Program Files (x86)\ClamWin\lib\win32event.pyd
2013-05-10 22:30 - 2004-11-20 02:27 - 00036864 _____ () C:\Program Files (x86)\ClamWin\lib\win32process.pyd
2013-05-10 22:30 - 2004-05-25 20:18 - 00049212 _____ () C:\Program Files (x86)\ClamWin\lib\_socket.pyd
2013-05-10 22:30 - 2004-05-25 20:18 - 00495616 _____ () C:\Program Files (x86)\ClamWin\lib\_ssl.pyd
2013-05-10 22:30 - 2004-05-25 20:20 - 00036864 _____ () C:\Program Files (x86)\ClamWin\lib\_winreg.pyd
2013-07-29 19:16 - 2004-10-11 19:22 - 00315392 _____ () C:\Program Files (x86)\ClamWin\lib\pythoncom23.dll
2013-05-10 22:30 - 2004-11-20 02:27 - 00106496 _____ () C:\Program Files (x86)\ClamWin\lib\shell.pyd
2013-05-10 22:30 - 2004-11-20 02:27 - 00065536 _____ () C:\Program Files (x86)\ClamWin\lib\win32security.pyd
2013-05-10 22:30 - 2004-01-15 13:45 - 00061440 _____ () C:\Program Files (x86)\ClamWin\lib\_ctypes.pyd
2013-05-10 22:30 - 2004-11-20 02:27 - 00077824 _____ () C:\Program Files (x86)\ClamWin\lib\win32file.pyd
2013-05-10 22:30 - 2004-11-20 02:27 - 00024576 _____ () C:\Program Files (x86)\ClamWin\lib\win32pipe.pyd
2013-05-10 22:30 - 2003-10-01 12:40 - 02240512 _____ () C:\Program Files (x86)\ClamWin\lib\wxc.pyd
2013-07-29 19:16 - 2003-10-01 10:43 - 03239936 _____ () C:\Program Files (x86)\ClamWin\lib\wxmsw24h.dll
2013-05-10 22:30 - 2003-08-10 08:14 - 00061440 _____ () C:\Program Files (x86)\ClamWin\lib\mxDateTime.pyd
2013-05-10 22:30 - 2004-05-25 20:17 - 00622651 _____ () C:\Program Files (x86)\ClamWin\lib\_bsddb.pyd
2013-05-10 22:30 - 2004-05-25 20:19 - 00045117 _____ () C:\Program Files (x86)\ClamWin\lib\datetime.pyd
2012-03-20 16:43 - 2012-03-20 16:43 - 00160376 _____ () C:\Program Files (x86)\Sony\Keyboard Shortcuts\MessageHook.dll
2012-03-20 16:43 - 2012-03-20 16:43 - 00026744 _____ () C:\Program Files (x86)\Sony\Keyboard Shortcuts\Utility.dll
2014-07-03 12:04 - 2014-08-24 15:42 - 00867896 _____ () C:\Users\Chase\AppData\Roaming\Spotify\Data\ffmpegsumo.dll
2014-06-18 20:01 - 2014-08-24 15:42 - 00886840 _____ () C:\Users\Chase\AppData\Roaming\Spotify\Data\libglesv2.dll
2014-06-18 20:02 - 2014-08-24 15:42 - 00108600 _____ () C:\Users\Chase\AppData\Roaming\Spotify\Data\libegl.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: ACDaemon => 3
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: AtherosSvc => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: DCDhcpService => 3
MSCONFIG\Services: DefaultTabUpdate => 2
MSCONFIG\Services: IAStorDataMgrSvc => 2
MSCONFIG\Services: IconMan_R => 2
MSCONFIG\Services: Intel® Capability Licensing Service Interface => 2
MSCONFIG\Services: Intel® ME Service => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: Oasis2Service => 2
MSCONFIG\Services: PMBDeviceInfoProvider => 2
MSCONFIG\Services: SampleCollector => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: SOHCImp => 3
MSCONFIG\Services: SOHDs => 3
MSCONFIG\Services: Sony SCSI Helper Service => 3
MSCONFIG\Services: SpfService => 3
MSCONFIG\Services: uCamMonitor => 2
MSCONFIG\Services: UNS => 2
MSCONFIG\Services: VAIO Event Service => 2
MSCONFIG\Services: VAIO Power Management => 3
MSCONFIG\Services: VCFw => 3
MSCONFIG\Services: VcmIAlzMgr => 3
MSCONFIG\Services: VcmINSMgr => 3
MSCONFIG\Services: VcmXmlIfHelper => 3
MSCONFIG\Services: VCService => 3
MSCONFIG\Services: VSNService => 2
MSCONFIG\Services: vToolbarUpdater14.2.0 => 2
MSCONFIG\Services: VUAgent => 3
MSCONFIG\Services: ZAtheros Bt&Wlan Coex Agent => 2
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Anti-phishing Domain Advisor => "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: AthBtTray => "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
MSCONFIG\startupreg: AtherosBtStack => "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: ISBMgr.exe => "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: PMBVolumeWatcher => c:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
MSCONFIG\startupreg: RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SONYAPO
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (09/15/2014 11:52:45 AM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Windows Update). Additional information: 0x80004005.

Error: (09/15/2014 11:51:09 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/06/2014 09:56:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/06/2014 07:56:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1204

Start Time: 01cfca206bd23899

Termination Time: 0

Application Path: C:\Windows\Explorer.EXE

Report Id: 50352496-3621-11e4-8e52-08edb9ce7e80

Error: (09/06/2014 07:30:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program KeyboardShortcuts.exe version 1.1.0.12190 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 14fc

Start Time: 01cfca209f58016a

Termination Time: 140

Application Path: C:\Program Files (x86)\Sony\Keyboard Shortcuts\KeyboardShortcuts.exe

Report Id: cb970ceb-361d-11e4-8e52-08edb9ce7e80

Error: (09/06/2014 06:55:51 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (09/06/2014 06:55:28 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (09/06/2014 06:54:57 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (09/06/2014 06:16:53 PM) (Source: MsiInstaller) (EventID: 11720) (User: NT AUTHORITY)
Description: Product: Skype Click to Call -- Error 1720. There is a problem with this Windows Installer package. A script required for this install to complete could not be run. Contact your support personnel or package vendor. Custom action GetFirefoxLocalProfilePath.AE456DBC_DDBA_441F_BC5E_0CF21D88B0A1 script error -2146827864, Microsoft VBScript runtime error: Object required: 'CreateObject(...).NameSpace(...)' Line 191, Column 7,

Error: (09/06/2014 06:16:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (09/15/2014 00:01:14 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 New Signature Version:

 Previous Signature Version: 112.1.0.0

 Update Source: %NT AUTHORITY51

 Update Stage: 4.5.0216.00

 Source Path: 4.5.0216.01

 Signature Type: %NT AUTHORITY602

 Update Type: %NT AUTHORITY604

 User: NT AUTHORITY\NETWORK SERVICE

 Current Engine Version: %NT AUTHORITY605

 Previous Engine Version: %NT AUTHORITY606

 Error code: %NT AUTHORITY607

 Error description: %NT AUTHORITY608

Error: (09/15/2014 00:01:14 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 New Signature Version:

 Previous Signature Version: 1.183.1823.0

 Update Source: %NT AUTHORITY51

 Update Stage: 4.5.0216.00

 Source Path: 4.5.0216.01

 Signature Type: %NT AUTHORITY602

 Update Type: %NT AUTHORITY604

 User: NT AUTHORITY\NETWORK SERVICE

 Current Engine Version: %NT AUTHORITY605

 Previous Engine Version: %NT AUTHORITY606

 Error code: %NT AUTHORITY607

 Error description: %NT AUTHORITY608

Error: (09/15/2014 00:01:14 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 New Signature Version:

 Previous Signature Version: 1.183.1823.0

 Update Source: %NT AUTHORITY51

 Update Stage: 4.5.0216.00

 Source Path: 4.5.0216.01

 Signature Type: %NT AUTHORITY602

 Update Type: %NT AUTHORITY604

 User: NT AUTHORITY\NETWORK SERVICE

 Current Engine Version: %NT AUTHORITY605

 Previous Engine Version: %NT AUTHORITY606

 Error code: %NT AUTHORITY607

 Error description: %NT AUTHORITY608

Error: (09/15/2014 00:01:14 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 New Signature Version:

 Previous Signature Version: 1.183.1823.0

 Update Source: %NT AUTHORITY59

 Update Stage: 4.5.0216.00

 Source Path: 4.5.0216.01

 Signature Type: %NT AUTHORITY602

 Update Type: %NT AUTHORITY604

 User: NT AUTHORITY\SYSTEM

 Current Engine Version: %NT AUTHORITY605

 Previous Engine Version: %NT AUTHORITY606

 Error code: %NT AUTHORITY607

 Error description: %NT AUTHORITY608

Error: (09/15/2014 11:50:53 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000001e (0xffffffffc0000005, 0xfffff80002ebdd35, 0x0000000000000000, 0xffffffffffffffff)C:\Windows\MEMORY.DMP091514-89778-01

Error: (09/06/2014 09:23:14 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (09/06/2014 09:23:13 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (09/06/2014 09:23:13 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (09/06/2014 06:44:42 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer MACBOOKPRO-5092
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{65DA58AE-ED11-45A6-8AC3-8385AA9B28A4}.
The master browser is stopping or an election is being forced.

Error: (08/25/2014 09:11:48 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2871997).

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel® Core™ i3-2370M CPU @ 2.40GHz
Percentage of memory in use: 62%
Total physical RAM: 3996.36 MB
Available physical RAM: 1498.69 MB
Total Pagefile: 7990.9 MB
Available Pagefile: 4998.16 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:446.92 GB) (Free:360.98 GB) NTFS
Drive d: (WDO_MEDIA64) (Removable) (Total:3.77 GB) (Free:2.29 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 03107966)
Partition 1: (Not Active) - (Size=18.5 GB) - (Type=27)
Partition 2: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=446.9 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 3.8 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================



#8 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:51 PM

Posted 15 September 2014 - 01:24 PM

Ok.


Step 1

Please uninstall some programs:
  • Click on the Start Menu button, open Control Panel and click Uninstall a program.
  • Search and select the following programs one by one and click on Uninstall:

    AdobVuIewer
    Ask Toolbar
    InternetHelper Toolbar
    MyWordTool

  • Reboot your computer.


Step 2

Please download AdwCleaner (by Xplode) and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.


Step 3

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.


#9 dgski9

dgski9
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:51 PM

Posted 15 September 2014 - 02:30 PM

Ok, so I couldn't find Ask Toolbar in the uninstall list, but the others I uninstalled.

 

Here is the contents of the AdwCleaner log:

# AdwCleaner v3.310 - Report created 15/09/2014 at 14:53:26
# Updated 12/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Chase - CHASE-VAIO
# Running from : C:\Users\Chase\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : vToolbarUpdater14.2.0

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\RHelpers
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\TubeDimmer
Folder Deleted : C:\ProgramData\Updater
Folder Deleted : C:\ProgramData\DealsaFinderPro
Folder Deleted : C:\ProgramData\FlexibleeShopppeer
Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Free Offers from Freeze.com
Folder Deleted : C:\Program Files (x86)\Optimizer Pro
Folder Deleted : C:\Program Files (x86)\PC Speed Maximizer
Folder Deleted : C:\Program Files (x86)\DealsaFinderPro
Folder Deleted : C:\Program Files (x86)\FlexibleeShopppeer
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Folder Deleted : C:\Users\Chase\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Chase\AppData\Local\Conduit
Folder Deleted : C:\Users\Chase\AppData\Local\Temp\AirInstaller
Folder Deleted : C:\Users\Chase\AppData\Local\Temp\AskSearch
Folder Deleted : C:\Users\Chase\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Chase\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Chase\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Chase\Documents\ShopToWin
Folder Deleted : C:\Users\Chase\AppData\Roaming\Mozilla\Firefox\Profiles\c8t1q0my.default\Extensions\toolbar@ask.com
Folder Deleted : C:\Users\Chase\AppData\Roaming\Mozilla\Firefox\Profiles\c8t1q0my.default\Extensions\2848alin@aeeoph.org
Folder Deleted : C:\Users\Chase\AppData\Roaming\Mozilla\Firefox\Profiles\c8t1q0my.default\Extensions\iyoqtl@uaaoeee.org
Folder Deleted : C:\Users\Chase\AppData\Roaming\Mozilla\Firefox\Profiles\c8t1q0my.default\Extensions\uowc21v8@hgazbm.org
Folder Deleted : C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb
Folder Deleted : C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpmgodoonbmgdfblmfgppfhfnncfjkbk
Folder Deleted : C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfobgleljleknejaekcgekepmcefgkgc
File Deleted : C:\END
File Deleted : C:\Users\Chase\AppData\Roaming\Mozilla\Firefox\Profiles\c8t1q0my.default\searchplugins\Askcom.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
File Deleted : C:\Users\Chase\AppData\Roaming\Mozilla\Firefox\Profiles\c8t1q0my.default\searchplugins\bingp.xml
File Deleted : C:\Users\Chase\AppData\Roaming\Mozilla\Firefox\Profiles\c8t1q0my.default\searchplugins\findwide.xml
File Deleted : C:\Users\Chase\AppData\Roaming\Mozilla\Firefox\Profiles\c8t1q0my.default\user.js
File Deleted : C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.trovi.com_0.localstorage
File Deleted : C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.trovi.com_0.localstorage-journal
File Deleted : C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.livelyrics00.live-lyrics.com_0.localstorage
File Deleted : C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.livelyrics00.live-lyrics.com_0.localstorage-journal

***** [ Scheduled Tasks ] *****

Task Deleted : Scheduled Update for Ask Toolbar

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Updater]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DynConIE.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1
Key Deleted : HKLM\SOFTWARE\Classes\dynconie.dynconieobject
Key Deleted : HKLM\SOFTWARE\Classes\dynconie.dynconieobject.1
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Updater]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\FolexibloeSahoopper.FolexibloeSahoopper
Key Deleted : HKLM\SOFTWARE\Classes\FolexibloeSahoopper.FolexibloeSahoopper.4.75
Key Deleted : HKLM\SOFTWARE\Classes\DEalsFinDerPRoi.DEalsFinDerPRoi
Key Deleted : HKLM\SOFTWARE\Classes\DEalsFinDerPRoi.DEalsFinDerPRoi.4.33
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3237160
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{38495740-0035-4471-851E-F5BBB86AB085}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{384997EE-E3BE-49C4-9ECA-C62B7C08128A}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AEEF6E65-CE3A-C2A1-D3D5-859B28711CA1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D8F85AB3-5EB8-59F3-6C83-759641CD3F66}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2830488C-079B-45C2-88B6-AFE4EAA2DF85}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{781CA792-9B6E-400B-B36F-15C097D2CA54}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FEB62B15-CC00-4736-AAEC-BA046C9DFF73}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DEDAF650-12B8-48F5-A843-BBA100716106}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AEEF6E65-CE3A-C2A1-D3D5-859B28711CA1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D8F85AB3-5EB8-59F3-6C83-759641CD3F66}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AEEF6E65-CE3A-C2A1-D3D5-859B28711CA1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D8F85AB3-5EB8-59F3-6C83-759641CD3F66}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AEEF6E65-CE3A-C2A1-D3D5-859B28711CA1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D8F85AB3-5EB8-59F3-6C83-759641CD3F66}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AEEF6E65-CE3A-C2A1-D3D5-859B28711CA1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{D8F85AB3-5EB8-59F3-6C83-759641CD3F66}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2830488C-079B-45C2-88B6-AFE4EAA2DF85}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Default Tab
Key Deleted : HKCU\Software\Tbccint_HKLM
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE
Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\AskToolbar
Key Deleted : HKLM\SOFTWARE\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Default Tab
Key Deleted : HKLM\SOFTWARE\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{779D1843-0043-65D2-D781-8614F17B6222}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17239

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]

-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\Chase\AppData\Roaming\Mozilla\Firefox\Profiles\c8t1q0my.default\prefs.js ]

Line Deleted : user_pref("browser.search.defaultenginename", "FindWide");
Line Deleted : user_pref("browser.search.selectedEngine", "FindWide");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://search.findwide.com/?guid={60838435-50A1-4C7F-AAB6-8FF3A1AE615C}&serpv=22");
Line Deleted : user_pref("extensions.1sE4.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.ne[...]
Line Deleted : user_pref("extensions.5UMJ6Rf.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo[...]
Line Deleted : user_pref("extensions.NwT.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.net[...]
Line Deleted : user_pref("extensions.PiLvT.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.n[...]
Line Deleted : user_pref("extensions.V81R.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.ne[...]
Line Deleted : user_pref("extensions.dynconff.cache.search.findwide.com.content", "<package expire=\"3600\" es=\"914\" pcdids=\"_1520_1674_1169_1864_1916_1482_1521_1717\">\r\n  <content id=\"MB_P1\">\r\n    <newjs><[...]
Line Deleted : user_pref("extensions.dynconff.cache.search.findwide.com.expires", "1410051826307");
Line Deleted : user_pref("extensions.f8gdHlTRlAZC.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sum[...]
Line Deleted : user_pref("keyword.URL", "hxxp://search.findwide.com/serp?guid={60838435-50A1-4C7F-AAB6-8FF3A1AE615C}&action=default_search&serpv=22&k=");

-\\ Google Chrome v33.0.1750.146

[ File : C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://search.findwide.com/serp?guid={60838435-50A1-4C7F-AAB6-8FF3A1AE615C}&action=default_search&serpv=22&k={searchTerms}
Deleted [Extension] : igjjkeeamkpihpncmmbgdkhdnjpcfmfb

*************************

AdwCleaner[R0].txt - [26769 octets] - [15/09/2014 14:51:26]
AdwCleaner[S0].txt - [26571 octets] - [15/09/2014 14:53:26]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [26632 octets] ##########
 

 

And here is the contents of FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by Chase (administrator) on CHASE-VAIO on 15-09-2014 14:59:10
Running from C:\Users\Chase\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Spotify Ltd) C:\Users\Chase\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(alch) C:\Program Files (x86)\ClamWin\bin\ClamTray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files (x86)\Sony\Keyboard Shortcuts\KeyboardShortcuts.exe
(Digital Delivery Networks, Inc.) C:\Program Files (x86)\DDNi\Oasis\DDNiStartup.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [ClamWin] => C:\Program Files (x86)\ClamWin\bin\ClamTray.exe [86016 2013-04-27] (alch)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-23] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_171_ActiveX.exe [701808 2013-02-26] (Adobe Systems Incorporated)
HKU\S-1-5-21-2661863286-877191386-513372732-1000\...\Run: [Spotify Web Helper] => C:\Users\Chase\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-09-15] (Spotify Ltd)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

SearchScopes: HKCU - 2B9270672CDE4D3C9958225C80F42C71 URL = http://search.findwide.com/serp?guid={60838435-50A1-4C7F-AAB6-8FF3A1AE615C}&action=default_search&serpv=22&k={searchTerms}
SearchScopes: HKCU - B37F12FC8D9548728AAD16039E06C09E URL = http://isearch.avg.com/search?cid={0FB298C4-E802-49EB-ABB1-B731E96F88A1}&mid=f03469ca672847d08ce7d9a4ff2a9773-7f5dd979fb777c692d27b27390d6e59b6827901c&lang=en&ds=ft011&pr=sa&d=2012-11-17 19:48:42&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {1B2BA2A9-C316-449F-BF1A-4029D7B0C606} URL = http://websearch.ask.com/redirect?client=ie&tb=VDJ&o=41647958&src=kw&q={searchTerms}&locale=&apn_ptnrs=8P&apn_dtid=YYYYYYYYUS&apn_uid=141C09B7-E345-4531-B401-7540673B5783&apn_sauid=EF780F95-C58B-43C8-BD8C-CE8516BBA741
SearchScopes: HKCU - {587F34DD-3192-45CF-A273-1226F24D17E6} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3237160
SearchScopes: HKCU - {8EB31D0F-6F3B-45FA-B0C5-A20F797E1A68} URL = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10741
SearchScopes: HKCU - {8F9EC4D2-76CD-41FA-A59A-606FF577FB29} URL = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20120834,17118,0,18,0
SearchScopes: HKCU - {AF266C68-BB0E-49DA-B313-50A3A12BF3B9} URL = http://www.mysearchresults.com/search?&c=2634&t=03&q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: MPP3Maker -> {91CCD4D3-919C-31A3-20B0-2EAFE935BC81} -> C:\ProgramData\MPP3Maker\m1ltm3H5.x64.dll ()
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: MPP3Maker -> {91CCD4D3-919C-31A3-20B0-2EAFE935BC81} -> C:\ProgramData\MPP3Maker\m1ltm3H5.dll ()
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {2D6C9CCE-5C62-4321-AC12-BC81A1B1D839} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\Chase\AppData\Roaming\Mozilla\Firefox\Profiles\c8t1q0my.default
FF NewTab: user_pref("browser.newtab.url", "");
FF SearchEngineOrder.3: Bing
FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @playstation.com/PsndlCheck,version=1.00 -> C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF Plugin-x32: @sony.com/ReaderDesktop -> C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Extension: AdobVuIewer - C:\Users\Chase\AppData\Roaming\Mozilla\Firefox\Profiles\c8t1q0my.default\Extensions\c.zalzqkp@k-oufp.com [2014-09-06]
FF Extension: MyWordTool - C:\Users\Chase\AppData\Roaming\Mozilla\Firefox\Profiles\c8t1q0my.default\Extensions\emily@wilford.biz [2013-11-21]
FF Extension: PdfMMaker - C:\Users\Chase\AppData\Roaming\Mozilla\Firefox\Profiles\c8t1q0my.default\Extensions\fqgd.euu@uiyrwcbq.co.uk [2014-09-06]
FF Extension: Tube Dimmer - C:\Users\Chase\AppData\Roaming\Mozilla\Firefox\Profiles\c8t1q0my.default\Extensions\support@tubedimmerapp.com [2013-11-21]
FF Extension: doownleoaddITkueep - C:\Users\Chase\AppData\Roaming\Mozilla\Firefox\Profiles\c8t1q0my.default\Extensions\zodznkzj5i5@s-i.org [2014-09-06]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-08-21]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-08-21]

Chrome:
=======
CHR HomePage: Default ->
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-03]
CHR Extension: (Google Drive) - C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-03]
CHR Extension: (YouTube) - C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-03]
CHR Extension: (No Name) - C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Extensions\ceikihncddionlfgggkohfokcnkobpnl [2013-11-23]
CHR Extension: (Last updated at $time$ on $date$) - C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-02-01]
CHR Extension: (PdfMMaker) - C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Extensions\cocbinjcpbmojbbpopnofcpnilhegkel [2014-05-03]
CHR Extension: (Google Search) - C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-03]
CHR Extension: (MyWordTool) - C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Extensions\djgojpphcoccgjoafgdhiomafpcopmfn [2013-11-21]
CHR Extension: (No Name) - C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpmgodoonbmgdfblmfgppfhfnncfjkbk [2014-06-04]
CHR Extension: (No Name) - C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb [2013-11-21]
CHR Extension: (No Name) - C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfobgleljleknejaekcgekepmcefgkgc [2014-01-24]
CHR Extension: (Skype Click to Call) - C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-11-03]
CHR Extension: (Google Wallet) - C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-03]
CHR Extension: (doownleoaddITkueep) - C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Extensions\okendimbmgmdolaefgiflbdgfcmemenl [2014-02-13]
CHR Extension: (Color Icons for Gmail) - C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Extensions\omioomoieildjihcajfoobhhiecjkmfn [2014-06-10]
CHR Extension: (Gmail) - C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-03]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S4 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [106144 2012-02-23] (Atheros Commnucations) [File not signed]
S4 DCDhcpService; C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [112256 2012-03-21] (Atheros Communication Inc.)
S4 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-03-13] ()
S4 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-03-13] (Intel Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
S4 Oasis2Service; C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [60416 2012-11-13] (Digital Delivery Networks, Inc.) [File not signed]
S4 PMBDeviceInfoProvider; c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [473960 2012-02-21] (Sony Corporation)
S4 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [260768 2011-11-30] (Sony Corporation)
S4 Sony SCSI Helper Service; C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe [73728 2011-09-23] (Sony Corporation) [File not signed]
S4 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.)
S4 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [960160 2011-12-29] (Sony Corporation)
S4 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [158880 2012-02-23] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [39768 2013-02-20] (AVG Technologies)
R3 BTATH_VDP; C:\Windows\System32\drivers\btath_vdp.sys [421664 2012-02-23] (Atheros)
S3 ElgatoGC658Y; C:\Windows\System32\Drivers\ElgatoGC658.sys [50288 2012-11-12] (UB658)
S3 lehidmini; C:\Windows\system32\drivers\leath_hid.sys [36128 2012-02-23] (Atheros)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 SmbDrv; C:\Windows\system32\drivers\Smb_driver.sys [21264 2012-03-13] (Synaptics Incorporated)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-15 14:52 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-09-15 14:51 - 2014-09-15 14:53 - 00000000 ____D () C:\AdwCleaner
2014-09-15 14:43 - 2014-09-15 14:44 - 01373475 _____ () C:\Users\Chase\Desktop\AdwCleaner.exe
2014-09-15 14:37 - 2014-09-15 14:37 - 00000000 ____D () C:\Program Files (x86)\AdobVuIewer
2014-09-15 12:17 - 2014-09-15 12:18 - 00047593 _____ () C:\Users\Chase\Desktop\Addition.txt
2014-09-15 12:16 - 2014-09-15 14:59 - 00017493 _____ () C:\Users\Chase\Desktop\FRST.txt
2014-09-15 12:15 - 2014-09-15 12:15 - 00000000 ____D () C:\Users\Chase\Desktop\FRST-OlderVersion
2014-09-15 12:14 - 2014-09-15 12:15 - 02105856 _____ (Farbar) C:\Users\Chase\Desktop\FRST64.exe
2014-09-15 11:50 - 2014-09-15 11:50 - 00278920 _____ () C:\Windows\Minidump\091514-89778-01.dmp
2014-09-08 00:54 - 2014-09-15 14:59 - 00000000 ____D () C:\FRST
2014-09-07 02:03 - 2014-09-07 22:49 - 00000000 ____D () C:\Windows\Microsoft Antimalware
2014-09-06 21:58 - 2014-09-07 22:49 - 00000000 ____D () C:\9e67603a5d01f77648e9937c308719
2014-09-06 21:12 - 2014-09-06 21:14 - 00886288 _____ (Microsoft Corporation) C:\Users\Chase\Downloads\mssstool64.exe
2014-09-06 20:58 - 2014-09-06 20:58 - 00000000 ____D () C:\Users\Chase\.swt
2014-09-06 20:57 - 2014-09-06 20:57 - 00001794 _____ () C:\Users\Public\Desktop\Vuze.lnk
2014-09-06 20:57 - 2014-09-06 20:57 - 00001794 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
2014-09-06 20:56 - 2014-09-07 22:49 - 00000000 ____D () C:\Users\Chase\AppData\Roaming\Azureus
2014-09-06 20:56 - 2014-09-07 22:49 - 00000000 ____D () C:\Program Files\Vuze
2014-09-06 20:52 - 2014-09-06 20:52 - 00072008 _____ (Azureus Software, Inc.) C:\Users\Chase\Downloads\VuzeBittorrentClientInstaller.exe
2014-09-06 20:00 - 2014-09-06 20:00 - 00007605 _____ () C:\Users\Chase\AppData\Local\Resmon.ResmonCfg
2014-09-06 19:54 - 2014-09-06 19:54 - 00000000 ____D () C:\Program Files (x86)\doownleoaddITkueep
2014-09-06 19:29 - 2014-09-06 19:29 - 00000000 __SHD () C:\Users\Chase\AppData\Local\EmieUserList
2014-09-06 19:29 - 2014-09-06 19:29 - 00000000 __SHD () C:\Users\Chase\AppData\Local\EmieSiteList
2014-09-06 19:24 - 2014-09-06 19:24 - 00000000 ____D () C:\Program Files (x86)\RoyalShopperAApp
2014-09-06 18:39 - 2014-08-22 22:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-09-06 18:39 - 2014-08-22 21:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-09-06 18:39 - 2014-08-22 20:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-09-06 18:34 - 2014-07-25 12:49 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-09-06 18:32 - 2014-07-25 12:55 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-09-06 18:32 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-09-06 18:32 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-09-06 18:28 - 2014-09-06 18:32 - 00005618 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-08-25 09:07 - 2014-05-14 12:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-25 09:07 - 2014-05-14 12:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-25 09:07 - 2014-05-14 12:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-25 09:07 - 2014-05-14 12:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-25 09:06 - 2014-05-14 12:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-25 09:06 - 2014-05-14 12:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-25 09:06 - 2014-05-14 12:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-25 09:06 - 2014-05-14 12:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-25 09:06 - 2014-05-14 12:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-25 09:06 - 2014-05-14 12:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-25 09:06 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-25 09:06 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-25 09:06 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-25 09:06 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-15 15:00 - 2014-09-15 12:16 - 00017493 _____ () C:\Users\Chase\Desktop\FRST.txt
2014-09-15 15:00 - 2012-06-16 03:58 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-15 14:59 - 2014-09-08 00:54 - 00000000 ____D () C:\FRST
2014-09-15 14:58 - 2014-06-18 20:01 - 00000000 ____D () C:\Users\Chase\AppData\Roaming\Spotify
2014-09-15 14:57 - 2014-06-18 20:02 - 00000000 ____D () C:\Users\Chase\AppData\Local\Spotify
2014-09-15 14:56 - 2013-07-29 19:34 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-15 14:56 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-15 14:56 - 2009-07-14 00:51 - 00069791 _____ () C:\Windows\setupact.log
2014-09-15 14:54 - 2012-06-21 23:54 - 01216511 _____ () C:\Windows\WindowsUpdate.log
2014-09-15 14:54 - 2010-11-20 23:47 - 00165696 _____ () C:\Windows\PFRO.log
2014-09-15 14:54 - 2009-07-14 00:45 - 00028576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-15 14:54 - 2009-07-14 00:45 - 00028576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-15 14:53 - 2014-09-15 14:51 - 00000000 ____D () C:\AdwCleaner
2014-09-15 14:48 - 2009-07-14 00:45 - 00445256 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-15 14:45 - 2014-01-31 23:35 - 00000000 ____D () C:\ProgramData\AdobVuIewer
2014-09-15 14:44 - 2014-09-15 14:43 - 01373475 _____ () C:\Users\Chase\Desktop\AdwCleaner.exe
2014-09-15 14:40 - 2013-07-29 19:34 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-15 14:39 - 2013-11-21 16:51 - 00000000 ____D () C:\Users\Chase\AppData\Roaming\MyWordTool
2014-09-15 14:37 - 2014-09-15 14:37 - 00000000 ____D () C:\Program Files (x86)\AdobVuIewer
2014-09-15 14:37 - 2014-01-24 18:10 - 00000000 ____D () C:\ProgramData\9e3c7ebbd87082a9
2014-09-15 12:18 - 2014-09-15 12:17 - 00047593 _____ () C:\Users\Chase\Desktop\Addition.txt
2014-09-15 12:15 - 2014-09-15 12:15 - 00000000 ____D () C:\Users\Chase\Desktop\FRST-OlderVersion
2014-09-15 12:15 - 2014-09-15 12:14 - 02105856 _____ (Farbar) C:\Users\Chase\Desktop\FRST64.exe
2014-09-15 11:50 - 2014-09-15 11:50 - 00278920 _____ () C:\Windows\Minidump\091514-89778-01.dmp
2014-09-15 11:50 - 2012-11-24 01:37 - 00000000 ____D () C:\Windows\Minidump
2014-09-15 11:49 - 2012-11-24 01:36 - 531081513 _____ () C:\Windows\MEMORY.DMP
2014-09-07 22:49 - 2014-09-07 02:03 - 00000000 ____D () C:\Windows\Microsoft Antimalware
2014-09-07 22:49 - 2014-09-06 21:58 - 00000000 ____D () C:\9e67603a5d01f77648e9937c308719
2014-09-07 22:49 - 2014-09-06 20:56 - 00000000 ____D () C:\Users\Chase\AppData\Roaming\Azureus
2014-09-07 22:49 - 2014-09-06 20:56 - 00000000 ____D () C:\Program Files\Vuze
2014-09-07 22:49 - 2013-11-03 17:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-07 22:49 - 2012-08-19 20:30 - 00000000 ____D () C:\Users\Chase\AppData\Roaming\Skype
2014-09-07 22:49 - 2012-08-19 17:59 - 00000000 ____D () C:\Users\Chase
2014-09-07 22:49 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat
2014-09-06 21:54 - 2014-06-04 18:39 - 00000000 ____D () C:\ProgramData\RoyalShopperAApp
2014-09-06 21:54 - 2014-02-13 21:25 - 00000000 ____D () C:\ProgramData\doownleoaddITkueep
2014-09-06 21:26 - 2009-07-14 01:13 - 00786622 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-06 21:14 - 2014-09-06 21:12 - 00886288 _____ (Microsoft Corporation) C:\Users\Chase\Downloads\mssstool64.exe
2014-09-06 21:14 - 2013-08-17 03:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-06 20:58 - 2014-09-06 20:58 - 00000000 ____D () C:\Users\Chase\.swt
2014-09-06 20:57 - 2014-09-06 20:57 - 00001794 _____ () C:\Users\Public\Desktop\Vuze.lnk
2014-09-06 20:57 - 2014-09-06 20:57 - 00001794 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
2014-09-06 20:52 - 2014-09-06 20:52 - 00072008 _____ (Azureus Software, Inc.) C:\Users\Chase\Downloads\VuzeBittorrentClientInstaller.exe
2014-09-06 20:01 - 2012-09-13 19:49 - 00000000 ____D () C:\Users\Chase\AppData\Local\Adobe
2014-09-06 20:00 - 2014-09-06 20:00 - 00007605 _____ () C:\Users\Chase\AppData\Local\Resmon.ResmonCfg
2014-09-06 19:59 - 2012-06-16 03:58 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-06 19:59 - 2012-06-16 03:58 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-06 19:59 - 2012-06-16 03:58 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-06 19:54 - 2014-09-06 19:54 - 00000000 ____D () C:\Program Files (x86)\doownleoaddITkueep
2014-09-06 19:29 - 2014-09-06 19:29 - 00000000 __SHD () C:\Users\Chase\AppData\Local\EmieUserList
2014-09-06 19:29 - 2014-09-06 19:29 - 00000000 __SHD () C:\Users\Chase\AppData\Local\EmieSiteList
2014-09-06 19:24 - 2014-09-06 19:24 - 00000000 ____D () C:\Program Files (x86)\RoyalShopperAApp
2014-09-06 19:24 - 2014-01-31 23:35 - 00000000 ____D () C:\ProgramData\jfdjcnooccknaajlklmjgfcnlmacdmkl
2014-09-06 18:35 - 2013-11-03 17:03 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-06 18:32 - 2014-09-06 18:28 - 00005618 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-09-06 18:32 - 2013-07-29 19:31 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-22 22:07 - 2014-09-06 18:39 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-22 21:45 - 2014-09-06 18:39 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-22 20:59 - 2014-09-06 18:39 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-19 21:13 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

Some content of TEMP:
====================
C:\Users\Chase\AppData\Local\Temp\-lcyyjg_.dll
C:\Users\Chase\AppData\Local\Temp\5pbrhoxz.dll
C:\Users\Chase\AppData\Local\Temp\60BB_fdminst.exe
C:\Users\Chase\AppData\Local\Temp\air2FA2.exe
C:\Users\Chase\AppData\Local\Temp\air60BC.exe
C:\Users\Chase\AppData\Local\Temp\airA25E.exe
C:\Users\Chase\AppData\Local\Temp\airCC7B.exe
C:\Users\Chase\AppData\Local\Temp\airF5BD.exe
C:\Users\Chase\AppData\Local\Temp\APNStub.exe
C:\Users\Chase\AppData\Local\Temp\COMAP.EXE
C:\Users\Chase\AppData\Local\Temp\contentDATs.exe
C:\Users\Chase\AppData\Local\Temp\i4jdel0.exe
C:\Users\Chase\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Chase\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Chase\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
C:\Users\Chase\AppData\Local\Temp\mssinstaller.exe
C:\Users\Chase\AppData\Local\Temp\oi_{6509B89E-91BE-4B8E-A323-75CAD4E87620}.exe
C:\Users\Chase\AppData\Local\Temp\q143e1ho.dll
C:\Users\Chase\AppData\Local\Temp\Quarantine.exe
C:\Users\Chase\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Chase\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Chase\AppData\Local\Temp\TB_4E5.exe
C:\Users\Chase\AppData\Local\Temp\wqogityn.dll
C:\Users\Chase\AppData\Local\Temp\YontooSetup-S.exe
C:\Users\Chase\AppData\Local\Temp\zo0wmtbx.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-12 03:49

==================== End Of Log ============================



#10 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:51 PM

Posted 15 September 2014 - 02:37 PM

Ok. How is your computer running after the following steps?


Step 1

Please download this attached Attached File  fixlist.txt   3.16KB   2 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


Step 2

Please download the ESET Online Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.
Note: Do not forget to re-enable your antivirus application after running the above scan!



Step 3

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.


#11 dgski9

dgski9
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:51 PM

Posted 15 September 2014 - 06:55 PM

The machine is running ok, a bit jerky.... Still getting lots of adds/pop ups from Tube Dimmer.

 

Contents of fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-09-2014
Ran by Chase at 2014-09-15 15:46:17 Run:2
Running from C:\Users\Chase\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CloseProcesses:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKCU - 2B9270672CDE4D3C9958225C80F42C71 URL = http://search.findwide.com/serp?guid={60838435-50A1-4C7F-AAB6-8FF3A1AE615C}&action=default_search&serpv=22&k={searchTerms}
SearchScopes: HKCU - B37F12FC8D9548728AAD16039E06C09E URL = http://isearch.avg.com/search?cid={0FB298C4-E802-49EB-ABB1-B731E96F88A1}&mid=f03469ca672847d08ce7d9a4ff2a9773-7f5dd979fb777c692d27b27390d6e59b6827901c&lang=en&ds=ft011&pr=sa&d=2012-11-17 19:48:42&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {1B2BA2A9-C316-449F-BF1A-4029D7B0C606} URL = http://websearch.ask.com/redirect?client=ie&tb=VDJ&o=41647958&src=kw&q={searchTerms}&locale=&apn_ptnrs=8P&apn_dtid=YYYYYYYYUS&apn_uid=141C09B7-E345-4531-B401-7540673B5783&apn_sauid=EF780F95-C58B-43C8-BD8C-CE8516BBA741
SearchScopes: HKCU - {587F34DD-3192-45CF-A273-1226F24D17E6} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3237160
SearchScopes: HKCU - {AF266C68-BB0E-49DA-B313-50A3A12BF3B9} URL = http://www.mysearchresults.com/search?&c=2634&t=03&q={searchTerms}
BHO-x32: MPP3Maker -> {91CCD4D3-919C-31A3-20B0-2EAFE935BC81} -> C:\ProgramData\MPP3Maker\m1ltm3H5.dll ()
C:\ProgramData\MPP3Maker
FF Extension: AdobVuIewer - C:\Users\Chase\AppData\Roaming\Mozilla\Firefox\Profiles\c8t1q0my.default\Extensions\c.zalzqkp@k-oufp.com [2014-09-06]
FF Extension: MyWordTool - C:\Users\Chase\AppData\Roaming\Mozilla\Firefox\Profiles\c8t1q0my.default\Extensions\emily@wilford.biz [2013-11-21]
FF Extension: PdfMMaker - C:\Users\Chase\AppData\Roaming\Mozilla\Firefox\Profiles\c8t1q0my.default\Extensions\fqgd.euu@uiyrwcbq.co.uk [2014-09-06]
FF Extension: doownleoaddITkueep - C:\Users\Chase\AppData\Roaming\Mozilla\Firefox\Profiles\c8t1q0my.default\Extensions\zodznkzj5i5@s-i.org [2014-09-06]
CHR Extension: (PdfMMaker) - C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Extensions\cocbinjcpbmojbbpopnofcpnilhegkel [2014-05-03]
CHR Extension: (MyWordTool) - C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Extensions\djgojpphcoccgjoafgdhiomafpcopmfn [2013-11-21]
CHR Extension: (No Name) - C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpmgodoonbmgdfblmfgppfhfnncfjkbk [2014-06-04]
CHR Extension: (No Name) - C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb [2013-11-21]
CHR Extension: (No Name) - C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfobgleljleknejaekcgekepmcefgkgc [2014-01-24]
CHR Extension: (doownleoaddITkueep) - C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Extensions\okendimbmgmdolaefgiflbdgfcmemenl [2014-02-13]
2014-09-15 14:37 - 2014-09-15 14:37 - 00000000 ____D () C:\Program Files (x86)\AdobVuIewer
2014-09-06 19:54 - 2014-09-06 19:54 - 00000000 ____D () C:\Program Files (x86)\doownleoaddITkueep
2014-09-06 19:24 - 2014-09-06 19:24 - 00000000 ____D () C:\Program Files (x86)\RoyalShopperAApp
 2014-09-06 19:24 - 2014-01-31 23:35 - 00000000 ____D () C:\ProgramData\jfdjcnooccknaajlklmjgfcnlmacdmkl
EmptyTemp:
*****************

Processes closed successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\2B9270672CDE4D3C9958225C80F42C71" => Key deleted successfully.
"HKCR\CLSID\2B9270672CDE4D3C9958225C80F42C71" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\B37F12FC8D9548728AAD16039E06C09E" => Key deleted successfully.
"HKCR\CLSID\B37F12FC8D9548728AAD16039E06C09E" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1B2BA2A9-C316-449F-BF1A-4029D7B0C606}" => Key deleted successfully.
"HKCR\CLSID\{1B2BA2A9-C316-449F-BF1A-4029D7B0C606}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{587F34DD-3192-45CF-A273-1226F24D17E6}" => Key deleted successfully.
"HKCR\CLSID\{587F34DD-3192-45CF-A273-1226F24D17E6}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AF266C68-BB0E-49DA-B313-50A3A12BF3B9}" => Key deleted successfully.
"HKCR\CLSID\{AF266C68-BB0E-49DA-B313-50A3A12BF3B9}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{91CCD4D3-919C-31A3-20B0-2EAFE935BC81}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{91CCD4D3-919C-31A3-20B0-2EAFE935BC81}" => Key deleted successfully.
C:\ProgramData\MPP3Maker => Moved successfully.
C:\Users\Chase\AppData\Roaming\Mozilla\Firefox\Profiles\c8t1q0my.default\Extensions\c.zalzqkp@k-oufp.com => Moved successfully.
C:\Users\Chase\AppData\Roaming\Mozilla\Firefox\Profiles\c8t1q0my.default\Extensions\emily@wilford.biz => Moved successfully.
C:\Users\Chase\AppData\Roaming\Mozilla\Firefox\Profiles\c8t1q0my.default\Extensions\fqgd.euu@uiyrwcbq.co.uk => Moved successfully.
C:\Users\Chase\AppData\Roaming\Mozilla\Firefox\Profiles\c8t1q0my.default\Extensions\zodznkzj5i5@s-i.org => Moved successfully.
C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Extensions\cocbinjcpbmojbbpopnofcpnilhegkel directory not found.
C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Extensions\djgojpphcoccgjoafgdhiomafpcopmfn directory not found.
C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpmgodoonbmgdfblmfgppfhfnncfjkbk directory not found.
C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb directory not found.
C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfobgleljleknejaekcgekepmcefgkgc directory not found.
C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Extensions\okendimbmgmdolaefgiflbdgfcmemenl directory not found.
C:\Program Files (x86)\AdobVuIewer => Moved successfully.
C:\Program Files (x86)\doownleoaddITkueep => Moved successfully.
C:\Program Files (x86)\RoyalShopperAApp => Moved successfully.
C:\ProgramData\jfdjcnooccknaajlklmjgfcnlmacdmkl => Moved successfully.
EmptyTemp: => Removed 3.1 GB temporary data.


The system needed a reboot.

==== End of Fixlog ====

 

Contents of ESETlog

 

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Ask.com\GenericAskToolbar.dll.vir    a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Ask.com\SaUpdate.exe.vir    a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Ask.com\UpdateTask.exe.vir    a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir    Win32/Toolbar.Conduit.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\ProgramData\RHelpers\ChromeHelper\ChromeHelper.exe.vir    a variant of Win32/ExFriendAlert.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\ProgramData\RHelpers\FirefoxHelper\FirefoxHelper.exe.vir    a variant of Win32/ExFriendAlert.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\ProgramData\RHelpers\IeHelper\IeHelper.exe.vir    a variant of Win32/ExFriendAlert.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\ProgramData\TubeDimmer\IE\common.dll.vir    a variant of Win32/ExFriendAlert.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\ProgramData\Updater\Uninstall.exe.vir    a variant of Win32/ExFriendAlert.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\Local\Conduit\Community Alerts\Alert.dll.vir    a variant of Win32/Toolbar.Conduit.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfobgleljleknejaekcgekepmcefgkgc\4.33\KPewb.js.vir    Win32/Adware.MultiPlug.H application
C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\Roaming\Mozilla\Firefox\Profiles\c8t1q0my.default\Extensions\iyoqtl@uaaoeee.org\content\bg.js.vir    Win32/Adware.MultiPlug.H application
C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\Roaming\Mozilla\Firefox\Profiles\c8t1q0my.default\Extensions\toolbar@ask.com\chrome\content\issigned.exe.vir    a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\Roaming\Mozilla\Firefox\Profiles\c8t1q0my.default\Extensions\uowc21v8@hgazbm.org\content\bg.js.vir    Win32/Adware.MultiPlug.H application
C:\Downloads\virtual dj setup.exe    a variant of Win32/Soft32Downloader.C potentially unwanted application
C:\FRST\Quarantine\C\ProgramData\MPP3Maker\m1ltm3H5.dll    a variant of Win32/AdWare.MultiPlug.N application
C:\FRST\Quarantine\C\ProgramData\MPP3Maker\m1ltm3H5.exe    a variant of Win32/AdWare.MultiPlug.K.gen application
C:\FRST\Quarantine\C\ProgramData\MPP3Maker\m1ltm3H5.x64.dll    a variant of Win64/Adware.MultiPlug.A application
C:\ProgramData\lgmpmieedegcbdjfafnblmfiadcebcgg\SygU.js    Win32/Adware.MultiPlug.H application
C:\Users\All Users\lgmpmieedegcbdjfafnblmfiadcebcgg\SygU.js    Win32/Adware.MultiPlug.H application
C:\Users\Chase\Downloads\gimp-setup (1).exe    Win32/DownloadAdmin.G potentially unwanted application
C:\Users\Chase\Downloads\gimp-setup.exe    Win32/DownloadAdmin.G potentially unwanted application
C:\Users\Chase\Downloads\Player-Chrome.exe    a variant of Win32/AdWare.iBryte.AM application
C:\Users\Chase\Downloads\Setup.exe    a variant of Win32/AdWare.iBryte.Q application
C:\Windows\Installer\MSIE25D.tmp    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
 

 

Contents of FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by Chase (administrator) on CHASE-VAIO on 15-09-2014 19:28:39
Running from C:\Users\Chase\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Spotify Ltd) C:\Users\Chase\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Program Files (x86)\Sony\Keyboard Shortcuts\KeyboardShortcuts.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Digital Delivery Networks, Inc.) C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Improvement\vim.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Improvement\vim.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [ClamWin] => C:\Program Files (x86)\ClamWin\bin\ClamTray.exe [86016 2013-04-27] (alch)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-23] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_171_ActiveX.exe [701808 2013-02-26] (Adobe Systems Incorporated)
HKU\S-1-5-21-2661863286-877191386-513372732-1000\...\Run: [Spotify Web Helper] => C:\Users\Chase\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-09-15] (Spotify Ltd)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

SearchScopes: HKCU - {8EB31D0F-6F3B-45FA-B0C5-A20F797E1A68} URL = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10741
SearchScopes: HKCU - {8F9EC4D2-76CD-41FA-A59A-606FF577FB29} URL = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20120834,17118,0,18,0
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: MPP3Maker -> {91CCD4D3-919C-31A3-20B0-2EAFE935BC81} -> C:\ProgramData\MPP3Maker\m1ltm3H5.x64.dll No File
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {2D6C9CCE-5C62-4321-AC12-BC81A1B1D839} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\Chase\AppData\Roaming\Mozilla\Firefox\Profiles\c8t1q0my.default
FF NewTab: user_pref("browser.newtab.url", "");
FF SearchEngineOrder.3: Bing
FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @playstation.com/PsndlCheck,version=1.00 -> C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF Plugin-x32: @sony.com/ReaderDesktop -> C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Extension: Tube Dimmer - C:\Users\Chase\AppData\Roaming\Mozilla\Firefox\Profiles\c8t1q0my.default\Extensions\support@tubedimmerapp.com [2013-11-21]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-08-21]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-08-21]

Chrome:
=======
CHR HomePage: Default ->
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Skype Click to Call) - C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-11-03]
CHR Extension: (Google Wallet) - C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-03]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S4 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [106144 2012-02-23] (Atheros Commnucations) [File not signed]
S4 DCDhcpService; C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [112256 2012-03-21] (Atheros Communication Inc.)
S4 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-03-13] ()
S4 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-03-13] (Intel Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
S4 Oasis2Service; C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [60416 2012-11-13] (Digital Delivery Networks, Inc.) [File not signed]
S4 PMBDeviceInfoProvider; c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [473960 2012-02-21] (Sony Corporation)
S4 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [260768 2011-11-30] (Sony Corporation)
S4 Sony SCSI Helper Service; C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe [73728 2011-09-23] (Sony Corporation) [File not signed]
S4 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.)
S4 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [960160 2011-12-29] (Sony Corporation)
S4 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [158880 2012-02-23] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [39768 2013-02-20] (AVG Technologies)
R3 BTATH_VDP; C:\Windows\System32\drivers\btath_vdp.sys [421664 2012-02-23] (Atheros)
S3 ElgatoGC658Y; C:\Windows\System32\Drivers\ElgatoGC658.sys [50288 2012-11-12] (UB658)
S3 lehidmini; C:\Windows\system32\drivers\leath_hid.sys [36128 2012-02-23] (Atheros)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 SmbDrv; C:\Windows\system32\drivers\Smb_driver.sys [21264 2012-03-13] (Synaptics Incorporated)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-15 16:02 - 2014-09-15 16:02 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-15 16:01 - 2014-09-15 16:00 - 02347384 _____ (ESET) C:\Users\Chase\Desktop\esetsmartinstaller_enu.exe
2014-09-15 16:00 - 2014-09-15 16:00 - 02347384 _____ (ESET) C:\Users\Chase\Downloads\esetsmartinstaller_enu.exe
2014-09-15 14:52 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-09-15 14:51 - 2014-09-15 14:53 - 00000000 ____D () C:\AdwCleaner
2014-09-15 14:43 - 2014-09-15 14:44 - 01373475 _____ () C:\Users\Chase\Desktop\AdwCleaner.exe
2014-09-15 12:17 - 2014-09-15 12:18 - 00047593 _____ () C:\Users\Chase\Desktop\Addition.txt
2014-09-15 12:16 - 2014-09-15 19:28 - 00014058 _____ () C:\Users\Chase\Desktop\FRST.txt
2014-09-15 12:15 - 2014-09-15 12:15 - 00000000 ____D () C:\Users\Chase\Desktop\FRST-OlderVersion
2014-09-15 12:14 - 2014-09-15 12:15 - 02105856 _____ (Farbar) C:\Users\Chase\Desktop\FRST64.exe
2014-09-15 11:50 - 2014-09-15 11:50 - 00278920 _____ () C:\Windows\Minidump\091514-89778-01.dmp
2014-09-08 00:54 - 2014-09-15 19:28 - 00000000 ____D () C:\FRST
2014-09-07 02:03 - 2014-09-07 22:49 - 00000000 ____D () C:\Windows\Microsoft Antimalware
2014-09-06 21:58 - 2014-09-07 22:49 - 00000000 ____D () C:\9e67603a5d01f77648e9937c308719
2014-09-06 21:12 - 2014-09-06 21:14 - 00886288 _____ (Microsoft Corporation) C:\Users\Chase\Downloads\mssstool64.exe
2014-09-06 20:58 - 2014-09-06 20:58 - 00000000 ____D () C:\Users\Chase\.swt
2014-09-06 20:57 - 2014-09-06 20:57 - 00001794 _____ () C:\Users\Public\Desktop\Vuze.lnk
2014-09-06 20:57 - 2014-09-06 20:57 - 00001794 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
2014-09-06 20:56 - 2014-09-07 22:49 - 00000000 ____D () C:\Users\Chase\AppData\Roaming\Azureus
2014-09-06 20:56 - 2014-09-07 22:49 - 00000000 ____D () C:\Program Files\Vuze
2014-09-06 20:52 - 2014-09-06 20:52 - 00072008 _____ (Azureus Software, Inc.) C:\Users\Chase\Downloads\VuzeBittorrentClientInstaller.exe
2014-09-06 20:00 - 2014-09-06 20:00 - 00007605 _____ () C:\Users\Chase\AppData\Local\Resmon.ResmonCfg
2014-09-06 19:29 - 2014-09-06 19:29 - 00000000 __SHD () C:\Users\Chase\AppData\Local\EmieUserList
2014-09-06 19:29 - 2014-09-06 19:29 - 00000000 __SHD () C:\Users\Chase\AppData\Local\EmieSiteList
2014-09-06 18:39 - 2014-08-22 22:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-09-06 18:39 - 2014-08-22 21:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-09-06 18:39 - 2014-08-22 20:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-09-06 18:34 - 2014-07-25 12:49 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-09-06 18:32 - 2014-07-25 12:55 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-09-06 18:32 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-09-06 18:32 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-09-06 18:28 - 2014-09-06 18:32 - 00005618 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-08-25 09:07 - 2014-05-14 12:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-25 09:07 - 2014-05-14 12:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-25 09:07 - 2014-05-14 12:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-25 09:07 - 2014-05-14 12:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-25 09:06 - 2014-05-14 12:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-25 09:06 - 2014-05-14 12:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-25 09:06 - 2014-05-14 12:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-25 09:06 - 2014-05-14 12:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-25 09:06 - 2014-05-14 12:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-25 09:06 - 2014-05-14 12:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-25 09:06 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-25 09:06 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-25 09:06 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-25 09:06 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-15 19:29 - 2014-09-15 12:16 - 00014058 _____ () C:\Users\Chase\Desktop\FRST.txt
2014-09-15 19:28 - 2014-09-08 00:54 - 00000000 ____D () C:\FRST
2014-09-15 19:24 - 2012-06-21 23:54 - 01233629 _____ () C:\Windows\WindowsUpdate.log
2014-09-15 19:23 - 2013-07-29 19:34 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-15 19:23 - 2012-06-16 03:58 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-15 17:35 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-09-15 16:02 - 2014-09-15 16:02 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-15 16:00 - 2014-09-15 16:01 - 02347384 _____ (ESET) C:\Users\Chase\Desktop\esetsmartinstaller_enu.exe
2014-09-15 16:00 - 2014-09-15 16:00 - 02347384 _____ (ESET) C:\Users\Chase\Downloads\esetsmartinstaller_enu.exe
2014-09-15 15:57 - 2013-12-17 17:08 - 00002102 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-15 15:57 - 2009-07-14 00:45 - 00028576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-15 15:57 - 2009-07-14 00:45 - 00028576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-15 15:56 - 2013-07-29 19:34 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-15 15:51 - 2013-07-29 19:34 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-09-15 15:51 - 2013-07-29 19:34 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-09-15 15:50 - 2014-01-31 23:35 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-09-15 15:50 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-15 15:50 - 2009-07-14 00:51 - 00069847 _____ () C:\Windows\setupact.log
2014-09-15 15:49 - 2010-11-20 23:47 - 00264136 _____ () C:\Windows\PFRO.log
2014-09-15 15:46 - 2009-07-13 23:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-09-15 14:58 - 2014-06-18 20:01 - 00000000 ____D () C:\Users\Chase\AppData\Roaming\Spotify
2014-09-15 14:57 - 2014-06-18 20:02 - 00000000 ____D () C:\Users\Chase\AppData\Local\Spotify
2014-09-15 14:53 - 2014-09-15 14:51 - 00000000 ____D () C:\AdwCleaner
2014-09-15 14:48 - 2009-07-14 00:45 - 00445256 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-15 14:45 - 2014-01-31 23:35 - 00000000 ____D () C:\ProgramData\AdobVuIewer
2014-09-15 14:44 - 2014-09-15 14:43 - 01373475 _____ () C:\Users\Chase\Desktop\AdwCleaner.exe
2014-09-15 14:39 - 2013-11-21 16:51 - 00000000 ____D () C:\Users\Chase\AppData\Roaming\MyWordTool
2014-09-15 14:37 - 2014-01-24 18:10 - 00000000 ____D () C:\ProgramData\9e3c7ebbd87082a9
2014-09-15 12:18 - 2014-09-15 12:17 - 00047593 _____ () C:\Users\Chase\Desktop\Addition.txt
2014-09-15 12:15 - 2014-09-15 12:15 - 00000000 ____D () C:\Users\Chase\Desktop\FRST-OlderVersion
2014-09-15 12:15 - 2014-09-15 12:14 - 02105856 _____ (Farbar) C:\Users\Chase\Desktop\FRST64.exe
2014-09-15 11:50 - 2014-09-15 11:50 - 00278920 _____ () C:\Windows\Minidump\091514-89778-01.dmp
2014-09-15 11:50 - 2012-11-24 01:37 - 00000000 ____D () C:\Windows\Minidump
2014-09-15 11:49 - 2012-11-24 01:36 - 531081513 _____ () C:\Windows\MEMORY.DMP
2014-09-07 22:49 - 2014-09-07 02:03 - 00000000 ____D () C:\Windows\Microsoft Antimalware
2014-09-07 22:49 - 2014-09-06 21:58 - 00000000 ____D () C:\9e67603a5d01f77648e9937c308719
2014-09-07 22:49 - 2014-09-06 20:56 - 00000000 ____D () C:\Users\Chase\AppData\Roaming\Azureus
2014-09-07 22:49 - 2014-09-06 20:56 - 00000000 ____D () C:\Program Files\Vuze
2014-09-07 22:49 - 2013-11-03 17:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-07 22:49 - 2012-08-19 20:30 - 00000000 ____D () C:\Users\Chase\AppData\Roaming\Skype
2014-09-07 22:49 - 2012-08-19 17:59 - 00000000 ____D () C:\Users\Chase
2014-09-07 22:49 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat
2014-09-06 21:54 - 2014-06-04 18:39 - 00000000 ____D () C:\ProgramData\RoyalShopperAApp
2014-09-06 21:54 - 2014-02-13 21:25 - 00000000 ____D () C:\ProgramData\doownleoaddITkueep
2014-09-06 21:26 - 2009-07-14 01:13 - 00786622 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-06 21:14 - 2014-09-06 21:12 - 00886288 _____ (Microsoft Corporation) C:\Users\Chase\Downloads\mssstool64.exe
2014-09-06 21:14 - 2013-08-17 03:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-06 20:58 - 2014-09-06 20:58 - 00000000 ____D () C:\Users\Chase\.swt
2014-09-06 20:57 - 2014-09-06 20:57 - 00001794 _____ () C:\Users\Public\Desktop\Vuze.lnk
2014-09-06 20:57 - 2014-09-06 20:57 - 00001794 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
2014-09-06 20:52 - 2014-09-06 20:52 - 00072008 _____ (Azureus Software, Inc.) C:\Users\Chase\Downloads\VuzeBittorrentClientInstaller.exe
2014-09-06 20:01 - 2012-09-13 19:49 - 00000000 ____D () C:\Users\Chase\AppData\Local\Adobe
2014-09-06 20:00 - 2014-09-06 20:00 - 00007605 _____ () C:\Users\Chase\AppData\Local\Resmon.ResmonCfg
2014-09-06 19:59 - 2012-06-16 03:58 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-06 19:59 - 2012-06-16 03:58 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-06 19:59 - 2012-06-16 03:58 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-06 19:29 - 2014-09-06 19:29 - 00000000 __SHD () C:\Users\Chase\AppData\Local\EmieUserList
2014-09-06 19:29 - 2014-09-06 19:29 - 00000000 __SHD () C:\Users\Chase\AppData\Local\EmieSiteList
2014-09-06 18:35 - 2013-11-03 17:03 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-06 18:32 - 2014-09-06 18:28 - 00005618 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-09-06 18:32 - 2013-07-29 19:31 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-22 22:07 - 2014-09-06 18:39 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-22 21:45 - 2014-09-06 18:39 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-22 20:59 - 2014-09-06 18:39 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-19 21:13 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-15 17:28

==================== End Of Log ============================



#12 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:51 PM

Posted 15 September 2014 - 08:25 PM

Then let's get rid of this as well.
What problems remain after this fix?


Please download this attached Attached File  fixlist.txt   310bytes   1 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


#13 dgski9

dgski9
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:51 PM

Posted 16 September 2014 - 02:54 PM

Things seem to be back to normal..... thanks so much.

 

Here is the contents of the fixlog

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-09-2014
Ran by Chase at 2014-09-16 15:46:52 Run:3
Running from C:\Users\Chase\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\ProgramData\lgmpmieedegcbdjfafnblmfiadcebcgg
BHO: MPP3Maker -> {91CCD4D3-919C-31A3-20B0-2EAFE935BC81} -> C:\ProgramData\MPP3Maker\m1ltm3H5.x64.dll No File
FF Extension: Tube Dimmer - C:\Users\Chase\AppData\Roaming\Mozilla\Firefox\Profiles\c8t1q0my.default\Extensions\support@tubedimmerapp.com [2013-11-21]
*****************

C:\ProgramData\lgmpmieedegcbdjfafnblmfiadcebcgg => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{91CCD4D3-919C-31A3-20B0-2EAFE935BC81}" => Key deleted successfully.
"HKCR\CLSID\{91CCD4D3-919C-31A3-20B0-2EAFE935BC81}" => Key deleted successfully.
C:\Users\Chase\AppData\Roaming\Mozilla\Firefox\Profiles\c8t1q0my.default\Extensions\support@tubedimmerapp.com => Moved successfully.

==== End of Fixlog ====



#14 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:51 PM

Posted 16 September 2014 - 03:49 PM

That's it! Your logs look clean to me at the moment.
We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody.
If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif.
Thank you!



Clean Up

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:
  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Download DelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.


Closing security holes

Many infections happen via drive-by downloads that run unnoticed in the background while the user visits an infected website. To achieve this malware exploits security holes in installed software (e.g. browser or its plugins). Older versions of such software often have lots of known exploitable holes. Therefore it's very important to always keep your software up-to-date.
The following software is outdated. Make sure you remove all old versions and install the current one instead if you need the program:

Adobe Flash Player 11 ActiveX
Adobe Flash Player 14 Plugin
Adobe Reader X MUI
Java™ 7 Update 1 (64-bit)
Mozilla Firefox 24.0 (x86 en-US)




Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.

#15 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:51 PM

Posted 29 September 2014 - 09:10 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users