Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to install Kaspersky Internet Security.. dont know what I have. :(


  • This topic is locked This topic is locked
11 replies to this topic

#1 bugnut

bugnut

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 19 September 2014 - 12:33 AM

I am trying to install Kaspersky Internet Security and something is not allowing me to install it.  When I try to install from the CD I get a pop-up with this message:

 

"This file does not have a program associated with it for performing this action. Please install a program or, if one is already installed, create an association in the Default Programs control panel."

 

When I try to run it from the CD directly or to install it from their downloaded file, I get a pop-up with an "X" in a red circle and the numeral 5 next to it..thats it.

 

I had Kaspersky Anti-Virus installed prior and thought that was causing problems so I uninstalled it but that didn't help. I had found some toolbar helpers that I had removed as well.  Kaspersky support is unable to figure it out so I thought I'd bring it to the pros. :)

 

Thanks for the help!

 

Here is the log:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17280  BrowserJavaVersion: 10.67.2
Run by Sean at 17:47:32 on 2014-09-18
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8046.3545 [GMT -10:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Google\Chrome Remote Desktop\37.0.2062.28\remoting_host.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
c:\program files\soluto\soluto.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Google\Chrome Remote Desktop\37.0.2062.28\remoting_host.exe
C:\Program Files (x86)\LenovoEMC Storage Manager\pCloudd.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Soluto\SolutoLauncherService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Soluto\SolutoService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Syncplicity\Syncplicity.exe
C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\SONY\VAIO Event Service\VESMgrSub.exe
C:\Users\Sean\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
C:\Program Files (x86)\eFax Messenger 4.4\J2GDllCmd.exe
C:\Users\Sean\AppData\Local\Viber\Viber.exe
C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\eFax Messenger 4.4\J2GTray.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Windows\system32\RunDll32.exe
C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\HP\HP Officejet Pro 8600\bin\HPNetworkCommunicator.exe
C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
C:\Program Files\Sony\VAIO Update\VUAgent.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Soluto\SolutoRemoteService.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Users\Sean\AppData\Roaming\Copy\CopyAgent.exe
C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\SONY\VAIO Care\VCService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\SONY\VAIO Care\VCAgent.exe
C:\Program Files\Box Sync\BoxSyncHelper.exe
C:\program files\box sync\boxsync.exe
C:\Program Files (x86)\1Password\Agile1pService.exe
C:\Program Files (x86)\1Password\Agile1pAgent.exe
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\System32\vds.exe
C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\explorer.exe
C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sean\Downloads\HijackThis.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.us/
uSearch Bar = Preserve
uProxyOverride = localhost; 127.0.0.1; <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: PE_IE_Helper Class: {0941C58F-E461-4E03-BD7D-44C27392ADE1} - C:\Program Files (x86)\IBM\Lotus Forms\Viewer\3.5\PEhelper.dll
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Adobe Acrobat Create PDF Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL
BHO: 1Password: {CB1A24DA-7416-4921-A0CF-5AA1160AAE2A} - C:\Program Files (x86)\1Password\Agile1pIE.dll
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Google Gears Helper: {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
EB: F12 Developer Tools: {28BCCB9A-E66B-463C-82A4-09F320DE94D7} - C:\Program Files (x86)\Internet Explorer\F12Tools.dll
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
uRun: [HP Officejet Pro 8600 (NET)] "C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" -deviceID "CN27PBR2SC05KD:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1
uRun: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
uRun: [MusicManager] "C:\Users\Sean\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
uRun: [Google+ Auto Backup] "C:\Users\Sean\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart
uRun: [eFax 4.4] "C:\Program Files (x86)\eFax Messenger 4.4\J2GDllCmd.exe" /R
uRun: [Viber] "C:\Users\Sean\AppData\Local\Viber\Viber.exe" StartMinimized
uRun: [GoogleChromeAutoLaunch_4C759CBE76051A54F37D4E70F0F48AE0] "C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window
mRun: [IAStorIcon] "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe"
mRun: [ApproveItForOfficeSetup] "C:\Program Files (x86)\ApproveIt\Support\Tools\ApproveItForOfficeSetup.exe " /1 /p "C:\Program Files (x86)\ApproveIt\"
dRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
dRun: [Copy] "C:\Users\Sean\AppData\Roaming\Copy\CopyAgent.exe"
StartupFolder: C:\Users\Sean\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Sean\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Sean\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EFAX44~1.LNK - C:\Program Files (x86)\eFax Messenger 4.4\J2GTray.exe
StartupFolder: C:\Users\Sean\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
StartupFolder: C:\Users\Sean\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Windows\System32\RunDll32.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LENOVO~1.LNK - C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe
StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SynTPEnh.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:28
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {00FAC6C9-C494-4AD8-B3C0-DE677AFDDBD8} - {5D7B119E-062F-476B-A5E7-797FAF554BA2} - C:\Program Files (x86)\1Password\Agile1pIE.dll
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_IKEA_Win32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 192.168.11.1
TCP: Interfaces\{21EC79F9-D738-41C2-8BEC-6DF34D8E6EB2} : DHCPNameServer = 192.168.11.1
TCP: Interfaces\{21EC79F9-D738-41C2-8BEC-6DF34D8E6EB2}\0516E63616B656370216E6460224565627 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{21EC79F9-D738-41C2-8BEC-6DF34D8E6EB2}\14C6F68616E456470253 : DHCPNameServer = 192.168.11.1
TCP: Interfaces\{21EC79F9-D738-41C2-8BEC-6DF34D8E6EB2}\14C6F68616E4564723E243 : DHCPNameServer = 192.168.11.1
TCP: Interfaces\{21EC79F9-D738-41C2-8BEC-6DF34D8E6EB2}\24565627 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{21EC79F9-D738-41C2-8BEC-6DF34D8E6EB2}\54E67456E6965737241483335303 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{21EC79F9-D738-41C2-8BEC-6DF34D8E6EB2}\54E67456E6965737442364540303 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{21EC79F9-D738-41C2-8BEC-6DF34D8E6EB2}\E2 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{21EC79F9-D738-41C2-8BEC-6DF34D8E6EB2}\E2E2 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{B309222D-8F5A-4ADC-BA4C-3ED0255D66ED} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{D61CA8A8-A9C5-4B05-8B5C-1FF6CD0702CA} : DHCPNameServer = 192.168.11.1
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: VESWinlogon - VESWinlogon.dll
SSODL: WebCheck - <orphaned>
x64-mWinlogon: Userinit = C:\Windows\System32\userinit.exe,c:\program files\soluto\soluto.exe /userinit
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - 
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe
x64-Run: [RtHDVCpl] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [Syncplicity] C:\Program Files\Syncplicity\Syncplicity.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-2-19 55280]
R0 Soluto;Soluto;C:\Windows\System32\drivers\Soluto.sys [2013-9-23 54728]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-10-7 202752]
R2 chromoting;Chrome Remote Desktop Service;C:\Program Files (x86)\Google\Chrome Remote Desktop\37.0.2062.28\remoting_host.exe [2014-7-17 51016]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-1-29 13336]
R2 PCloudd;PCloudd;C:\Program Files (x86)\LenovoEMC Storage Manager\pCloudd.exe [2013-3-26 221536]
R2 rimspci;rimspci;C:\Windows\System32\drivers\rimssne64.sys [2010-1-29 93696]
R2 risdsnpe;risdsnpe;C:\Windows\System32\drivers\risdsne64.sys [2010-1-29 75776]
R2 SolutoLauncherService;Soluto Launcher Service;C:\Program Files\Soluto\SolutoLauncherService.exe [2013-9-17 182848]
R2 SolutoService;Soluto PCGenome Core Service;C:\Program Files\Soluto\SolutoService.exe [2013-9-17 821824]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-5-7 2320920]
R2 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\SONY\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-2-19 386416]
R3 ac.sharedstore;ActivIdentity Shared Store Service;C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-6-3 277032]
R3 Agile1Password;1Password;C:\Program Files (x86)\1Password\Agile1pService.exe [2014-1-22 768784]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\System32\drivers\ArcSoftKsUFilter.sys [2010-2-19 19968]
R3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2010-1-29 52264]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-1-29 35104]
R3 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2014-4-5 2369720]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-1-29 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-1-29 151936]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2010-1-29 11392]
R3 SolutoRemoteService;Soluto Remote Service;C:\Program Files\Soluto\SolutoRemoteService.exe [2013-9-17 1942016]
R3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe [2010-2-8 302448]
R3 teamviewervpn;TeamViewer VPN Adapter;C:\Windows\System32\drivers\teamviewervpn.sys [2013-6-22 35112]
R3 VAIO Power Management;VAIO Power Management;C:\Program Files\SONY\VAIO Power Management\SPMService.exe [2010-2-19 571248]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\SONY\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-2-19 529776]
R3 VCService;VCService;C:\Program Files\SONY\VAIO Care\VCService.exe [2011-6-12 44736]
R3 vNICdrv;Iomega Virtual Miniport;C:\Windows\System32\drivers\vNICdrv.sys [2011-1-20 20048]
R3 VUAgent;VUAgent;C:\Program Files\SONY\VAIO Update\VUAgent.exe [2014-6-5 1642544]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2010-1-29 395264]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-6 169312]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-11-25 103576]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-5-13 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-9-11 111616]
S3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-1-29 244736]
S3 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-8-23 13672]
S3 MEMSWEEP2;MEMSWEEP2;C:\Windows\System32\AA8E.tmp [2011-3-24 6144]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2009-9-15 6952960]
S3 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\SONY\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]
S3 RDPDISPM;RDPDISPM;C:\Windows\System32\drivers\rdpdispm.sys [2010-5-7 10576]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-8-30 313840]
S3 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-8-30 362992]
S3 S3XXx64;SCR3xx USB SmartCardReader64;C:\Windows\System32\drivers\S3XXx64.sys [2011-9-7 70016]
S3 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-4-25 3921880]
S3 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-4-25 1042272]
S3 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-4-25 171416]
S3 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2012-1-25 422768]
S3 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2012-1-25 67952]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-11-25 204568]
S3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);C:\Windows\System32\drivers\ssudserd.sys [2013-8-20 204568]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-2-15 5037888]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-3-11 59392]
S3 TwonkyProxy;TwonkyProxy;C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe -start --> C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe -start [?]
S3 TwonkyServer;TwonkyServer;C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe -serviceversion 0 --> C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe -serviceversion 0 [?]
S3 TwonkyWebDav;TwonkyWebDav;C:\Program Files (x86)\Twonky\TwonkyServer\twonkywebdav.exe -start --> C:\Program Files (x86)\Twonky\TwonkyServer\twonkywebdav.exe -start [?]
S3 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2010-2-19 104960]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-2-19 115568]
S3 VSNService;VSNService;C:\Program Files\SONY\VAIO Smart Network\VSNService.exe [2010-7-17 822784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-9 1255736]
S4 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2012-1-25 108400]
S4 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-1-28 851824]
.
=============== Created Last 30 ================
.
2014-09-19 02:21:02 -------- d-----w- C:\ProgramData\Trend Micro
2014-09-17 19:54:38 -------- d-----w- C:\Users\Sean\AppData\Local\EMC_Corporation
2014-09-16 13:44:54 11578928 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1AAE95C0-D1A0-4000-BC0D-7C104E953C32}\mpengine.dll
2014-09-11 13:01:45 2777088 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2014-09-11 13:01:45 2285056 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
2014-09-11 05:13:56 793600 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
2014-09-11 05:13:56 1031168 ----a-w- C:\Windows\System32\TSWorkspace.dll
2014-09-11 05:13:45 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2014-09-11 05:13:45 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2014-09-11 05:13:29 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-09-11 05:13:29 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-09-11 05:13:29 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-09-11 05:13:29 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-09-11 05:13:29 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-08-29 03:16:04 -------- d-----w- C:\Windows\SysWow64\20-20 Technologies
2014-08-27 23:35:54 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-27 23:35:54 3163648 ----a-w- C:\Windows\System32\win32k.sys
2014-08-27 23:35:54 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-08-21 12:29:37 2620928 ----a-w- C:\Windows\System32\wucltux.dll
2014-08-21 12:28:43 97792 ----a-w- C:\Windows\System32\wudriver.dll
2014-08-21 12:28:43 92672 ----a-w- C:\Windows\SysWow64\wudriver.dll
2014-08-21 12:27:58 36864 ----a-w- C:\Windows\System32\wuapp.exe
2014-08-21 12:27:58 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
2014-08-21 12:27:58 198600 ----a-w- C:\Windows\System32\wuwebv.dll
2014-08-21 12:27:58 179656 ----a-w- C:\Windows\SysWow64\wuwebv.dll
.
==================== Find3M  ====================
.
2014-09-10 00:35:25 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-10 00:35:25 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-08-25 16:53:42 270496 ------w- C:\Windows\System32\MpSigStub.exe
2014-08-18 22:29:49 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-08-18 22:29:35 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-08-18 22:19:53 5833728 ----a-w- C:\Windows\System32\jscript9.dll
2014-08-18 22:15:34 547328 ----a-w- C:\Windows\System32\vbscript.dll
2014-08-18 22:15:09 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-08-18 22:14:38 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-08-18 22:14:10 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-08-18 22:08:55 4232704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-08-18 22:03:47 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-08-18 22:03:37 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-08-18 22:03:01 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-08-18 21:57:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-08-18 21:56:17 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-08-18 21:46:26 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-08-18 21:45:23 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-08-18 21:45:12 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-08-18 21:44:44 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-08-18 21:44:09 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-08-18 21:36:07 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-08-18 21:35:24 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-08-18 21:23:17 2104832 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-08-18 21:23:16 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-08-18 21:22:48 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-08-18 21:15:13 2310656 ----a-w- C:\Windows\System32\wininet.dll
2014-08-18 21:08:54 2014208 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-08-18 21:07:44 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-08-18 20:46:48 1812992 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-07-25 22:55:09 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-07-25 12:35:46 875688 ----a-w- C:\Windows\SysWow64\msvcr120_clr0400.dll
2014-07-25 09:47:06 869544 ----a-w- C:\Windows\System32\msvcr120_clr0400.dll
2014-07-16 03:23:41 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-07-16 02:46:02 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-07-14 02:02:45 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
2014-07-14 01:40:58 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2014-06-30 22:24:50 8856 ----a-w- C:\Windows\System32\icardres.dll
2014-06-30 22:14:53 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
.
============= FINISH: 17:48:34.77 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:59 AM

Posted 24 September 2014 - 12:35 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/548972 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 bugnut

bugnut
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 24 September 2014 - 12:49 AM

I still have not been able to resolve the problem. I still am unable to install anti-virus software. I have Windows 7 64-bit. I do not have a CD as the computer did not come with one. 

 

Here is the updated DDS results:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17280  BrowserJavaVersion: 10.67.2
Run by Sean at 19:42:31 on 2014-09-23
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8046.1879 [GMT -10:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Google\Chrome Remote Desktop\37.0.2062.28\remoting_host.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Google\Chrome Remote Desktop\37.0.2062.28\remoting_host.exe
C:\Program Files (x86)\LenovoEMC Storage Manager\pCloudd.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Soluto\SolutoLauncherService.exe
C:\Program Files\Soluto\SolutoService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\SONY\VAIO Event Service\VESMgrSub.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
c:\program files\soluto\soluto.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Syncplicity\Syncplicity.exe
C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
C:\Users\Sean\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
C:\Program Files (x86)\eFax Messenger 4.4\J2GDllCmd.exe
C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sean\AppData\Local\Viber\Viber.exe
C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
C:\Program Files (x86)\eFax Messenger 4.4\J2GTray.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Windows\system32\RunDll32.exe
C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\HP\HP Officejet Pro 8600\bin\HPNetworkCommunicator.exe
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
C:\Program Files\Sony\VAIO Update\VUAgent.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\Program Files\Soluto\SolutoRemoteService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\SONY\VAIO Care\VCService.exe
C:\Program Files\SONY\VAIO Care\VCAgent.exe
C:\Windows\System32\vds.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Users\Sean\AppData\Roaming\Copy\CopyAgent.exe
C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Box Sync\BoxSyncHelper.exe
C:\program files\box sync\boxsync.exe
C:\Program Files (x86)\1Password\Agile1pService.exe
C:\Program Files (x86)\1Password\Agile1pAgent.exe
C:\program files\microsoft office 15\root\office15\onenotem.exe
C:\Users\Sean\appdata\roaming\dropbox\bin\dropbox.exe
C:\Users\Sean\AppData\Local\Google\Update\1.3.24.7\GoogleCrashHandler.exe
C:\Users\Sean\AppData\Local\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
C:\Program Files\SONY\VAIO Care\Admload.exe
C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\explorer.exe
C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\explorer.exe
C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe
C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrobat.exe
C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.us/
uSearch Bar = Preserve
uProxyOverride = localhost; 127.0.0.1; <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: PE_IE_Helper Class: {0941C58F-E461-4E03-BD7D-44C27392ADE1} - C:\Program Files (x86)\IBM\Lotus Forms\Viewer\3.5\PEhelper.dll
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Adobe Acrobat Create PDF Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL
BHO: 1Password: {CB1A24DA-7416-4921-A0CF-5AA1160AAE2A} - C:\Program Files (x86)\1Password\Agile1pIE.dll
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Google Gears Helper: {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
EB: F12 Developer Tools: {28BCCB9A-E66B-463C-82A4-09F320DE94D7} - C:\Program Files (x86)\Internet Explorer\F12Tools.dll
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
uRun: [HP Officejet Pro 8600 (NET)] "C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" -deviceID "CN27PBR2SC05KD:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1
uRun: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
uRun: [MusicManager] "C:\Users\Sean\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
uRun: [Google+ Auto Backup] "C:\Users\Sean\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart
uRun: [eFax 4.4] "C:\Program Files (x86)\eFax Messenger 4.4\J2GDllCmd.exe" /R
mRun: [IAStorIcon] "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe"
mRun: [ApproveItForOfficeSetup] "C:\Program Files (x86)\ApproveIt\Support\Tools\ApproveItForOfficeSetup.exe " /1 /p "C:\Program Files (x86)\ApproveIt\"
dRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
dRun: [Copy] "C:\Users\Sean\AppData\Roaming\Copy\CopyAgent.exe"
StartupFolder: C:\Users\Sean\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EFAX44~1.LNK - C:\Program Files (x86)\eFax Messenger 4.4\J2GTray.exe
StartupFolder: C:\Users\Sean\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
StartupFolder: C:\Users\Sean\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Windows\System32\RunDll32.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LENOVO~1.LNK - C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe
StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SynTPEnh.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:28
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {00FAC6C9-C494-4AD8-B3C0-DE677AFDDBD8} - {5D7B119E-062F-476B-A5E7-797FAF554BA2} - C:\Program Files (x86)\1Password\Agile1pIE.dll
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_IKEA_Win32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 192.168.11.1
TCP: Interfaces\{21EC79F9-D738-41C2-8BEC-6DF34D8E6EB2} : DHCPNameServer = 192.168.11.1
TCP: Interfaces\{21EC79F9-D738-41C2-8BEC-6DF34D8E6EB2}\0516E63616B656370216E6460224565627 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{21EC79F9-D738-41C2-8BEC-6DF34D8E6EB2}\14C6F68616E456470253 : DHCPNameServer = 192.168.11.1
TCP: Interfaces\{21EC79F9-D738-41C2-8BEC-6DF34D8E6EB2}\14C6F68616E4564723E243 : DHCPNameServer = 192.168.11.1
TCP: Interfaces\{21EC79F9-D738-41C2-8BEC-6DF34D8E6EB2}\24565627 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{21EC79F9-D738-41C2-8BEC-6DF34D8E6EB2}\54E67456E6965737241483335303 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{21EC79F9-D738-41C2-8BEC-6DF34D8E6EB2}\54E67456E6965737442364540303 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{21EC79F9-D738-41C2-8BEC-6DF34D8E6EB2}\E2 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{21EC79F9-D738-41C2-8BEC-6DF34D8E6EB2}\E2E2 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{B309222D-8F5A-4ADC-BA4C-3ED0255D66ED} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{D61CA8A8-A9C5-4B05-8B5C-1FF6CD0702CA} : DHCPNameServer = 192.168.11.1
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: VESWinlogon - VESWinlogon.dll
SSODL: WebCheck - <orphaned>
x64-mWinlogon: Userinit = C:\Windows\System32\userinit.exe,c:\program files\soluto\soluto.exe /userinit
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - 
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe
x64-Run: [RtHDVCpl] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [Syncplicity] C:\Program Files\Syncplicity\Syncplicity.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-2-19 55280]
R0 Soluto;Soluto;C:\Windows\System32\drivers\Soluto.sys [2013-9-23 54728]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-10-7 202752]
R2 chromoting;Chrome Remote Desktop Service;C:\Program Files (x86)\Google\Chrome Remote Desktop\37.0.2062.28\remoting_host.exe [2014-7-17 51016]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-1-29 13336]
R2 PCloudd;PCloudd;C:\Program Files (x86)\LenovoEMC Storage Manager\pCloudd.exe [2013-3-26 221536]
R2 rimspci;rimspci;C:\Windows\System32\drivers\rimssne64.sys [2010-1-29 93696]
R2 risdsnpe;risdsnpe;C:\Windows\System32\drivers\risdsne64.sys [2010-1-29 75776]
R2 SolutoLauncherService;Soluto Launcher Service;C:\Program Files\Soluto\SolutoLauncherService.exe [2013-9-17 182848]
R2 SolutoService;Soluto PCGenome Core Service;C:\Program Files\Soluto\SolutoService.exe [2013-9-17 821824]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-5-7 2320920]
R2 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\SONY\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-2-19 386416]
R3 ac.sharedstore;ActivIdentity Shared Store Service;C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-6-3 277032]
R3 Agile1Password;1Password;C:\Program Files (x86)\1Password\Agile1pService.exe [2014-1-22 768784]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\System32\drivers\ArcSoftKsUFilter.sys [2010-2-19 19968]
R3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2010-1-29 52264]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-1-29 35104]
R3 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2014-4-5 2369720]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-1-29 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-1-29 151936]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2010-1-29 11392]
R3 SolutoRemoteService;Soluto Remote Service;C:\Program Files\Soluto\SolutoRemoteService.exe [2013-9-17 1942016]
R3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe [2010-2-8 302448]
R3 teamviewervpn;TeamViewer VPN Adapter;C:\Windows\System32\drivers\teamviewervpn.sys [2013-6-22 35112]
R3 VAIO Power Management;VAIO Power Management;C:\Program Files\SONY\VAIO Power Management\SPMService.exe [2010-2-19 571248]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\SONY\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-2-19 529776]
R3 VCService;VCService;C:\Program Files\SONY\VAIO Care\VCService.exe [2011-6-12 44736]
R3 vNICdrv;Iomega Virtual Miniport;C:\Windows\System32\drivers\vNICdrv.sys [2011-1-20 20048]
R3 VUAgent;VUAgent;C:\Program Files\SONY\VAIO Update\VUAgent.exe [2014-6-5 1642544]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2010-1-29 395264]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-6 169312]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-11-25 103576]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-5-13 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-9-11 111616]
S3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-1-29 244736]
S3 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-8-23 13672]
S3 MEMSWEEP2;MEMSWEEP2;C:\Windows\System32\AA8E.tmp [2011-3-24 6144]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2009-9-15 6952960]
S3 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\SONY\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]
S3 RDPDISPM;RDPDISPM;C:\Windows\System32\drivers\rdpdispm.sys [2010-5-7 10576]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-8-30 313840]
S3 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-8-30 362992]
S3 S3XXx64;SCR3xx USB SmartCardReader64;C:\Windows\System32\drivers\S3XXx64.sys [2011-9-7 70016]
S3 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-4-25 3921880]
S3 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-4-25 1042272]
S3 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-4-25 171416]
S3 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2012-1-25 422768]
S3 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2012-1-25 67952]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-11-25 204568]
S3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);C:\Windows\System32\drivers\ssudserd.sys [2013-8-20 204568]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-2-15 5037888]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-3-11 59392]
S3 TwonkyProxy;TwonkyProxy;C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe -start --> C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe -start [?]
S3 TwonkyServer;TwonkyServer;C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe -serviceversion 0 --> C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe -serviceversion 0 [?]
S3 TwonkyWebDav;TwonkyWebDav;C:\Program Files (x86)\Twonky\TwonkyServer\twonkywebdav.exe -start --> C:\Program Files (x86)\Twonky\TwonkyServer\twonkywebdav.exe -start [?]
S3 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2010-2-19 104960]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-2-19 115568]
S3 VSNService;VSNService;C:\Program Files\SONY\VAIO Smart Network\VSNService.exe [2010-7-17 822784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-9 1255736]
S4 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2012-1-25 108400]
S4 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-1-28 851824]
.
=============== Created Last 30 ================
.
2014-09-23 23:20:36 11578928 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{728F8489-86B6-4D18-B9C5-7B19A465C65A}\mpengine.dll
2014-09-19 02:21:02 -------- d-----w- C:\ProgramData\Trend Micro
2014-09-17 19:54:38 -------- d-----w- C:\Users\Sean\AppData\Local\EMC_Corporation
2014-09-11 13:01:45 2777088 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2014-09-11 13:01:45 2285056 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
2014-09-11 05:13:56 793600 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
2014-09-11 05:13:56 1031168 ----a-w- C:\Windows\System32\TSWorkspace.dll
2014-09-11 05:13:45 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2014-09-11 05:13:45 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2014-09-11 05:13:29 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-09-11 05:13:29 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-09-11 05:13:29 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-09-11 05:13:29 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-09-11 05:13:29 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-08-29 03:16:04 -------- d-----w- C:\Windows\SysWow64\20-20 Technologies
2014-08-27 23:35:54 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-27 23:35:54 3163648 ----a-w- C:\Windows\System32\win32k.sys
2014-08-27 23:35:54 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
.
==================== Find3M  ====================
.
2014-09-15 19:06:02 278152 ------w- C:\Windows\System32\MpSigStub.exe
2014-09-10 00:35:25 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-10 00:35:25 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-08-18 22:29:49 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-08-18 22:29:35 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-08-18 22:19:53 5833728 ----a-w- C:\Windows\System32\jscript9.dll
2014-08-18 22:15:34 547328 ----a-w- C:\Windows\System32\vbscript.dll
2014-08-18 22:15:09 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-08-18 22:14:38 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-08-18 22:14:10 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-08-18 22:08:55 4232704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-08-18 22:03:47 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-08-18 22:03:37 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-08-18 22:03:01 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-08-18 21:57:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-08-18 21:56:17 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-08-18 21:46:26 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-08-18 21:45:23 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-08-18 21:45:12 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-08-18 21:44:44 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-08-18 21:44:09 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-08-18 21:36:07 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-08-18 21:35:24 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-08-18 21:23:17 2104832 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-08-18 21:23:16 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-08-18 21:22:48 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-08-18 21:15:13 2310656 ----a-w- C:\Windows\System32\wininet.dll
2014-08-18 21:08:54 2014208 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-08-18 21:07:44 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-08-18 20:46:48 1812992 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-07-25 22:55:09 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-07-25 12:35:46 875688 ----a-w- C:\Windows\SysWow64\msvcr120_clr0400.dll
2014-07-25 09:47:06 869544 ----a-w- C:\Windows\System32\msvcr120_clr0400.dll
2014-07-16 03:23:41 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-07-16 02:46:02 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-07-14 02:02:45 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
2014-07-14 01:40:58 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2014-06-30 22:24:50 8856 ----a-w- C:\Windows\System32\icardres.dll
2014-06-30 22:14:53 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
.
============= FINISH: 19:44:33.85 ===============
Attached File  attach.txt   12.48KB   0 downloads
 


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:59 AM

Posted 24 September 2014 - 07:04 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

How is the computer running?
Wait for further instructions.

#5 bugnut

bugnut
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 24 September 2014 - 04:42 PM

Thank you so much for your help!  The computer seems to run ok, maybe a little laggy but nothing that seems too bad.

 

Here are the logs and attachments you requested:

 

Malwarebyte's log:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 9/24/2014
Scan Time: 6:43:11 AM
Logfile: Malware Log.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.09.24.09
Rootkit Database: v2014.09.19.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Sean
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 371098
Time Elapsed: 4 hr, 7 min, 50 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 16
PUP.Optional.Wajam.A, HKLM\SOFTWARE\CLASSES\APPID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}, Quarantined, [b2d3c42b4f2cd3637f005176cf3355ab], 
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}, Quarantined, [b2d3c42b4f2cd3637f005176cf3355ab], 
PUP.Optional.Yontoo.A, HKLM\SOFTWARE\CLASSES\YontooIEClient.Layers, Quarantined, [2c59b13e661569cd0f508e0029d99c64], 
PUP.Optional.Yontoo.A, HKLM\SOFTWARE\CLASSES\YontooIEClient.Layers.1, Quarantined, [8cf969862e4d73c38dd2830b3ac8af51], 
PUP.Optional.Yontoo.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\YontooIEClient.Layers, Quarantined, [8cf969862e4d73c38dd2830b3ac8af51], 
PUP.Optional.Yontoo.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\YontooIEClient.Layers.1, Quarantined, [8cf969862e4d73c38dd2830b3ac8af51], 
PUP.Optional.Yontoo.A, HKLM\SOFTWARE\CLASSES\YontooIEClient.Api, Quarantined, [fc8912dd89f2a294694067b4d1324fb1], 
PUP.Optional.Yontoo.A, HKLM\SOFTWARE\CLASSES\YontooIEClient.Api.1, Quarantined, [96efc52a0f6cc76f2485b16a17ec9a66], 
PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\CLASSES\APPID\YontooIEClient.DLL, Quarantined, [d5b0db140f6cb482802af526b84b639d], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\Iminent, Quarantined, [ceb7d41bfd7ef343b220a599986b6a96], 
PUP.Optional.Yontoo.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\YontooIEClient.Api, Quarantined, [7b0a09e60378f73f357407149e658d73], 
PUP.Optional.Yontoo.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\YontooIEClient.Api.1, Quarantined, [7e07c926eb90de584168d3482fd4738d], 
PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\YontooIEClient.DLL, Quarantined, [4c39ea05fd7e52e45e4ccf4cb152a759], 
PUP.Optional.1ClickDownLoader.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\jplinpmadfkdgipabgcdchbdikologlh, Quarantined, [3d48ee015a21b6801b669b8b7d867d83], 
PUP.Optional.InstallCore.A, HKU\S-1-5-21-1844129767-1263473117-3398859109-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Quarantined, [4a3b5d921467d75f39a5f64754afe41c], 
PUP.Optional.InstallCore.A, HKU\S-1-5-21-1844129767-1263473117-3398859109-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Quarantined, [ceb715da4a316cca40fdfc584aba8080], 
 
Registry Values: 1
PUP.Optional.InstallCore.A, HKU\S-1-5-21-1844129767-1263473117-3398859109-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0Z1N1J, Quarantined, [ceb715da4a316cca40fdfc584aba8080]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 7
PUP.Optional.Installtech, C:\Users\Sean\Downloads\SoftwareUpdater (1).exe, Quarantined, [6c190ae5fb80d75fa163ae3e4eb67888], 
PUP.Optional.Installtech, C:\Users\Sean\Downloads\SoftwareUpdater.exe, Quarantined, [93f2e50a7407fa3c6b99ca222bd922de], 
PUP.Optional.Firseria, C:\Users\Sean\Downloads\DNL Reader.exe, Quarantined, [2c59747b7ffc86b08da560d3f90cad53], 
PUP.Optional.Superfish.A, C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, Quarantined, [2263b03f4734df57d918071e1de6837d], 
PUP.Optional.Superfish.A, C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, Quarantined, [562f509fc1ba2e0819d8ce5762a13ec2], 
PUP.Optional.Wajam.A, C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.wajam.com_0.localstorage, Quarantined, [4045f8f7a0dbca6cccd50a1d659e5aa6], 
PUP.Optional.Wajam.A, C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.wajam.com_0.localstorage-journal, Quarantined, [a9dc826d3942f442029f40e7d2316997], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
=============================================================
 
AdwCleaner log:
 
# AdwCleaner v3.310 - Report created 24/09/2014 at 11:20:07
# Updated 12/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Sean - SEAN-VAIO
# Running from : C:\Users\Sean\Downloads\adwcleaner_3.310.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Program Files (x86)\1ClickDownload
Folder Deleted : C:\Users\Sean\AppData\Local\torch
Folder Deleted : C:\Users\Sean\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoiidodopnnhiflaflbfeblnojefhigh
Folder Deleted : C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\chhjbpecpncaggjpdakmflnfcopglcmi
Folder Deleted : C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\giicnncicnopjohcpamieklkiacdoeni
Folder Deleted : C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kegphgaihkjoophpabchkmpaknehfamb
File Deleted : C:\END
File Deleted : C:\Users\Sean\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Torch.lnk
File Deleted : C:\Users\Sean\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Torch.lnk
File Deleted : C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk
File Deleted : C:\Users\Sean\Desktop\Torch.lnk
File Deleted : C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
File Deleted : C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{0329E7D6-6F54-462D-93F6-F5C3118BADF2}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [searchpredict@speedbit.com]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\Applications\Torch.exe
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7697BC38-D0FA-454B-AC75-968B4CCABFCE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3BCF582D-CA87-4C6F-AF3D-B3548A976AB3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{603C4CC9-5DC6-4C44-873F-8281509DF953}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7697BC38-D0FA-454B-AC75-968B4CCABFCE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Deleted : HKCU\Software\InstalledThirdPartyPrograms
Key Deleted : HKCU\Software\Myfree Codec
Key Deleted : HKCU\Software\torch
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\SOFTWARE\DeviceVM
Key Deleted : HKLM\SOFTWARE\Myfree Codec
Key Deleted : HKLM\SOFTWARE\torch
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\torch
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FLV Player
Key Deleted : [x64] HKLM\SOFTWARE\DeviceVM
Key Deleted : [x64] HKLM\SOFTWARE\InstalledThirdPartyPrograms
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17280
 
 
-\\ Google Chrome v
 
[ File : C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://www.safeway.com/ShopStores/Search-Results.page?storeId=10352&langId=-1&pageSize=10&query={searchTerms}
Deleted [Search Provider] : hxxp://www.fillable.com/search-results.html?cx=partner-pub-4322219027685554%3Adml3nc-6lz6&cof=FORID%3A10&ie=ISO-8859-1&q={searchTerms}&sa=Search
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
Deleted [Extension] : aoiidodopnnhiflaflbfeblnojefhigh
Deleted [Extension] : chhjbpecpncaggjpdakmflnfcopglcmi
Deleted [Extension] : giicnncicnopjohcpamieklkiacdoeni
Deleted [Extension] : jplinpmadfkdgipabgcdchbdikologlh
Deleted [Extension] : kegphgaihkjoophpabchkmpaknehfamb
Deleted [Extension] : niapdbllcanepiiimjjndipklodoedlc
 
*************************
 
AdwCleaner[R0].txt - [9658 octets] - [24/09/2014 11:16:07]
AdwCleaner[S0].txt - [10025 octets] - [24/09/2014 11:20:07]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10086 octets] ##########
 
 
======================================================
 
FRST:
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-09-2014
Ran by Sean (administrator) on SEAN-VAIO on 24-09-2014 11:29:25
Running from C:\Users\Sean\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\37.0.2062.28\remoting_host.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\37.0.2062.28\remoting_host.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Soluto) C:\Program Files\Soluto\Soluto.exe
(Sony Corporation) C:\Program Files (x86)\SONY\Setting Utility Series\WBCBatteryCare.exe
(Sony Corporation) C:\Program Files\SONY\VAIO Power Management\SPMgr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(EMC Corporation.) C:\Program Files\Syncplicity\Syncplicity.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Google Inc.) C:\Users\Sean\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
(j2 Global Communications, Inc.) C:\Program Files (x86)\eFax Messenger 4.4\J2GDllCmd.exe
(Google Inc.) C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
() C:\Users\Sean\AppData\Local\Viber\Viber.exe
(LenovoEMC) C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe
(j2 Global Communications, Inc.) C:\Program Files (x86)\eFax Messenger 4.4\J2GTray.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Google Inc.) C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Soluto) C:\Program Files\Soluto\SolutoLauncherService.exe
(Sony Corporation) C:\Program Files\SONY\VAIO Update\VAIOUpdt.exe
(Google Inc.) C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Google Inc.) C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
(Sony Corporation) C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files\SONY\VCM Intelligent Network Service Manager\VcmINSMgr.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Sony Corporation) C:\Program Files (x86)\SONY\VAIO Event Service\VESMgrSub.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Sony Corporation) C:\Program Files\SONY\VAIO Update\VUAgent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
(Sony Corporation) C:\Program Files\SONY\VAIO Power Management\SPMService.exe
(Sony Corporation) C:\Program Files\SONY\VAIO Care\VCsystray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Sony Corporation) C:\Program Files\SONY\VAIO Update\VUSR.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Sony Corporation) C:\Program Files\SONY\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
(Sony Corporation) C:\Program Files\SONY\VCM Manager Settings\VcmMgrNotification64.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9636896 2009-12-15] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1861416 2009-12-15] (Synaptics Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [Syncplicity] => C:\Program Files\Syncplicity\Syncplicity.exe [123392 2014-08-04] (EMC Corporation.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2009-11-20] (Intel Corporation)
HKLM-x32\...\Run: [ApproveItForOfficeSetup] => C:\Program Files (x86)\ApproveIt\Support\Tools\ApproveItForOfficeSetup.exe [155648 2009-04-29] (Silanis Technology Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM\...\Winlogon: [Userinit] c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit,
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
Winlogon\Notify\VESWinlogon-x32: VESWinlogon.dll [X]
HKU\S-1-5-21-1844129767-1263473117-3398859109-1004\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2676584 2011-09-09] (Hewlett-Packard Co.)
HKU\S-1-5-21-1844129767-1263473117-3398859109-1004\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-1844129767-1263473117-3398859109-1004\...\Run: [MusicManager] => C:\Users\Sean\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7631872 2014-05-15] (Google Inc.)
HKU\S-1-5-21-1844129767-1263473117-3398859109-1004\...\Run: [Google+ Auto Backup] => "C:\Users\Sean\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart
HKU\S-1-5-21-1844129767-1263473117-3398859109-1004\...\Run: [eFax 4.4] => C:\Program Files (x86)\eFax Messenger 4.4\J2GDllCmd.exe [95744 2012-08-29] (j2 Global Communications, Inc.)
HKU\S-1-5-21-1844129767-1263473117-3398859109-1004\...\Run: [GoogleChromeAutoLaunch_4C759CBE76051A54F37D4E70F0F48AE0] => C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe [860488 2014-06-10] (Google Inc.)
HKU\S-1-5-21-1844129767-1263473117-3398859109-1004\...\Run: [Viber] => C:\Users\Sean\AppData\Local\Viber\Viber.exe [906240 2013-05-08] ()
HKU\S-1-5-18\...\Run: [Copy] => C:\Users\Sean\AppData\Roaming\Copy\CopyAgent.exe [15422096 2014-09-16] (Barracuda Networks, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LenovoEMC Storage Manager.lnk
ShortcutTarget: LenovoEMC Storage Manager.lnk -> C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe (LenovoEMC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SynTPEnh.exe (Synaptics Incorporated)
Startup: C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Sean\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\eFax 4.4.lnk
ShortcutTarget: eFax 4.4.lnk -> C:\Program Files (x86)\eFax Messenger 4.4\J2GTray.exe (j2 Global Communications, Inc.)
Startup: C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk
ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers:   Syncplicity Icon Overlay (Folder) -> {02FCECC2-84DC-4FAA-A718-C41FFCA5B8D1} => C:\Program Files\Syncplicity\SyncplicityShellExt.dll (Syncplicity, Inc.)
ShellIconOverlayIdentifiers:   Syncplicity Icon Overlay (Fully Synced) -> {CA4FCCBF-F4B7-4DD1-861E-1F42AAD396D1} => C:\Program Files\Syncplicity\SyncplicityShellExt.dll (Syncplicity, Inc.)
ShellIconOverlayIdentifiers:   Syncplicity Icon Overlay (Not Latest Version) -> {284C090F-EB1D-4A6E-872E-6DB72E417E24} => C:\Program Files\Syncplicity\SyncplicityShellExt.dll (Syncplicity, Inc.)
ShellIconOverlayIdentifiers:   Syncplicity Icon Overlay (Shared Folder) -> {3DFC86AD-F2CC-4AdA-98DD-AC5DC84119CC} => C:\Program Files\Syncplicity\SyncplicityShellExt.dll (Syncplicity, Inc.)
ShellIconOverlayIdentifiers: 000BoxDesktopFileLocked -> {C253B817-3A00-475f-A5A3-6F2DD704B48D} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: 000BoxDesktopNotSynced -> {19ACC806-F7AA-46AA-A80A-726A07CA6637} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: 000BoxDesktopNotSyncedCollabs -> {337D9DE0-3F8B-4430-AF0F-FFC24A95AE8F} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: 000BoxDesktopSynced -> {B7AC9C6D-F15B-4B1A-A88D-F518D13861D9} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: 000BoxDesktopSyncedCollab -> {9E48C232-F601-4E41-BB3E-16CBAF317AA4} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: 1aCopyShExtError -> {83BEA36E-7680-4598-A4DF-994426F6E78D} => C:\Users\Sean\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: 2aCopyShExtSynced -> {845B7388-6F85-4F32-9FD5-F02DC7882B89} => C:\Users\Sean\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: 3aCopyShExtSyncing -> {F6378A7A-F753-449B-AE1B-997A96132E61} => C:\Users\Sean\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: 4aCopyShExtSyncingProg1 -> {3A511828-777D-46F8-82F4-5B530C1B3D9E} => C:\Users\Sean\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: 5aCopyShExtSyncingProg2 -> {C8C88204-5B14-40EC-BA72-8AEBC762047E} => C:\Users\Sean\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: 6aCopyShExtSyncingProg3 -> {ACFF45C3-3EEB-4351-86C2-6696BA264239} => C:\Users\Sean\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: 7aCopyShExtSyncingProg4 -> {29AF997F-488B-46F0-AE78-7146F1B89CC3} => C:\Users\Sean\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: 8aCopyShExtSyncingProg5 -> {03F9AD29-1C78-4B66-8890-B177B5430C53} => C:\Users\Sean\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.us/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: PE_IE_Helper Class -> {0941C58F-E461-4E03-BD7D-44C27392ADE1} -> C:\Program Files (x86)\IBM\Lotus Forms\Viewer\3.5\PEhelper.dll (IBM Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: 1Password -> {CB1A24DA-7416-4921-A0CF-5AA1160AAE2A} -> C:\Program Files (x86)\1Password\Agile1pIE.dll (AgileBits)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Google Gears Helper -> {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} -> C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_IKEA_Win32.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.11.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @research.microsoft.com/HDView -> C:\Program Files (x86)\Microsoft Research\HD View\nphdview.dll (Microsoft Research)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Sean\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Sean\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Sean\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Sean\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\mfc71.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\msvcr71.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdbplug.dll (DNAML Pty Ltd)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npmfv.dll (IBM Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Sean\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Sean\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak [2014-03-11]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-03-11]
FF HKLM-x32\...\Firefox\Extensions: [{000a9d1c-beef-4f90-9363-039d445309b8}] - C:\Program Files (x86)\Google\Google Gears\Firefox
FF Extension: Google Gears - C:\Program Files (x86)\Google\Google Gears\Firefox [2010-05-27]
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-05-28]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "https://mail.google.com/mail/ca/u/0/?ui=2&shva=1#inbox", "https://plus.google.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Translate) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2010-10-13]
CHR Extension: (Tasky Tab for Google Tasks) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\abankhcdimdedjbhkplmdjgnodmlfcaf [2011-02-05]
CHR Extension: (HP Product Detection Plugin) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\aelbknmfcacjffmgnoaaonhgoghlmlkp [2012-10-15]
CHR Extension: (Xmarks Bookmark Sync) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2010-10-13]
CHR Extension: (Google Docs) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-19]
CHR Extension: (PriceBlink) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoiidodopnnhiflaflbfeblnojefhigh [2014-09-24]
CHR Extension: (Google Drive) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2011-07-11]
CHR Extension: (Language Immersion for Chrome) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\bedbecnakfcpmkpddjfnfihogkaggkhl [2012-05-03]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-04-05]
CHR Extension: (Chromemote - Remote for Google TV™) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhcjclaangpnjgfllaoodflclpdfcegb [2013-06-04]
CHR Extension: (Foursquare) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhngmmmhjmbkdejbeopoijidmgcbkekl [2011-07-02]
CHR Extension: (YouTube) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-11-06]
CHR Extension: (Honey) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2013-02-05]
CHR Extension: (HelloFax: 50 Free Fax Pages) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\bocmleclimfnadgmcdgecijlblfcmfnm [2012-05-04]
CHR Extension: (Google+ Notifications) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\boemmnepglcoinjcdlfcpcbmhiecichi [2012-04-14]
CHR Extension: (Proxy Switchy!) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\caehdcpeofiiigpdhbabniblemipncjj [2010-10-04]
CHR Extension: (Adblock Plus) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2010-10-13]
CHR Extension: (Remember The Milk) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\chdiaibgndcpagmnpkjoelgfkommjbni [2010-12-09]
CHR Extension: (Ebates Cash Back) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\chhjbpecpncaggjpdakmflnfcopglcmi [2014-09-24]
CHR Extension: (TaskMilk) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\chieodlkhimccchlojdmiondhiggkhmf [2012-03-11]
CHR Extension: (Add to Amazon Wish List) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced [2011-10-07]
CHR Extension: (OneNote Online) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciniambnphakdoflgeamacamhfllbkmo [2014-04-21]
CHR Extension: (Proximity Checkin) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\clcbdejkioodkededdahcdjngofoieph [2010-12-09]
CHR Extension: (Videostream for Google Chromecast™) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolokfelagl [2014-06-24]
CHR Extension: (Google Search) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-11-22]
CHR Extension: (Google Cast (Beta)) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\dliochdbjfkdbacpmhlcpmleaejidimm [2014-06-24]
CHR Extension: (Google News) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\dllkocilcinkggkchnjgegijklcililc [2012-02-03]
CHR Extension: (Google+) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlppkpafhbajpcmmoheippocdidnckmm [2012-04-14]
CHR Extension: (Google Tasks (by Google)) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmglolhoplikcoamfgjgammjbgchgjdd [2011-07-11]
CHR Extension: (20-20 3D Viewer for WEB) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\doegbncejoboimomanljpjikldicafjn [2011-08-08]
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2014-05-30]
CHR Extension: (Google Calendar) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2010-12-09]
CHR Extension: (Box - 10GB of FREE storage) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejnkaeblpdcamcioiiabclakabcbjmbl [2012-05-03]
CHR Extension: (Print Using Google Cloud Print™) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffaifmgpcdjedlffbhenaloimajbdkfg [2011-07-11]
CHR Extension: (Word Online) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\fiombgjlkfpdpkbhfioofeeinbehmajg [2014-04-21]
CHR Extension: (Springpad) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkmopoamfjnmppabeaphohombnjcjgla [2012-02-06]
CHR Extension: (Grooveshark Non-Stop) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\flgdeakeeekllcpldfampgbamohdagdp [2011-07-10]
CHR Extension: (IE Tab Multi (Enhance)) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnfnbeppfinmnjnjhedifcfllpcfgeea [2013-06-28]
CHR Extension: (Collusion for Chrome) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\ganlifbpkcplnldliibcbegplfmcfigp [2012-04-13]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2014-04-21]
CHR Extension: (PDFescape Free PDF Editor) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdefoklganepljiopdnglodohlgfikkl [2012-10-15]
CHR Extension: (Mail Checker Plus for Google Mail™) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\gffjhibehnempbkeheiccaincokdjbfe [2010-10-13]
CHR Extension: (Desktop Notifications for Android) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\giicnncicnopjohcpamieklkiacdoeni [2014-09-24]
CHR Extension: (Google Calendar (by Google)) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich [2011-07-11]
CHR Extension: (Save to Google Drive) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2014-03-03]
CHR Extension: (1Password) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdmbinomkfhmgknkoicejolfdfjeajmk [2014-01-22]
CHR Extension: (Flixster) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgbpjlnkjhllfgfdmieompodgaefjcfh [2010-12-09]
CHR Extension: (Rapportive) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hihakjfhbmlmjdnnhegiciffjplmdhin [2012-02-06]
CHR Extension: (Select To Get Maps) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hinehgnhgiohbfpbpgkjnelkcgdkcgha [2010-10-13]
CHR Extension: (Whitespace Remover for Google Plus™) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjhgeibimkoddhdkkgimnipkdodobgpm [2012-10-12]
CHR Extension: (Google Keep - notes and lists) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2013-06-29]
CHR Extension: (Picasa Uploader) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpfomeedmekonipambfkmjfacahlngjd [2012-01-01]
CHR Extension: (Remember The Milk for Gmail) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hphjpfmagbhbdfhdndglcccmhdjhjjce [2012-03-11]
CHR Extension: (Kindle Cloud Reader) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2012-03-04]
CHR Extension: (wikiHow Survival Kit) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\ickaeddjnhfofihhibhnjemlphjmnchl [2010-12-09]
CHR Extension: (Pixlr Editor) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmaknaampgiegkcjlimdiidlhopknpk [2014-04-21]
CHR Extension: (Chrome to Mobile) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\idknbmbdnapjicclomlijcgfpikmndhd [2012-02-20]
CHR Extension: (Social Fixer for Facebook) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb [2012-09-06]
CHR Extension: (Panel View for Keep) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\jccocffecajimkdjgfpjhlpiimcnadhb [2013-11-29]
CHR Extension: (Google Voice (by Google)) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2010-10-13]
CHR Extension: (Coupons at Checkout) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kegphgaihkjoophpabchkmpaknehfamb [2014-09-24]
CHR Extension: (Downloadify) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmlendhmdnjppdndifgphannebelpkoh [2013-05-07]
CHR Extension: (Google Play) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2013-06-28]
CHR Extension: (FVD Downloader) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp [2012-09-03]
CHR Extension: (InvisibleHand) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\lghjfnfolmcikomdjmoiemllfnlmmoko [2013-06-04]
CHR Extension: (Picasa Extension (by Google)) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhhlohbbihddnfcehbijmlnpkafmmkfp [2011-07-11]
CHR Extension: (Skype Click to Call) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2011-09-18]
CHR Extension: (Google Maps) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2010-12-09]
CHR Extension: (Capture Webpage Screenshot - FireShot) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbpblocgmgfnpjjppndjkmgjaogfceg [2014-03-26]
CHR Extension: (Google Stars Nightly) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\meoeeoaohbmgbocpdpnjklmfmjjagkkf [2014-08-19]
CHR Extension: (Tasky for Google Tasks) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjbfkceielapenhcdmppjfjfhjelhcjc [2011-02-05]
CHR Extension: (Hangouts) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2014-09-10]
CHR Extension: (Drive) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfakdllpdfjjbfommlcnfkedmbigkfdo [2012-02-06]
CHR Extension: (OneDrive) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffchahhjecejoiigmnhhicpoabngedk [2012-03-04]
CHR Extension: (Google Wallet) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-07-21]
CHR Extension: (Docs PDF/PowerPoint Viewer (by Google)) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn [2010-12-09]
CHR Extension: (Cooliris) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\noocneohefmdhonidldnlhaainpiomkp [2010-10-13]
CHR Extension: (Google Chrome to Phone Extension) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2010-10-13]
CHR Extension: (Extended Share for Google Plus) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\oenpjldbckebacipkfbcoppmiflglnib [2012-03-04]
CHR Extension: (Picasa) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb [2010-12-09]
CHR Extension: (Google Calendar Checker (by Google)) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\ookhcbgokankfmjafalglpofmolfopek [2011-06-30]
CHR Extension: (Remove the Limits of G+) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdjgnkkejddnapenkbdfmchlmhglmpkd [2012-06-07]
CHR Extension: (20-20 3D Viewer for IKEA) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfhldcakmgpmglboaclpfdedehjblalp [2014-08-28]
CHR Extension: (Send from Gmail (by Google)) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc [2010-10-04]
CHR Extension: (Delta Embark) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\phdpgbdcbdkmjlcemcjcfkbfojaechma [2010-12-09]
CHR Extension: (Gmail) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2010-12-09]
CHR Extension: (Google Similar Pages) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjnfggphgdjblhfjaphkjhfpiiekbbej [2010-10-13]
CHR Extension: (Tapatalk Notifier) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\plfhcjljnfjpfcbjpgnflfofmahljkjj [2012-09-05]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2012-09-23]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-09-21]
CHR StartMenuInternet: Google Chrome - C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [277032 2009-06-03] (ActivIdentity)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S3 Agile1Password; C:\Program Files (x86)\1Password\Agile1pService.exe [768784 2014-06-04] (AgileBits)
R2 AMD External Events Utility; C:\Windows\SysWOW64\atiesrxx.exe [0 2013-11-21] () [File not signed]
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\37.0.2062.28\remoting_host.exe [51016 2014-07-17] (Google Inc.)
S3 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2369720 2014-08-01] (Microsoft Corporation)
R2 EFS; C:\Windows\SysWOW64\lsass.exe [0 2013-11-21] () [File not signed]
R3 KeyIso; C:\Windows\SysWOW64\lsass.exe [0 2013-11-21] () [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S3 Netlogon; C:\Windows\SysWOW64\lsass.exe [0 2013-11-21] () [File not signed]
S2 PCloudd; C:\Program Files (x86)\LenovoEMC Storage Manager\pCloudd.exe [221536 2013-03-26] (LenovoEMC Ltd.)
S3 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 ProtectedStorage; C:\Windows\SysWOW64\lsass.exe [0 2013-11-21] () [File not signed]
S3 Roxio UPnP Renderer 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2009-08-30] (Sonic Solutions)
S3 Roxio Upnp Server 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2009-08-30] (Sonic Solutions)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
R2 SamSs; C:\Windows\SysWOW64\lsass.exe [0 2013-11-21] () [File not signed]
S3 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
S3 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
S3 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
R2 SolutoLauncherService; C:\Program Files\Soluto\SolutoLauncherService.exe [182848 2013-09-17] (Soluto)
R3 SolutoRemoteService; C:\Program Files\Soluto\SolutoRemoteService.exe [1942016 2013-09-17] (GlavSoft LLC.) [File not signed]
R2 Spooler; C:\Windows\SysWOW64\spoolsv.exe [0 2013-11-21] () [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 TwonkyProxy; C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe [545608 2012-07-05] ()
S3 TwonkyServer; C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe [549704 2012-07-05] (PacketVideo)
S3 TwonkyWebDav; C:\Program Files (x86)\Twonky\TwonkyServer\twonkywebdav.exe [271176 2012-07-05] ()
S3 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [69632 2010-02-22] (Sony Corporation) [File not signed]
S3 VaultSvc; C:\Windows\SysWOW64\lsass.exe [0 2013-11-21] () [File not signed]
S4 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [851824 2010-01-28] (Sony Corporation)
R3 vds; C:\Windows\SysWOW64\vds.exe [0 2013-11-21] () [File not signed]
S3 VSNService; C:\Program Files\SONY\VAIO Smart Network\VSNService.exe [822784 2010-01-29] (Sony Corporation) [File not signed]
R3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1642544 2014-02-27] (Sony Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
S3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [7778176 2009-12-16] (Intel Corporation) [File not signed]
S3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [244736 2009-12-16] (Intel® Corporation) [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-24] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 MEMSWEEP2; C:\Windows\system32\AA8E.tmp [6144 2010-05-26] (Sophos Plc) [File not signed]
R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [204568 2013-08-20] (DEVGURU Co., LTD.(www.devguru.co.kr))
R3 vNICdrv; C:\Windows\System32\DRIVERS\vNICdrv.sys [20048 2013-03-28] (Iomega Corporation)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-11-12] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
R3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-24 11:29 - 2014-09-24 11:36 - 00047513 _____ () C:\Users\Sean\Downloads\FRST.txt
2014-09-24 11:29 - 2014-09-24 11:29 - 00000000 ____D () C:\FRST
2014-09-24 11:28 - 2014-09-24 11:28 - 02106880 _____ (Farbar) C:\Users\Sean\Downloads\FRST64.exe
2014-09-24 11:17 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-09-24 11:15 - 2014-09-24 11:22 - 00000000 ____D () C:\AdwCleaner
2014-09-24 11:14 - 2014-09-24 11:15 - 01373475 _____ () C:\Users\Sean\Downloads\adwcleaner_3.310.exe
2014-09-24 07:42 - 2014-09-24 07:42 - 00000000 ____D () C:\Users\Sean\AppData\Temp
2014-09-24 06:40 - 2014-09-24 11:29 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-24 06:40 - 2014-09-24 06:40 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-24 06:40 - 2014-09-24 06:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-24 06:40 - 2014-09-24 06:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-24 06:40 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-24 06:40 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-24 06:40 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-24 06:39 - 2014-09-24 06:39 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Sean\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-09-24 06:37 - 2014-09-24 06:37 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Sean\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-23 19:42 - 2014-09-23 19:42 - 00688992 ____R (Swearware) C:\Users\Sean\Downloads\dds (1).com
2014-09-23 13:19 - 2014-09-09 12:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-23 13:19 - 2014-09-09 11:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-22 12:07 - 2014-09-24 11:23 - 00004000 _____ () C:\Windows\PFRO.log
2014-09-18 17:48 - 2014-09-23 19:44 - 00033315 _____ () C:\Users\Sean\Desktop\dds.txt
2014-09-18 17:48 - 2014-09-23 19:44 - 00012683 _____ () C:\Users\Sean\Desktop\attach.txt
2014-09-18 17:45 - 2014-09-18 17:46 - 00688992 ____R (Swearware) C:\Users\Sean\Downloads\dds.com
2014-09-18 17:32 - 2014-09-18 17:33 - 00000000 ____D () C:\Users\Sean\Downloads\backups
2014-09-18 17:23 - 2014-09-18 17:23 - 00003124 _____ () C:\Windows\System32\Tasks\{C2A51282-B450-4EA5-91F3-E681DC728252}
2014-09-18 17:22 - 2014-09-18 17:39 - 00022928 _____ () C:\Users\Sean\Downloads\hijackthis.log
2014-09-18 17:19 - 2014-09-18 17:19 - 00388608 _____ (Trend Micro Inc.) C:\Users\Sean\Downloads\HijackThis.exe
2014-09-18 16:21 - 2014-09-18 16:21 - 00000000 ____D () C:\ProgramData\Trend Micro
2014-09-18 16:20 - 2014-09-22 12:03 - 00060120 _____ () C:\TMPatch.log
2014-09-17 09:54 - 2014-09-17 09:54 - 00000000 ____D () C:\Users\Sean\AppData\Local\EMC_Corporation
2014-09-16 10:56 - 2014-09-23 09:40 - 00000000 ____D () C:\Users\Sean\Desktop\ReportMaker
2014-09-16 10:55 - 2014-09-16 10:55 - 06360161 _____ () C:\Users\Sean\Downloads\ReportMaker.exe
2014-09-15 19:32 - 2014-09-15 19:32 - 00000010 _____ () C:\Users\Sean\AppData\Local\sponge.last.runtime.cache
2014-09-15 17:30 - 2014-09-15 17:32 - 202839360 _____ (Kaspersky Lab) C:\Users\Sean\Downloads\kis15.0.1.415EN_6711.exe
2014-09-11 04:10 - 2014-08-19 08:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-11 04:10 - 2014-08-19 07:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-11 04:10 - 2014-08-18 13:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-11 04:10 - 2014-08-18 12:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-11 04:10 - 2014-08-18 12:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-11 04:10 - 2014-08-18 12:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-11 04:10 - 2014-08-18 12:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-11 04:10 - 2014-08-18 12:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-11 04:10 - 2014-08-18 12:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-11 04:10 - 2014-08-18 12:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-11 04:10 - 2014-08-18 12:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-11 04:10 - 2014-08-18 12:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-11 04:10 - 2014-08-18 12:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-11 04:10 - 2014-08-18 12:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-11 04:10 - 2014-08-18 12:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-11 04:10 - 2014-08-18 12:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-11 04:10 - 2014-08-18 12:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-11 04:10 - 2014-08-18 12:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-11 04:10 - 2014-08-18 12:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-11 04:10 - 2014-08-18 11:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-11 04:10 - 2014-08-18 11:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-11 04:10 - 2014-08-18 11:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-11 04:10 - 2014-08-18 11:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-11 04:10 - 2014-08-18 11:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-11 04:10 - 2014-08-18 11:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-11 04:10 - 2014-08-18 11:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-11 04:10 - 2014-08-18 11:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-11 04:10 - 2014-08-18 11:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-11 04:10 - 2014-08-18 11:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-11 04:10 - 2014-08-18 11:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-11 04:10 - 2014-08-18 11:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-11 04:10 - 2014-08-18 11:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-11 04:10 - 2014-08-18 11:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-11 04:10 - 2014-08-18 11:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-11 04:10 - 2014-08-18 11:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-11 04:10 - 2014-08-18 11:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-11 04:10 - 2014-08-18 11:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-11 04:10 - 2014-08-18 11:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-11 04:10 - 2014-08-18 11:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-11 04:10 - 2014-08-18 11:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-11 04:10 - 2014-08-18 11:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-11 04:10 - 2014-08-18 11:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-11 04:10 - 2014-08-18 11:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-11 04:10 - 2014-08-18 11:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-11 04:10 - 2014-08-18 11:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-11 04:10 - 2014-08-18 11:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-11 04:10 - 2014-08-18 11:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-11 04:10 - 2014-08-18 11:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-11 04:10 - 2014-08-18 11:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-11 04:10 - 2014-08-18 11:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-11 04:10 - 2014-08-18 11:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-11 04:10 - 2014-08-18 10:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-11 04:10 - 2014-08-18 10:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-11 04:10 - 2014-08-18 10:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-11 04:10 - 2014-08-18 10:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-11 04:10 - 2014-08-18 10:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-11 03:01 - 2014-06-26 16:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-11 03:01 - 2014-06-26 15:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-10 19:13 - 2014-08-01 01:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-10 19:13 - 2014-08-01 01:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-10 19:13 - 2014-07-06 16:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 19:13 - 2014-07-06 16:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 19:13 - 2014-07-06 15:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-10 19:13 - 2014-07-06 15:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-10 19:13 - 2014-07-06 15:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-10 19:13 - 2014-06-23 17:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-10 19:13 - 2014-06-23 16:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-10 14:50 - 2014-09-10 14:51 - 00895120 _____ (Google Inc.) C:\Users\Sean\Downloads\ChromeSetup (6).exe
2014-09-10 14:50 - 2014-09-10 14:50 - 00895120 _____ (Google Inc.) C:\Users\Sean\Downloads\ChromeSetup (5).exe
2014-09-10 14:48 - 2014-09-10 14:49 - 00895120 _____ (Google Inc.) C:\Users\Sean\Downloads\ChromeSetup (4).exe
2014-09-05 17:48 - 2014-09-09 07:57 - 00106496 _____ () C:\Users\Sean\Downloads\prequal-04.xls
2014-09-02 18:08 - 2014-09-02 18:09 - 00895120 _____ (Google Inc.) C:\Users\Sean\Downloads\ChromeSetup (3).exe
2014-08-28 17:16 - 2014-08-28 17:16 - 00000000 ____D () C:\Windows\SysWOW64\20-20 Technologies
2014-08-27 13:35 - 2014-08-22 16:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-27 13:35 - 2014-08-22 15:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-27 13:35 - 2014-08-22 14:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-24 11:36 - 2014-09-24 11:29 - 00047513 _____ () C:\Users\Sean\Downloads\FRST.txt
2014-09-24 11:36 - 2011-02-05 13:15 - 00000000 ____D () C:\Users\Sean\AppData\Local\Syncplicity
2014-09-24 11:35 - 2013-05-19 17:21 - 00000000 ____D () C:\Users\Sean\AppData\Roaming\Copy
2014-09-24 11:35 - 2012-04-13 10:25 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-24 11:33 - 2010-05-07 16:57 - 01792534 _____ () C:\Windows\WindowsUpdate.log
2014-09-24 11:29 - 2014-09-24 11:29 - 00000000 ____D () C:\FRST
2014-09-24 11:29 - 2014-09-24 06:40 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-24 11:28 - 2014-09-24 11:28 - 02106880 _____ (Farbar) C:\Users\Sean\Downloads\FRST64.exe
2014-09-24 11:25 - 2013-05-13 20:56 - 00000000 ____D () C:\Users\Sean\AppData\Roaming\ViberPC
2014-09-24 11:24 - 2013-05-13 20:53 - 00000000 ____D () C:\Users\Sean\AppData\Local\Viber
2014-09-24 11:23 - 2014-09-22 12:07 - 00004000 _____ () C:\Windows\PFRO.log
2014-09-24 11:23 - 2013-12-01 19:45 - 00008359 _____ () C:\Windows\setupact.log
2014-09-24 11:23 - 2009-07-13 19:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-24 11:22 - 2014-09-24 11:15 - 00000000 ____D () C:\AdwCleaner
2014-09-24 11:17 - 2009-07-13 18:45 - 00013872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-24 11:17 - 2009-07-13 18:45 - 00013872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-24 11:16 - 2010-08-24 08:56 - 00000000 ___RD () C:\Users\Sean\Documents\My Dropbox
2014-09-24 11:15 - 2014-09-24 11:14 - 01373475 _____ () C:\Users\Sean\Downloads\adwcleaner_3.310.exe
2014-09-24 11:15 - 2010-08-24 08:53 - 00000000 ____D () C:\Users\Sean\AppData\Roaming\Dropbox
2014-09-24 11:13 - 2010-05-07 17:03 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{DC3438ED-B619-4888-9A8E-A740F509BE0F}
2014-09-24 11:04 - 2009-07-13 17:20 - 00000000 ____D () C:\Windows\Cursors
2014-09-24 10:41 - 2010-05-18 18:52 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-24 10:41 - 2010-05-07 21:33 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1844129767-1263473117-3398859109-1004UA.job
2014-09-24 07:42 - 2014-09-24 07:42 - 00000000 ____D () C:\Users\Sean\AppData\Temp
2014-09-24 06:40 - 2014-09-24 06:40 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-24 06:40 - 2014-09-24 06:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-24 06:40 - 2014-09-24 06:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-24 06:40 - 2012-09-19 08:03 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-24 06:39 - 2014-09-24 06:39 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Sean\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-09-24 06:37 - 2014-09-24 06:37 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Sean\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-24 04:35 - 2012-04-13 10:25 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-24 04:35 - 2012-04-13 10:25 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-24 04:35 - 2011-05-29 12:58 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-24 02:39 - 2009-07-13 17:20 - 00000000 ____D () C:\Windows\rescache
2014-09-23 19:44 - 2014-09-18 17:48 - 00033315 _____ () C:\Users\Sean\Desktop\dds.txt
2014-09-23 19:44 - 2014-09-18 17:48 - 00012683 _____ () C:\Users\Sean\Desktop\attach.txt
2014-09-23 19:42 - 2014-09-23 19:42 - 00688992 ____R (Swearware) C:\Users\Sean\Downloads\dds (1).com
2014-09-23 09:40 - 2014-09-16 10:56 - 00000000 ____D () C:\Users\Sean\Desktop\ReportMaker
2014-09-23 02:00 - 2010-05-07 18:03 - 00000000 ____D () C:\Users\Sean\AppData\Local\Adobe
2014-09-22 23:41 - 2010-05-07 21:33 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1844129767-1263473117-3398859109-1004Core.job
2014-09-22 12:17 - 2013-09-12 21:19 - 00000000 ____D () C:\ProgramData\Soluto
2014-09-22 12:03 - 2014-09-18 16:20 - 00060120 _____ () C:\TMPatch.log
2014-09-18 17:46 - 2014-09-18 17:45 - 00688992 ____R (Swearware) C:\Users\Sean\Downloads\dds.com
2014-09-18 17:39 - 2014-09-18 17:22 - 00022928 _____ () C:\Users\Sean\Downloads\hijackthis.log
2014-09-18 17:33 - 2014-09-18 17:32 - 00000000 ____D () C:\Users\Sean\Downloads\backups
2014-09-18 17:23 - 2014-09-18 17:23 - 00003124 _____ () C:\Windows\System32\Tasks\{C2A51282-B450-4EA5-91F3-E681DC728252}
2014-09-18 17:19 - 2014-09-18 17:19 - 00388608 _____ (Trend Micro Inc.) C:\Users\Sean\Downloads\HijackThis.exe
2014-09-18 16:21 - 2014-09-18 16:21 - 00000000 ____D () C:\ProgramData\Trend Micro
2014-09-18 16:21 - 2010-08-24 08:56 - 00001015 _____ () C:\Users\Sean\Desktop\Dropbox.lnk
2014-09-18 16:21 - 2010-08-24 08:54 - 00000000 ____D () C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-17 09:56 - 2010-06-09 11:57 - 00000000 ____D () C:\Users\Sean\AppData\Local\Xmarks
2014-09-17 09:54 - 2014-09-17 09:54 - 00000000 ____D () C:\Users\Sean\AppData\Local\EMC_Corporation
2014-09-17 09:54 - 2014-02-08 08:42 - 00000000 ____D () C:\ProgramData\Syncplicity
2014-09-17 09:54 - 2014-02-08 08:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Syncplicity
2014-09-17 09:54 - 2012-02-21 17:35 - 00000000 ____D () C:\Program Files\Syncplicity
2014-09-17 08:50 - 2011-03-24 18:18 - 00000000 ____D () C:\Program Files (x86)\Sophos
2014-09-17 07:24 - 2014-06-04 19:39 - 00000000 ___RD () C:\Users\Sean\Google Drive
2014-09-16 10:55 - 2014-09-16 10:55 - 06360161 _____ () C:\Users\Sean\Downloads\ReportMaker.exe
2014-09-16 08:01 - 2010-05-07 22:30 - 00000000 ___RD () C:\Users\Sean\Documents\Job Stuff
2014-09-15 19:40 - 2011-07-19 18:08 - 01616322 _____ () C:\Users\Sean\AppData\Local\census.cache
2014-09-15 19:39 - 2011-07-19 18:07 - 00143316 _____ () C:\Users\Sean\AppData\Local\ars.cache
2014-09-15 19:32 - 2014-09-15 19:32 - 00000010 _____ () C:\Users\Sean\AppData\Local\sponge.last.runtime.cache
2014-09-15 17:45 - 2010-06-08 15:38 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-09-15 17:32 - 2014-09-15 17:30 - 202839360 _____ (Kaspersky Lab) C:\Users\Sean\Downloads\kis15.0.1.415EN_6711.exe
2014-09-15 09:06 - 2010-06-08 14:41 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-11 04:08 - 2010-02-19 22:34 - 00775124 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-11 04:08 - 2009-07-13 19:13 - 00775124 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-11 04:06 - 2013-08-15 03:03 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-11 03:05 - 2010-05-15 19:50 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-10 14:51 - 2014-09-10 14:50 - 00895120 _____ (Google Inc.) C:\Users\Sean\Downloads\ChromeSetup (6).exe
2014-09-10 14:50 - 2014-09-10 14:50 - 00895120 _____ (Google Inc.) C:\Users\Sean\Downloads\ChromeSetup (5).exe
2014-09-10 14:49 - 2014-09-10 14:48 - 00895120 _____ (Google Inc.) C:\Users\Sean\Downloads\ChromeSetup (4).exe
2014-09-09 12:11 - 2014-09-23 13:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-09 11:47 - 2014-09-23 13:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-09 07:57 - 2014-09-05 17:48 - 00106496 _____ () C:\Users\Sean\Downloads\prequal-04.xls
2014-09-02 18:09 - 2014-09-02 18:08 - 00895120 _____ (Google Inc.) C:\Users\Sean\Downloads\ChromeSetup (3).exe
2014-08-28 17:16 - 2014-08-28 17:16 - 00000000 ____D () C:\Windows\SysWOW64\20-20 Technologies
2014-08-28 17:14 - 2014-03-11 09:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-28 17:14 - 2010-05-07 21:22 - 00000000 ____D () C:\Users\Sean\AppData\Roaming\Mozilla
2014-08-28 07:55 - 2014-04-05 21:30 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-08-28 03:26 - 2009-07-13 18:45 - 05107912 _____ () C:\Windows\system32\FNTCACHE.DAT
 
Some content of TEMP:
====================
C:\Users\Sean\AppData\Local\Temp\autorun.dll
C:\Users\Sean\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpckpqqd.dll
C:\Users\Sean\AppData\Local\Temp\fwfo.dll
C:\Users\Sean\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-16 00:58
 
==================== End Of Log ============================

 

Attached Files



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:59 AM

Posted 25 September 2014 - 09:02 AM

As seen here your lsass.exe files was compromised.
R2 EFS; C:\Windows\SysWOW64\lsass.exe [0 2013-11-21] () [File not signed]
It's not signed and has zero byte.
===

Run the Farbar tool and paste the following filename in bold lsass.exe in the Search box.
Click the Search button.

Post the result in your next post.

===

Run this fix also.

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
Winlogon\Notify\VESWinlogon-x32: VESWinlogon.dll [X]
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR Extension: (PriceBlink) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoiidodopnnhiflaflbfeblnojefhigh [2014-09-24]
CHR Extension: (Honey) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2013-02-05]
CHR Extension: (Mail Checker Plus for Google Mail) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\gffjhibehnempbkeheiccaincokdjbfe [2010-10-13]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
R3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
C:\Users\Sean\AppData\Local\Temp\autorun.dll
C:\Users\Sean\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpckpqqd.dll
C:\Users\Sean\AppData\Local\Temp\fwfo.dll
Task: {15D79B9D-2A57-45CC-A19A-B0652F53CF5E} - \{3CF3898C-7B20-40C3-8827-F19480AC7311} No Task File <==== ATTENTION
Task: {C280B1AB-6EFB-40B4-B004-FCEC9CEEC05B} - \{ECAC64E1-42B0-4BDB-981C-AA73DFE4F6F6} No Task File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:862BDB1A
End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.

Wait for further instructions.

#7 bugnut

bugnut
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 25 September 2014 - 12:24 PM

Thanks again for all your help. I was able to get Kaspersky installed by running in admin mode. I thought I tried that before unsuccessfully but I cant be sure. In any case, it appears I have some other issues that you're finding, so thank you for helping me clean it out. I know I had an issue previously having to do with google drive, dropbox and a .dll file, I was never able to fix it but found a workaround for it. 

 

 

Search.txt info:

 

Farbar Recovery Scan Tool (x64) Version: 25-09-2014 01
Ran by Sean at 2014-09-25 06:51:15
Running from C:\Users\Sean\Downloads
Boot Mode: Normal
 
================== Search Files: "lsass.exe" =============
 
C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22736_none_04e678d68c96e399\lsass.exe
[2014-05-15 09:15][2014-04-11 16:31] 0031232 ____A (Microsoft Corporation) 6598EBC4D209318EBD81F76833ECBEDB [File is signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22705_none_0505e8508c7f766f\lsass.exe
[2014-07-10 07:51][2014-05-29 22:00] 0031232 ____A (Microsoft Corporation) 04F6C08B30C599D301CE8530A6F6A703 [File is signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22653_none_04cdd63a8ca9d24f\lsass.exe
[2014-05-15 09:15][2014-04-11 16:31] 0031232 ____A (Microsoft Corporation) 6598EBC4D209318EBD81F76833ECBEDB [File is signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_04c1204e8cb39c3f\lsass.exe
[2012-01-24 11:06][2011-11-16 20:20] 0031232 ____A (Microsoft Corporation) 0A10B74FBB437FF9A23F1D5DE4446A83 [File is signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18526_none_0467aa1173712ab7\lsass.exe
[2014-05-15 09:15][2014-04-11 16:19] 0031232 ____A (Microsoft Corporation) 204F3F58212B3E422C90BD9691A2DF28 [File is signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18489_none_0429c981739f213b\lsass.exe
[2014-07-10 07:51][2014-05-29 22:07] 0031232 ____A (Microsoft Corporation) F23812F9F7B130854E4BC0389F7C688C [File is signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18443_none_044f07757384196d\lsass.exe
[2014-05-15 09:15][2014-04-11 16:19] 0031232 ____A (Microsoft Corporation) 204F3F58212B3E422C90BD9691A2DF28 [File is signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_0466c45b7371f20d\lsass.exe
[2012-01-24 11:06][2011-11-16 20:33] 0031232 ____A (Microsoft Corporation) C118A82CD78818C29AB228366EBF81C3 [File is signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_04709031736ac277\lsass.exe
[2009-07-13 13:20][2009-07-13 15:39] 0031232 ____A (Microsoft Corporation) 0793F40B9B8A1BDD266296409DBD91EA [File is signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.21092_none_02bb2a0a8fa4d398\lsass.exe
[2012-01-24 11:06][2011-11-16 20:42] 0031232 ____A (Microsoft Corporation) D21BD47E528CD62E79311FB5DF0150E6 [File is signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16915_none_028b374176436a30\lsass.exe
[2012-01-24 11:06][2011-11-16 21:05] 0031232 ____A (Microsoft Corporation) 156F6159457D0AA7E59B62681B56EB90 [File is signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_023f7c69767c3edd\lsass.exe
[2009-07-13 13:20][2009-07-13 15:39] 0031232 ____A (Microsoft Corporation) 0793F40B9B8A1BDD266296409DBD91EA [File is signed]
 
C:\Windows\SysWOW64\lsass.exe
[2013-11-21 19:33][2013-11-21 19:33] 0000000 ____A () 
 
C:\Windows\System32\lsass.exe
[2014-05-15 09:15][2014-04-11 16:19] 0031232 ____A (Microsoft Corporation) 204F3F58212B3E422C90BD9691A2DF28 [File is signed]
 
C:\Windows\SoftwareDistribution\Download\07ccc227213ac080954cc1fc7c451e72\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22099_none_04a88ce28cc4eb33\lsass.exe
[2013-05-24 13:47][2012-08-24 07:43] 0031232 ____A (Microsoft Corporation) 77119F1F9B492B260030C34F9BE327FA
 
C:\Windows\erdnt\cache64\lsass.exe
[2013-06-08 14:15][2011-11-16 20:33] 0031232 ____A (Microsoft Corporation) C118A82CD78818C29AB228366EBF81C3 [File is signed]
 
====== End Of Search ======
 
 
Fixlog info:
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-09-2014 01
Ran by Sean at 2014-09-25 07:02:07 Run:1
Running from C:\Users\Sean\Downloads
Loaded Profile: Sean (Available profiles: Sean)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
Winlogon\Notify\VESWinlogon-x32: VESWinlogon.dll [X]
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR Extension: (PriceBlink) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoiidodopnnhiflaflbfeblnojefhigh [2014-09-24]
CHR Extension: (Honey) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2013-02-05]
CHR Extension: (Mail Checker Plus for Google Mail) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\gffjhibehnempbkeheiccaincokdjbfe [2010-10-13]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
R3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
C:\Users\Sean\AppData\Local\Temp\autorun.dll
C:\Users\Sean\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpckpqqd.dll
C:\Users\Sean\AppData\Local\Temp\fwfo.dll
Task: {15D79B9D-2A57-45CC-A19A-B0652F53CF5E} - \{3CF3898C-7B20-40C3-8827-F19480AC7311} No Task File <==== ATTENTION
Task: {C280B1AB-6EFB-40B4-B004-FCEC9CEEC05B} - \{ECAC64E1-42B0-4BDB-981C-AA73DFE4F6F6} No Task File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:862BDB1A
End
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp" => Key deleted successfully.
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\VESWinlogon" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9}" => Key deleted successfully.
"HKCR\CLSID\{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9}" => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value deleted successfully.
"HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}" => Key not found.
"HKCR\PROTOCOLS\Handler\skype-ie-addon-data" => Key deleted successfully.
"HKCR\CLSID\{91774881-D725-4E58-B298-07617B9B86A8}" => Key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoiidodopnnhiflaflbfeblnojefhigh => Moved successfully.
C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj => Moved successfully.
C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\gffjhibehnempbkeheiccaincokdjbfe => Moved successfully.
catchme => Service deleted successfully.
cpuz136 => Service stopped successfully.
cpuz136 => Service deleted successfully.
C:\Users\Sean\AppData\Local\Temp\autorun.dll => Moved successfully.
"C:\Users\Sean\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpckpqqd.dll" => File/Directory not found.
C:\Users\Sean\AppData\Local\Temp\fwfo.dll => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{15D79B9D-2A57-45CC-A19A-B0652F53CF5E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{15D79B9D-2A57-45CC-A19A-B0652F53CF5E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3CF3898C-7B20-40C3-8827-F19480AC7311}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C280B1AB-6EFB-40B4-B004-FCEC9CEEC05B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C280B1AB-6EFB-40B4-B004-FCEC9CEEC05B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{ECAC64E1-42B0-4BDB-981C-AA73DFE4F6F6}" => Key deleted successfully.
C:\ProgramData\TEMP => ":862BDB1A" ADS removed successfully.
 
==== End of Fixlog ====


#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:59 AM

Posted 25 September 2014 - 12:38 PM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.

In Windows 7 and 8.
Press the [Windows Icon + R] and enter "notepad" in the box to open Notepad
 
start

Replace: C:\Windows\erdnt\cache64\lsass.exe C:\Windows\SysWOW64\lsass.exe
REBOOT:

end

Save the files as fixlist.txt in to the same folder as FRST

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

#9 bugnut

bugnut
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 25 September 2014 - 01:53 PM

It is hard to tell right off but it seems like its running a bit better, like its not having to work as hard as it used to.
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-09-2014 01
Ran by Sean at 2014-09-25 07:56:39 Run:2
Running from C:\Users\Sean\Downloads
Loaded Profile: Sean (Available profiles: Sean)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
Replace: C:\Windows\erdnt\cache64\lsass.exe C:\Windows\SysWOW64\lsass.exe
REBOOT:
 
end
*****************
 
C:\Windows\SysWOW64\lsass.exe => Moved successfully.
C:\Windows\erdnt\cache64\lsass.exe copied successfully to C:\Windows\SysWOW64\lsass.exe
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
 
 

 Results of screen317's Security Check version 0.99.87  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Kaspersky Internet Security   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Spybot - Search & Destroy 
 Java 7 Update 60  
 Java™ 6 Update 31  
 Java version out of Date! 
 Adobe Flash Player 15.0.0.152  
 Adobe Reader 9  
 Adobe Reader XI  
 Google Chrome 38.0.2125.77  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
 Kaspersky Lab Kaspersky Internet Security 15.0.1 avp.exe  
 Kaspersky Lab Kaspersky Internet Security 15.0.1 avpui.exe  
 Kaspersky Lab Kaspersky Internet Security 15.0.1 x64 wmi64.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 
 


#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:59 AM

Posted 26 September 2014 - 07:40 AM

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Latest version is Java JRE 7u67.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882


If present remove the old version(s) of Java using the Add/Remove Programs applet.

Java 7 Update 60
Java™ 6 Update 31

===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#11 bugnut

bugnut
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 26 September 2014 - 02:29 PM

Ok, I have uninstalled all the outdated Java and installed the latest from that link.  Strange thing is I dont ever remember having to use "install as admin" for Kaspersky in the past. With that, everything seems to be working ok.  Thanks for helping me clean out my computer. Is there anything else I need to do?



#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:59 AM

Posted 27 September 2014 - 07:40 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users