Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unicoupon and likely More! Infected laptop


  • This topic is locked This topic is locked
13 replies to this topic

#1 Sezneg

Sezneg

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:04:00 AM

Posted 09 November 2014 - 10:14 PM

First, let me thank you for the assistance in advance.

 

It's an older laptop being used by family member for school.  Unicoupon browser extension/virus definitely present along with whatever other nonsense allows it to persist.  Mobogeanie came to the party only recently - likely through a browser redirect, and this is when I first got my eyes on it.

 

DDS.text:

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 9.0.8112.16584  BrowserJavaVersion: 11.25.2
Run by Luis Rivera at 21:00:44 on 2014-11-09
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.2938.1361 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\RtkAudioService.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\dllhost.exe
C:\Windows\system32\gearsec.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Mobogenie\DaemonProcess.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Sony Corporation\SmartWi Connection Utility\CCP.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Sony Corporation\SmartWi Connection Utility\PowerManager.exe
C:\Program Files\Sony Corporation\SmartWi Connection Utility\ThirdPartyAppMgr.exe
C:\Program Files\Sony Corporation\SmartWi Connection Utility\UIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Mobogenie\mgusb.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = www.google.com
uDefault_Page_URL = hxxp://www.sony.com/vaiopeople_f08
mStart Page = www.google.com
mDefault_Page_URL = hxxp://www.sony.com/vaiopeople_f08
BHO: {2EECD738-5844-4a99-B4B6-146BF802613B} - <orphaned>
BHO: unicoupons: {505FFE3C-F5ED-9A90-15C7-EA0D48A00FBF} - 
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.8.0_25\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre1.8.0_25\bin\jp2ssv.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [DAEMON Tools Pro Agent] "c:\program files\daemon tools pro\DTAgent.exe" -autorun
uRun: [Facebook Update] "c:\users\luis rivera\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ISBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"
mRun: [SmartWiHelper] "c:\program files\sony corporation\smartwi connection utility\SmartWiHelper.exe" /WindowsStartup
mRun: [VAIOMyMemCenter] "c:\program files\sony\vaio my memory center\VAIO MyMemCenter.exe" 1
mRun: [VWLASU] "c:\program files\sony\vaio wireless wizard\AutoLaunchWLASU.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [mobilegeni daemon] c:\program files\mobogenie\DaemonProcess.exe
mRun: [Skytel] Skytel.exe
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.8.0_25\bin\jusched.exe"
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{2025EF47-D6D9-40B1-A5CB-C595DE54750D} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{6CB7D6CF-F024-47B7-ADCD-397DC7796FB5} : DHCPNameServer = 205.171.3.65 205.171.2.65
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - 
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll
AppInit_DLLs=  
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\38.0.2125.111\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
.
=============== File Associations ===============
.
ShellExec: VCExporterLaunch.exe: open="c:\program files\sony\vaio vp utilities\VCELaunch.exe" "%1"
.
=============== Created Last 30 ================
.
.
==================== Find3M  ====================
.
.
============= FINISH: 21:01:30.42 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,744 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:00 AM

Posted 14 November 2014 - 10:15 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/555482 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Sezneg

Sezneg
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:04:00 AM

Posted 16 November 2014 - 11:11 AM

Since posting the first logs, I have left the laptop off.  The problem is persistent and I know better than to run some of the tools available without guidance!

 

Here is the updated DDS log:

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 9.0.8112.16584  BrowserJavaVersion: 11.25.2
Run by Luis Rivera at 10:02:50 on 2014-11-16
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.2938.1769 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\RtkAudioService.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\dllhost.exe
C:\Windows\system32\gearsec.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Mobogenie\DaemonProcess.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Sony Corporation\SmartWi Connection Utility\CCP.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Sony Corporation\SmartWi Connection Utility\PowerManager.exe
C:\Program Files\Sony Corporation\SmartWi Connection Utility\ThirdPartyAppMgr.exe
C:\Program Files\Sony Corporation\SmartWi Connection Utility\UIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\RacAgent.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Internet Explorer\IELowutil.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = www.google.com
uDefault_Page_URL = hxxp://www.sony.com/vaiopeople_f08
mStart Page = www.google.com
mDefault_Page_URL = hxxp://www.sony.com/vaiopeople_f08
BHO: {2EECD738-5844-4a99-B4B6-146BF802613B} - <orphaned>
BHO: unicoupons: {505FFE3C-F5ED-9A90-15C7-EA0D48A00FBF} - 
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.8.0_25\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre1.8.0_25\bin\jp2ssv.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [DAEMON Tools Pro Agent] "c:\program files\daemon tools pro\DTAgent.exe" -autorun

Attached Files



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:00 AM

Posted 17 November 2014 - 05:09 PM

Greetings Sezneg and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. While I review our situation please run the below for me.

===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can also find the logfile at C:\AdwCleaner\AdwCleaner.txt
===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • AdwCleaner log
  • Junkware log
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:00 AM

Posted 18 November 2014 - 07:09 PM

Posted on behalf of Sezneg.

 

INCOMING wall of Log Text:

Adware -

# AdwCleaner v4.101 - Report created 17/11/2014 at 18:32:02
# Updated 09/11/2014 by Xplode
# Database : 2014-11-16.1 [Live]
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : Luis Rivera - OWNER-PC
# Running from : C:\Users\Luis Rivera\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\ExxtriaShhoppPeer
Folder Deleted : C:\ProgramData\FlaashCoaupoen
Folder Deleted : C:\ProgramData\PrIinCeCoupon
Folder Deleted : C:\ProgramData\RoyalCCoupon
Folder Deleted : C:\ProgramData\SMaRtCoMMppare
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Software Updater
Folder Deleted : C:\Program Files\Mobogenie
Folder Deleted : C:\Users\Luis Rivera\AppData\Local\Temp\AirInstaller
Folder Deleted : C:\Users\Luis Rivera\AppData\Local\Temp\mt_ffx
Folder Deleted : C:\Users\Luis Rivera\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Luis Rivera\AppData\LocalLow\Smartbar
Folder Deleted : C:\Users\Luis Rivera\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Luis Rivera\AppData\Roaming\SearchProtect
Folder Deleted : C:\Users\Luis Rivera\AppData\Roaming\YourFileDownloader
Folder Deleted : C:\Users\Luis Rivera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
Folder Deleted : C:\Users\Luis Rivera\Documents\Optimizer Pro
Folder Deleted : C:\Users\Owner\AppData\Local\genienext
Folder Deleted : C:\Users\Owner\AppData\Local\Mobogenie
Folder Deleted : C:\Users\Owner\AppData\LocalLow\Smartbar
Folder Deleted : C:\Users\Owner\Documents\Mobogenie
Folder Deleted : C:\Users\Owner\Documents\Optimizer Pro
Folder Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
File Deleted : C:\Users\Luis Rivera\daemonprocess.txt
File Deleted : C:\Users\Owner\daemonprocess.txt
File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal

***** [ Scheduled Tasks ] *****

Task Deleted : Yahoo! Search
Task Deleted : YourFile Update
Task Deleted : Yahoo! Search Udpater

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\babylon.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [BrowserMngrDefaultScope]
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Optimizer Pro v3.2
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Mobogenie.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Key Deleted : HKCU\Software\Classes\keepmysearch
Key Deleted : HKLM\SOFTWARE\Classes\unicoupons.unicoupons
Key Deleted : HKLM\SOFTWARE\Classes\unicoupons.unicoupons.2.0
Key Deleted : HKCU\Software\855d98be66abf45
Key Deleted : HKLM\SOFTWARE\855d98be66abf45
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{505FFE3C-F5ED-9A90-15C7-EA0D48A00FBF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{505FFE3C-F5ED-9A90-15C7-EA0D48A00FBF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{505FFE3C-F5ED-9A90-15C7-EA0D48A00FBF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{505FFE3C-F5ED-9A90-15C7-EA0D48A00FBF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{505FFE3C-F5ED-9A90-15C7-EA0D48A00FBF}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{03836B63-FCEB-4A13-AAD1-7B2C57249788}
Key Deleted : HKCU\Software\BrowserMngr
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\SoftwareUpdater
Key Deleted : HKCU\Software\YourFileDownloader
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\BrowserMngr
Key Deleted : HKLM\SOFTWARE\InstallCore
Key Deleted : HKLM\SOFTWARE\YourFileDownloader
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mobogenie
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37476589-E48E-439E-A706-56189E2ED4C4}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A9F7A981-09A3-C1F7-2D46-1BA20CFDF02F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{8B114619-78B7-1CFF-55EF-74266954F883}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Mobogenie
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mysearchdial
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Software Updater_is1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Yahoo! Search
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\YourFileDownloader
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{37476589-E48E-439E-A706-56189E2ED4C4}_is1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A9F7A981-09A3-C1F7-2D46-1BA20CFDF02F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\dsrlte.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mysearchdial.com

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16592


-\\ Google Chrome v38.0.2125.111

[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : bopakagnckmlgajfccecajhnimjiiedh
[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : lifbcibllhkdhoafpjfnlhfpfgnpldfl

*************************

AdwCleaner[R0].txt - [10402 octets] - [17/11/2014 18:22:26]
AdwCleaner[R1].txt - [10463 octets] - [17/11/2014 18:30:09]
AdwCleaner[S0].txt - [10477 octets] - [17/11/2014 18:32:02]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10538 octets] ##########

Junkware Log -

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.9 (11.15.2014:2)
OS: Windows Vista ™ Home Premium x86
Ran by Luis Rivera on Mon 11/17/2014 at 18:37:45.85
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\util bizzybolt



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\ProgramData\ApoptOOU
Successfully deleted: [Folder] C:\ProgramData\BetTTerrPrICeChec
Successfully deleted: [Folder] C:\ProgramData\dOOwnloaditkoeeep
Successfully deleted: [Folder] "C:\Users\Luis Rivera\Local Settings\Application Data\cre"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 11/17/2014 at 18:41:04.19
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST -

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-11-2014
Ran by Luis Rivera (administrator) on OWNER-PC on 17-11-2014 18:43:15
Running from C:\Users\Luis Rivera\Desktop
Loaded Profile: Luis Rivera (Available profiles: Owner & Luis Rivera)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Realtek Semiconductor) C:\Windows\RTKAUDIOSERVICE.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(GEAR Software) C:\Windows\System32\gearsec.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(LeapFrog Enterprises, Inc.) C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
(Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(ArcSoft, Inc.) C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
(Sony Corporation) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
(Sony Electronics, Inc.) C:\Program Files\Sony\VAIO Care\VCsystray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Sony Corporation) C:\Program Files\Sony\ISB Utility\ISBMgr.exe
(Sony Electronics, Inc.) C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(LeapFrog Enterprises, Inc.) C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Facebook Inc.) C:\Users\Luis Rivera\AppData\Local\Facebook\Update\FacebookUpdate.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe
() C:\Program Files\Sony Corporation\SmartWi Connection Utility\CCP.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
() C:\Program Files\Sony Corporation\SmartWi Connection Utility\PowerManager.exe
(Sony Electronics, Inc.) C:\Program Files\Sony Corporation\SmartWi Connection Utility\UIManager.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files\Sony Corporation\SmartWi Connection Utility\ThirdPartyAppMgr.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6295552 2008-07-03] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [835584 2007-03-09] (Synaptics, Inc.)
HKLM\...\Run: [ISBMgr.exe] => C:\Program Files\Sony\ISB Utility\ISBMgr.exe [317280 2008-04-03] (Sony Corporation)
HKLM\...\Run: [SmartWiHelper] => C:\Program Files\Sony Corporation\SmartWi Connection Utility\SmartWiHelper.exe [77824 2008-06-27] (Sony Electronics Corporation)
HKLM\...\Run: [VAIOMyMemCenter] => C:\Program Files\Sony\VAIO My Memory Center\VAIO MyMemCenter.exe [679936 2008-02-29] ()
HKLM\...\Run: [VWLASU] => C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe [24576 2008-05-20] (Sony Electronics, Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [413696 2009-01-05] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2008-07-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Monitor] => C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe [106496 2013-11-27] (LeapFrog Enterprises, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => "C:\Program Files\Java\jre1.8.0_25\bin\jusched.exe"
Winlogon\Notify\VESWinlogon: C:\Windows\system32\VESWinlogon.dll (Sony Corporation)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-357452630-412092599-1995466196-1005\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-357452630-412092599-1995466196-1005\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files\DAEMON Tools Pro\DTAgent.exe [3111744 2012-04-26] (DT Soft Ltd)
HKU\S-1-5-21-357452630-412092599-1995466196-1005\...\Run: [Facebook Update] => C:\Users\Luis Rivera\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-08-06] (Facebook Inc.)
HKU\S-1-5-21-357452630-412092599-1995466196-1005\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-357452630-412092599-1995466196-1005\...\MountPoints2: {3661f8af-e55b-11e1-bc28-001dba272cd9} - K:\TLBootstrap_WPP.exe
ShellIconOverlayIdentifiers: [AOLOverlayIcon] -> {AB0C8BE3-041C-47d6-8195-E089D32B38DD} => C:\DDI\overicon.dll (TODO: <Company name>)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-357452630-412092599-1995466196-1005\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-357452630-412092599-1995466196-1005\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople_f08
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople_f08
SearchScopes: HKLM -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
SearchScopes: HKU\S-1-5-21-357452630-412092599-1995466196-1005 -> DefaultScope {03836B63-FCEB-4A13-AAD1-7B2C57249788} URL =
BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-357452630-412092599-1995466196-1005: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Luis Rivera\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-02-11]

Chrome:
=======
CHR Profile: C:\Users\Luis Rivera\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Luis Rivera\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-05]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Luis Rivera\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-09]
CHR Extension: (YouTube) - C:\Users\Luis Rivera\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-05]
CHR Extension: (Google Search) - C:\Users\Luis Rivera\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-05]
CHR Extension: (Google Wallet) - C:\Users\Luis Rivera\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-09]
CHR Extension: (Gmail) - C:\Users\Luis Rivera\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-05]
CHR HKLM\...\Chrome\Extension: [fdeikhckcedpnofpmfaakfhppidegbcp] - C:\Users\Luis Rivera\AppData\Local\CRE\fdeikhckcedpnofpmfaakfhppidegbcp.crx []
CHR HKLM\...\Chrome\Extension: [hhepndnhfbdjmegechokkbabcphcihdi] - C:\Users\Luis Rivera\AppData\Local\CRE\hhepndnhfbdjmegechokkbabcphcihdi.crx []

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 gearsec; C:\Windows\system32\gearsec.exe [58952 2005-11-30] (GEAR Software)
R2 LeapFrog Connect Device Service; C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe [7393280 2013-11-27] (LeapFrog Enterprises, Inc.) [File not signed]
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
S3 MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [53248 2008-05-20] (Sony Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
S3 MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [7520337 2002-12-17] (Microsoft Corporation) [File not signed]
S3 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [66112 2002-12-17] (Microsoft Corporation) [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
S3 PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [53248 2008-05-20] (Sony Corporation) [File not signed]
R2 QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [20480 2007-11-12] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2007-05-24] (Intuit Inc.) [File not signed]
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
S3 SOHCImp; C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe [103712 2008-05-20] (Sony Corporation)
S3 SOHDms; C:\Program Files\Sony\VAIO Media plus\SOHDms.exe [353568 2008-05-20] (Sony Corporation)
S3 SOHDs; C:\Program Files\Sony\VAIO Media plus\SOHDs.exe [62752 2008-05-20] (Sony Corporation)
S3 SPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [77824 2008-05-20] (Sony Corporation) [File not signed]
S3 SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [311872 2002-12-17] (Microsoft Corporation) [File not signed]
R2 uCamMonitor; C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe [104960 2008-03-25] (ArcSoft, Inc.)
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [73728 2008-05-22] (Sony Corporation) [File not signed]
R2 VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [182112 2008-07-15] (Sony Corporation)
R2 VAIO Power Management; C:\Program Files\Sony\VAIO Power Management\SPMService.exe [411488 2008-06-19] (Sony Corporation)
R2 VCFw; C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [415744 2008-06-20] (Sony Corporation) [File not signed]
R2 VcmIAlzMgr; C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [337184 2008-06-12] (Sony Corporation)
R3 Vcsw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [279848 2008-06-19] (Sony Corporation)
R2 VzCdbSvc; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [192512 2008-05-22] (Sony Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [17408 2008-01-30] (ArcSoft, Inc.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2012-05-29] (DT Soft Ltd)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [477240 2012-05-31] (Duplex Secure Ltd.)
U3 ae25apjy; C:\Windows\system32\Drivers\ae25apjy.sys [0 ] (Microsoft Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S4 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-17 18:43 - 2014-11-17 18:43 - 00018653 _____ () C:\Users\Luis Rivera\Desktop\FRST.txt
2014-11-17 18:43 - 2014-11-17 18:43 - 00000000 ____D () C:\FRST
2014-11-17 18:42 - 2014-11-17 18:42 - 01108992 _____ (Farbar) C:\Users\Luis Rivera\Desktop\FRST.exe
2014-11-17 18:41 - 2014-11-17 18:41 - 00001056 _____ () C:\Users\Luis Rivera\Desktop\JRT.txt
2014-11-17 18:37 - 2014-11-17 18:37 - 00000000 ____D () C:\Windows\ERUNT
2014-11-17 18:36 - 2014-11-17 18:36 - 01707532 _____ (Thisisu) C:\Users\Luis Rivera\Downloads\JRT.exe
2014-11-17 18:36 - 2014-11-17 18:36 - 01707532 _____ (Thisisu) C:\Users\Luis Rivera\Downloads\JRT (1).exe
2014-11-17 18:22 - 2014-11-17 18:32 - 00000000 ____D () C:\AdwCleaner
2014-11-17 18:21 - 2014-11-17 18:21 - 02140160 _____ () C:\Users\Luis Rivera\Downloads\AdwCleaner.exe
2014-11-17 03:16 - 2014-10-09 19:01 - 00449536 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-17 03:16 - 2014-10-09 19:00 - 01259008 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-17 03:16 - 2014-10-09 19:00 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-17 03:16 - 2014-10-09 17:22 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-17 03:15 - 2014-08-26 18:55 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-17 03:15 - 2014-08-26 18:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-17 03:14 - 2014-09-18 18:50 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-17 03:13 - 2014-10-23 19:04 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-17 03:12 - 2014-08-11 20:25 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-17 03:11 - 2014-10-17 19:08 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-17 03:11 - 2014-10-02 19:18 - 00274432 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-17 03:11 - 2014-10-02 19:17 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-17 03:11 - 2014-10-02 19:17 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-17 03:11 - 2014-10-02 19:17 - 00170496 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-17 03:00 - 2014-10-12 17:34 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-16 10:19 - 2014-10-27 13:10 - 12366848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-16 10:19 - 2014-10-27 13:05 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-16 10:19 - 2014-10-27 13:02 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-16 10:19 - 2014-10-27 12:59 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-16 10:19 - 2014-10-27 12:59 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-16 10:19 - 2014-10-27 12:58 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-16 10:19 - 2014-10-27 12:57 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-11-16 10:19 - 2014-10-27 12:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-16 10:19 - 2014-10-27 12:56 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-16 10:19 - 2014-10-27 12:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-11-16 10:19 - 2014-10-27 12:56 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-16 10:19 - 2014-10-27 12:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-16 10:19 - 2014-10-27 12:56 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-16 10:19 - 2014-10-27 12:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-16 10:19 - 2014-10-27 12:55 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-16 10:19 - 2014-10-27 12:55 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-16 10:19 - 2014-10-27 12:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-16 10:19 - 2014-10-27 12:55 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-11-16 10:19 - 2014-10-27 12:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-11-16 10:19 - 2014-10-27 12:55 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-11-16 10:19 - 2014-10-27 12:54 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-09 21:01 - 2014-11-16 10:04 - 00009524 _____ () C:\Users\Luis Rivera\Desktop\dds.txt
2014-11-09 21:01 - 2014-11-16 10:04 - 00001533 _____ () C:\Users\Luis Rivera\Desktop\attach.txt
2014-11-09 20:59 - 2014-11-09 20:59 - 00688992 ____R (Swearware) C:\Users\Luis Rivera\Downloads\dds.com
2014-11-09 16:17 - 2014-11-09 13:23 - 00146432 _____ (Oracle Corporation) C:\Windows\system32\javacpl.cpl
2014-11-09 13:19 - 2014-11-09 13:19 - 00638888 _____ (Oracle Corporation) C:\Users\Luis Rivera\Downloads\chromeinstall-8u25.exe
2014-11-09 13:16 - 2014-11-09 13:16 - 00001973 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-09 13:16 - 2014-11-09 13:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-11-09 13:13 - 2014-11-17 18:33 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-09 13:13 - 2014-11-17 18:18 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-09 13:05 - 2014-11-09 13:05 - 00000004 _____ () C:\Users\Luis Rivera\AppData\Roaming\appdataFr2.bin
2014-10-22 21:11 - 2014-11-09 12:17 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-22 20:58 - 2014-10-22 20:58 - 00000915 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-22 20:58 - 2014-10-22 20:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-22 20:58 - 2014-10-22 20:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-22 20:58 - 2014-10-22 20:58 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-10-22 20:58 - 2014-10-01 10:11 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-22 20:58 - 2014-10-01 10:11 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-22 20:58 - 2014-10-01 10:11 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-22 20:39 - 2014-11-09 13:23 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-22 20:36 - 2014-11-09 13:23 - 00272296 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-10-22 20:35 - 2014-11-09 13:23 - 00176552 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-10-22 20:35 - 2014-11-09 13:23 - 00176552 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-10-22 20:35 - 2014-11-09 13:23 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-10-22 20:30 - 2014-10-22 20:35 - 00004673 _____ () C:\Windows\system32\jupdate-1.7.0_71-b14.log
2014-10-22 20:24 - 2014-10-22 20:31 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Luis Rivera\Downloads\mbam-setup-2.0.3.1025.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-17 18:40 - 2012-02-09 17:20 - 00000430 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{25094559-A63E-42C8-B539-7D984A474FD5}.job
2014-11-17 18:40 - 2009-03-05 14:01 - 00000418 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{54B4FA4C-D751-4F78-B22C-945F1D26DA47}.job
2014-11-17 18:40 - 2006-11-02 04:33 - 00809526 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-17 18:39 - 2008-12-30 09:44 - 01233070 _____ () C:\Windows\WindowsUpdate.log
2014-11-17 18:33 - 2008-01-20 20:47 - 02621346 _____ () C:\Windows\PFRO.log
2014-11-17 18:33 - 2006-11-02 07:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-17 18:33 - 2006-11-02 06:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-17 18:33 - 2006-11-02 06:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-17 18:33 - 2006-11-02 05:18 - 00000000 ____D () C:\Windows\Registration
2014-11-17 18:32 - 2009-04-20 13:35 - 00000000 ____D () C:\Users\Luis Rivera
2014-11-17 18:32 - 2008-12-30 09:50 - 00000000 ____D () C:\Users\Owner
2014-11-17 18:32 - 2006-11-02 07:01 - 00032600 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-17 18:12 - 2012-08-05 01:39 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-17 16:15 - 2012-08-06 20:10 - 00000952 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-357452630-412092599-1995466196-1005UA.job
2014-11-17 03:52 - 2006-11-02 05:18 - 00000000 ____D () C:\Windows\rescache
2014-11-17 03:42 - 2006-11-02 05:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-11-17 03:36 - 2006-11-02 06:47 - 00418520 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-17 03:15 - 2008-08-20 13:16 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-17 03:09 - 2013-12-11 18:38 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-17 03:02 - 2006-11-02 04:24 - 100445232 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-11-16 22:15 - 2012-08-06 20:10 - 00000930 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-357452630-412092599-1995466196-1005Core.job
2014-11-16 10:12 - 2012-08-05 01:39 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-11-16 10:12 - 2012-08-05 01:39 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-11-09 20:38 - 2014-03-30 13:21 - 00000000 ____D () C:\Users\Luis Rivera\AppData\Roaming\MP3Rocket
2014-11-09 20:29 - 2012-05-28 20:38 - 00000000 ____D () C:\Program Files\BitComet
2014-11-09 16:17 - 2008-08-01 14:53 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-11-09 13:22 - 2008-08-01 14:53 - 00000000 ____D () C:\Program Files\Java
2014-11-09 13:16 - 2014-07-02 17:29 - 00000000 ____D () C:\Program Files\Google
2014-11-09 13:13 - 2011-12-11 17:50 - 00000000 ____D () C:\Users\Luis Rivera\AppData\Local\Deployment
2014-11-09 13:13 - 2011-12-11 17:50 - 00000000 ____D () C:\Users\Luis Rivera\AppData\Local\Apps\2.0
2014-11-03 20:12 - 2006-11-02 06:37 - 00000000 ____D () C:\Windows\ShellNew
2014-10-30 05:24 - 2010-03-04 19:45 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-28 15:53 - 2012-05-26 19:54 - 00000000 ____D () C:\Users\Luis Rivera\AppData\Roaming\Skype
2014-10-23 18:21 - 2006-11-02 05:18 - 00000000 ____D () C:\Windows\tapi
2014-10-23 17:40 - 2006-11-02 04:23 - 00000394 _____ () C:\Windows\win.ini
2014-10-23 17:33 - 2014-01-31 02:58 - 00000000 ____D () C:\ProgramData\DocsConnvuerteR
2014-10-22 21:17 - 2014-01-31 02:58 - 00000000 ____D () C:\ProgramData\glhmbkgdilcmbmokhfmobmcifmddbfjf
2014-10-22 20:57 - 2009-02-15 09:17 - 00000000 ____D () C:\ProgramData\Symantec
2014-10-22 20:57 - 2009-02-15 09:17 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-10-21 11:46 - 2006-11-02 06:52 - 00085888 _____ () C:\Windows\setupact.log

Some content of TEMP:
====================
C:\Users\Luis Rivera\AppData\Local\Temp\95F9_Upgrader.exe
C:\Users\Luis Rivera\AppData\Local\Temp\air1786.exe
C:\Users\Luis Rivera\AppData\Local\Temp\air1796.exe
C:\Users\Luis Rivera\AppData\Local\Temp\air1B74.exe
C:\Users\Luis Rivera\AppData\Local\Temp\air1CF3.exe
C:\Users\Luis Rivera\AppData\Local\Temp\air2117.exe
C:\Users\Luis Rivera\AppData\Local\Temp\air2509.exe
C:\Users\Luis Rivera\AppData\Local\Temp\air26B3.exe
C:\Users\Luis Rivera\AppData\Local\Temp\air31F1.exe
C:\Users\Luis Rivera\AppData\Local\Temp\air32C.exe
C:\Users\Luis Rivera\AppData\Local\Temp\air367B.exe
C:\Users\Luis Rivera\AppData\Local\Temp\air384F.exe
C:\Users\Luis Rivera\AppData\Local\Temp\air3A47.exe
C:\Users\Luis Rivera\AppData\Local\Temp\air3BD8.exe
C:\Users\Luis Rivera\AppData\Local\Temp\air4F36.exe
C:\Users\Luis Rivera\AppData\Local\Temp\air6F0.exe
C:\Users\Luis Rivera\AppData\Local\Temp\air7B7E.exe
C:\Users\Luis Rivera\AppData\Local\Temp\air839B.exe
C:\Users\Luis Rivera\AppData\Local\Temp\air8438.exe
C:\Users\Luis Rivera\AppData\Local\Temp\air9C01.exe
C:\Users\Luis Rivera\AppData\Local\Temp\air9C20.exe
C:\Users\Luis Rivera\AppData\Local\Temp\airA86F.exe
C:\Users\Luis Rivera\AppData\Local\Temp\airA934.exe
C:\Users\Luis Rivera\AppData\Local\Temp\airA96.exe
C:\Users\Luis Rivera\AppData\Local\Temp\airADF.exe
C:\Users\Luis Rivera\AppData\Local\Temp\airB02C.exe
C:\Users\Luis Rivera\AppData\Local\Temp\airB323.exe
C:\Users\Luis Rivera\AppData\Local\Temp\airD51A.exe
C:\Users\Luis Rivera\AppData\Local\Temp\airE789.exe
C:\Users\Luis Rivera\AppData\Local\Temp\airEFB5.exe
C:\Users\Luis Rivera\AppData\Local\Temp\airF509.exe
C:\Users\Luis Rivera\AppData\Local\Temp\airFE34.exe
C:\Users\Luis Rivera\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\Luis Rivera\AppData\Local\Temp\htmlayout.dll
C:\Users\Luis Rivera\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Luis Rivera\AppData\Local\Temp\Quarantine.exe
C:\Users\Luis Rivera\AppData\Local\Temp\Sqlite3.dll
C:\Users\Luis Rivera\AppData\Local\Temp\Upgrader.exe
C:\Users\Luis Rivera\AppData\Local\Temp\wmpfirefoxplugin.exe
C:\Users\Owner\AppData\Local\Temp\gah_newver.exe
C:\Users\Owner\AppData\Local\Temp\ose00000.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-17 18:40

==================== End Of Log ============================

Addition -

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 17-11-2014
Ran by Luis Rivera at 2014-11-17 18:44:40
Running from C:\Users\Luis Rivera\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Disabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Reader X (10.1.8) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.8 - Adobe Systems Incorporated)
ApoptOOU (HKLM\...\{01B91C29-337A-1FFD-7CFC-473451D2F861}) (Version:  - AApptOU) <==== ATTENTION
Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft Magic-i Visual Effects (HKLM\...\{7BB90344-0647-468E-925A-7F69F7983421}) (Version:  - ArcSoft)
ArcSoft WebCam Companion 2 (HKLM\...\{9973498D-EA29-4A68-BE0B-C88D6E03E928}) (Version:  - ArcSoft)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Click to Disc (HKLM\...\{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}) (Version: 1.2.00.06190 - Sony Corporation)
Click to Disc (Version: 1.2.00.06190 - Sony Corporation) Hidden
Click to Disc Editor (HKLM\...\InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}) (Version: 1.2.00 - Sony Corporation)
Click to Disc Editor (Version: 1.2.00 - Sony Corporation) Hidden
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
DAEMON Tools Pro (HKLM\...\DAEMON Tools Pro) (Version: 5.1.0.0333 - DT Soft Ltd)
DocsConnvuerteR (HKLM\...\{EB0033B6-A734-7BFF-72E7-A3910B2566B5}) (Version:  - DoccsConvveerter)
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Google Chrome (HKLM\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden
HDAUDIO SoftV92 Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200) (Version:  - )
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.710 - Oracle)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
LeapFrog Connect (HKLM\...\UPCShell) (Version: 5.2.4.18506 - LeapFrog)
LeapFrog Connect (Version: 5.2.4.18506 - LeapFrog) Hidden
LeapFrog My Pals Plugin (Version: 5.1.26.18340 - LeapFrog) Hidden
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Compact Framework 2.0 SP1 (HKLM\...\{625386A4-B6B6-4911-A6E8-23189C3F2D15}) (Version: 2.0.6129 - Microsoft Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_SMALLBUSINESS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_SMALLBUSINESS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0019-0409-0000-0000000FF1CE}_SMALLBUSINESS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_SMALLBUSINESS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESS_{98333358-268C-4164-B6D4-C96DF5153727}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Small Business 2007 (HKLM\...\SMALLBUSINESS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR) (HKLM\...\{E09B48B5-E141-427A-AB0C-D3605127224A}) (Version: 8.00.761 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Works (HKLM\...\{67E03279-F703-408F-B4BF-46B5FC8D70CD}) (Version: 9.7.0621 - Microsoft Corporation)
MixMeister BPM Analyzer 1.0 (HKLM\...\MixMeister BPM Analyzer_is1) (Version:  - MixMeister Technology LLC)
MixMeister Fusion Demo (HKLM\...\{6DDB8CC8-3F13-4E72-8203-51AA081E7DE0}) (Version: 7.0.2.0 - MixMeister Technology)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Music Transfer (HKLM\...\{CE2121C6-C94D-4A73-8EA4-6943F33EE335}) (Version: 1.2.00.17290 - Sony Corporation)
Napster (HKLM\...\{BBBCAE4B-B416-4182-A6F2-438180894A81}) (Version: 4.5.1.1 - Napster)
Napster Burn Engine (Version: 3.5.0000 - Roxio) Hidden
OpenMG Secure Module (Version: 5.1.00.05200 - Sony Corporation) Hidden
OpenMG Secure Module 5.1.00 (HKLM\...\InstallShield_{C1083DBC-C541-4E8C-91EA-D92397AB9A2C}) (Version: 5.1.00.05200 - Sony Corporation)
PDF reDirect (remove only) (HKLM\...\PDF reDirect) (Version: v2.5.2 - EXP Systems LLC)
Primo (Version: 1.00.0000 - Your Company Name) Hidden
QuickBooks Simple Start 2008 (HKLM\...\{8ECB8220-F419-4BEB-9596-97033C533702}) (Version: 18.0.4003.606 - Intuit Inc.)
QuickTime (HKLM\...\{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}) (Version: 7.60.92.0 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5653 - Realtek Semiconductor Corp.)
Roxio Easy Media Creator 10 LJ (HKLM\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.1 - Roxio)
Safari (HKLM\...\{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}) (Version: 5.31.21.10 - Apple Inc.)
Setting Utility Series (HKLM\...\{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}) (Version: 4.1.00.07290 - Sony Corporation)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SmartWi Connection Utility (HKLM\...\{9B5F85CA-90D4-4AFC-BB37-32477FD0D2B9}) (Version: 4.4.0.20080627.1647 - Sony Corporation)
Snap.Do (HKLM\...\{345DE681-9D24-4BAD-BB65-C065A3BF3B09}) (Version: 10.211.1.13850 - ReSoft Ltd.) <==== ATTENTION
Sony ACID Pro 6.0 (HKLM\...\{C2714A90-DE36-4C69-9B89-E43ACD8C0235}) (Version: 6.0.263 - Sony)
Sony Media Manager 2.1 (HKLM\...\{DD10F763-CDF6-46CD-9254-C8CE5E91B53E}) (Version: 2.1.248 - Sony)
Sony Picture Utility (HKLM\...\{D5068583-D569-468B-9755-5FBF5848F46F}) (Version: 3.2.02.06170 - Sony Corporation)
Sony Video Shared Library (HKLM\...\{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}) (Version: 3.4.00 - Sony Corporation)
SupportSoft Assisted Service (HKLM\...\{5A3F6A80-7913-475E-8B96-477A952CFA43}) (Version: 15 - SupportSoft)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 9.1.13.0 - Synaptics)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Use the entry named LeapFrog Connect to uninstall (LeapFrog My Pals Plugin) (HKLM\...\MyPalsPlugin) (Version:  - LeapFrog)
VAIO Care (HKLM\...\{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}) (Version: 1.00.0813 - Sony)
VAIO Content Folder Setting (HKLM\...\{23825B69-36DF-4DAD-9CFD-118D11D80F16}) (Version: 2.0.00.17290 - Sony Corporation)
VAIO Content Metadata Intelligent Analyzing Manager (HKLM\...\{FD72E69E-CF34-4071-BFD6-FD081A365E2C}) (Version: 3.2.00.06115 - Sony Corporation)
VAIO Content Metadata Intelligent Analyzing Manager (Version: 3.2.00.06115 - Sony Corporation) Hidden
VAIO Content Metadata Manager Setting (HKLM\...\{FE697886-F392-4E0D-A0C0-47587BF60992}) (Version: 3.2.00.06062 - Sony Corporation)
VAIO Content Metadata Manager Setting (Version: 3.2.00.06062 - Sony Corporation) Hidden
VAIO Content Metadata XML Interface Library (HKLM\...\{CB8A8696-93EC-414E-A752-850AB133F68A}) (Version: 3.2.00.06112 - Sony Corporation)
VAIO Content Metadata XML Interface Library (Version: 3.2.00.06112 - Sony Corporation) Hidden
VAIO Control Center (HKLM\...\{72042FA6-5609-489F-A8EA-3C2DD650F667}) (Version: 3.1.00.07110 - Sony Corporation)
VAIO Data Restore Tool (HKLM\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.0.04.01170 - Sony Corporation)
VAIO DVD Menu Data Basic (HKLM\...\{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}) (Version: 1.0.00.08130 - Sony Corporation)
VAIO Entertainment Platform (HKLM\...\{6B1F20F2-6321-4669-A58C-33DF8E7517FF}) (Version: 3.2.00.06200 - Sony Corporation)
VAIO Entertainment Platform (Version: 3.2.00.06200 - Sony Corporation) Hidden
VAIO Event Service (HKLM\...\{C7477742-DDB4-43E5-AC8D-0259E1E661B1}) (Version: 4.1.00.07150 - Sony Corporation)
VAIO Help and Support (HKLM\...\{D47FE987-EA3D-424B-9886-B752501D7CE7}) (Version: 6.00.0805.NS - Sony Corporation)
VAIO Launcher (HKLM\...\{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}) (Version: 2.1.00.06130 - Sony Corporation)
VAIO Media plus (HKLM\...\{1316AEF2-E086-46C7-B1FB-8C9A39A2ABF9}) (Version: 1.1.00.05240 - Sony Corporation)
VAIO Media plus (Version: 1.1.00.05240 - Sony Corporation) Hidden
VAIO Movie Story (HKLM\...\{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}) (Version: 1.3.00.06240 - Sony Corporation)
VAIO Movie Story (Version: 1.3.00.06240 - Sony Corporation) Hidden
VAIO Movie Story Template Data (HKLM\...\{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}) (Version: 1.3.00.06120 - Sony Corporation)
VAIO MusicBox (HKLM\...\{4EA55D20-27FB-45D7-8726-147E8A5F6C62}) (Version: 2.1.00.06110 - Sony Corporation)
VAIO MusicBox Sample Music (HKLM\...\{98FC7A64-774B-49B5-B046-4B4EBC053FA9}) (Version: 1.1.00.14140 - Sony Corporation)
VAIO My Memory Center (HKLM\...\{E1D25278-B51A-4163-BC3D-20A4D2D09F98}) (Version: 1.00.0229 - Sony)
VAIO OOBE and Welcome Center (HKLM\...\{1B500D37-E7CF-480B-8054-8A563594EC4E}) (Version: 6.00.0729.US - Sony Corporation)
VAIO Original Function Setting (HKLM\...\{A63E7492-A0BC-4BB9-89A7-352965222380}) (Version: 1.4.00.04230 - Sony Corporation)
VAIO Power Management (HKLM\...\{5F5867F0-2D23-4338-A206-01A76C823924}) (Version: 3.1.00.06190 - Sony Corporation)
VAIO Presentation Support (HKLM\...\{2018C019-30D9-4240-8C01-0865C10DCF5A}) (Version: 1.0.00.04240 - Sony Corporation)
VAIO Startup Assistant (HKLM\...\{DFD0E9A9-F24A-492B-8975-8C938E32408F}) (Version: 3.00.0731 - Sony)
VAIO Survey (HKLM\...\{34B37A74-125E-4406-87BA-E4BD3D097AE5}) (Version: 6.00.0722 - Sony Corporation)
VAIO Update 4 (HKLM\...\{83CDA18E-0BF3-4ACA-872C-B4CDABF2360E}) (Version: 4.0.0.06110 - Sony Corporation)
VAIO Wallpaper Contents (HKLM\...\{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}) (Version: 1.2.00.05200 - Sony Corporation)
VAIO Wireless Wizard (HKLM\...\{BCED773C-99EE-48DD-8915-25733F69F0A8}) (Version: 1.01.0722 - Sony)
VLC media player 2.0.1 (HKLM\...\VLC media player) (Version: 2.0.1 - VideoLAN)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Live Sign-in Assistant (HKLM\...\{9422C8EA-B0C6-4197-B8FC-DC797658CA00}) (Version: 5.000.818.6 - Microsoft Corporation)
WinDVD for VAIO (HKLM\...\InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}) (Version: 8.0-B9.513 - InterVideo Inc.)
WinDVD for VAIO (Version: 8.0-B9.513 - InterVideo Inc.) Hidden
WinZip 12.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}) (Version: 12.0.8252 - WinZip Computing, S.L. )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-357452630-412092599-1995466196-1005_Classes\CLSID\{01B48E19-3C98-4B34-B679-86D14E74C2D8}\InprocServer32 -> C:\Users\Luis Rivera\AppData\Local\Google\Update\1.3.21.95\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-357452630-412092599-1995466196-1005_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Luis Rivera\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-357452630-412092599-1995466196-1005_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\Luis Rivera\AppData\Local\Google\Update\1.3.21.99\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-357452630-412092599-1995466196-1005_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\Luis Rivera\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-357452630-412092599-1995466196-1005_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\Luis Rivera\AppData\Local\Google\Update\1.3.21.79\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-357452630-412092599-1995466196-1005_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\Luis Rivera\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-357452630-412092599-1995466196-1005_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Luis Rivera\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-357452630-412092599-1995466196-1005_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\Luis Rivera\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)
CustomCLSID: HKU\S-1-5-21-357452630-412092599-1995466196-1005_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Luis Rivera\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-357452630-412092599-1995466196-1005_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\Luis Rivera\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CustomCLSID: HKU\S-1-5-21-357452630-412092599-1995466196-1005_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Luis Rivera\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File

==================== Restore Points  =========================

25-10-2014 05:00:01 Scheduled Checkpoint
28-10-2014 21:50:54 Windows Update
04-11-2014 01:48:38 Windows Update
09-11-2014 18:34:36 Windows Update
16-11-2014 16:16:17 Windows Update
17-11-2014 09:00:31 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 04:23 - 2006-09-18 15:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {13EB4EA2-0E3D-4350-B5E0-99FE381DBDCC} - System32\Tasks\SONY\VAIO Wallpaper Setting Tool\VAIO Wallpaper Setting Tool => C:\Program Files\Sony\VAIO Wallpaper Setting Tool\VWSet.exe [2008-06-27] (Sony Corporation)
Task: {23FDA896-11D7-4F2E-87A6-0A4945939443} - System32\Tasks\{4F5B308C-CA17-4A2A-9524-379E721F0D37} => Chrome.exe http://ui.skype.com/ui/0/6.2.0.106/en/abandoninstall?source=lightinstaller&amp;page=tsProgressBar
Task: {6D25FB2E-C75A-41E1-A9CB-888532CF6A32} - \GreatArcadeHits No Task File <==== ATTENTION
Task: {79F17B9A-CF69-46A9-9FE8-2552CF08AD6C} - System32\Tasks\SONY\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe [2008-06-11] (Sony Corporation)
Task: {8E402FCB-75F6-4440-A3A4-2D109FAD026A} - System32\Tasks\VAIO Care => C:\Program Files\Sony\VAIO Care\VCsystray.exe [2008-08-13] (Sony Electronics, Inc.)
Task: {991A730A-6DAD-453B-A157-0CC6088D9425} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-11-09] (Google Inc.)
Task: {AF28D6EF-1B8C-4C69-BFF0-025C6B2C2737} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-11-09] (Google Inc.)
Task: {B0323480-74FA-4947-822D-2030BE6FD787} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-357452630-412092599-1995466196-1005Core => C:\Users\Luis Rivera\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-06] (Facebook Inc.)
Task: {C52E01C6-E00C-4598-BB76-B06A2465B6BF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-16] (Adobe Systems Incorporated)
Task: {CCD96BC2-E47E-47A1-8333-9FC2991BFDCB} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-357452630-412092599-1995466196-1005UA => C:\Users\Luis Rivera\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-06] (Facebook Inc.)
Task: {D753A23C-5962-46BE-BC58-5944CB6024C6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-357452630-412092599-1995466196-1005Core.job => C:\Users\Luis Rivera\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-357452630-412092599-1995466196-1005UA.job => C:\Users\Luis Rivera\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{25094559-A63E-42C8-B539-7D984A474FD5}.job => C:\Windows\system32\msfeedssync.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{54B4FA4C-D751-4F78-B22C-945F1D26DA47}.job => C:\Windows\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2010-06-06 08:20 - 2010-06-06 08:20 - 00065344 _____ () C:\Windows\System32\PDFreDirectMonNT.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2008-08-01 14:55 - 2008-07-15 19:04 - 00010752 _____ () C:\Program Files\Sony\VAIO Event Service\VESBasePS.dll
2008-08-01 14:55 - 2008-07-15 19:04 - 00009728 _____ () C:\Program Files\Sony\VAIO Event Service\VESMgrSubPS.dll
2008-08-20 13:08 - 2008-06-02 13:37 - 00028672 _____ () C:\Program Files\Sony Corporation\SmartWi Connection Utility\CCP.exe
2008-08-20 13:08 - 2008-06-02 13:37 - 00118784 _____ () C:\Program Files\Sony Corporation\SmartWi Connection Utility\SonyCommonLib.dll
2008-08-20 13:08 - 2008-06-02 13:37 - 00020480 _____ () C:\Program Files\Sony Corporation\SmartWi Connection Utility\DebugMsg.dll
2008-08-20 13:08 - 2008-04-17 01:59 - 00020480 _____ () C:\Program Files\Sony Corporation\SmartWi Connection Utility\Resources.dll
2008-08-20 13:08 - 2008-06-02 13:37 - 00028672 _____ () C:\Program Files\Sony Corporation\SmartWi Connection Utility\SharedInterfaces.dll
2008-08-20 13:08 - 2008-04-17 01:59 - 00028672 _____ () C:\Program Files\Sony Corporation\SmartWi Connection Utility\DictionaryLookup.dll
2008-08-20 13:08 - 2008-04-17 01:59 - 00024576 _____ () C:\Program Files\Sony Corporation\SmartWi Connection Utility\MessageXML.dll
2008-08-20 13:08 - 2008-06-23 13:22 - 00040960 _____ () C:\Program Files\Sony Corporation\SmartWi Connection Utility\PowerManager.exe
2008-08-20 13:08 - 2008-06-02 13:37 - 00016384 _____ () C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.Power.dll
2008-08-20 13:08 - 2008-06-23 13:22 - 00036864 _____ () C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.Generic.dll
2008-08-20 13:08 - 2008-06-23 13:22 - 00040960 _____ () C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.BtPower.dll
2008-08-20 13:08 - 2008-06-23 13:22 - 00016384 _____ () C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.Generic.dll
2008-08-20 13:08 - 2008-06-23 13:22 - 00024576 _____ () C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.NativeWifiThirdPartyApp.dll
2008-08-20 13:08 - 2008-06-23 13:22 - 00024576 _____ () C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.TosBtThirdPartyApp.dll
2008-08-20 13:08 - 2008-06-23 13:22 - 00020480 _____ () C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.WlanPower.dll
2008-08-20 13:08 - 2008-06-23 13:22 - 00016384 _____ () C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.ThirdPartyApp.dll
2008-08-20 13:08 - 2008-04-17 02:00 - 00016384 _____ () C:\Program Files\Sony Corporation\SmartWi Connection Utility\SWGadgetInterface.dll
2008-08-20 13:08 - 2008-06-23 13:22 - 00028672 _____ () C:\Program Files\Sony Corporation\SmartWi Connection Utility\ThirdPartyAppMgr.exe
2014-11-09 13:16 - 2014-10-21 22:04 - 08910664 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\pdf.dll
2014-11-09 13:16 - 2014-10-21 22:04 - 01681224 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:373E1720

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: NetFxUpdate_v1.1.4322 => "C:\Windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe" 1 v1.1.4322 GAC + NI NID

========================= Accounts: ==========================

Administrator (S-1-5-21-357452630-412092599-1995466196-500 - Administrator - Disabled)
ASPNET (S-1-5-21-357452630-412092599-1995466196-1004 - Limited - Enabled)
Guest (S-1-5-21-357452630-412092599-1995466196-501 - Limited - Disabled)
Luis Rivera (S-1-5-21-357452630-412092599-1995466196-1005 - Administrator - Enabled) => C:\Users\Luis Rivera
Owner (S-1-5-21-357452630-412092599-1995466196-1000 - Administrator - Enabled) => C:\Users\Owner

==================== Faulty Device Manager Devices =============

Name: isatap.{6CB7D6CF-F024-47B7-ADCD-397DC7796FB5}
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft ISATAP Adapter #2
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================
Error: (10/02/2009 08:06:52 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 11 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (10/02/2009 08:02:14 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 9 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (10/02/2009 08:01:47 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2 seconds with 0 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2014-11-17 18:44:31.432
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-17 18:44:31.034
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-17 18:44:30.628
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-17 18:44:30.248
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-17 18:44:29.661
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-17 18:44:29.210
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-17 18:44:28.747
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-17 18:44:28.349
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-09 12:27:50.874
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-09 12:27:49.997
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Pentium® Dual CPU T3200 @ 2.00GHz
Percentage of memory in use: 42%
Total physical RAM: 2938.31 MB
Available physical RAM: 1683.35 MB
Total Pagefile: 6100.9 MB
Available Pagefile: 4665.66 MB
Total Virtual: 2047.88 MB
Available Virtual: 1896.29 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:140.16 GB) (Free:62.79 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149.1 GB) (Disk ID: 82594FBE)
Partition 1: (Not Active) - (Size=8.9 GB) - (Type=27)
Partition 2: (Active) - (Size=140.2 GB) - (Type=07 NTFS)

==================== End Of Log ============================


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:00 AM

Posted 18 November 2014 - 07:30 PM

Thank you for the extra effort to provide me with your log information. You can continue that avenue if you are still unable to post on the Topic. I am not sure what is preventing that.

Please consider and do this.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have BitComet installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall BitComet, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL 
SearchScopes: HKU\S-1-5-21-357452630-412092599-1995466196-1005 -> DefaultScope {03836B63-FCEB-4A13-AAD1-7B2C57249788} URL =
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S4 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]
U3 ae25apjy; C:\Windows\system32\Drivers\ae25apjy.sys [0 ] (Microsoft Corporation)
C:\Windows\system32\Drivers\ae25apjy.sys
C:\Users\Luis Rivera\AppData\Local\Temp\95F9_Upgrader.exe
C:\Users\Luis Rivera\AppData\Local\Temp\air1786.exe
C:\Users\Luis Rivera\AppData\Local\Temp\air1796.exe
C:\Users\Luis Rivera\AppData\Local\Temp\air1B74.exe
C:\Users\Luis Rivera\AppData\Local\Temp\air1CF3.exe
C:\Users\Luis Rivera\AppData\Local\Temp\air2117.exe
C:\Users\Luis Rivera\AppData\Local\Temp\air2509.exe
C:\Users\Luis Rivera\AppData\Local\Temp\air26B3.exe
C:\Users\Luis Rivera\AppData\Local\Temp\air31F1.exe
C:\Users\Luis Rivera\AppData\Local\Temp\air32C.exe
C:\Users\Luis Rivera\AppData\Local\Temp\air367B.exe
C:\Users\Luis Rivera\AppData\Local\Temp\air384F.exe
C:\Users\Luis Rivera\AppData\Local\Temp\air3A47.exe
C:\Users\Luis Rivera\AppData\Local\Temp\air3BD8.exe
C:\Users\Luis Rivera\AppData\Local\Temp\air4F36.exe
C:\Users\Luis Rivera\AppData\Local\Temp\air6F0.exe
C:\Users\Luis Rivera\AppData\Local\Temp\air7B7E.exe
C:\Users\Luis Rivera\AppData\Local\Temp\air839B.exe
C:\Users\Luis Rivera\AppData\Local\Temp\air8438.exe
C:\Users\Luis Rivera\AppData\Local\Temp\air9C01.exe
C:\Users\Luis Rivera\AppData\Local\Temp\air9C20.exe
C:\Users\Luis Rivera\AppData\Local\Temp\airA86F.exe
C:\Users\Luis Rivera\AppData\Local\Temp\airA934.exe
C:\Users\Luis Rivera\AppData\Local\Temp\airA96.exe
C:\Users\Luis Rivera\AppData\Local\Temp\airADF.exe
C:\Users\Luis Rivera\AppData\Local\Temp\airB02C.exe
C:\Users\Luis Rivera\AppData\Local\Temp\airB323.exe
C:\Users\Luis Rivera\AppData\Local\Temp\airD51A.exe
C:\Users\Luis Rivera\AppData\Local\Temp\airE789.exe
C:\Users\Luis Rivera\AppData\Local\Temp\airEFB5.exe
C:\Users\Luis Rivera\AppData\Local\Temp\airF509.exe
C:\Users\Luis Rivera\AppData\Local\Temp\airFE34.exe
C:\Users\Luis Rivera\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\Luis Rivera\AppData\Local\Temp\htmlayout.dll
C:\Users\Luis Rivera\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Luis Rivera\AppData\Local\Temp\Quarantine.exe
C:\Users\Luis Rivera\AppData\Local\Temp\Sqlite3.dll
C:\Users\Luis Rivera\AppData\Local\Temp\Upgrader.exe
C:\Users\Luis Rivera\AppData\Local\Temp\wmpfirefoxplugin.exe
C:\Users\Owner\AppData\Local\Temp\gah_newver.exe
C:\Users\Owner\AppData\Local\Temp\ose00000.exe
CustomCLSID: HKU\S-1-5-21-357452630-412092599-1995466196-1005_Classes\CLSID\{01B48E19-3C98-4B34-B679-86D14E74C2D8}\InprocServer32 -> C:\Users\Luis Rivera\AppData\Local\Google\Update\1.3.21.95\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-357452630-412092599-1995466196-1005_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Luis Rivera\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-357452630-412092599-1995466196-1005_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\Luis Rivera\AppData\Local\Google\Update\1.3.21.99\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-357452630-412092599-1995466196-1005_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\Luis Rivera\AppData\Local\Google\Update\1.3.21.79\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-357452630-412092599-1995466196-1005_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Luis Rivera\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-357452630-412092599-1995466196-1005_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Luis Rivera\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-357452630-412092599-1995466196-1005_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Luis Rivera\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
Task: {6D25FB2E-C75A-41E1-A9CB-888532CF6A32} - \GreatArcadeHits No Task File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
Folder: C:\ProgramData\glhmbkgdilcmbmokhfmobmcifmddbfjf
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Uninstalling a Program using Add/Remove Program

--------------------

I recommend the uninstalling of the below listed program(s).
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type appwiz.cpl and press Enter
  • A list of installed programs will be displayed
  • Uninstall the following by clicking on the program(s) below (and any other similar names) and selecting Remove or Uninstall

ApoptOOU
Snap.Do

  • Reboot your computer
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Did the programs uninstall properly?
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Sezneg

Sezneg
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:04:00 AM

Posted 18 November 2014 - 08:23 PM

FRST Fix Log:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 17-11-2014
Ran by Luis Rivera at 2014-11-18 19:15:08 Run:1
Running from C:\Users\Luis Rivera\Desktop
Loaded Profile: Luis Rivera (Available profiles: Owner & Luis Rivera)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL 
SearchScopes: HKU\S-1-5-21-357452630-412092599-1995466196-1005 -> DefaultScope {03836B63-FCEB-4A13-AAD1-7B2C57249788} URL =
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S4 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]
U3 ae25apjy; C:\Windows\system32\Drivers\ae25apjy.sys [0 ] (Microsoft Corporation)
C:\Windows\system32\Drivers\ae25apjy.sys
C:\Users\Luis Rivera\AppData\Local\Temp\95F9_Upgrader.exe
C:\Users\Luis Rivera\AppData\Local\Temp\air1786.exe
C:\Users\Luis Rivera\AppData\Local\Temp\air1796.exe
C:\Users\Luis Rivera\AppData\Local\Temp\air1B74.exe
C:\Users\Luis Rivera\AppData\Local\Temp\air1CF3.exe
C:\Users\Luis Rivera\AppData\Local\Temp\air2117.exe
C:\Users\Luis Rivera\AppData\Local\Temp\air2509.exe
C:\Users\Luis Rivera\AppData\Local\Temp\air26B3.exe
C:\Users\Luis Rivera\AppData\Local\Temp\air31F1.exe
C:\Users\Luis Rivera\AppData\Local\Temp\air32C.exe
C:\Users\Luis Rivera\AppData\Local\Temp\air367B.exe
C:\Users\Luis Rivera\AppData\Local\Temp\air384F.exe
C:\Users\Luis Rivera\AppData\Local\Temp\air3A47.exe
C:\Users\Luis Rivera\AppData\Local\Temp\air3BD8.exe
C:\Users\Luis Rivera\AppData\Local\Temp\air4F36.exe
C:\Users\Luis Rivera\AppData\Local\Temp\air6F0.exe
C:\Users\Luis Rivera\AppData\Local\Temp\air7B7E.exe
C:\Users\Luis Rivera\AppData\Local\Temp\air839B.exe
C:\Users\Luis Rivera\AppData\Local\Temp\air8438.exe
C:\Users\Luis Rivera\AppData\Local\Temp\air9C01.exe
C:\Users\Luis Rivera\AppData\Local\Temp\air9C20.exe
C:\Users\Luis Rivera\AppData\Local\Temp\airA86F.exe
C:\Users\Luis Rivera\AppData\Local\Temp\airA934.exe
C:\Users\Luis Rivera\AppData\Local\Temp\airA96.exe
C:\Users\Luis Rivera\AppData\Local\Temp\airADF.exe
C:\Users\Luis Rivera\AppData\Local\Temp\airB02C.exe
C:\Users\Luis Rivera\AppData\Local\Temp\airB323.exe
C:\Users\Luis Rivera\AppData\Local\Temp\airD51A.exe
C:\Users\Luis Rivera\AppData\Local\Temp\airE789.exe
C:\Users\Luis Rivera\AppData\Local\Temp\airEFB5.exe
C:\Users\Luis Rivera\AppData\Local\Temp\airF509.exe
C:\Users\Luis Rivera\AppData\Local\Temp\airFE34.exe
C:\Users\Luis Rivera\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\Luis Rivera\AppData\Local\Temp\htmlayout.dll
C:\Users\Luis Rivera\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Luis Rivera\AppData\Local\Temp\Quarantine.exe
C:\Users\Luis Rivera\AppData\Local\Temp\Sqlite3.dll
C:\Users\Luis Rivera\AppData\Local\Temp\Upgrader.exe
C:\Users\Luis Rivera\AppData\Local\Temp\wmpfirefoxplugin.exe
C:\Users\Owner\AppData\Local\Temp\gah_newver.exe
C:\Users\Owner\AppData\Local\Temp\ose00000.exe
CustomCLSID: HKU\S-1-5-21-357452630-412092599-1995466196-1005_Classes\CLSID\{01B48E19-3C98-4B34-B679-86D14E74C2D8}\InprocServer32 -> C:\Users\Luis Rivera\AppData\Local\Google\Update\1.3.21.95\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-357452630-412092599-1995466196-1005_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Luis Rivera\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-357452630-412092599-1995466196-1005_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\Luis Rivera\AppData\Local\Google\Update\1.3.21.99\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-357452630-412092599-1995466196-1005_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\Luis Rivera\AppData\Local\Google\Update\1.3.21.79\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-357452630-412092599-1995466196-1005_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Luis Rivera\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-357452630-412092599-1995466196-1005_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Luis Rivera\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-357452630-412092599-1995466196-1005_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Luis Rivera\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
Task: {6D25FB2E-C75A-41E1-A9CB-888532CF6A32} - \GreatArcadeHits No Task File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
Folder: C:\ProgramData\glhmbkgdilcmbmokhfmobmcifmddbfjf
*****************
 
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKU\S-1-5-21-357452630-412092599-1995466196-1005\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
IpInIp => Service deleted successfully.
NwlnkFlt => Service deleted successfully.
NwlnkFwd => Service deleted successfully.
UIUSys => Service deleted successfully.
ae25apjy => Service deleted successfully.
Could not move "C:\Windows\system32\Drivers\ae25apjy.sys" => Scheduled to move on reboot.
C:\Users\Luis Rivera\AppData\Local\Temp\95F9_Upgrader.exe => Moved successfully.
C:\Users\Luis Rivera\AppData\Local\Temp\air1786.exe => Moved successfully.
C:\Users\Luis Rivera\AppData\Local\Temp\air1796.exe => Moved successfully.
C:\Users\Luis Rivera\AppData\Local\Temp\air1B74.exe => Moved successfully.
C:\Users\Luis Rivera\AppData\Local\Temp\air1CF3.exe => Moved successfully.
C:\Users\Luis Rivera\AppData\Local\Temp\air2117.exe => Moved successfully.
C:\Users\Luis Rivera\AppData\Local\Temp\air2509.exe => Moved successfully.
C:\Users\Luis Rivera\AppData\Local\Temp\air26B3.exe => Moved successfully.
C:\Users\Luis Rivera\AppData\Local\Temp\air31F1.exe => Moved successfully.
C:\Users\Luis Rivera\AppData\Local\Temp\air32C.exe => Moved successfully.
C:\Users\Luis Rivera\AppData\Local\Temp\air367B.exe => Moved successfully.
C:\Users\Luis Rivera\AppData\Local\Temp\air384F.exe => Moved successfully.
C:\Users\Luis Rivera\AppData\Local\Temp\air3A47.exe => Moved successfully.
C:\Users\Luis Rivera\AppData\Local\Temp\air3BD8.exe => Moved successfully.
C:\Users\Luis Rivera\AppData\Local\Temp\air4F36.exe => Moved successfully.
C:\Users\Luis Rivera\AppData\Local\Temp\air6F0.exe => Moved successfully.
C:\Users\Luis Rivera\AppData\Local\Temp\air7B7E.exe => Moved successfully.
C:\Users\Luis Rivera\AppData\Local\Temp\air839B.exe => Moved successfully.
C:\Users\Luis Rivera\AppData\Local\Temp\air8438.exe => Moved successfully.
C:\Users\Luis Rivera\AppData\Local\Temp\air9C01.exe => Moved successfully.
C:\Users\Luis Rivera\AppData\Local\Temp\air9C20.exe => Moved successfully.
C:\Users\Luis Rivera\AppData\Local\Temp\airA86F.exe => Moved successfully.
C:\Users\Luis Rivera\AppData\Local\Temp\airA934.exe => Moved successfully.
C:\Users\Luis Rivera\AppData\Local\Temp\airA96.exe => Moved successfully.
C:\Users\Luis Rivera\AppData\Local\Temp\airADF.exe => Moved successfully.
C:\Users\Luis Rivera\AppData\Local\Temp\airB02C.exe => Moved successfully.
C:\Users\Luis Rivera\AppData\Local\Temp\airB323.exe => Moved successfully.
C:\Users\Luis Rivera\AppData\Local\Temp\airD51A.exe => Moved successfully.
C:\Users\Luis Rivera\AppData\Local\Temp\airE789.exe => Moved successfully.
C:\Users\Luis Rivera\AppData\Local\Temp\airEFB5.exe => Moved successfully.
C:\Users\Luis Rivera\AppData\Local\Temp\airF509.exe => Moved successfully.
C:\Users\Luis Rivera\AppData\Local\Temp\airFE34.exe => Moved successfully.
C:\Users\Luis Rivera\AppData\Local\Temp\FlashPlayerUpdate.exe => Moved successfully.
C:\Users\Luis Rivera\AppData\Local\Temp\htmlayout.dll => Moved successfully.
C:\Users\Luis Rivera\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe => Moved successfully.
C:\Users\Luis Rivera\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Luis Rivera\AppData\Local\Temp\Sqlite3.dll => Moved successfully.
C:\Users\Luis Rivera\AppData\Local\Temp\Upgrader.exe => Moved successfully.
C:\Users\Luis Rivera\AppData\Local\Temp\wmpfirefoxplugin.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\gah_newver.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\ose00000.exe => Moved successfully.
"HKU\S-1-5-21-357452630-412092599-1995466196-1005_Classes\CLSID\{01B48E19-3C98-4B34-B679-86D14E74C2D8}" => Key deleted successfully.
"HKU\S-1-5-21-357452630-412092599-1995466196-1005_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}" => Key deleted successfully.
"HKU\S-1-5-21-357452630-412092599-1995466196-1005_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}" => Key deleted successfully.
"HKU\S-1-5-21-357452630-412092599-1995466196-1005_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}" => Key deleted successfully.
"HKU\S-1-5-21-357452630-412092599-1995466196-1005_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}" => Key deleted successfully.
"HKU\S-1-5-21-357452630-412092599-1995466196-1005_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}" => Key deleted successfully.
"HKU\S-1-5-21-357452630-412092599-1995466196-1005_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6D25FB2E-C75A-41E1-A9CB-888532CF6A32}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6D25FB2E-C75A-41E1-A9CB-888532CF6A32}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GreatArcadeHits" => Key deleted successfully.
C:\ProgramData\TEMP => ":373E1720" ADS removed successfully.
 
========================= Folder: C:\ProgramData\glhmbkgdilcmbmokhfmobmcifmddbfjf ========================
 
2014-01-31 02:58 - 2014-01-31 02:58 - 0000318 _____ () C:\ProgramData\glhmbkgdilcmbmokhfmobmcifmddbfjf\update.xml
 
====== End of Folder: ======
 
 
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-11-18 19:16:50)<=
 
C:\Windows\system32\Drivers\ae25apjy.sys => Is moved successfully.
 
==== End of Fixlog ====
 
UNINSTALLS:
AdoptOOU - Error, program not found, may already be uninstalled.
Snap.DO - Program not populating to removal list.
 
Computer is noticeably smoother.  No popups/redirects or any of the usual tell tale signs.


#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:00 AM

Posted 18 November 2014 - 08:30 PM

Excellent! Glad you are finally able to post here.

I want to get rid of the one folder we peeked into during our last fix and run a couple more things. Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
C:\ProgramData\glhmbkgdilcmbmokhfmobmcifmddbfjf
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Emsisoft Emergency Kit Scan

--------------------
  • Download Emsisoft Emergency Kit and save it to your desktop.
  • Double click on the EmsisoftEmergencyKit.exe icon, click Run then Extract
  • Double click the Start Emsisoft Emergency Kit icon that will appear after extraction
  • Click Yes to update the program
  • Once the update is completed click the Back button
  • Click on 2. Scan (not Quick Scan or Smart Scan)
  • Click Yes to detect Potentially Unwanted Programs (PUPs)
  • Patiently wait for the thorough scan to complete, this can be a lengthy process
  • Once completed click Quarantine selected objects (if computer is clean you will not have this option) then click OK
  • Click View Report
  • Copy and paste the contents of the report in your reply
  • Note: If you receive an error report saying there are too many emoticons simply attach the file instead
  • Close the program then click Close
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double click the icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message attempt to run the program in Safe Mode
  • Press any key to start the program
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Emsisoft report (if applicable)
  • Security Check log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Sezneg

Sezneg
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:04:00 AM

Posted 18 November 2014 - 09:44 PM

I am still running the scan - it's picking up a ton of previously quarantined stuff (we're in the 7000's for detected, but a VAST majority is from  an old no longer used security software).



#10 Sezneg

Sezneg
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:04:00 AM

Posted 19 November 2014 - 01:07 AM

I'll need to attach the first log.  It picked up a lot of old quarantined stuff from the original user/owner of the book (it's becoming clear they didn't do a good job getting this ready to pass on...).

 

Second log:

 

 Results of screen317's Security Check version 0.99.90  
 Windows Vista Service Pack 2 x86 (UAC is enabled)  
 Internet Explorer 9  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Microsoft Security Essentials   
  (On Access scanning disabled!) 
 Error obtaining update status for antivirus!
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 71  
 Java 8 Update 25  
 Adobe Flash Player 15.0.0.223  
 Adobe Reader 10.1.8 Adobe Reader out of Date!
 Google Chrome (38.0.2125.111) 
 Google Chrome (chrome.exe..) 
 Google Chrome (Dictionaries...) 
 Google Chrome (master_preferences...) 
````````Process Check: objlist.exe by Laurent````````
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 6 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 

Attached Files



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:00 AM

Posted 19 November 2014 - 09:25 AM

Glad we ran that. We need to update 1 program to close security vulnerabilities. Also, can you tell me if Microsoft Security Essentials is running properly?

===================================================

Update Adobe Reader

--------------------

Your Adobe Reader is out of date and a security concern. Here is some excellent information and a video which explains the importance of minimizing the risk of infection through compromised PDF files.
  • Please visit Adobe Reader
  • Uncheck the McAfee optional offer
  • Click Install now
  • Save the file to your desktop
  • Double click the installation icon
  • Select Run
  • When completed click Finish
  • Press the Windows key + R at the same time
  • Type appwiz.cpl, press Enter, and allow the Programs list to populate
  • Uninstall every Adobe Reader program except the one just downloaded and installed
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Is Security Essentials running?
  • Did Adobe install properly?
  • Are there any remaining issues?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 Sezneg

Sezneg
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:04:00 AM

Posted 19 November 2014 - 06:24 PM

Adobe has installed.

 

I have turned real time protection back on for MSE (turned off during early scans to avoid any potential conflict)

 

Issues seem to have been solved.  Preparing to ditch the torrent client.

 

I appreciate the extra help with the posting difficulties as well.



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:00 AM

Posted 19 November 2014 - 06:28 PM

Excellent, nice job on your part.

Now that your computer is running well it is my great pleasure to proclaim to you the Good News!

===================================================

All Clean!

--------------

Your machine appears to be clean and you may delete any programs or logs on your computer as a result of our efforts. Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :thumbsup:

Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read:In addition, here are some more links you might find of interest:I will leave this topic open for just a day or so in case you have any further issues then it will be closed shortly thereafter.

Thank you for placing your trust in BleepingComputer. It was a pleasure serving you. OhMy_done.gif
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:00 AM

Posted 20 November 2014 - 02:48 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users