Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer freezes after about 45 minutes of use doing anything.


  • This topic is locked This topic is locked
9 replies to this topic

#1 nedherb

nedherb

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:43 PM

Posted 27 January 2015 - 01:14 AM

Using Sony VAIO 
My computer locks up after 45 minutes doing any and everything.
 
Chrome Browser mostly used to watch youtube, netflix, amazon prime and nfl.com 
vosteran appeared and since trying to remove it, is when I think the freezing started.
i can still minimize browser when freezing starts, just get no response after clicking on links
have to hold down power button to reboot.
I try to use Microsoft Security Essentials but it also locks up around 40-45 minutes and I can never make it thru the full scan.
 
After reboot everything good for 45 minutes
 
Any help would be greatly appreciated.
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by Benjamin (administrator) on BENJAMIN-VAIO on 26-01-2015 21:55:41
Running from C:\Users\Benjamin\Downloads
Loaded Profiles: Benjamin (Available profiles: Benjamin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
( ) C:\Windows\System32\lxeacoms.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
(Google Inc.) C:\Users\Benjamin\AppData\Local\Google\Update\GoogleUpdate.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(FS) C:\Program Files (x86)\FS\Spyro Portal\FlashPortal.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DeviceAgent.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
(Digital Delivery Networks, Inc.) C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11895400 2011-07-20] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2226280 2011-07-20] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2531624 2011-06-22] (Synaptics Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [500736 2011-05-02] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [2801288 2011-05-31] (Sony Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [650080 2011-03-15] (Sony Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3362336 2014-01-10] (Fitbit, Inc.)
HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1519176 2014-02-10] (Seagate Technology LLC)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-21-1916110567-2749198799-3361342743-1001\...\Run: [Google Update] => C:\Users\Benjamin\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-06-02] (Google Inc.)
HKU\S-1-5-21-1916110567-2749198799-3361342743-1001\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3362336 2014-01-10] (Fitbit, Inc.)
HKU\S-1-5-21-1916110567-2749198799-3361342743-1001\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [126056 2014-02-10] (Seagate Technology LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BootExecute: autocheck autochk * 
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-1916110567-2749198799-3361342743-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-1916110567-2749198799-3361342743-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
URLSearchHook: HKU\S-1-5-21-1916110567-2749198799-3361342743-1001 - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=SNYVDF&pc=MASA&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=SNYVDF&pc=MASA&src=IE-SearchBox
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=SNYVDF&pc=MASA&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=SNYVDF&pc=MASA&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1916110567-2749198799-3361342743-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1916110567-2749198799-3361342743-1001 -> {180780f0-b348-4b44-8210-94a8f3ee15b2} URL = http://search.comcast.net/search/?cat=Web&con=toolbar&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1916110567-2749198799-3361342743-1001 -> {78FE42C0-025D-4B6C-8DD8-858F7BBDC1D5} URL = http://ws.infospace.com/playsushi_tbar/ws/redir?_iceUrl=true& user_id=%userid&tool_id=60231&qkw={searchTerms}
SearchScopes: HKU\S-1-5-21-1916110567-2749198799-3361342743-1001 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Slick Savings -> {34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} -> C:\Users\Benjamin\AppData\Roaming\Slick Savings\Coupons.dll (Spigot, Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
Toolbar: HKU\.DEFAULT -> No Name - {C80BDEB2-8735-44C6-BD55-A1CCD555667A} -  No File
DPF: HKLM-x32 {2B497CAF-D938-4059-BA76-0DA5DB77EA0A} https://cable.paccab.com/Remote/BuiltIns/FS/Wssg.Web.FileAccess.RichUpload.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @unity3d.com/UnityPlayer -> C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKU\S-1-5-21-1916110567-2749198799-3361342743-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Benjamin\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-1916110567-2749198799-3361342743-1001: @talk.google.com/O1DPlugin -> C:\Users\Benjamin\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-1916110567-2749198799-3361342743-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Benjamin\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1916110567-2749198799-3361342743-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Benjamin\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1916110567-2749198799-3361342743-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Benjamin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Users\Benjamin\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Benjamin\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF HKLM-x32\...\Firefox\Extensions: [VIP@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client [2011-08-14]
 
Chrome: 
=======
CHR HomePage: Default -> https://www.yahoo.com/
CHR DefaultSearchKeyword: Default -> vosteran.com
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR Profile: C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-04]
CHR Extension: (Google Drive) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-04]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]
CHR Extension: (YouTube) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-04]
CHR Extension: (Google Search) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-04]
CHR Extension: (Xfinity) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemjgdpngmhbimofcicjfhibkdbigdmb [2013-09-14]
CHR Extension: (Google Wallet) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-04]
CHR HKLM\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - No Path
CHR HKU\S-1-5-21-1916110567-2749198799-3361342743-1001\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - No Path
CHR HKLM-x32\...\Chrome\Extension: [hemjgdpngmhbimofcicjfhibkdbigdmb] - C:\ProgramData\comcastModemRelease\shortcuts\chrome\xfinity.crx [2013-02-08]
CHR HKLM-x32\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - No Path
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-08-09] (Broadcom Corporation.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
S3 DCDhcpService; C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [104096 2011-07-19] (Atheros Communication Inc.) [File not signed]
S2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [1435680 2014-01-10] (Fitbit, Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
S2 lxeaCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxeaserv.exe [45736 2010-04-14] (Lexmark International, Inc.)
R2 lxea_device; C:\Windows\system32\lxeacoms.exe [1052328 2010-04-14] ( )
R2 lxea_device; C:\Windows\SysWOW64\lxeacoms.exe [598696 2010-04-14] ( )
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16000 2014-02-10] (Seagate Technology LLC)
R2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [157264 2014-02-10] (Seagate Technology LLC)
R2 SpyroService; C:\Program Files (x86)\FS\Spyro Portal\FlashPortal.exe [48128 2011-09-09] (FS) [File not signed]
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.)
R3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [887000 2011-01-20] (Sony Corporation)
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [82544 2011-07-12] (Symantec Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-27] (Sony Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170712 2013-08-09] (Broadcom Corporation.)
S3 CSRBC; C:\Windows\System32\Drivers\csrbc.sys [38400 2013-04-26] (CSR plc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R2 risdsnpe; C:\Windows\system32\drivers\risdsnxc64.sys [98816 2011-06-23] (REDC)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
R1 {078ad437-dc9f-4228-9edb-b3d1c0246ff8}Gw64; C:\Windows\System32\drivers\{078ad437-dc9f-4228-9edb-b3d1c0246ff8}Gw64.sys [48784 2014-12-11] (StdLib)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-26 21:55 - 2015-01-26 21:56 - 00028361 _____ () C:\Users\Benjamin\Downloads\FRST.txt
2015-01-26 21:55 - 2015-01-26 21:55 - 00000000 ____D () C:\FRST
2015-01-26 21:54 - 2015-01-26 21:54 - 02129920 _____ (Farbar) C:\Users\Benjamin\Downloads\FRST64.exe
2015-01-26 21:53 - 2015-01-26 21:54 - 01120768 _____ (Farbar) C:\Users\Benjamin\Downloads\FRST.exe
2015-01-26 21:29 - 2015-01-26 21:31 - 00000000 ____D () C:\AdwCleaner
2015-01-26 21:28 - 2015-01-26 21:28 - 02194432 _____ () C:\Users\Benjamin\Downloads\AdwCleaner.exe
2015-01-26 21:28 - 2015-01-26 21:28 - 00767504 _____ (%VENDOR%) C:\Users\Benjamin\Downloads\FileOpenerSetup.exe
2015-01-14 15:06 - 2014-12-11 21:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 15:06 - 2014-12-11 21:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 15:06 - 2014-12-11 21:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 15:06 - 2014-12-11 21:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 15:06 - 2014-12-11 21:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 15:06 - 2014-12-11 21:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 15:06 - 2014-12-11 21:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-13 21:00 - 2014-12-18 19:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-13 21:00 - 2014-12-18 17:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-13 21:00 - 2014-12-11 09:47 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-13 21:00 - 2014-12-05 20:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 21:00 - 2014-12-05 19:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-13 21:00 - 2014-12-05 19:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2014-12-28 13:36 - 2014-12-28 13:37 - 00000000 ____D () C:\Users\Benjamin\Downloads\yaya_diamond
2014-12-27 22:35 - 2014-12-27 22:35 - 00003146 _____ () C:\Windows\System32\Tasks\USER_ESRV_SVC
2014-12-27 22:35 - 2014-12-27 22:35 - 00002027 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care.lnk
2014-12-27 22:35 - 2014-12-27 22:35 - 00000000 __RHD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-26 21:48 - 2009-07-13 20:45 - 00020928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-26 21:48 - 2009-07-13 20:45 - 00020928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-26 21:44 - 2011-10-22 22:49 - 01681089 _____ () C:\Windows\WindowsUpdate.log
2015-01-26 21:35 - 2014-12-11 17:35 - 00000304 _____ () C:\Windows\Tasks\WSE_Vosteran.job
2015-01-26 21:18 - 2012-06-02 07:19 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1916110567-2749198799-3361342743-1001UA.job
2015-01-26 21:16 - 2013-04-21 16:58 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-26 21:00 - 2013-07-16 16:54 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-26 21:00 - 2009-07-13 21:13 - 00783424 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-26 20:53 - 2013-07-16 16:54 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-26 20:53 - 2013-07-04 17:30 - 00000420 _____ () C:\Windows\Tasks\PC Optimizer Pro64 startups.job
2015-01-26 20:53 - 2009-07-13 20:51 - 00390325 _____ () C:\Windows\setupact.log
2015-01-26 20:52 - 2011-08-14 18:23 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-26 20:52 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-26 20:18 - 2012-06-02 07:19 - 00000868 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1916110567-2749198799-3361342743-1001Core.job
2015-01-25 13:16 - 2013-04-21 16:58 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-25 13:16 - 2013-04-21 16:58 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-25 13:16 - 2011-08-14 19:00 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-18 22:41 - 2013-05-20 15:37 - 00000000 ____D () C:\Users\Benjamin\AppData\Roaming\vlc
2015-01-17 22:49 - 2009-07-13 21:08 - 00032644 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-14 00:46 - 2013-07-14 22:16 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 00:46 - 2012-06-27 11:57 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-13 20:52 - 2014-11-15 11:24 - 00001145 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk
2014-12-31 03:14 - 2010-11-20 19:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-27 22:34 - 2011-08-14 18:31 - 00000000 ____D () C:\Windows\System32\Tasks\Sony Corporation
2014-12-27 22:34 - 2011-08-14 18:31 - 00000000 ____D () C:\Program Files\Sony
2014-12-27 22:33 - 2014-04-30 18:13 - 00013792 _____ () C:\Windows\system32\Drivers\semav6thermal64ro.sys
2014-12-27 22:31 - 2012-02-09 16:39 - 00000000 ____D () C:\Update
 
==================== Files in the root of some directories =======
 
2013-11-11 16:30 - 2013-11-11 16:30 - 0000000 _____ () C:\ProgramData\cmn_upld.log
2013-05-28 12:22 - 2013-05-28 12:22 - 0000252 _____ () C:\ProgramData\FastPics.log
2013-08-02 10:57 - 2013-08-17 12:33 - 0001176 _____ () C:\ProgramData\lxea.log
2013-05-28 12:22 - 2014-03-30 10:32 - 0023562 _____ () C:\ProgramData\lxeaJSW.log
2013-05-28 12:15 - 2014-12-05 20:35 - 0022469 _____ () C:\ProgramData\lxeascan.log
2013-11-11 16:30 - 2013-11-11 16:30 - 0000000 _____ () C:\ProgramData\LxWbGwLog.log
2013-06-13 20:13 - 2013-06-13 20:13 - 0000115 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
2013-12-11 15:48 - 2013-12-11 15:48 - 0226309 _____ () C:\ProgramData\SPL166D.tmp
2013-12-18 08:44 - 2013-12-18 08:44 - 0254827 _____ () C:\ProgramData\SPL3735.tmp
2014-12-01 13:57 - 2014-12-01 13:57 - 0493896 _____ () C:\ProgramData\SPL6CBD.tmp
2014-02-11 19:22 - 2014-02-11 19:22 - 0125038 _____ () C:\ProgramData\SPL6DD1.tmp
2014-04-13 12:04 - 2014-04-13 12:04 - 4867692 _____ () C:\ProgramData\SPL7993.tmp
2014-04-13 13:19 - 2014-04-13 13:19 - 1504865 _____ () C:\ProgramData\SPL7E43.tmp
2014-02-11 19:34 - 2014-02-11 19:34 - 0112156 _____ () C:\ProgramData\SPLA564.tmp
2014-02-11 19:49 - 2014-02-11 19:49 - 0197566 _____ () C:\ProgramData\SPLB07.tmp
2014-12-05 20:13 - 2014-12-05 20:13 - 0361821 _____ () C:\ProgramData\SPLB9AE.tmp
2014-04-26 14:02 - 2014-04-26 14:02 - 1887048 _____ () C:\ProgramData\SPLC206.tmp
2014-02-11 19:15 - 2014-02-11 19:15 - 0916182 _____ () C:\ProgramData\SPLDB41.tmp
2014-12-01 16:04 - 2014-12-01 16:04 - 0423935 _____ () C:\ProgramData\SPLE73.tmp
2014-11-21 17:41 - 2014-11-21 17:41 - 3395580 _____ () C:\ProgramData\SPLF5A4.tmp
2013-05-28 12:13 - 2013-05-28 12:13 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt
 
Some content of TEMP:
====================
C:\Users\Benjamin\AppData\Local\Temp\1GTime110dltc.exe
C:\Users\Benjamin\AppData\Local\Temp\2GTime110dltc.exe
C:\Users\Benjamin\AppData\Local\Temp\aol_toolbar.exe
C:\Users\Benjamin\AppData\Local\Temp\CloudBackup5488.exe
C:\Users\Benjamin\AppData\Local\Temp\dpinst.exe
C:\Users\Benjamin\AppData\Local\Temp\ExPromo.exe
C:\Users\Benjamin\AppData\Local\Temp\FastFreeConverter_FreeFrog_channel_adknowledge_and_FileTypeHelper.exe
C:\Users\Benjamin\AppData\Local\Temp\FinalMediaPlayerSetup.exe
C:\Users\Benjamin\AppData\Local\Temp\fzv0cmn0.dll
C:\Users\Benjamin\AppData\Local\Temp\gimp-setup.exe
C:\Users\Benjamin\AppData\Local\Temp\GLF3B9F.EXE
C:\Users\Benjamin\AppData\Local\Temp\GLF409F.EXE
C:\Users\Benjamin\AppData\Local\Temp\GLF88E2.EXE
C:\Users\Benjamin\AppData\Local\Temp\GLF8B05.EXE
C:\Users\Benjamin\AppData\Local\Temp\GLF91E9.EXE
C:\Users\Benjamin\AppData\Local\Temp\GLFB3E8.EXE
C:\Users\Benjamin\AppData\Local\Temp\GLFB513.EXE
C:\Users\Benjamin\AppData\Local\Temp\GLFB81E.EXE
C:\Users\Benjamin\AppData\Local\Temp\GLFBCCE.EXE
C:\Users\Benjamin\AppData\Local\Temp\GLFC299.EXE
C:\Users\Benjamin\AppData\Local\Temp\GLFC9D8.EXE
C:\Users\Benjamin\AppData\Local\Temp\GLFCC0B.EXE
C:\Users\Benjamin\AppData\Local\Temp\GUR1498.exe
C:\Users\Benjamin\AppData\Local\Temp\helper.exe
C:\Users\Benjamin\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Benjamin\AppData\Local\Temp\jre-7u5-windows-i586-iftw.exe
C:\Users\Benjamin\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Benjamin\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Benjamin\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Benjamin\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Benjamin\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Benjamin\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\Benjamin\AppData\Local\Temp\JS3DAges3-5Timev1.0.0dltc.exe
C:\Users\Benjamin\AppData\Local\Temp\KGTime110dltc.exe
C:\Users\Benjamin\AppData\Local\Temp\NSISPromotionEx.dll
C:\Users\Benjamin\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Benjamin\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Benjamin\AppData\Local\Temp\nvStInst.exe
C:\Users\Benjamin\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Benjamin\AppData\Local\Temp\rmup.exe
C:\Users\Benjamin\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Benjamin\AppData\Local\Temp\sqlite3.exe
C:\Users\Benjamin\AppData\Local\Temp\tkh13dxp.dll
C:\Users\Benjamin\AppData\Local\Temp\Wajam_download.exe
C:\Users\Benjamin\AppData\Local\Temp\zqcua2wn.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-16 18:03
 
==================== End Of Log ============================
 
 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:43 PM

Posted 28 January 2015 - 11:11 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Please paste the logs in your next reply.

Also run the Farbar tool one more time and post a fresh FRST log for my review.

How is the computer running?
Wait for further instructions.

#3 nedherb

nedherb
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:43 PM

Posted 29 January 2015 - 01:15 AM

Greetings nasdaq!

 

Thanks for the assistance. 

 

I already have an improvement, was able to do the scan over an hour.

 

***********************************************************************************************

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 1/28/2015
Scan Time: 8:47:29 PM
Logfile: log.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.01.29.02
Rootkit Database: v2015.01.14.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Benjamin
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 428516
Time Elapsed: 1 hr, 11 min, 47 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 29
PUP.Optional.Wajam.A, HKLM\SOFTWARE\CLASSES\APPID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}, Quarantined, [4908aa4d3356bb7b65cd220fe81b8e72], 
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}, Quarantined, [4908aa4d3356bb7b65cd220fe81b8e72], 
PUP.Optional.Spigot, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}, Quarantined, [f45de6110b7e3df9e7d795687d8539c7], 
PUP.Optional.Spigot, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}, Quarantined, [f45de6110b7e3df9e7d795687d8539c7], 
PUP.Optional.Spigot, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}, Quarantined, [f45de6110b7e3df9e7d795687d8539c7], 
PUP.Optional.Spigot, HKU\S-1-5-21-1916110567-2749198799-3361342743-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}, Quarantined, [f45de6110b7e3df9e7d795687d8539c7], 
PUP.Optional.Spigot, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}, Quarantined, [f45de6110b7e3df9e7d795687d8539c7], 
PUP.Optional.Spigot, HKU\S-1-5-21-1916110567-2749198799-3361342743-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}, Quarantined, [f45de6110b7e3df9e7d795687d8539c7], 
PUP.Optional.WebCake.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}, Quarantined, [f35e49aeea9f8aacdc81a7898a798c74], 
PUP.Optional.WebCake.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{DF84E609-C3A4-49CB-A160-61767DAF8899}, Quarantined, [f35e49aeea9f8aacdc81a7898a798c74], 
PUP.Optional.DogPile.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}, Quarantined, [0e43ba3de1a8fb3b05bb38c14fb3936d], 
PUP.Optional.DogPile.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}, Quarantined, [0e43ba3de1a8fb3b05bb38c14fb3936d], 
PUP.Optional.YTDToolbar, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{F3FEE66E-E034-436A-86E4-9690573BEE8A}, Quarantined, [63ee96618aff2412e670f703a55d21df], 
PUP.Optional.YTDToolbar, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{F3FEE66E-E034-436A-86E4-9690573BEE8A}, Quarantined, [63ee96618aff2412e670f703a55d21df], 
PUP.Optional.WebCake.A, HKU\S-1-5-21-1916110567-2749198799-3361342743-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{AF6B0594-6008-4327-93E5-608AD710A6FA}, Quarantined, [8dc4f3046524c86eed6f0b2535ceec14], 
PUP.Optional.Spigot.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{3A787631-66A2-4634-B928-A37E73B58FB6}, Quarantined, [2f225b9cbbce7bbb955b2ef8ea16ca36], 
PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{078ad437-dc9f-4228-9edb-b3d1c0246ff8}Gw64, Quarantined, [3b1691661a6f0a2c2b1323786a993bc5], 
PUP.Optional.Vosteran.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\oilkkkefbalmbfppgjmgjoefbclebkce, Quarantined, [8bc6b146bacfbd79736db7cba261f709], 
PUP.Optional.InstallBrain.A, HKLM\SOFTWARE\WOW6432NODE\InstallIQ, Quarantined, [173a16e188012511445bf3cbb94ab848], 
PUP.Optional.Vosteran.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\oilkkkefbalmbfppgjmgjoefbclebkce, Quarantined, [4d04bc3b8207e74fb62a3052f50e8080], 
PUP.Optional.Spigot.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Search Settings, Quarantined, [fd54886fbccd9c9ae1741bdf937104fc], 
PUP.Optional.FreeCauseTB.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\FREECAUSE\Toolbars, Quarantined, [a6ab09ee563342f4ea13e8d3788b3ac6], 
PUP.Optional.Vosteran.A, HKU\S-1-5-21-1916110567-2749198799-3361342743-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Vosteran Browser, Quarantined, [f55c599e42473501fb9cde25c73e10f0], 
PUP.Optional.Getsavin.A, HKU\S-1-5-21-1916110567-2749198799-3361342743-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\GetSavin, Quarantined, [aba63eb994f5dc5a3a756228d92a847c], 
PUP.Optional.Spigot.A, HKU\S-1-5-21-1916110567-2749198799-3361342743-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Search Settings, Quarantined, [6be645b23c4d50e60154c5356f9530d0], 
PUP.Optional.FreeCauseTB.A, HKU\S-1-5-21-1916110567-2749198799-3361342743-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\FREECAUSE\Toolbars, Quarantined, [232e38bf652443f3b14cc6f5b84b42be], 
PUP.Optional.Vosteran.A, HKU\S-1-5-21-1916110567-2749198799-3361342743-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\oilkkkefbalmbfppgjmgjoefbclebkce, Quarantined, [a4ad30c7e4a53ef82fb2b7cb3cc7619f], 
PUP.Optional.InstallCore.A, HKU\S-1-5-21-1916110567-2749198799-3361342743-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Quarantined, [aca5fff8c0c983b3d68e4c78ca3950b0], 
PUP.Optional.InstallCore.A, HKU\S-1-5-21-1916110567-2749198799-3361342743-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Quarantined, [59f8b0476b1e90a62850e5f55ca806fa], 
 
Registry Values: 2
PUP.Optional.Vosteran, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files (x86)\WSE_Vosteran\\, Quarantined, [ca870fe80683a69003f69e66f114dd23]
PUP.Optional.InstallCore.A, HKU\S-1-5-21-1916110567-2749198799-3361342743-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0Z1B1L2Z1S, Quarantined, [59f8b0476b1e90a62850e5f55ca806fa]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 10
Rogue.Multiple, C:\ProgramData\2355320829, Quarantined, [77da7b7c177258de5b7e65cf04ff956b], 
PUP.Optional.OpenCandy, C:\Users\Benjamin\AppData\Roaming\OpenCandy, Quarantined, [f45d42b5a5e488aea2c9ff45f211e020], 
PUP.Optional.OpenCandy, C:\Users\Benjamin\AppData\Roaming\OpenCandy\B50332B1BBF8448484BDB2A03F619BC1, Quarantined, [f45d42b5a5e488aea2c9ff45f211e020], 
PUP.Optional.Spigot.A, C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hbcennhacfaagdopikcegfcobcadeocj, Quarantined, [0f4232c50f7ab680f867f760ec17fd03], 
PUP.Optional.Spigot.A, C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pfndaklgolladniicklehhancnlgocpp, Quarantined, [62ef51a61a6ff73f392765f25ea5e51b], 
PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot, Quarantined, [65ec7e79bdcc57df53b59ecc986b867a], 
PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\GC, Quarantined, [65ec7e79bdcc57df53b59ecc986b867a], 
PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings, Quarantined, [65ec7e79bdcc57df53b59ecc986b867a], 
PUP.Optional.HoldPage.A, C:\Program Files (x86)\Hold Page, Quarantined, [83ce0dea5237cd69aece98db12f1966a], 
PUP.Optional.Spigot.A, C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mhkaekfpcppmmioggniknbnbdbcigpkk, Quarantined, [6ae7fef9daaf181ec1cfb9bee221d32d], 
 
Files: 43
PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{078ad437-dc9f-4228-9edb-b3d1c0246ff8}Gw64.sys, Delete-on-Reboot, [02b4f8b2a3cfd1dce57a8578e87f2eb3], 
PUP.Optional.Spigot, C:\Users\Benjamin\AppData\Roaming\Slick Savings\Coupons.dll, Quarantined, [f45de6110b7e3df9e7d795687d8539c7], 
PUP.Optional.Spigot.A, C:\ProgramData\YTD Video Downloader\ytd_installer.exe, Quarantined, [dd74d12674153600f1fead79ba46d729], 
PUP.Optional.OpenCandy, C:\Users\Benjamin\AppData\Roaming\OpenCandy\B50332B1BBF8448484BDB2A03F619BC1\GOMPLAYERENSETUP.EXE, Quarantined, [78d9e314741596a0822acd0214f11ce4], 
PUP.Optional.Spigot.A, C:\Users\Benjamin\AppData\Roaming\Slick Savings\Uninstall.exe, Quarantined, [2f225b9cbbce7bbb955b2ef8ea16ca36], 
PUP.Optional.FastFreeConverter.A, C:\Users\Benjamin\AppData\Local\Temp\FastFreeConverter_FreeFrog_channel_adknowledge_and_FileTypeHelper.exe, Quarantined, [f06108eff990d6602eabc074c83960a0], 
PUP.Optional.Wajam.A, C:\Users\Benjamin\AppData\Local\Temp\Wajam_download.exe, Quarantined, [7ad7985ff8914fe71c3b56f149b7b24e], 
PUP.Optional.Amonetize.A, C:\Users\Benjamin\AppData\Local\Temp\DIQM\uTorrent_inrt_wnload_html_103\setup__120.exe, Quarantined, [420f34c39eebdc5acce6d16c2ed313ed], 
Adware.DomaIQ, C:\Users\Benjamin\AppData\Local\Temp\DIQM\uTorrent_inrt_wnload_html_103\uTorrent.exe, Quarantined, [2a27b1466227191dc6aed4f8a164a15f], 
PUP.Optional.OptimizePro.A, C:\Users\Benjamin\AppData\Local\Temp\DIQM\uTorrent_inrt_wnload_html_103\software\OptimizerPro.exe, Quarantined, [c38eed0a6821280e9614d04e847c18e8], 
PUP.Optional.BPlug, C:\Users\Benjamin\AppData\Local\Temp\is1957915176\1FBF57E8_stp.EXE, Quarantined, [0051d7204c3d56e01f3c4f80827f5fa1], 
PUP.Optional.BundleInstaller.A, C:\Users\Benjamin\AppData\Local\Temp\is1957915176\4C1E4311_stp\aff_setup.exe, Quarantined, [aba69f58b1d8f83ef8966e25d82d31cf], 
PUP.Optional.AirInstaller, C:\Users\Benjamin\Downloads\Flash Player 12.exe, Quarantined, [74ddda1d02875ed817f5062618e9db25], 
PUP.Optional.Spigot.A, C:\Users\Benjamin\Downloads\YTDSetup.exe, Quarantined, [242deb0c8ffa1e18826ded39de220ef2], 
PUP.Optional.Vosteran.A, C:\Windows\Tasks\WSE_Vosteran.job, Quarantined, [90c1b7402564270fae7cbb48b64fa45c], 
PUP.Optional.Vosteran.A, C:\Windows\System32\Tasks\WSE_Vosteran, Quarantined, [4110995ebccdce68fa31857e31d4d12f], 
Rogue.Multiple, C:\ProgramData\2355320829\BITA8FC.tmp, Quarantined, [77da7b7c177258de5b7e65cf04ff956b], 
PUP.Optional.Spigot.A, C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hbcennhacfaagdopikcegfcobcadeocj\000005.sst, Quarantined, [0f4232c50f7ab680f867f760ec17fd03], 
PUP.Optional.Spigot.A, C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hbcennhacfaagdopikcegfcobcadeocj\000388.log, Quarantined, [0f4232c50f7ab680f867f760ec17fd03], 
PUP.Optional.Spigot.A, C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hbcennhacfaagdopikcegfcobcadeocj\CURRENT, Quarantined, [0f4232c50f7ab680f867f760ec17fd03], 
PUP.Optional.Spigot.A, C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hbcennhacfaagdopikcegfcobcadeocj\LOCK, Quarantined, [0f4232c50f7ab680f867f760ec17fd03], 
PUP.Optional.Spigot.A, C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hbcennhacfaagdopikcegfcobcadeocj\LOG, Quarantined, [0f4232c50f7ab680f867f760ec17fd03], 
PUP.Optional.Spigot.A, C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hbcennhacfaagdopikcegfcobcadeocj\LOG.old, Quarantined, [0f4232c50f7ab680f867f760ec17fd03], 
PUP.Optional.Spigot.A, C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hbcennhacfaagdopikcegfcobcadeocj\MANIFEST-000387, Quarantined, [0f4232c50f7ab680f867f760ec17fd03], 
PUP.Optional.Spigot.A, C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pfndaklgolladniicklehhancnlgocpp\000005.sst, Quarantined, [62ef51a61a6ff73f392765f25ea5e51b], 
PUP.Optional.Spigot.A, C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pfndaklgolladniicklehhancnlgocpp\000388.log, Quarantined, [62ef51a61a6ff73f392765f25ea5e51b], 
PUP.Optional.Spigot.A, C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pfndaklgolladniicklehhancnlgocpp\CURRENT, Quarantined, [62ef51a61a6ff73f392765f25ea5e51b], 
PUP.Optional.Spigot.A, C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pfndaklgolladniicklehhancnlgocpp\LOCK, Quarantined, [62ef51a61a6ff73f392765f25ea5e51b], 
PUP.Optional.Spigot.A, C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pfndaklgolladniicklehhancnlgocpp\LOG, Quarantined, [62ef51a61a6ff73f392765f25ea5e51b], 
PUP.Optional.Spigot.A, C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pfndaklgolladniicklehhancnlgocpp\LOG.old, Quarantined, [62ef51a61a6ff73f392765f25ea5e51b], 
PUP.Optional.Spigot.A, C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pfndaklgolladniicklehhancnlgocpp\MANIFEST-000387, Quarantined, [62ef51a61a6ff73f392765f25ea5e51b], 
PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\GC\coupons_2.4.crx, Quarantined, [65ec7e79bdcc57df53b59ecc986b867a], 
PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\GC\errorassistant_1.1.crx, Quarantined, [65ec7e79bdcc57df53b59ecc986b867a], 
PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx, Quarantined, [65ec7e79bdcc57df53b59ecc986b867a], 
PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.0.crx, Quarantined, [65ec7e79bdcc57df53b59ecc986b867a], 
PUP.Optional.Spigot.A, C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mhkaekfpcppmmioggniknbnbdbcigpkk\000380.sst, Quarantined, [6ae7fef9daaf181ec1cfb9bee221d32d], 
PUP.Optional.Spigot.A, C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mhkaekfpcppmmioggniknbnbdbcigpkk\000400.sst, Quarantined, [6ae7fef9daaf181ec1cfb9bee221d32d], 
PUP.Optional.Spigot.A, C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mhkaekfpcppmmioggniknbnbdbcigpkk\000403.log, Quarantined, [6ae7fef9daaf181ec1cfb9bee221d32d], 
PUP.Optional.Spigot.A, C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mhkaekfpcppmmioggniknbnbdbcigpkk\CURRENT, Quarantined, [6ae7fef9daaf181ec1cfb9bee221d32d], 
PUP.Optional.Spigot.A, C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mhkaekfpcppmmioggniknbnbdbcigpkk\LOCK, Quarantined, [6ae7fef9daaf181ec1cfb9bee221d32d], 
PUP.Optional.Spigot.A, C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mhkaekfpcppmmioggniknbnbdbcigpkk\LOG, Quarantined, [6ae7fef9daaf181ec1cfb9bee221d32d], 
PUP.Optional.Spigot.A, C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mhkaekfpcppmmioggniknbnbdbcigpkk\LOG.old, Quarantined, [6ae7fef9daaf181ec1cfb9bee221d32d], 
PUP.Optional.Spigot.A, C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mhkaekfpcppmmioggniknbnbdbcigpkk\MANIFEST-000402, Quarantined, [6ae7fef9daaf181ec1cfb9bee221d32d], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#4 nedherb

nedherb
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:43 PM

Posted 29 January 2015 - 01:31 AM

# AdwCleaner v4.109 - Report created 28/01/2015 at 22:26:13
# Updated 24/01/2015 by Xplode
# Database : 2015-01-26.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Benjamin - BENJAMIN-VAIO
# Running from : C:\Users\Benjamin\Downloads\adwcleaner_4.109.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\PC Optimizer Pro
Folder Deleted : C:\ProgramData\Tarma Installer
[x] Not Deleted : C:\ProgramData\ytd video downloader
[x] Not Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader
Folder Deleted : C:\Program Files (x86)\AOL Toolbar
[x] Not Deleted : C:\Program Files (x86)\GreenTree Applications
Folder Deleted : C:\Users\Benjamin\AppData\Local\Temp\Hold Page
Folder Deleted : C:\Users\Benjamin\AppData\Local\Slick Savings
Folder Deleted : C:\Users\Benjamin\AppData\Roaming\Slick Savings
File Deleted : C:\END
File Deleted : C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage-journal
File Deleted : C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
File Deleted : C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage
File Deleted : C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal
 
***** [ Scheduled Tasks ] *****
 
Task Deleted : LaunchSignup
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{127DEB8A-505A-441B-A0EA-AD7B20EF5D28}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{78FE42C0-025D-4B6C-8DD8-858F7BBDC1D5}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Bitberry Software
Key Deleted : HKCU\Software\Bitberry
Key Deleted : HKCU\Software\pc optimizer pro
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\DeviceVM
Key Deleted : HKLM\SOFTWARE\PIP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
Key Deleted : [x64] HKLM\SOFTWARE\DeviceVM
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17496
 
 
-\\ Google Chrome v39.0.2171.95
 
 
*************************
 
AdwCleaner[R0].txt - [7938 octets] - [26/01/2015 21:29:18]
AdwCleaner[R1].txt - [5795 octets] - [28/01/2015 22:20:20]
AdwCleaner[S0].txt - [5237 octets] - [28/01/2015 22:26:13]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5297 octets] ##########


#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:43 PM

Posted 29 January 2015 - 10:35 AM

As previously requested. Still some work to do.

Also run the Farbar tool one more time and post a fresh FRST log for my review.



#6 nedherb

nedherb
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:43 PM

Posted 30 January 2015 - 01:14 AM

My apologies!

 

Thank You!

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-01-2015
Ran by Benjamin (administrator) on BENJAMIN-VAIO on 29-01-2015 22:11:49
Running from C:\Users\Benjamin\Downloads
Loaded Profiles: Benjamin (Available profiles: Benjamin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
( ) C:\Windows\System32\lxeacoms.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Google Inc.) C:\Users\Benjamin\AppData\Local\Google\Update\GoogleUpdate.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DeviceAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msosync.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(FS) C:\Program Files (x86)\FS\Spyro Portal\FlashPortal.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Digital Delivery Networks, Inc.) C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Farbar) C:\Users\Benjamin\Downloads\FRST64 (1).exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11895400 2011-07-20] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2226280 2011-07-20] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2531624 2011-06-22] (Synaptics Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [500736 2011-05-02] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [2801288 2011-05-31] (Sony Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [650080 2011-03-15] (Sony Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3362336 2014-01-10] (Fitbit, Inc.)
HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1519176 2014-02-10] (Seagate Technology LLC)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-21-1916110567-2749198799-3361342743-1001\...\Run: [Google Update] => C:\Users\Benjamin\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-06-02] (Google Inc.)
HKU\S-1-5-21-1916110567-2749198799-3361342743-1001\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3362336 2014-01-10] (Fitbit, Inc.)
HKU\S-1-5-21-1916110567-2749198799-3361342743-1001\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [126056 2014-02-10] (Seagate Technology LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BootExecute: autocheck autochk * 
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-1916110567-2749198799-3361342743-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-1916110567-2749198799-3361342743-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1916110567-2749198799-3361342743-1001 -> {180780f0-b348-4b44-8210-94a8f3ee15b2} URL = http://search.comcast.net/search/?cat=Web&con=toolbar&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1916110567-2749198799-3361342743-1001 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
Toolbar: HKU\.DEFAULT -> No Name - {C80BDEB2-8735-44C6-BD55-A1CCD555667A} -  No File
DPF: HKLM-x32 {2B497CAF-D938-4059-BA76-0DA5DB77EA0A} https://cable.paccab.com/Remote/BuiltIns/FS/Wssg.Web.FileAccess.RichUpload.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @unity3d.com/UnityPlayer -> C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKU\S-1-5-21-1916110567-2749198799-3361342743-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Benjamin\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-1916110567-2749198799-3361342743-1001: @talk.google.com/O1DPlugin -> C:\Users\Benjamin\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-1916110567-2749198799-3361342743-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Benjamin\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1916110567-2749198799-3361342743-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Benjamin\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1916110567-2749198799-3361342743-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Benjamin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Users\Benjamin\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Benjamin\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF HKLM-x32\...\Firefox\Extensions: [VIP@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client [2011-08-14]
 
Chrome: 
=======
CHR HomePage: Default -> https://www.yahoo.com/
CHR DefaultSearchKeyword: Default -> vosteran.com
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR Profile: C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-04]
CHR Extension: (Google Drive) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-04]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]
CHR Extension: (YouTube) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-04]
CHR Extension: (Google Search) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-04]
CHR Extension: (Xfinity) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemjgdpngmhbimofcicjfhibkdbigdmb [2013-09-14]
CHR Extension: (Google Wallet) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-04]
CHR HKLM-x32\...\Chrome\Extension: [hemjgdpngmhbimofcicjfhibkdbigdmb] - C:\ProgramData\comcastModemRelease\shortcuts\chrome\xfinity.crx [2013-02-08]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-08-09] (Broadcom Corporation.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
S3 DCDhcpService; C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [104096 2011-07-19] (Atheros Communication Inc.) [File not signed]
S2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [1435680 2014-01-10] (Fitbit, Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
S2 lxeaCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxeaserv.exe [45736 2010-04-14] (Lexmark International, Inc.)
R2 lxea_device; C:\Windows\system32\lxeacoms.exe [1052328 2010-04-14] ( )
R2 lxea_device; C:\Windows\SysWOW64\lxeacoms.exe [598696 2010-04-14] ( )
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16000 2014-02-10] (Seagate Technology LLC)
R2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [157264 2014-02-10] (Seagate Technology LLC)
R2 SpyroService; C:\Program Files (x86)\FS\Spyro Portal\FlashPortal.exe [48128 2011-09-09] (FS) [File not signed]
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.)
R3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [887000 2011-01-20] (Sony Corporation)
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [82544 2011-07-12] (Symantec Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-27] (Sony Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170712 2013-08-09] (Broadcom Corporation.)
S3 CSRBC; C:\Windows\System32\Drivers\csrbc.sys [38400 2013-04-26] (CSR plc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-29] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R2 risdsnpe; C:\Windows\system32\drivers\risdsnxc64.sys [98816 2011-06-23] (REDC)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-29 22:10 - 2015-01-29 22:10 - 02130432 _____ (Farbar) C:\Users\Benjamin\Downloads\FRST64 (1).exe
2015-01-28 22:18 - 2015-01-28 22:18 - 02194432 _____ () C:\Users\Benjamin\Downloads\adwcleaner_4.109.exe
2015-01-28 20:24 - 2015-01-29 22:05 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-28 20:24 - 2015-01-28 20:24 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-28 20:24 - 2015-01-28 20:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-28 20:24 - 2015-01-28 20:24 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-28 20:24 - 2015-01-28 20:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-28 20:24 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-28 20:24 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-28 20:24 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-28 20:22 - 2015-01-28 20:22 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Benjamin\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-28 19:26 - 2014-12-11 09:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-27 20:04 - 2015-01-29 22:12 - 00005006 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Benjamin-VAIO-Benjamin Benjamin-VAIO
2015-01-26 21:56 - 2015-01-26 21:57 - 00043450 _____ () C:\Users\Benjamin\Downloads\Addition.txt
2015-01-26 21:55 - 2015-01-29 22:11 - 00026557 _____ () C:\Users\Benjamin\Downloads\FRST.txt
2015-01-26 21:55 - 2015-01-29 22:11 - 00000000 ____D () C:\FRST
2015-01-26 21:54 - 2015-01-26 21:54 - 02129920 _____ (Farbar) C:\Users\Benjamin\Downloads\FRST64.exe
2015-01-26 21:53 - 2015-01-26 21:54 - 01120768 _____ (Farbar) C:\Users\Benjamin\Downloads\FRST.exe
2015-01-26 21:29 - 2015-01-28 22:26 - 00000000 ____D () C:\AdwCleaner
2015-01-26 21:28 - 2015-01-26 21:28 - 02194432 _____ () C:\Users\Benjamin\Downloads\AdwCleaner.exe
2015-01-26 21:28 - 2015-01-26 21:28 - 00767504 _____ (%VENDOR%) C:\Users\Benjamin\Downloads\FileOpenerSetup.exe
2015-01-14 15:06 - 2014-12-11 21:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 15:06 - 2014-12-11 21:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 15:06 - 2014-12-11 21:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 15:06 - 2014-12-11 21:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 15:06 - 2014-12-11 21:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 15:06 - 2014-12-11 21:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 15:06 - 2014-12-11 21:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-13 21:00 - 2014-12-18 19:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-13 21:00 - 2014-12-18 17:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-13 21:00 - 2014-12-05 20:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 21:00 - 2014-12-05 19:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-13 21:00 - 2014-12-05 19:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-29 22:12 - 2009-07-13 20:45 - 00020928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-29 22:12 - 2009-07-13 20:45 - 00020928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-29 22:11 - 2009-07-13 21:13 - 00783424 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-29 22:08 - 2011-10-22 22:49 - 01990494 _____ () C:\Windows\WindowsUpdate.log
2015-01-29 22:05 - 2009-07-13 20:51 - 00394133 _____ () C:\Windows\setupact.log
2015-01-29 22:03 - 2013-07-16 16:54 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-29 22:03 - 2013-07-04 17:30 - 00000420 _____ () C:\Windows\Tasks\PC Optimizer Pro64 startups.job
2015-01-29 22:02 - 2011-08-14 18:23 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-29 22:02 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-29 21:18 - 2012-06-02 07:19 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1916110567-2749198799-3361342743-1001UA.job
2015-01-29 21:16 - 2013-04-21 16:58 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-29 21:00 - 2013-07-16 16:54 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-29 20:18 - 2012-06-02 07:19 - 00000868 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1916110567-2749198799-3361342743-1001Core.job
2015-01-29 04:43 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2015-01-28 22:27 - 2010-11-20 19:47 - 00834990 _____ () C:\Windows\PFRO.log
2015-01-28 22:00 - 2013-06-11 23:27 - 00000000 ____D () C:\ProgramData\YTD Video Downloader
2015-01-28 22:00 - 2012-02-09 16:38 - 00000000 ____D () C:\Windows\pss
2015-01-28 20:23 - 2013-04-19 11:13 - 00005133 _____ () C:\Users\Benjamin\Desktop\utilities.txt
2015-01-27 20:43 - 2013-11-11 19:22 - 00000000 ____D () C:\Users\Benjamin\Desktop\ben_journal
2015-01-27 20:26 - 2013-05-28 12:18 - 00000000 ____D () C:\ProgramData\Lx_cats
2015-01-27 20:19 - 2013-05-28 12:15 - 00022579 _____ () C:\ProgramData\lxeascan.log
2015-01-26 22:50 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-01-25 13:16 - 2013-04-21 16:58 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-25 13:16 - 2013-04-21 16:58 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-25 13:16 - 2011-08-14 19:00 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-18 22:41 - 2013-05-20 15:37 - 00000000 ____D () C:\Users\Benjamin\AppData\Roaming\vlc
2015-01-17 22:49 - 2009-07-13 21:08 - 00032644 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-14 00:46 - 2013-07-14 22:16 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 00:46 - 2012-06-27 11:57 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-13 20:52 - 2014-11-15 11:24 - 00001145 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk
2014-12-31 03:14 - 2010-11-20 19:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
 
==================== Files in the root of some directories =======
 
2013-11-11 16:30 - 2013-11-11 16:30 - 0000000 _____ () C:\ProgramData\cmn_upld.log
2013-05-28 12:22 - 2013-05-28 12:22 - 0000252 _____ () C:\ProgramData\FastPics.log
2013-08-02 10:57 - 2013-08-17 12:33 - 0001176 _____ () C:\ProgramData\lxea.log
2013-05-28 12:22 - 2014-03-30 10:32 - 0023562 _____ () C:\ProgramData\lxeaJSW.log
2013-05-28 12:15 - 2015-01-27 20:19 - 0022579 _____ () C:\ProgramData\lxeascan.log
2013-11-11 16:30 - 2013-11-11 16:30 - 0000000 _____ () C:\ProgramData\LxWbGwLog.log
2013-06-13 20:13 - 2013-06-13 20:13 - 0000115 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
2013-12-11 15:48 - 2013-12-11 15:48 - 0226309 _____ () C:\ProgramData\SPL166D.tmp
2013-12-18 08:44 - 2013-12-18 08:44 - 0254827 _____ () C:\ProgramData\SPL3735.tmp
2014-12-01 13:57 - 2014-12-01 13:57 - 0493896 _____ () C:\ProgramData\SPL6CBD.tmp
2014-02-11 19:22 - 2014-02-11 19:22 - 0125038 _____ () C:\ProgramData\SPL6DD1.tmp
2014-04-13 12:04 - 2014-04-13 12:04 - 4867692 _____ () C:\ProgramData\SPL7993.tmp
2014-04-13 13:19 - 2014-04-13 13:19 - 1504865 _____ () C:\ProgramData\SPL7E43.tmp
2014-02-11 19:34 - 2014-02-11 19:34 - 0112156 _____ () C:\ProgramData\SPLA564.tmp
2014-02-11 19:49 - 2014-02-11 19:49 - 0197566 _____ () C:\ProgramData\SPLB07.tmp
2014-12-05 20:13 - 2014-12-05 20:13 - 0361821 _____ () C:\ProgramData\SPLB9AE.tmp
2014-04-26 14:02 - 2014-04-26 14:02 - 1887048 _____ () C:\ProgramData\SPLC206.tmp
2014-02-11 19:15 - 2014-02-11 19:15 - 0916182 _____ () C:\ProgramData\SPLDB41.tmp
2014-12-01 16:04 - 2014-12-01 16:04 - 0423935 _____ () C:\ProgramData\SPLE73.tmp
2014-11-21 17:41 - 2014-11-21 17:41 - 3395580 _____ () C:\ProgramData\SPLF5A4.tmp
2013-05-28 12:13 - 2013-05-28 12:13 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt
 
Some content of TEMP:
====================
C:\Users\Benjamin\AppData\Local\Temp\1GTime110dltc.exe
C:\Users\Benjamin\AppData\Local\Temp\2GTime110dltc.exe
C:\Users\Benjamin\AppData\Local\Temp\aol_toolbar.exe
C:\Users\Benjamin\AppData\Local\Temp\CloudBackup5488.exe
C:\Users\Benjamin\AppData\Local\Temp\dpinst.exe
C:\Users\Benjamin\AppData\Local\Temp\ExPromo.exe
C:\Users\Benjamin\AppData\Local\Temp\FinalMediaPlayerSetup.exe
C:\Users\Benjamin\AppData\Local\Temp\fzv0cmn0.dll
C:\Users\Benjamin\AppData\Local\Temp\gimp-setup.exe
C:\Users\Benjamin\AppData\Local\Temp\GLF3B9F.EXE
C:\Users\Benjamin\AppData\Local\Temp\GLF409F.EXE
C:\Users\Benjamin\AppData\Local\Temp\GLF88E2.EXE
C:\Users\Benjamin\AppData\Local\Temp\GLF8B05.EXE
C:\Users\Benjamin\AppData\Local\Temp\GLF91E9.EXE
C:\Users\Benjamin\AppData\Local\Temp\GLFB3E8.EXE
C:\Users\Benjamin\AppData\Local\Temp\GLFB513.EXE
C:\Users\Benjamin\AppData\Local\Temp\GLFB81E.EXE
C:\Users\Benjamin\AppData\Local\Temp\GLFBCCE.EXE
C:\Users\Benjamin\AppData\Local\Temp\GLFC299.EXE
C:\Users\Benjamin\AppData\Local\Temp\GLFC9D8.EXE
C:\Users\Benjamin\AppData\Local\Temp\GLFCC0B.EXE
C:\Users\Benjamin\AppData\Local\Temp\GUR1498.exe
C:\Users\Benjamin\AppData\Local\Temp\helper.exe
C:\Users\Benjamin\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Benjamin\AppData\Local\Temp\jre-7u5-windows-i586-iftw.exe
C:\Users\Benjamin\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Benjamin\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Benjamin\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Benjamin\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Benjamin\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Benjamin\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\Benjamin\AppData\Local\Temp\JS3DAges3-5Timev1.0.0dltc.exe
C:\Users\Benjamin\AppData\Local\Temp\KGTime110dltc.exe
C:\Users\Benjamin\AppData\Local\Temp\NSISPromotionEx.dll
C:\Users\Benjamin\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Benjamin\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Benjamin\AppData\Local\Temp\nvStInst.exe
C:\Users\Benjamin\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Benjamin\AppData\Local\Temp\Quarantine.exe
C:\Users\Benjamin\AppData\Local\Temp\rmup.exe
C:\Users\Benjamin\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Benjamin\AppData\Local\Temp\sqlite3.dll
C:\Users\Benjamin\AppData\Local\Temp\sqlite3.exe
C:\Users\Benjamin\AppData\Local\Temp\tkh13dxp.dll
C:\Users\Benjamin\AppData\Local\Temp\zqcua2wn.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-29 04:34
 
==================== End Of Log ============================
 
Computer running much better :)


#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:43 PM

Posted 30 January 2015 - 09:55 AM

Run this tool to clean your Temporary files/Folders.

Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program.
  • TFC will close all open programs itself in order to run.
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted, it should not take long to finish.
  • Once it's finished, click OK to reboot.
  • If it does not reboot, reboot your system manually.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1916110567-2749198799-3361342743-1001 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
Toolbar: HKU\.DEFAULT -> No Name - {C80BDEB2-8735-44C6-BD55-A1CCD555667A} -  No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR DefaultSearchKeyword: Default -> vosteran.com
CHR DefaultSearchURL: Default -> http://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ir_14_50_ch&cd=2XzuyEtN2Y1L1Qzu0FtD0B0FzyyB0D0AtByByC0CyEtDyByCtN0D0Tzu0StCtDyByDtN1L2XzutAtFyCtFtCtDtFtCtDtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2SyE0EtBtD0ByBtDtDtGyE0AtD0FtGzytByCyDtGtCtCtByDtGtAyDyB0E0CyD0B0EtC0E0DtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCzyyEyD0EtB0EyDtGzzzz0EtCtGyEtC0B0AtG0AtDyDtBtG0B0CtC0AtAyEtD0E0E0FyE0B2Q&cr=122860174&ir=
CHR Extension: (Google Wallet) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

Wait for further instructions.
======

#8 nedherb

nedherb
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:43 PM

Posted 31 January 2015 - 01:41 AM


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-01-2015
Ran by Benjamin at 2015-01-30 22:17:39 Run:1
Running from C:\Users\Benjamin\Downloads
Loaded Profiles: Benjamin (Available profiles: Benjamin)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
CloseProcesses:
 
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1916110567-2749198799-3361342743-1001 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
Toolbar: HKU\.DEFAULT -> No Name - {C80BDEB2-8735-44C6-BD55-A1CCD555667A} -  No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR DefaultSearchKeyword: Default -> vosteran.com
CHR Extension: (Google Wallet) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
 
End
*****************
 
Processes closed successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}" => Key deleted successfully.
HKCR\CLSID\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} => Key not found. 
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-1916110567-2749198799-3361342743-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}" => Key deleted successfully.
HKCR\CLSID\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} => Key not found. 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
"HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C80BDEB2-8735-44C6-BD55-A1CCD555667A} => value deleted successfully.
HKCR\CLSID\{C80BDEB2-8735-44C6-BD55-A1CCD555667A} => Key not found. 
"HKCR\PROTOCOLS\Handler\livecall" => Key deleted successfully.
HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => Key not found. 
"HKCR\PROTOCOLS\Handler\msnim" => Key deleted successfully.
HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => Key not found. 
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
Chrome DefaultSearchKeyword deleted successfully.
Chrome DefaultSearchURL deleted successfully.
C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => Moved successfully.
 
 
The system needed a reboot. 
 
==== End of Fixlog 22:17:41 ====
 
 
 Results of screen317's Security Check version 0.99.95  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 SpyroDriver     
 JavaFX 2.1.1    
 Java 7 Update 71  
  Java 64-bit 8 Update 31  
 Adobe Flash Player 16.0.0.296  
 Google Chrome (39.0.2171.95) 
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 4% 
````````````````````End of Log`````````````````````` 
 
 
Thank You!


#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:43 PM

Posted 31 January 2015 - 08:50 AM

Looking good.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:43 PM

Posted 06 February 2015 - 09:08 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users