Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Suspect virus or malware [Closed]

Started by WRBII , May 28 2015 02:13 PM

  • This topic is locked This topic is locked

#1
WRBII
Posted 28 May 2015 - 02:13 PM

WRBII

    New Member

  • Member
  • Pip
  • 5 posts

Hi, my computer has been running slow and when opening a window other windows open. I use AVAST and have cleaned/scanned with it which it did remove 6 high level threats. I have followed the directions in you virus/malware article to the T. I look forward to hearing from you all.Thanks....Bill

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-05-2015 01
Ran by Kim (administrator) on KIMS-VAIO on 28-05-2015 15:44:42
Running from C:\Users\Kim\Desktop
Loaded Profiles: Kim (Available Profiles: Kim)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\loggingserver.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Sony Corporation) C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Program Files (x86)\Sony\Keyboard Shortcuts\KeyboardShortcuts.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Digital Delivery Networks, Inc.) C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
(Digital Delivery Networks, Inc.) C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCsystray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2284328 2011-02-15] (Synaptics Incorporated)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2010-12-17] (Intel® Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [497648 2010-07-29] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-02-26] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-02-26] (AVAST Software)
CHR HKU\S-1-5-21-2157824862-2399365399-4080039673-1005\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...ast&type=agc511
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo...p={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2157824862-2399365399-4080039673-1005\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo...p={searchTerms}
HKU\S-1-5-21-2157824862-2399365399-4080039673-1005\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...ast&type=agc511
HKU\S-1-5-21-2157824862-2399365399-4080039673-1005\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.co...ast&type=agc511
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {5AB6F090-5453-B9BF-E861-61973786B1A3} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...p={searchTerms}
SearchScopes: HKLM-x32 -> {4AEB5A3D-2E29-EF83-503D-7B16C6E30247} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...p={searchTerms}
SearchScopes: HKU\S-1-5-21-2157824862-2399365399-4080039673-1005 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...p={searchTerms}
SearchScopes: HKU\S-1-5-21-2157824862-2399365399-4080039673-1005 -> {5AB6F090-5453-B9BF-E861-61973786B1A3} URL =
SearchScopes: HKU\S-1-5-21-2157824862-2399365399-4080039673-1005 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...p={searchTerms}
SearchScopes: HKU\S-1-5-21-2157824862-2399365399-4080039673-1005 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-02-26] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-02-22] (Sun Microsystems, Inc.)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2010-11-08] (CANON INC.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-02-26] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} ->  No File
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-02] (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-02-22] (Sun Microsystems, Inc.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-02] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2010-11-08] (CANON INC.)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.7\ViProtocol.dll [2014-06-24] (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{2E64A65C-9443-4BB8-83A2-A6F97CE66299}: [NameServer] 0.0.0.0

FireFox:
========
FF ProfilePath: C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\zgykz424.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-28] ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2012-02-22] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-28] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-12-18] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.7\\npsitesafety.dll No File
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2011-09-22] (CANON INC.)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2012-02-22] (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-26] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-26] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-12-18] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\zgykz424.default\searchplugins\alot-search.xml [2012-11-25]
FF SearchPlugin: C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\zgykz424.default\searchplugins\safeguard-secure-search.xml [2013-11-12]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml [2014-06-24]
FF Extension: NoScript - C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\zgykz424.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-06-15]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-02-27]
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.1.7.598

Chrome:
=======
CHR Profile: C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Default
CHR Profile: C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Docs) - C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-30]
CHR Extension: (Google Drive) - C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-30]
CHR Extension: (YouTube) - C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-30]
CHR Extension: (eBay) - C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bnadbgmffcofipfljniafanjcafjlbom [2013-11-30]
CHR Extension: (Google Search) - C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-30]
CHR Extension: (InternetHelper3.1) - C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nemfjadlboooiffmcelkafilagddogim [2013-11-30]
CHR Extension: (Google Wallet) - C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-30]
CHR Extension: (Gmail) - C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-30]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-02-26]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-02-26] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2015-02-26] (AVAST Software)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [1239584 2013-02-25] (Fitbit, Inc.) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1817088 2011-03-28] (Realsil Microelectronics Inc.) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-12-17] ()
R2 Oasis2Service; C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [61440 2013-07-02] (Digital Delivery Networks, Inc.) [File not signed]
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [259192 2011-01-29] (Sony Corporation)
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [887000 2011-01-20] (Sony Corporation)
R2 vToolbarUpdater18.1.7; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\ToolbarUpdater.exe [1808408 2014-06-24] (AVG Secure Search)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1369136 2013-09-25] (Sony Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 AdobeActiveFileMonitor9.0; D:\photoshop elements 9.0\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-02-26] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2015-02-26] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2015-02-26] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449936 2015-02-26] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-02-26] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-02-26] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-02-26] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-02-26] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-02-26] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-02-26] ()
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-06-24] (AVG Technologies)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R3 msvad_simple; C:\Windows\System32\drivers\povrtdev.sys [28528 2012-03-29] (MediaMall Technologies, Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-28 15:44 - 2015-05-28 15:46 - 00019939 _____ () C:\Users\Kim\Desktop\FRST.txt
2015-05-28 15:31 - 2015-05-28 15:44 - 00000000 ____D () C:\FRST
2015-05-28 15:29 - 2015-05-28 15:29 - 02108928 _____ (Farbar) C:\Users\Kim\Desktop\FRST64.exe
2015-05-28 14:56 - 2015-05-28 14:56 - 00003190 _____ () C:\Windows\System32\Tasks\avastBCLRestart_firefox.exe
2015-05-26 17:57 - 2015-05-26 17:57 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-26 17:56 - 2015-05-26 17:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-26 17:56 - 2015-05-26 17:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-26 17:56 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-26 17:56 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-28 15:46 - 2012-02-22 08:16 - 01978437 _____ () C:\Windows\WindowsUpdate.log
2015-05-28 15:43 - 2012-07-14 07:27 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-28 15:30 - 2012-04-16 20:24 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-05-28 15:30 - 2012-04-16 20:24 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-05-28 15:30 - 2012-04-16 20:24 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-28 15:30 - 2012-03-22 08:39 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-28 15:27 - 2009-07-14 00:45 - 00021200 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-28 15:27 - 2009-07-14 00:45 - 00021200 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-28 15:05 - 2009-07-14 01:13 - 00783424 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-28 15:04 - 2012-03-15 13:21 - 00000000 ____D () C:\Users\Kim\AppData\Local\Adobe
2015-05-28 14:59 - 2012-07-14 07:27 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-28 14:58 - 2013-10-21 17:39 - 00005152 _____ () C:\Windows\setupact.log
2015-05-28 14:58 - 2013-02-02 01:53 - 00704464 _____ () C:\Windows\PFRO.log
2015-05-28 14:58 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-28 14:57 - 2013-10-26 18:57 - 00000284 _____ () C:\Windows\Tasks\DigitalSite.job
2015-05-28 14:55 - 2013-11-02 19:47 - 00000000 ____D () C:\Users\Kim\AppData\Local\NativeMessaging
2015-05-28 14:55 - 2013-11-02 19:47 - 00000000 ____D () C:\Program Files (x86)\Conduit
2015-05-28 14:55 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\Resources
2015-05-28 14:54 - 2013-11-02 19:48 - 00000000 ____D () C:\Program Files (x86)\InternetHelper3.1
2015-05-28 14:54 - 2013-10-19 13:59 - 00000000 ____D () C:\Users\Kim\AppData\Roaming\UpdaterEX
2015-05-26 17:56 - 2012-09-06 17:32 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-26 17:56 - 2012-09-06 17:32 - 00000000 ____D () C:\Users\Kim\AppData\Roaming\Malwarebytes
2015-05-26 17:56 - 2012-09-06 17:32 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-26 17:56 - 2012-09-06 17:32 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2015-05-26 17:49 - 2012-02-27 20:53 - 00000000 ____D () C:\Users\Kim\AppData\Local\CrashDumps
2015-05-26 17:42 - 2012-05-24 19:52 - 00146251 _____ () C:\test.xml
2015-05-26 17:13 - 2012-02-27 19:13 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{8D7107EE-6FA3-4A4B-A011-D67F64FCD156}
2015-05-26 16:45 - 2012-07-14 07:29 - 00002143 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-26 16:38 - 2012-07-14 07:27 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-26 16:38 - 2012-07-14 07:27 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-26 16:36 - 2013-11-02 19:48 - 00000258 __RSH () C:\Users\Kim\ntuser.pol
2015-05-26 16:36 - 2012-02-27 18:37 - 00000000 ____D () C:\Users\Kim
2015-05-26 16:25 - 2013-10-19 13:57 - 00000000 ____D () C:\Program Files (x86)\Mobogenie
2015-05-26 16:19 - 2013-08-15 20:04 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-26 16:16 - 2012-03-10 13:24 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-26 16:13 - 2014-05-29 19:02 - 00000000 ___SD () C:\Windows\system32\CompatTel

==================== Files in the root of some directories =======

2013-11-12 22:28 - 2014-06-24 19:04 - 0003710 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2013-10-26 19:57 - 2014-03-16 13:53 - 0000229 _____ () C:\Users\Kim\AppData\Roaming\WB.CFG
2014-01-28 01:29 - 2014-01-28 01:29 - 0000005 _____ () C:\Users\Kim\AppData\Roaming\WBPU-TTL.DAT
2012-04-19 12:19 - 2012-04-19 12:19 - 0001565 _____ () C:\Users\Kim\AppData\Local\PDLSetup.20120419.121950.txt
2012-04-19 12:22 - 2012-04-19 12:22 - 0001567 _____ () C:\Users\Kim\AppData\Local\PDLSetup.20120419.122242.txt
2012-05-06 23:15 - 2012-05-06 23:15 - 0001567 _____ () C:\Users\Kim\AppData\Local\PDLSetup.20120506.231522.txt
2012-06-30 23:05 - 2012-06-30 23:05 - 0001567 _____ () C:\Users\Kim\AppData\Local\PDLSetup.20120630.230523.txt
2012-07-28 09:15 - 2012-07-28 09:15 - 0001567 _____ () C:\Users\Kim\AppData\Local\PDLSetup.20120728.091513.txt
2012-09-01 23:06 - 2012-09-01 23:06 - 0001567 _____ () C:\Users\Kim\AppData\Local\PDLSetup.20120901.230653.txt
2012-09-16 18:44 - 2012-09-16 18:44 - 0001566 _____ () C:\Users\Kim\AppData\Local\PDLSetup.20120916.184422.txt
2012-10-18 21:07 - 2012-10-18 21:07 - 0001542 _____ () C:\Users\Kim\AppData\Local\PDLSetup.20121018.210704.txt
2012-10-23 20:01 - 2012-10-23 20:01 - 0001544 _____ () C:\Users\Kim\AppData\Local\PDLSetup.20121023.200121.txt
2012-11-07 21:26 - 2012-11-07 21:26 - 0001543 _____ () C:\Users\Kim\AppData\Local\PDLSetup.20121107.202645.txt
2013-07-30 07:24 - 2013-07-30 07:24 - 0001567 _____ () C:\Users\Kim\AppData\Local\PDLSetup.20130730.072413.txt
2013-08-04 21:52 - 2013-08-04 21:52 - 0001566 _____ () C:\Users\Kim\AppData\Local\PDLSetup.20130804.215249.txt
2014-01-12 20:04 - 2014-01-12 20:04 - 0001541 _____ () C:\Users\Kim\AppData\Local\PDLSetup.20140112.190435.txt
2012-02-22 08:15 - 2012-02-22 08:15 - 0000226 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-26 18:51

==================== End of log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-05-2015 01
Ran by Kim at 2015-05-28 15:47:26
Running from C:\Users\Kim\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2157824862-2399365399-4080039673-500 - Administrator - Disabled)
Guest (S-1-5-21-2157824862-2399365399-4080039673-501 - Limited - Disabled)
Kim (S-1-5-21-2157824862-2399365399-4080039673-1005 - Administrator - Enabled) => C:\Users\Kim

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Internet Security (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Internet Security (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Internet Security (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.7.0.2090 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.2.1.650 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Photoshop Elements 9 (HKLM-x32\...\Adobe Photoshop Elements 9) (Version: 9.0 - Adobe Systems Incorporated)
Adobe Photoshop.com Inspiration Browser (HKLM-x32\...\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1) (Version: 3.07 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Application Manager for VAIO (HKLM-x32\...\Application Manager for VAIO) (Version:  - )
ArcSoft Magic-i Visual Effects 2 (HKLM-x32\...\{61438020-DDD4-42FA-99A2-50225441980A}) (Version: 2.0.1.142 - ArcSoft)
ArcSoft WebCam Companion 4 (HKLM-x32\...\{C793AD32-2BB8-4CC4-ABD3-A1469C21593C}) (Version: 4.0.21.392 - ArcSoft)
Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 4.3.1.0 - Auslogics Labs Pty Ltd)
Avast Internet Security (HKLM-x32\...\avast) (Version: 10.0.2208 - AVAST Software)
Bing Bar (HKLM-x32\...\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}) (Version: 7.0.610.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version:  - )
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version:  - )
Canon MP Navigator EX 5.1 (HKLM-x32\...\MP Navigator EX 5.1) (Version:  - )
Canon MX430 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX430_series) (Version:  - )
Canon MX430 series On-screen Manual (HKLM-x32\...\Canon MX430 series On-screen Manual) (Version:  - )
Canon MX430 series User Registration (HKLM-x32\...\Canon MX430 series User Registration) (Version:  - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version:  - )
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.18.50 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Elements 9 Organizer (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Elements STI Installer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Fitbit Connect (HKLM-x32\...\Fitbit Connect) (Version: 1.0.0.2578 - Fitbit Inc.)
Flash Player Pro V5.4 (HKLM-x32\...\Flash Player Pro_is1) (Version:  - FlashPlayerPro.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2291 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}) (Version: 14.00.1000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
Intel® Wireless Display (HKLM-x32\...\{F84906ED-BB54-4889-B131-FED9C9056FC8}) (Version: 2.0.27.0 - Intel Corporation)
iTunes (HKLM\...\{0D924CB2-2EA4-4044-BAF7-770202D6BD0D}) (Version: 11.1.4.62 - Apple Inc.)
Java™ 6 Update 22 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416022FF}) (Version: 6.0.220 - Oracle)
Java™ 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.220 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Keyboard Shortcuts (HKLM-x32\...\{FE8974B4-479C-4DBA-8544-9E5342ABB26A}) (Version: 1.1.0.08290 - Sony Corporation)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Media Gallery (Version: 1.5.0.16020 - Your Company Name) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Oasis2Service (HKLM-x32\...\{E50FC5DB-7CBD-407D-A46E-0C13E45BC386}) (Version: 1.0.4 - DDNi)
OOBE (x32 Version: 11.2.1.10 - Sony Corporation) Hidden
Open It! (HKLM-x32\...\OpenIt Open It!) (Version: 1.1.1 - OpenIt)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PMB (x32 Version: 5.5.02.12220 - Sony Corporation) Hidden
PMB VAIO Edition Plug-in (Version: 1.5.10.05300 - Sony Corporation) Hidden
PMB VAIO Edition Plug-in (x32 Version: 1.6.00.06010 - Sony Corporation) Hidden
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.74 - Realtek Semiconductor Corp.)
Remote Keyboard (x32 Version: 1.1.1.03020 - Sony Corporation) Hidden
Remote Play with PlayStation 3 (x32 Version: 1.1.0.15070 - Sony Corporation) Hidden
Sony Corporation (Version: 1.0.0 - Default Company Name) Hidden
SSLx64 (Version: 1.0.0 - Sony Corporation ) Hidden
SSLx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.9.0 - Synaptics Incorporated)
UpdaterEX (HKU\S-1-5-21-2157824862-2399365399-4080039673-1005\...\UpdaterEX) (Version:  - UpdaterEX)
VAIO - Media Gallery (x32 Version: 1.5.0.16020 - Sony Corporation) Hidden
VAIO - PMB VAIO Edition Guide (x32 Version: 1.6.00.06030 - Sony Corporation) Hidden
VAIO - PMB VAIO Edition Plug-in (x32 Version: 1.6.01.06110 - Sony Corporation) Hidden
VAIO - Remote Keyboard (x32 Version: 1.0.1.03020 - Sony Corporation) Hidden
VAIO - Remote Play with PlayStation®3 (x32 Version: 1.1.0.15070 - Sony Corporation) Hidden
VAIO Care (HKLM-x32\...\{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}) (Version: 6.4.2.11150 - Sony Corporation)
VAIO Care (x32 Version: 6.4.2.11150 - Sony Corporation) Hidden
VAIO Control Center (x32 Version: 4.5.0.03040 - Sony Corporation) Hidden
VAIO Data Restore Tool (x32 Version: 1.6.0.13140 - Sony Corporation) Hidden
VAIO Easy Connect (x32 Version: 1.1.2.01120 - Sony Corporation) Hidden
VAIO Event Service (x32 Version: 5.5.0.03040 - Sony Corporation) Hidden
VAIO Gate (x32 Version: 2.4.1.09230 - Sony Corporation) Hidden
VAIO Gate Default (x32 Version: 2.4.0.03240 - Sony Corporation) Hidden
VAIO Hardware Diagnostics (x32 Version: 4.2.0.14280 - Sony Corporation) Hidden
VAIO Help and Support (HKLM-x32\...\{F5248E24-F52C-4FD1-B76F-102460BAFD6B}) (Version: 14.00.0125 - Sony Corporation)
VAIO Improvement (x32 Version: 1.0.0.14150 - Sony Corporation) Hidden
VAIO Manual (x32 Version: 2.0.0.02250 - Sony Corporation) Hidden
VAIO Messenger (HKLM-x32\...\VAIO Messenger) (Version: 2.0.550.0 - DDNi)
VAIO Quick Web Access (x32 Version: 1.4.5.5 - Sony Corporation) Hidden
VAIO Sample Contents (x32 Version: 1.4.0.09010 - Sony Corporation) Hidden
VAIO Satisfaction Survey. (x32 Version: 3.0 - Sony Electronics Inc.) Hidden
VAIO Smart Network (HKLM-x32\...\{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}) (Version: 3.7.0.07050 - Sony Corporation)
VAIO Transfer Support (x32 Version: 1.4.0.14230 - Sony Corporation) Hidden
VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 6.3.1.10120 - Sony Corporation)
VCCx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VESx64 (Version: 1.0.0 - Sony Corporation) Hidden
VESx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VIx64 (Version: 1.0.0 - Sony Corporation) Hidden
VIx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VSNx64 (Version: 1.0.0 - Sony Corporation) Hidden
VSNx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden
VWSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Whilokii 1.0.0 (HKLM\...\Whilokii) (Version: 1.0.0 - Whilokii) <==== ATTENTION
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Zip Extractor Packages (HKU\S-1-5-21-2157824862-2399365399-4080039673-1005\...\Zip Extractor Packages) (Version:  - ) <==== ATTENTION

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

29-03-2014 13:50:53 Windows Update
01-04-2014 20:52:22 Windows Update
04-04-2014 21:41:03 Windows Update
06-04-2014 19:00:11 Windows Backup
23-04-2014 19:31:46 Windows Update
23-04-2014 21:18:14 Windows Backup
27-05-2014 18:59:52 Windows Update
27-05-2014 19:05:27 Windows Backup
29-05-2014 18:37:19 Windows Update
24-06-2014 19:12:30 Windows Update
26-02-2015 20:23:40 avast! antivirus system restore point
26-02-2015 20:24:45 Windows Backup
26-02-2015 20:35:18 Device Driver Package Install: Avast Network Service
26-02-2015 20:38:27 Windows Update
26-05-2015 16:12:43 Windows Update
26-05-2015 16:46:04 Windows Backup

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2013-06-15 20:12 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {160D7147-C5DA-4E12-AA9C-C3A67002DFAF} - System32\Tasks\Sony\Keyboard Shortcuts => C:\Program Files (x86)\Sony\Keyboard Shortcuts\KeyboardShortcuts.exe [2011-08-31] ()
Task: {1C4F606E-52E9-4C8A-8F8C-5465F870F9A8} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2013-09-19] (Sony Corporation)
Task: {231C520F-ED8F-4E31-95CD-8F3F444AD7C7} - System32\Tasks\SONY\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2011-09-23] (Sony Corporation)
Task: {2F11E767-DFBD-4253-A779-F867AB621ACB} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate Restart => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2011-09-23] (Sony Corporation)
Task: {320B2CDA-A6B0-47A2-A3F4-93A91E8F797F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-28] (Adobe Systems Incorporated)
Task: {332715CD-6FFA-47D9-84F1-38460AA09871} - System32\Tasks\DigitalSite => C:\Users\Kim\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {35833A85-96EA-4E8E-B8FE-72D568B97268} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {3C8F8155-5B2B-4BA9-B0A7-E29046BA91A1} - System32\Tasks\Sony Corporation\VAIO Smart Network\VSN Logon Start => C:\Program Files\Sony\VAIO Smart Network\VSNClient
Task: {53821E84-FB1D-48DB-9E07-ACFD2B307A2D} - System32\Tasks\VAIO® Messenger (Administrator) => C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe [2013-07-03] (Digital Delivery Networks, Inc.)
Task: {75107FB7-9882-44E0-AA47-B847634F80B3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-26] (Google Inc.)
Task: {76A945A0-3448-449D-BAE5-B6BABEC956B2} - System32\Tasks\VAIO® Messenger (Kim) => C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe [2013-07-03] (Digital Delivery Networks, Inc.)
Task: {7FF90B40-2731-4D28-BB5D-6247EE0B2B9A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-26] (Google Inc.)
Task: {8BC6FE81-3DA2-4A47-9C22-CCEA2034D1B7} - System32\Tasks\Sony Corporation\VAIO Update\Launch Application => C:\Program Files\SONY\VAIO Update\ShellExeProxy.exe [2013-08-30] (Sony Corporation)
Task: {8BE44BAD-01E7-4D7B-8A48-1B101BB73B9B} - System32\Tasks\DTReg => C:\Users\Kim\AppData\Roaming\defaulttab\defaulttab\DTReg.exe <==== ATTENTION
Task: {9030B5AB-6BEA-4934-B3A2-C7AFF32BA00B} - \BackgroundContainer Startup Task No Task File <==== ATTENTION
Task: {972DD818-207E-442D-84CC-20582C6C8B49} - System32\Tasks\SONY\VAIO Gate\StartExecuteProxy => C:\Program Files\Sony\VAIO Gate\ExecutionProxy.exe [2011-09-23] (Sony Corporation)
Task: {9983A2FC-6E39-4DE6-B5C6-9AE3A9CDDDF6} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCOneClick.exe [2011-02-16] (Sony Corporation)
Task: {AABC057D-964E-435B-B2D4-DD271E3886CD} - System32\Tasks\LaunchApp => C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe <==== ATTENTION
Task: {ABA8A224-8DB1-403A-B953-FE85D01AE216} - System32\Tasks\avastBCLRestart_firefox.exe => Firefox.exe
Task: {B12608D4-E423-44D4-9745-09108842E2FD} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCsystray.exe [2011-02-16] (Sony Corporation)
Task: {BE958808-E2CB-46D2-B2FC-C5809AE3CF87} - System32\Tasks\DDNi Startup => C:\Program Files (x86)\DDNi\Oasis\DDNiStartup.exe [2013-07-03] (Digital Delivery Networks, Inc.)
Task: {C9B25494-968F-49AF-92ED-41F525C671B6} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2013-09-27] (Sony Corporation)
Task: {D0B7BD4F-D302-4D13-B961-1831085F6D82} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\viuploader.exe [2011-02-15] (Sony Corporation)
Task: {DA3CBA4A-86AC-4F0D-A3FE-E5F82A165783} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-02-26] (AVAST Software)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DigitalSite.job => C:\Users\Kim\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2010-12-17 17:53 - 2010-12-17 17:53 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2014-06-24 19:04 - 2014-06-24 19:04 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\loggingserver.exe
2011-03-28 03:04 - 2011-03-28 00:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-12-17 17:53 - 2010-12-17 17:53 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2011-08-31 13:44 - 2011-08-31 13:44 - 00477200 _____ () C:\Program Files (x86)\Sony\Keyboard Shortcuts\KeyboardShortcuts.exe
2012-03-22 17:11 - 2011-02-25 17:14 - 00297472 _____ () C:\Program Files\Sony\VAIO Care\CRM\ManagedVAIORecoveryMedia.dll
2012-03-22 17:11 - 2011-02-25 17:14 - 00192000 _____ () C:\Program Files\Sony\VAIO Care\CRM\VAIORecovery.dll
2012-03-22 17:11 - 2011-02-25 17:14 - 00070656 _____ () C:\Program Files\Sony\VAIO Care\CRM\Logging.dll
2012-03-22 17:11 - 2011-02-25 17:14 - 00063488 _____ () C:\Program Files\Sony\VAIO Care\CRM\VAIOCommon.dll
2012-03-22 17:11 - 2011-02-25 17:14 - 00215040 _____ () C:\Program Files\Sony\VAIO Care\CRM\OsServices.dll
2012-03-22 17:11 - 2011-02-25 17:14 - 00043008 _____ () C:\Program Files\Sony\VAIO Care\CRM\PluginFactory.dll
2012-03-22 17:11 - 2011-02-25 17:14 - 00260608 _____ () C:\Program Files\Sony\VAIO Care\CRM\RecoveryPartitionManager.dll
2012-03-22 17:11 - 2011-02-25 17:14 - 00043520 _____ () C:\Program Files\Sony\VAIO Care\CRM\XMLTools.dll
2012-03-22 17:11 - 2011-02-25 17:14 - 00059904 _____ () C:\Program Files\Sony\VAIO Care\CRM\VAIOInstallAppsDrivers.dll
2012-03-22 17:11 - 2011-02-25 17:14 - 00157696 _____ () C:\Program Files\Sony\VAIO Care\CRM\InstallDB.dll
2012-03-22 17:11 - 2011-02-25 17:14 - 00138752 _____ () C:\Program Files\Sony\VAIO Care\CRM\InstallationTools.dll
2012-03-22 17:11 - 2011-02-25 17:14 - 00025600 _____ () C:\Program Files\Sony\VAIO Care\CRM\VAIOUtility.dll
2015-05-28 14:52 - 2015-05-28 14:52 - 02950656 _____ () C:\Program Files\AVAST Software\Avast\defs\15052801\algo.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-02-22 08:58 - 2011-03-05 20:42 - 00013824 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESBasePS.dll
2014-06-24 19:04 - 2014-06-24 19:04 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\log4cplusU.dll
2015-02-26 20:32 - 2015-02-26 20:32 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-05-27 20:07 - 2014-05-27 20:07 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2011-08-31 15:06 - 2011-08-31 15:06 - 00027104 _____ () C:\Program Files (x86)\Sony\Keyboard Shortcuts\Utility.dll
2011-08-31 15:06 - 2011-08-31 15:06 - 00161256 _____ () C:\Program Files (x86)\Sony\Keyboard Shortcuts\MessageHook.dll
2014-02-13 14:32 - 2014-02-13 14:32 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\0a0467413a424068d1471448ff6ca6cc\IsdiInterop.ni.dll
2012-02-22 08:21 - 2010-11-06 03:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2013-07-02 23:06 - 2013-07-02 23:06 - 00039936 _____ () C:\Program Files (x86)\DDNi\Oasis2Service\OasisCloudModel.dll
2013-07-02 23:06 - 2013-07-02 23:06 - 00011264 _____ () C:\Program Files (x86)\DDNi\Oasis2Service\OasisCloudClient.dll
2013-07-04 10:13 - 2013-07-03 02:08 - 00061864 _____ () C:\Program Files (x86)\DDNi\Oasis\OasisCloudModel.dll
2013-07-04 10:13 - 2013-07-03 02:08 - 00018856 _____ () C:\Program Files (x86)\DDNi\Oasis\OasisCloudClient.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Kim\Desktop\WWE: Voices (Randy Orton) [feat. Rich Luzzi of Rev Theory].m4r

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2157824862-2399365399-4080039673-1005\Control Panel\Desktop\\Wallpaper -> C:\Users\Kim\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: BackupStack => 2
MSCONFIG\startupfolder: C:^Users^Kim^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk => C:\Windows\pss\MyPC Backup.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BackgroundContainer => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Kim\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: CanonSolutionMenuEx => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
MSCONFIG\startupreg: cAudioFilterAgent => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
MSCONFIG\startupreg: Fitbit Connect => "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
MSCONFIG\startupreg: GamingWonderland Browser Plugin Loader => C:\PROGRA~2\GAMING~2\bar\1.bin\gtbrmon.exe
MSCONFIG\startupreg: GamingWonderland Search Scope Monitor => "C:\PROGRA~2\GAMING~2\bar\1.bin\gtsrchmn.exe" /m=2 /w /h
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: IJNetworkScannerSelectorEX => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
MSCONFIG\startupreg: ISBMgr.exe => "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: MobileDocuments => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
MSCONFIG\startupreg: mobilegeni daemon => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: PMBVolumeWatcher => C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{B922D039-9DD9-4344-A4DF-BF68F382ADF3}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel Wireless Display\WiDiApp.exe
FirewallRules: [{EEF19149-A244-4CFD-82C1-DAA70815D13D}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{CF057EFF-2E4D-4AB7-AB2F-6BC38BAB8697}] => (Allow) LPort=2869
FirewallRules: [{3E760ABC-CA83-44EA-8B01-56E7211E4A3E}] => (Allow) LPort=1900
FirewallRules: [{558772D5-A400-486E-BC1D-D2A2E3B0D1DE}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{4CCE3F3F-8FB1-436C-9817-4CD3817C5219}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{E162A859-D213-4316-BD10-6D57534285EC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{458E9D23-2BC4-4BDA-992F-BBD51644EEA4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{AD78C29D-5C05-4DBF-AD8E-C7E9DB34C921}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{56D95772-5132-455A-BE79-6B148D17935C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{1BFDCA91-D986-4A37-9745-54EC36AC167D}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre6\bin\javaw.exe
FirewallRules: [UDP Query User{5379423B-7BEC-4C67-A78B-AE0092EFCA98}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre6\bin\javaw.exe
FirewallRules: [{B0160426-84EB-445C-B7D0-EC59915C94B2}] => (Allow) C:\Program Files (x86)\Sony\VAIO Transfer Support\VAIOTransfer.exe
FirewallRules: [{F137F605-CA2D-43D7-B8F7-46DE47A5EAD0}] => (Allow) C:\Program Files (x86)\Sony\VAIO Transfer Support\VAIOTransfer.exe
FirewallRules: [{5407CEDF-3602-4F46-BB93-7BEEB01A03CB}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{A10709C0-9DF3-4525-AD64-3C284655A1E7}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{B9C2F1D9-9E9A-486B-9BF0-B9EBD029D289}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/28/2015 03:01:13 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Stream product id=0x0066): Streaming Failed

Error: (05/28/2015 03:00:43 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Too many failures while downloading ranges: 2

Error: (05/28/2015 02:59:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/28/2015 02:51:22 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: The server did not return the file size. The URL might point to dynamic content. The Content-Length header is not available in the server's HTTP reply.

Error: (05/26/2015 05:49:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 29.0.1.5239, time stamp: 0x536995c2
Faulting module name: mozalloc.dll, version: 29.0.1.5239, time stamp: 0x536968fa
Exception code: 0x80000003
Fault offset: 0x0000119c
Faulting process id: 0x180c
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (05/26/2015 05:49:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 29.0.1.5239 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1958

Start Time: 01d097f4752c791a

Termination Time: 149

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id:

Error: (05/26/2015 04:39:19 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windows...uthrootstl.cab>with error: The data is invalid.
.

Error: (05/26/2015 04:39:17 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windows...uthrootstl.cab>with error: The data is invalid.
.

Error: (05/26/2015 04:39:16 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windows...uthrootstl.cab>with error: The data is invalid.
.

Error: (05/26/2015 04:39:16 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windows...uthrootstl.cab>with error: The data is invalid.
.


System errors:
=============
Error: (05/26/2015 04:17:48 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 for x64-based Systems (KB2957509).

Error: (05/26/2015 04:17:48 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f0902: Update for Windows 7 for x64-based Systems (KB2800095).

Error: (02/26/2015 09:47:30 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.

Error: (06/24/2014 07:06:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%1053

Error: (06/24/2014 07:06:06 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.

Error: (06/24/2014 07:02:32 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 1:39:56 AM on ‎5/‎30/‎2014 was unexpected.

Error: (05/27/2014 06:57:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%1053

Error: (05/27/2014 06:57:41 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.

Error: (05/27/2014 06:54:58 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 2:07:40 AM on ‎4/‎24/‎2014 was unexpected.

Error: (03/31/2014 05:36:02 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Fitbit Connect service.


Microsoft Office:
=========================
Error: (05/28/2015 03:01:13 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: (Stream product id=0x0066): Streaming Failed

Error: (05/28/2015 03:00:43 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Too many failures while downloading ranges: 2

Error: (05/28/2015 02:59:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/28/2015 02:51:22 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: The server did not return the file size. The URL might point to dynamic content. The Content-Length header is not available in the server's HTTP reply.

Error: (05/26/2015 05:49:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe29.0.1.5239536995c2mozalloc.dll29.0.1.5239536968fa800000030000119c180c01d097f480d38a83C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll1b3478a3-03f1-11e5-8da7-78843cb22931

Error: (05/26/2015 05:49:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe29.0.1.5239195801d097f4752c791a149C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Error: (05/26/2015 04:39:19 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://ctldl.windows...hrootstl.cabThedata is invalid.

Error: (05/26/2015 04:39:17 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://ctldl.windows...hrootstl.cabThedata is invalid.

Error: (05/26/2015 04:39:16 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://ctldl.windows...hrootstl.cabThedata is invalid.

Error: (05/26/2015 04:39:16 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://ctldl.windows...hrootstl.cabThedata is invalid.


==================== Memory info ===========================

Processor: Intel® Core™ i5-2450M CPU @ 2.50GHz
Percentage of memory in use: 36%
Total physical RAM: 8139.86 MB
Available physical RAM: 5188.49 MB
Total Pagefile: 16277.9 MB
Available Pagefile: 13133.93 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:286.83 GB) (Free:221.01 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 60F9648D)
Partition 1: (Not Active) - (Size=11.2 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=286.8 GB) - (Type=07 NTFS)

==================== End of log ============================

 


  • 0

Advertisements

#2
dbreeze
Posted 28 May 2015 - 04:00 PM

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts
Hi WRBII,


Welcome to Geeks to Go. My name is dbreeze and I'll be helping you with this problem. Before I get into the removal of malware / correction of your problem, I need you to be aware of the following:
  • Please read all of my response through at least once before attempting to follow the procedures described.I would recommend printing them out, if you can, as you can check off each step as you complete it. Also, as some of the cleaning may be done in Safe Mode and there will be no internet connection then, you will find that having the steps printed for reference speeds the cleaning process along. If there's anything you don't understand or isn't totally clear to you, please come back to me for clarification before you start those steps.
  • All of the assistants and staff at Geeks to Go are here on a volunteer basis; please respect our time given to the cause of helping others.If you are going to be away for more than 4 days, please let me know here. (I will do the same for you.) We do realize that 'life happens' and situations arise unexpectedly; we just ask that you keep us up to date. That being said, please notice the following Geeks to Go rule:
  • Posts that are not replied to in four (4) days will result in the topic being closed. We have not forgotten you; this is just an effort to keep the boards organized and flowing. To continue on your closed topic, please PM me or any Moderator to have the topic reactivated. If, at any time during our working together, I have not responded to you in 2 days (48 hours), then please PM me.
  • Malware removal is a complex, multiple step process; please stay with me on this thread (don't start another thread) until I declare that your logs are clean and you are good to go. The absence of apparent issues does not mean your system is clean; I will tell you when everything looks good for you to go and help you remove the tools we have used.
  • If any of the security programs on your system should give any warnings about the software tools I ask you to download and use, please do not be alarmed.All of the tools I will have you use are safe to use (as instructed) and malware free.
  • While we strive to disrupt your system as little as possible, things happen.If you can, it would be best to back up your personal files now (if you do not already have a backup). You can store these on a CD/DVD, USB drive or stick, anywhere but on your same system. This will save you from possible anguish later if something unforeseen happens.
  • Please do not run any other tools or scanners than what I ask you to.Some of the openly available software made for malware removal can make changes to your system that interfere with the cleaning of the malware, or even destroy your system. I will use only what the situation calls for and direct you in the proper use of that software.
  • Please do not attach any log files to your replies unless I specifically ask you.Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.


- Save ALL Tools to your Desktop-


All the tools that I will have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.

Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.Settings.JPG Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.
IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
 

Quoted from and used by permission of BrianDrab. Thank you.


Let's get started....

While I go over your logs, can you provide me with the history / names of the High Level risks Avast! removed?

Also, you want to make sure that you have Notifications turned on for this topic (upper right hand location on top of this thread).
  • 0

#3
dbreeze
Posted 28 May 2015 - 11:02 PM

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

FIRST >>>>

Please go to START (Windows Orb) >> Control Panel >> Uninstall a Program or Programs and Features and remove the following (if listed):

UpdaterEX
Whilokii 1.0.0
Zip Extractor Packages

To do so, left clicking on the name once and then click Uninstall/Change at the bar above the list window.

Follow the prompts of the uninstaller BUT please read carefully any questions it asks before answering; some uninstallers will try and deceive you into keeping the software.


SECOND >>>>

Open notepad by pressing the Windows Key + R key, typing notepad in the Run box and pressing Enter. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it to your desktop as fixlist.txt



Start
CreateRestorePoint:
CloseProcesses:
CHR HKU\S-1-5-21-2157824862-2399365399-4080039673-1005\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.7\ViProtocol.dll [2014-06-24] (AVG Secure Search)
C:\Program Files (x86)\Common Files\AVG Secure Search
Tcpip\..\Interfaces\{2E64A65C-9443-4BB8-83A2-A6F97CE66299}: [NameServer] 0.0.0.0
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.7\\npsitesafety.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF SearchPlugin: C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\zgykz424.default\searchplugins\alot-search.xml [2012-11-25]
C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\zgykz424.default\searchplugins\alot-search.xml
FF SearchPlugin: C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\zgykz424.default\searchplugins\safeguard-secure-search.xml [2013-11-12]
C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\zgykz424.default\searchplugins\safeguard-secure-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml [2014-06-24]
C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.1.7.598
C:\ProgramData\AVG SafeGuard toolbar
CHR Extension: (InternetHelper3.1) - C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nemfjadlboooiffmcelkafilagddogim [2013-11-30]
C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nemfjadlboooiffmcelkafilagddogim
C:\users\Kim\appdata\local\cre
R2 vToolbarUpdater18.1.7; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\ToolbarUpdater.exe [1808408 2014-06-24] (AVG Secure Search)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-06-24] (AVG Technologies)
C:\Windows\system32\drivers\avgtpx64.sys
2015-05-28 14:57 - 2013-10-26 18:57 - 00000284 _____ () C:\Windows\Tasks\DigitalSite.job
2015-05-28 14:55 - 2013-11-02 19:47 - 00000000 ____D () C:\Users\Kim\AppData\Local\NativeMessaging
2015-05-28 14:55 - 2013-11-02 19:47 - 00000000 ____D () C:\Program Files (x86)\Conduit
2015-05-28 14:54 - 2013-11-02 19:48 - 00000000 ____D () C:\Program Files (x86)\InternetHelper3.1
2015-05-28 14:54 - 2013-10-19 13:59 - 00000000 ____D () C:\Users\Kim\AppData\Roaming\UpdaterEX
2013-11-12 22:28 - 2014-06-24 19:04 - 0003710 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2013-10-26 19:57 - 2014-03-16 13:53 - 0000229 _____ () C:\Users\Kim\AppData\Roaming\WB.CFG
2014-01-28 01:29 - 2014-01-28 01:29 - 0000005 _____ () C:\Users\Kim\AppData\Roaming\WBPU-TTL.DAT
2012-04-19 12:19 - 2012-04-19 12:19 - 0001565 _____ () C:\Users\Kim\AppData\Local\PDLSetup.20120419.121950.txt
2012-04-19 12:22 - 2012-04-19 12:22 - 0001567 _____ () C:\Users\Kim\AppData\Local\PDLSetup.20120419.122242.txt
2012-05-06 23:15 - 2012-05-06 23:15 - 0001567 _____ () C:\Users\Kim\AppData\Local\PDLSetup.20120506.231522.txt
2012-06-30 23:05 - 2012-06-30 23:05 - 0001567 _____ () C:\Users\Kim\AppData\Local\PDLSetup.20120630.230523.txt
2012-07-28 09:15 - 2012-07-28 09:15 - 0001567 _____ () C:\Users\Kim\AppData\Local\PDLSetup.20120728.091513.txt
2012-09-01 23:06 - 2012-09-01 23:06 - 0001567 _____ () C:\Users\Kim\AppData\Local\PDLSetup.20120901.230653.txt
2012-09-16 18:44 - 2012-09-16 18:44 - 0001566 _____ () C:\Users\Kim\AppData\Local\PDLSetup.20120916.184422.txt
2012-10-18 21:07 - 2012-10-18 21:07 - 0001542 _____ () C:\Users\Kim\AppData\Local\PDLSetup.20121018.210704.txt
2012-10-23 20:01 - 2012-10-23 20:01 - 0001544 _____ () C:\Users\Kim\AppData\Local\PDLSetup.20121023.200121.txt
2012-11-07 21:26 - 2012-11-07 21:26 - 0001543 _____ () C:\Users\Kim\AppData\Local\PDLSetup.20121107.202645.txt
2013-07-30 07:24 - 2013-07-30 07:24 - 0001567 _____ () C:\Users\Kim\AppData\Local\PDLSetup.20130730.072413.txt
2013-08-04 21:52 - 2013-08-04 21:52 - 0001566 _____ () C:\Users\Kim\AppData\Local\PDLSetup.20130804.215249.txt
2014-01-12 20:04 - 2014-01-12 20:04 - 0001541 _____ () C:\Users\Kim\AppData\Local\PDLSetup.20140112.190435.txt
Task: {332715CD-6FFA-47D9-84F1-38460AA09871} - System32\Tasks\DigitalSite => C:\Users\Kim\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {8BE44BAD-01E7-4D7B-8A48-1B101BB73B9B} - System32\Tasks\DTReg => C:\Users\Kim\AppData\Roaming\defaulttab\defaulttab\DTReg.exe <==== ATTENTION
Task: {9030B5AB-6BEA-4934-B3A2-C7AFF32BA00B} - \BackgroundContainer Startup Task No Task File <==== ATTENTION
Task: {AABC057D-964E-435B-B2D4-DD271E3886CD} - System32\Tasks\LaunchApp => C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe <==== ATTENTION
Task: C:\Windows\Tasks\DigitalSite.job => C:\Users\Kim\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
C:\Users\Kim\AppData\Roaming\DIGITA~1
C:\Users\Kim\AppData\Roaming\defaulttab
C:\Program Files (x86)\MyPC Backup
AlternateDataStreams: C:\Users\Kim\Desktop\WWE: Voices (Randy Orton) [feat. Rich Luzzi of Rev Theory].m4r
C:\Users\Kim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
C:\Windows\pss\MyPC Backup.lnk.Startup
C:\Users\Kim\AppData\Local\Conduit
C:\PROGRA~2\GAMING~2
C:\Program Files (x86)\AVG SafeGuard toolbar
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
CMD: bitsadmin /reset /allusers
CMD: DEL %TEMP%\*.* /F /S /Q
CMD: RD /S /Q %TEMP%
RemoveProxy:
Reboot:
end


NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Start FRST that is on the desktop by right clicking on file and selecting "Run as Administrator..." and press the Fix button just once and wait.

Press%20the%20FIX%20button_zpsdd5zi3mt.p

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


  • 0

#4
WRBII
Posted 29 May 2015 - 12:20 PM

WRBII

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

FIRST >>>>

Please go to START (Windows Orb) >> Control Panel >> Uninstall a Program or Programs and Features and remove the following (if listed):

UpdaterEX
Whilokii 1.0.0
Zip Extractor Packages

To do so, left clicking on the name once and then click Uninstall/Change at the bar above the list window.

Follow the prompts of the uninstaller BUT please read carefully any questions it asks before answering; some uninstallers will try and deceive you into keeping the software.


SECOND >>>>

Open notepad by pressing the Windows Key + R key, typing notepad in the Run box and pressing Enter. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it to your desktop as fixlist.txt



Start
CreateRestorePoint:
CloseProcesses:
CHR HKU\S-1-5-21-2157824862-2399365399-4080039673-1005\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.7\ViProtocol.dll [2014-06-24] (AVG Secure Search)
C:\Program Files (x86)\Common Files\AVG Secure Search
Tcpip\..\Interfaces\{2E64A65C-9443-4BB8-83A2-A6F97CE66299}: [NameServer] 0.0.0.0
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.7\\npsitesafety.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF SearchPlugin: C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\zgykz424.default\searchplugins\alot-search.xml [2012-11-25]
C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\zgykz424.default\searchplugins\alot-search.xml
FF SearchPlugin: C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\zgykz424.default\searchplugins\safeguard-secure-search.xml [2013-11-12]
C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\zgykz424.default\searchplugins\safeguard-secure-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml [2014-06-24]
C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.1.7.598
C:\ProgramData\AVG SafeGuard toolbar
CHR Extension: (InternetHelper3.1) - C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nemfjadlboooiffmcelkafilagddogim [2013-11-30]
C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nemfjadlboooiffmcelkafilagddogim
C:\users\Kim\appdata\local\cre
R2 vToolbarUpdater18.1.7; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\ToolbarUpdater.exe [1808408 2014-06-24] (AVG Secure Search)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-06-24] (AVG Technologies)
C:\Windows\system32\drivers\avgtpx64.sys
2015-05-28 14:57 - 2013-10-26 18:57 - 00000284 _____ () C:\Windows\Tasks\DigitalSite.job
2015-05-28 14:55 - 2013-11-02 19:47 - 00000000 ____D () C:\Users\Kim\AppData\Local\NativeMessaging
2015-05-28 14:55 - 2013-11-02 19:47 - 00000000 ____D () C:\Program Files (x86)\Conduit
2015-05-28 14:54 - 2013-11-02 19:48 - 00000000 ____D () C:\Program Files (x86)\InternetHelper3.1
2015-05-28 14:54 - 2013-10-19 13:59 - 00000000 ____D () C:\Users\Kim\AppData\Roaming\UpdaterEX
2013-11-12 22:28 - 2014-06-24 19:04 - 0003710 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2013-10-26 19:57 - 2014-03-16 13:53 - 0000229 _____ () C:\Users\Kim\AppData\Roaming\WB.CFG
2014-01-28 01:29 - 2014-01-28 01:29 - 0000005 _____ () C:\Users\Kim\AppData\Roaming\WBPU-TTL.DAT
2012-04-19 12:19 - 2012-04-19 12:19 - 0001565 _____ () C:\Users\Kim\AppData\Local\PDLSetup.20120419.121950.txt
2012-04-19 12:22 - 2012-04-19 12:22 - 0001567 _____ () C:\Users\Kim\AppData\Local\PDLSetup.20120419.122242.txt
2012-05-06 23:15 - 2012-05-06 23:15 - 0001567 _____ () C:\Users\Kim\AppData\Local\PDLSetup.20120506.231522.txt
2012-06-30 23:05 - 2012-06-30 23:05 - 0001567 _____ () C:\Users\Kim\AppData\Local\PDLSetup.20120630.230523.txt
2012-07-28 09:15 - 2012-07-28 09:15 - 0001567 _____ () C:\Users\Kim\AppData\Local\PDLSetup.20120728.091513.txt
2012-09-01 23:06 - 2012-09-01 23:06 - 0001567 _____ () C:\Users\Kim\AppData\Local\PDLSetup.20120901.230653.txt
2012-09-16 18:44 - 2012-09-16 18:44 - 0001566 _____ () C:\Users\Kim\AppData\Local\PDLSetup.20120916.184422.txt
2012-10-18 21:07 - 2012-10-18 21:07 - 0001542 _____ () C:\Users\Kim\AppData\Local\PDLSetup.20121018.210704.txt
2012-10-23 20:01 - 2012-10-23 20:01 - 0001544 _____ () C:\Users\Kim\AppData\Local\PDLSetup.20121023.200121.txt
2012-11-07 21:26 - 2012-11-07 21:26 - 0001543 _____ () C:\Users\Kim\AppData\Local\PDLSetup.20121107.202645.txt
2013-07-30 07:24 - 2013-07-30 07:24 - 0001567 _____ () C:\Users\Kim\AppData\Local\PDLSetup.20130730.072413.txt
2013-08-04 21:52 - 2013-08-04 21:52 - 0001566 _____ () C:\Users\Kim\AppData\Local\PDLSetup.20130804.215249.txt
2014-01-12 20:04 - 2014-01-12 20:04 - 0001541 _____ () C:\Users\Kim\AppData\Local\PDLSetup.20140112.190435.txt
Task: {332715CD-6FFA-47D9-84F1-38460AA09871} - System32\Tasks\DigitalSite => C:\Users\Kim\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {8BE44BAD-01E7-4D7B-8A48-1B101BB73B9B} - System32\Tasks\DTReg => C:\Users\Kim\AppData\Roaming\defaulttab\defaulttab\DTReg.exe <==== ATTENTION
Task: {9030B5AB-6BEA-4934-B3A2-C7AFF32BA00B} - \BackgroundContainer Startup Task No Task File <==== ATTENTION
Task: {AABC057D-964E-435B-B2D4-DD271E3886CD} - System32\Tasks\LaunchApp => C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe <==== ATTENTION
Task: C:\Windows\Tasks\DigitalSite.job => C:\Users\Kim\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
C:\Users\Kim\AppData\Roaming\DIGITA~1
C:\Users\Kim\AppData\Roaming\defaulttab
C:\Program Files (x86)\MyPC Backup
AlternateDataStreams: C:\Users\Kim\Desktop\WWE: Voices (Randy Orton) [feat. Rich Luzzi of Rev Theory].m4r
C:\Users\Kim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
C:\Windows\pss\MyPC Backup.lnk.Startup
C:\Users\Kim\AppData\Local\Conduit
C:\PROGRA~2\GAMING~2
C:\Program Files (x86)\AVG SafeGuard toolbar
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
CMD: bitsadmin /reset /allusers
CMD: DEL %TEMP%\*.* /F /S /Q
CMD: RD /S /Q %TEMP%
RemoveProxy:
Reboot:
end


NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Start FRST that is on the desktop by right clicking on file and selecting "Run as Administrator..." and press the Fix button just once and wait.

Press%20the%20FIX%20button_zpsdd5zi3mt.p

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

i for some reason can not get the frst64 (fix) to work. It says fixlist.text needs to be in the same file. I created  new folder for both frst64 and fixlist.text but still gives me the same message.


  • 0

#5
dbreeze
Posted 29 May 2015 - 02:21 PM

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

Both FRST64.exe and Fixlist.txt should be on your desktop; not in a folder on the desktop.

 

Also, please check that the Fixlist file is named Fixlist.txt and not Fixlist.text .


  • 0

#6
dbreeze
Posted 04 June 2015 - 09:34 PM

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP