Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Suspicious Programs and Internet not working [Closed]


  • This topic is locked This topic is locked

#1
VortexR18

VortexR18

    Member

  • Member
  • PipPip
  • 57 posts

Hello everyone,

 

I have a laptop that currently cannot connect to the internet.  Network and Hardware all seem to be in order, so i suspect it may be a malicious programs causing issues.

 

Everything also seems to be running at a sluggish pace.

 

Also, I have noticed several suspect programs that Im certain are malicious/spyware.

 

Logs are posted below, thank you so very much for the time.

 

==========================FRST LOG================================

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:03-06-2015
Ran by Rizaldy Manabat (administrator) on RIZALDYMANABAT on 03-06-2015 17:40:58
Running from C:\Users\Rizaldy Manabat\Downloads\Desktop
Loaded Profiles: Rizaldy Manabat (Available Profiles: Rizaldy Manabat)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(OM Inc.) C:\Program Files (x86)\IGS\BasementDuster.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
() C:\Program Files (x86)\dataup\dataup.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
() C:\Users\Rizaldy Manabat\AppData\Roaming\638623A0-1425233465-11DF-8A06-0024BEF914AD\jnsq2AF.tmp
() C:\Users\Rizaldy Manabat\AppData\Local\638623A0-1425237323-11DF-8A06-0024BEF914AD\inshA298.tmp
() C:\Users\Rizaldy Manabat\AppData\Roaming\638623A0-1425233465-11DF-8A06-0024BEF914AD\nsqC211.tmpfs
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
(Sony Corporation) C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
() C:\Users\Rizaldy Manabat\AppData\Local\638623A0-1425233841-11DF-8A06-0024BEF914AD\snsn14CB.tmp
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\Sony\VCM Manager Settings\VcmMgrNotification64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
() C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
(Digital Delivery Networks, Inc.) C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
() C:\Program Files\Sony\VAIO Care\listener.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\Install\{4C8C7AB0-130A-4DC1-BB57-ED465FCAEC60}\43.0.2357.81_chrome_installer.exe
(Google Inc.) C:\Windows\Temp\CR_D6902.tmp\setup.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\AM_Delta.exe
(Microsoft Corporation) C:\Windows\System32\MpSigStub.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10134560 2010-04-06] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [226160 2010-07-30] (Alps Electric Co., Ltd.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SmartWiHelper] => C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe [82944 2010-01-19] (Sony Electronics Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] => c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [597792 2010-01-21] (Sony Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [SHTtray.exe] => C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe [99696 2010-02-24] (Sony Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM-x32\...\Run: [gmsd_us_265] => [X]
HKU\S-1-5-21-2580734851-187366485-276881293-1005\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-2580734851-187366485-276881293-1005\...\Run: [Elbserver] => C:\Program Files (x86)\Sony\Media Gallery\ElbServer.exe [81328 2010-02-09] (Sony Corporation)
HKU\S-1-5-21-2580734851-187366485-276881293-1005\...\Run: [Driver Support] => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe [5673824 2014-08-24] (PC Drivers Headquarters)
HKU\S-1-5-21-2580734851-187366485-276881293-1005\...\MountPoints2: {fe499bea-bb54-11e2-bcff-806e6f6e6963} - D:\Autorun.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-05-19] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
AppInit_DLLs-x32: c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll => c:\Program Files (x86)\searchprotect\searchprotect\bin\spvc32loader.dll [181568 2014-06-23] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk [2015-06-03]
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Policy restriction on ProxySettings)
ProxyEnable: [HKLM] => ProxyEnable is set
ProxyEnable: [HKLM-x32] => ProxyEnable is set
ProxyServer: [HKLM] => http=127.0.0.1:8800;https=127.0.0.1:8800
ProxyServer: [HKLM-x32] => http=127.0.0.1:8800;https=127.0.0.1:8800
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://websearch.swe...&cc=US&unqvl=84
HKU\S-1-5-21-2580734851-187366485-276881293-1005\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=SNNT&bmod=SNNT
HKU\S-1-5-21-2580734851-187366485-276881293-1005\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=SNNT&bmod=SNNT
SearchScopes: HKLM -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...ng}&rlz=1I7SNNT
SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...ng}&rlz=1I7SNNT
SearchScopes: HKLM-x32 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.swe...&cc=US&unqvl=84
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...ng}&rlz=1I7SNNT
SearchScopes: HKLM-x32 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.swe...&cc=US&unqvl=84
SearchScopes: HKU\S-1-5-21-2580734851-187366485-276881293-1005 -> DefaultScope {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://astromenda.co...r=688668148&ir=
SearchScopes: HKU\S-1-5-21-2580734851-187366485-276881293-1005 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKU\S-1-5-21-2580734851-187366485-276881293-1005 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://astromenda.co...=1377854522&ir=
SearchScopes: HKU\S-1-5-21-2580734851-187366485-276881293-1005 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...ng}&rlz=1I7SNNT
SearchScopes: HKU\S-1-5-21-2580734851-187366485-276881293-1005 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.swe...&cc=US&unqvl=84
SearchScopes: HKU\S-1-5-21-2580734851-187366485-276881293-1005 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://astromenda.co...r=688668148&ir=
BHO: SaavverExtension -> {4229A92F-7BD7-458B-814D-CE35A7C4E97F} -> C:\Program Files (x86)\SaavverExtension\zAo9IX6vnZM7ry.x64.dll [2015-06-03] ()
BHO: FuunDealsa -> {7AD465A3-6050-4DF7-9FB3-0F9959EAC07B} -> C:\Program Files (x86)\FuunDealsa\cQnY9o7ZQ5GJUD.x64.dll [2015-06-03] ()
BHO-x32: SaavverExtension -> {4229A92F-7BD7-458B-814D-CE35A7C4E97F} -> C:\Program Files (x86)\SaavverExtension\zAo9IX6vnZM7ry.dll [2015-06-03] ()
BHO-x32: FuunDealsa -> {7AD465A3-6050-4DF7-9FB3-0F9959EAC07B} -> C:\Program Files (x86)\FuunDealsa\cQnY9o7ZQ5GJUD.dll [2015-06-03] ()
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2014-04-11] (Google Inc.)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll [2013-04-01] (Yahoo! Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2014-04-11] (Google Inc.)
Toolbar: HKU\S-1-5-21-2580734851-187366485-276881293-1005 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2014-04-11] (Google Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Winsock: Catalog9 01 C:\Windows\SysWOW64\BDL.dll [318808 2015-03-01] (OM Inc.)
Winsock: Catalog9 02 C:\Windows\SysWOW64\BDL.dll [318808 2015-03-01] (OM Inc.)
Winsock: Catalog9 03 C:\Windows\SysWOW64\BDL.dll [318808 2015-03-01] (OM Inc.)
Winsock: Catalog9 04 C:\Windows\SysWOW64\BDL.dll [318808 2015-03-01] (OM Inc.)
Winsock: Catalog9 16 C:\Windows\SysWOW64\BDL.dll [318808 2015-03-01] (OM Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-03] (Google Inc.)

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Rizaldy Manabat\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\Rizaldy Manabat\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-01]
CHR Extension: (Google Drive) - C:\Users\Rizaldy Manabat\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-01]
CHR Extension: (YouTube) - C:\Users\Rizaldy Manabat\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-01]
CHR Extension: (Translator 3.1 B2) - C:\Users\Rizaldy Manabat\AppData\Local\Google\Chrome\User Data\Default\Extensions\clelpneigicmackibcbkigogpffkkflp [2015-03-01]
CHR Extension: (Google Search) - C:\Users\Rizaldy Manabat\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-01]
CHR Extension: (Push to BlackBerry) - C:\Users\Rizaldy Manabat\AppData\Local\Google\Chrome\User Data\Default\Extensions\lggpkfohfakgnphjamgjohdojpfnkhii [2015-06-03]
CHR Extension: (Gmail) - C:\Users\Rizaldy Manabat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-01]
CHR HKU\S-1-5-21-2580734851-187366485-276881293-1005\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [clelpneigicmackibcbkigogpffkkflp] - C:\Users\Rizaldy Manabat\AppData\Local\CRE\clelpneigicmackibcbkigogpffkkflp.crx [2013-05-06]
CHR HKLM-x32\...\Chrome\Extension: [clelpneigicmackibcbkigogpffkkflp] - C:\Users\Rizaldy Manabat\AppData\Local\CRE\clelpneigicmackibcbkigogpffkkflp.crx [2013-05-06]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 4baf5b96; c:\Program Files (x86)\PathMaker\PathMaker.dll [1563648 2015-04-19] () [File not signed]
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2009-09-28] (ArcSoft Inc.)
R2 BasementDuster; C:\Program Files (x86)\IGS\BasementDuster.exe [1463768 2015-02-24] (OM Inc.) [File not signed]
S4 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [2832704 2014-06-23] () [File not signed]
R2 Dataup; C:\Program Files (x86)\dataup\dataup.exe [73728 2014-12-11] () [File not signed] <==== ATTENTION
S2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S3 MSSQL$DDNI; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\sqlservr.exe [43044512 2014-07-12] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 Oasis2Service; C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [60416 2012-11-13] (Digital Delivery Networks, Inc.) [File not signed]
R2 qebeveqi; C:\Users\Rizaldy Manabat\AppData\Roaming\638623A0-1425233465-11DF-8A06-0024BEF914AD\jnsq2AF.tmp [174592 2015-03-01] () [File not signed]
R2 qiduvoko; C:\Users\Rizaldy Manabat\AppData\Local\638623A0-1425237323-11DF-8A06-0024BEF914AD\inshA298.tmp [99840 2015-03-01] () [File not signed]
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [266168 2013-11-01] (Intel Corporation)
S4 SQLAgent$DDNI; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\SQLAGENT.EXE [380064 2014-07-12] (Microsoft Corporation)
S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [69632 2010-04-08] (Sony Corporation) [File not signed]
R2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [852336 2010-03-18] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-27] (Sony Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 zicymigi; C:\Users\Rizaldy Manabat\AppData\Local\638623A0-1425233841-11DF-8A06-0024BEF914AD\snsn14CB.tmp [141824 2015-03-01] () [File not signed]
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /svc [X] <==== ATTENTION
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /medsvc [X] <==== ATTENTION
R2 setekysi; C:\Users\Rizaldy Manabat\AppData\Roaming\638623A0-1425233465-11DF-8A06-0024BEF914AD\nsqC211.tmpfs [X]
S2 Update Browse Pax; "C:\Program Files (x86)\Browse Pax\updateBrowsePax.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [1528976 2013-03-05] (Realtek Semiconductor Corporation                           )
R1 {97aac413-5ea0-4f6e-a044-c0672ad26b28}w64; C:\Windows\System32\drivers\{97aac413-5ea0-4f6e-a044-c0672ad26b28}w64.sys [48784 2015-03-01] (StdLib)
S1 cherimoya; system32\drivers\cherimoya.sys [X]
U2 IAStorDataMgrSvc; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-03 17:39 - 2015-06-03 17:41 - 00000000 ____D C:\FRST
2015-06-03 17:34 - 2015-06-03 17:34 - 00000000 ____D C:\Program Files (x86)\Push to BlackBerry
2015-06-03 17:33 - 2015-06-03 17:33 - 00000000 ____D C:\Program Files (x86)\FuunDealsa
2015-06-03 17:32 - 2015-06-03 17:32 - 00000000 ____D C:\Program Files (x86)\SaavverExtension
2015-06-03 17:32 - 2015-06-03 17:32 - 00000000 ____D C:\Program Files (x86)\COupExtensiioin
2015-06-03 17:01 - 2015-06-03 17:01 - 00000000 ____D C:\Users\Rizaldy Manabat\AppData\Roaming\TP-LINK
2015-06-03 17:00 - 2015-06-03 17:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TP-LINK
2015-06-03 17:00 - 2015-06-03 17:00 - 00002267 _____ C:\Users\Public\Desktop\TP-LINK Wireless Configuration Utility.lnk
2015-06-03 17:00 - 2015-06-03 17:00 - 00000000 ____D C:\Program Files (x86)\TP-LINK
2015-06-03 16:59 - 2013-03-05 14:14 - 01528976 _____ (Realtek Semiconductor Corporation ) C:\Windows\system32\rtwlanu.sys
2015-06-03 16:59 - 2013-03-05 14:14 - 01528976 _____ (Realtek Semiconductor Corporation ) C:\Windows\system32\Drivers\RTWlanU.sys
2015-06-03 16:59 - 2013-02-25 07:57 - 00007865 _____ C:\Windows\system32\netrtwlanu.cat
2015-06-03 16:57 - 2015-06-03 17:00 - 00000000 ____D C:\ProgramData\TP-LINK
2015-05-31 16:30 - 2015-06-03 16:54 - 00000024 _____ C:\Users\Rizaldy Manabat\AppData\Roaming\appdataFr25.bin
2015-05-31 15:39 - 2015-05-31 15:39 - 06420480 _____ C:\Program Files (x86)\GUTBC3.tmp
2015-05-31 15:39 - 2015-05-31 15:39 - 00000000 ____D C:\Program Files (x86)\GUMBC2.tmp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-03 17:42 - 2009-07-14 01:13 - 00876404 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-03 17:40 - 2013-05-12 18:49 - 01379454 _____ C:\Windows\WindowsUpdate.log
2015-06-03 17:38 - 2013-07-31 13:51 - 00015671 _____ C:\Windows\setupact.log
2015-06-03 17:38 - 2009-07-14 00:45 - 00022976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-03 17:38 - 2009-07-14 00:45 - 00022976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-03 17:34 - 2015-03-01 17:51 - 00000000 ____D C:\ProgramData\11701309722360616569
2015-06-03 17:26 - 2013-05-12 22:40 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-03 17:12 - 2013-05-12 19:25 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-03 17:08 - 2013-05-12 19:25 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-06-03 17:08 - 2013-05-12 19:25 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-06-03 17:08 - 2013-05-12 19:25 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-03 17:00 - 2013-05-12 19:03 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-06-03 16:57 - 2015-03-01 19:17 - 00000000 ____D C:\Users\Rizaldy Manabat\AppData\Local\638623A0-1425233841-11DF-8A06-0024BEF914AD
2015-06-03 16:54 - 2015-03-01 20:16 - 00010664 _____ C:\Windows\SysWOW64\BasementDuster.ini
2015-06-03 16:54 - 2015-03-01 19:29 - 00008568 _____ C:\Windows\SysWOW64\BasementDusterOff.ini
2015-06-03 16:54 - 2015-03-01 19:29 - 00008568 _____ C:\Windows\system32\BasementDusterOff.ini
2015-06-03 16:52 - 2015-03-01 19:20 - 00000930 _____ C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-06-03 16:51 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-05-31 16:23 - 2013-07-23 22:21 - 00002117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-05-31 16:23 - 2013-07-23 22:21 - 00001945 _____ C:\Windows\epplauncher.mif
2015-05-31 16:23 - 2013-07-23 22:20 - 00000000 ____D C:\Program Files\Microsoft Security Client
2015-05-31 16:23 - 2013-07-23 22:20 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2015-05-31 15:57 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2015-05-31 15:56 - 2013-07-29 22:28 - 00000000 ____D C:\Users\Rizaldy Manabat\AppData\Local\CrashDumps
2015-05-31 15:50 - 2014-07-28 13:50 - 00000318 _____ C:\Windows\Tasks\Astromenda.job
2015-05-31 15:50 - 2014-07-28 13:49 - 00000318 _____ C:\Windows\Tasks\UpdaterEX.job
2015-05-31 15:44 - 2009-07-14 01:08 - 00032552 _____ C:\Windows\Tasks\SCHEDLGU.TXT

==================== Files in the root of some directories =======

2015-05-31 15:39 - 2015-05-31 15:39 - 6420480 _____ () C:\Program Files (x86)\GUTBC3.tmp
2015-05-31 16:30 - 2015-06-03 16:54 - 0000024 _____ () C:\Users\Rizaldy Manabat\AppData\Roaming\appdataFr25.bin
2014-07-29 10:49 - 2014-07-29 10:49 - 0000045 _____ () C:\Users\Rizaldy Manabat\AppData\Roaming\WB.CFG
2013-05-13 14:41 - 2013-05-13 14:41 - 0003584 _____ () C:\Users\Rizaldy Manabat\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-01 19:50 - 2015-03-01 20:19 - 0001593 _____ () C:\ProgramData\tempimage.bmp

Some files in TEMP:
====================
C:\Users\Rizaldy Manabat\AppData\Local\Temp\618F9029-AEB9-AD90-BA39-743B1C4BC2D2.dll
C:\Users\Rizaldy Manabat\AppData\Local\Temp\618F9029-AEB9-AD90-BA39-743B1C4BC2D2.exe
C:\Users\Rizaldy Manabat\AppData\Local\Temp\besA0D3.exe
C:\Users\Rizaldy Manabat\AppData\Local\Temp\ce98ac2e-20c0-4a93-86f6-bdb3e61caf55.exe
C:\Users\Rizaldy Manabat\AppData\Local\Temp\ConsumerInputSetup.exe
C:\Users\Rizaldy Manabat\AppData\Local\Temp\D3683FE0-FA35-4DEB-4B2F-B7073985D964.exe
C:\Users\Rizaldy Manabat\AppData\Local\Temp\GLF1A38.EXE
C:\Users\Rizaldy Manabat\AppData\Local\Temp\GLF1D93.EXE
C:\Users\Rizaldy Manabat\AppData\Local\Temp\GLF237C.EXE
C:\Users\Rizaldy Manabat\AppData\Local\Temp\GLF319F.EXE
C:\Users\Rizaldy Manabat\AppData\Local\Temp\GLF31CE.EXE
C:\Users\Rizaldy Manabat\AppData\Local\Temp\GLF3622.EXE
C:\Users\Rizaldy Manabat\AppData\Local\Temp\GLF37F7.EXE
C:\Users\Rizaldy Manabat\AppData\Local\Temp\GLF590.EXE
C:\Users\Rizaldy Manabat\AppData\Local\Temp\GLF66F1.EXE
C:\Users\Rizaldy Manabat\AppData\Local\Temp\GLF6CFA.EXE
C:\Users\Rizaldy Manabat\AppData\Local\Temp\GLF6EFD.EXE
C:\Users\Rizaldy Manabat\AppData\Local\Temp\GLF8194.EXE
C:\Users\Rizaldy Manabat\AppData\Local\Temp\ICReinstall_Skype_Setup (3).exe
C:\Users\Rizaldy Manabat\AppData\Local\Temp\SecondStepInstaller.exe
C:\Users\Rizaldy Manabat\AppData\Local\Temp\SpOrder.dll
C:\Users\Rizaldy Manabat\AppData\Local\Temp\SPSetup.exe
C:\Users\Rizaldy Manabat\AppData\Local\Temp\Uninstall.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-08 09:22

==================== End of log ============================

 

 

 

===================Addition.txt==============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:03-06-2015
Ran by Rizaldy Manabat at 2015-06-03 17:42:44
Running from C:\Users\Rizaldy Manabat\Downloads\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2580734851-187366485-276881293-500 - Administrator - Disabled)
Guest (S-1-5-21-2580734851-187366485-276881293-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2580734851-187366485-276881293-1006 - Limited - Enabled)
Rizaldy Manabat (S-1-5-21-2580734851-187366485-276881293-1005 - Administrator - Enabled) => C:\Users\Rizaldy Manabat

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Disabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AccuWeather.com Cirrus (HKLM-x32\...\com.AccuWeather.sony.6AF67E59E785A9A644FCA43BED05A7731922EF40.1) (Version: 0.1.6 - AccuWeather, Inc.)
AccuWeather.com Cirrus (x32 Version: 0.1.6 - AccuWeather, Inc.) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe Flash Player 10 Plugin (HKLM-x32\...\{0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1}) (Version: 10.0.32.18 - Adobe Systems, Inc.)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader 9.1.2 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A91000000001}) (Version: 9.1.2 - Adobe Systems Incorporated)
Alps Pointing-device for VAIO (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version:  - ALPS ELECTRIC CO., LTD.)
AMD USB Filter Driver (HKLM-x32\...\{987B04C4-B5AC-4AD6-A7E9-8D681085B850}) (Version: 1.0.15.94 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Application Manager for VAIO (HKLM-x32\...\Application Manager for VAIO) (Version:  - )
ArcSoft WebCam Companion 3 (HKLM-x32\...\{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}) (Version: 3.0.21.278 - ArcSoft)
Astromenda (HKLM-x32\...\Astromenda) (Version:  - Astromenda)
ATI Catalyst Install Manager (HKLM\...\{FED99701-A3A5-CE6B-4D04-DECF94784B89}) (Version: 3.0.765.0 - ATI Technologies, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
ccc-core-static (x32 Version: 2010.0302.2233.40412 - ATI) Hidden
Click to Disc MergeModules x64 (Version: 1.0.14230 - Sony Corporation) Hidden
COupExtensiioin (HKLM-x32\...\{6933C2BA-C67D-42C7-8C77-1FF4B364AF54}) (Version:  - "") <==== ATTENTION
Download &amp; Install Packages (HKU\S-1-5-21-2580734851-187366485-276881293-1005\...\Download &amp; Install Packages) (Version:  - ) <==== ATTENTION
Driver Support (HKLM-x32\...\{597FB4A5-DD86-4316-A410-7E8074CC2CCE}) (Version: 9.1 - PC Drivers Headquarters, LP)
Evernote (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 3.5.2.1525 - Evernote Corp.)
Extended Update (HKU\S-1-5-21-2580734851-187366485-276881293-1005\...\UpdaterEX) (Version:  - Extended Update) <==== ATTENTION
FuunDealsa (HKLM-x32\...\{478472F9-9E09-492A-BDAB-42EE595EF1AD}) (Version:  - "") <==== ATTENTION
GDR 5520 for SQL Server 2008 (KB2977321) (HKLM-x32\...\KB2977321) (Version: 10.3.5520.0 - Microsoft Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
IGS (HKLM-x32\...\IGS) (Version:  - ) <==== ATTENTION!
igsc (HKLM-x32\...\igsc) (Version: 1.0.0.0 - igs) <==== ATTENTION!
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
Java™ 6 Update 18 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416018FF}) (Version: 6.0.180 - Sun Microsystems, Inc.)
Java™ 6 Update 18 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216018FF}) (Version: 6.0.180 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Media Gallery (x32 Version: 1.2.0.15040 - Sony Corporation) Hidden
Media Gallery MergeModules x64 (Version: 1.0.14250 - Sony Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 (HKLM-x32\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{2738C4AA-420E-4E13-ADEF-B5AB250E3EF1}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM-x32\...\{5D60AB1A-2409-4829-83D4-0972856D885A}) (Version: 10.3.5520.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MSI_SPF_x64 (Version: 1.0.0 - Sony Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Oasis2Service (HKLM-x32\...\{E50FC5DB-7CBD-407D-A46E-0C13E45BC386}) (Version: 1.0.4 - DDNi)
OOBE (x32 Version: 3.00.0215 - Sony Corporation) Hidden
PathMaker (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{4baf5b96}) (Version:  - Software Publisher) <==== ATTENTION
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PMB (x32 Version: 5.1.02.03310 - Sony Corporation) Hidden
PMB VAIO Edition Guide (x32 Version: 1.1.00.14080 - Sony Corporation) Hidden
PMB VAIO Edition plug-in (Click to Disc) (x32 Version: 3.1.00.15080 - Sony Corporation) Hidden
PMB VAIO Edition plug-in (VAIO Image Optimizer) (x32 Version: 1.1.00.15040 - Sony Corporation) Hidden
PMB VAIO Edition plug-in (VAIO Movie Story) (x32 Version: 2.1.00.15080 - Sony Corporation) Hidden
Push to BlackBerry (HKLM-x32\...\{25F259ED-12F6-429F-5783-527C3E2F8586}) (Version:  - "") <==== ATTENTION
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6034 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6069 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30116 - Realtek Semiconductor Corp.)
SaavverExtension (HKLM-x32\...\{274E3C5C-178E-EAE2-A52F-2863C0EECD46}) (Version:  - "") <==== ATTENTION
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.15.10.118 - Client Connect LTD) <==== ATTENTION
Service Pack 3 for SQL Server 2008 (KB2546951) (HKLM-x32\...\KB2546951) (Version: 10.3.5500.0 - Microsoft Corporation)
Setting Utility Series (x32 Version: 5.2.0.15250 - Sony Corporation) Hidden
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
SmartWi Connection Utility (HKLM-x32\...\{9B5F85CA-90D4-4AFC-BB37-32477FD0D2B9}) (Version: 4.10.4.20100121.2442 - Sony Corporation)
Software Updater (HKLM-x32\...\SoftwareUpdater) (Version: 1.0.0.0 - Software Updater Ltd)
Sony Home Network Library (x32 Version: 2.1.0.14240 - Sony Corporation) Hidden
Sql Server Customer Experience Improvement Program (x32 Version: 10.3.5500.0 - Microsoft Corporation) Hidden
TP-LINK TL-WN725N_TL-WN723N Driver (HKLM-x32\...\{3C3F9CEB-2C5A-4A47-8EAA-DA76037546BA}) (Version: 1.3.1 - TP-LINK)
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.3.1 - TP-LINK)
VAIO Care (HKLM\...\{D9FFE40D-1A85-4541-992C-5EF505F391A4}) (Version: 8.4.2.12041 - Sony Corporation)
VAIO Care Recovery (HKLM\...\{6ED1750E-F44F-4635-8F0D-B76B9262B7FB}) (Version: 1.1.1.13230 - Sony Corporation)
VAIO Content Monitoring Settings (x32 Version: 2.5.0.13220 - Sony Corporation) Hidden
VAIO Control Center (x32 Version: 4.2.0.15020 - Sony Corporation) Hidden
VAIO Data Restore Tool (x32 Version: 1.3.0.13150 - Sony Corporation) Hidden
VAIO DVD Menu Data (x32 Version: 2.1.00.13210 - Sony Corporation) Hidden
VAIO Entertainment Platform (x32 Version: 3.7.0.16080 - Sony Corporation) Hidden
VAIO Event Service (x32 Version: 5.2.0.15020 - Sony Corporation) Hidden
VAIO Gate (x32 Version: 2.4.2.02200 - Sony Corporation) Hidden
VAIO Gate Default (x32 Version: 2.0.0.04160 - Sony Corporation) Hidden
VAIO Hardware Diagnostics (x32 Version: 3.9.1 - Sony Corporation) Hidden
VAIO Health Report (HKLM-x32\...\VAIO Health Report1.0) (Version: 1.0 - Sony Electronics)
VAIO Help and Support (HKLM-x32\...\{07182027-A63E-4E86-B96F-452EB9D61360}) (Version: 11.00.0225 - Sony Corporation)
VAIO Help and Support Update (HKLM-x32\...\{8BFCA5E2-BF46-4CC3-8444-D3CA686D3F94}) (Version: 1.00.0309 - Sony Corporation)
VAIO Manual (x32 Version: 1.0.0.03290 - Sony Corporation) Hidden
VAIO Media plus (x32 Version: 2.1.0.15040 - Sony Corporation) Hidden
VAIO Media plus Opening Movie (x32 Version: 2.1.0.14080 - Sony Corporation) Hidden
VAIO Messenger (HKLM-x32\...\VAIO Messenger) (Version: 2.0.493.0 - DDNi)
VAIO Movie Story MergeModules x64 (Version: 1.0.14240 - Sony Corporation) Hidden
VAIO Movie Story Template Data (x32 Version: 2.1.00.14040 - Sony Corporation) Hidden
VAIO Original Function Settings (x32 Version: 2.1.0.13120 - Sony Corporation) Hidden
VAIO Power Management (x32 Version: 5.1.0.15250 - Sony Corporation) Hidden
VAIO Sample Contents (x32 Version: 1.2.0.16080 - Sony Corporation) Hidden
VAIO Survey (x32 Version: 6.00.1028 - Sony Corporation) Hidden
VAIO Transfer Support (x32 Version: 1.1.2.06030 - Sony Corporation) Hidden
VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 7.0.0.14270 - Sony Corporation)
VAIO Wallpaper Contents (x32 Version: 2.1.0.14090 - Sony Corporation) Hidden
VGClientX64 (Version: 1.0.0 - Sony Corporation) Hidden
VGClientX86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VMp MergeModule x64 (Version: 1.0.0 - Default Company Name) Hidden
VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.500 - Broadcom Corporation)
Windows Driver Package - Broadcom Bluetooth  (09/09/2009 6.2.0.9405) (HKLM\...\930E4792BDAEAFB62A9514EE7578775658A5D07C) (Version: 09/09/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

17-10-2014 14:07:03 Windows Update
02-11-2014 22:49:53 Windows Update
01-03-2015 17:45:52 Windows Update
01-03-2015 18:46:30 Removed BlueStacks Notification Center
01-03-2015 18:47:57 Removed BlueStacks Notification Center
01-03-2015 18:49:11 Removed BlueStacks Notification Center
02-03-2015 00:06:00 Windows Update
31-05-2015 16:04:22 Windows Update
03-06-2015 16:58:30 Installed TP-LINK Wireless Configuration Utility and Driver
03-06-2015 17:00:19 Installed TP-LINK Wireless Configuration Utility
03-06-2015 17:36:29 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {16812126-3C6C-4831-93A6-0F239A65D405} - System32\Tasks\Sony Corporation\VAIO Care\UpdateSolution => C:\Program Files\Sony\VAIO Care\Solution.Updater.exe [2014-12-03] (Sony Corporation)
Task: {232EF813-AA52-4DD4-9BE6-3E1C6114168A} - System32\Tasks\UpdaterEX => C:\Users\Rizaldy Manabat\AppData\Roaming\UpdaterEX\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {2E2AD3E6-6B14-4C96-A724-83D835951904} - System32\Tasks\Driver Support-RTMRules => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe [2014-08-24] (PC Drivers Headquarters)
Task: {32E6082F-3572-4518-B194-3F85B3E11B7C} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {3457B123-63D0-41A6-A0C7-93806302A206} - System32\Tasks\Sony Corporation\VAIO Care\DeployCRMflag => C:\Program Files\Sony\VAIO Care\DeployCRMflag.exe [2014-01-16] (Sony Corporation)
Task: {346719ED-0E07-4A20-A579-5A90EA073B0F} - System32\Tasks\Sony Corporation\VAIO Personalization Manager\VpmLM Task Music Rizaldy Manabat => C:\Program Files\Sony\VAIO Personalization Manager\VpmLM.exe [2010-01-20] (Sony Corporation)
Task: {38F6EDBB-BCCD-4229-BD90-11972C243DE9} - System32\Tasks\PostPoneInstall => C:\Users\Rizaldy Manabat\AppData\Local\Temp\ce98ac2e-20c0-4a93-86f6-bdb3e61caf55.exe [2015-03-01] (C.L.A.R.A) <==== ATTENTION
Task: {3C1556E7-B146-4341-89B6-E11AF3AB8B9C} - System32\Tasks\VAIO® Messenger (Rizaldy Manabat) => C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe [2012-11-13] (Digital Delivery Networks, Inc.)
Task: {445BACF1-D5E0-4BF1-84A6-01C1303B6519} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: {4A961B18-C620-45F1-8F4F-E011273AEBAD} - System32\Tasks\Driver Support-RTMScan => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe [2014-08-24] (PC Drivers Headquarters)
Task: {4AE75A8A-F947-43BA-827F-71BF67246AE1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {57329311-4884-4FF3-ACD4-00611FB7AF3A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-02] (Google Inc.)
Task: {5809231B-398F-4342-A60B-28406BAF723D} - System32\Tasks\Sony\Java Update => C:\Program Files\Java\jre6\bin\jusched.exe
Task: {5E089644-3728-4358-925B-36D986E70B4B} - System32\Tasks\DDNi Startup => C:\Program Files (x86)\DDNi\Oasis\DDNiStartup.exe [2012-11-13] (Digital Delivery Networks, Inc.)
Task: {5E425BD4-AD7C-4650-A805-27B9BFD82E0F} - System32\Tasks\VAIO Care Support => C:\Program Files\Sony\VAIO Care\VCSpt.exe
Task: {602E0CAC-CA08-4AF4-9641-8BD5B5E10D81} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {6361DDFB-1FCC-4624-B2D7-A4EA755D6FEA} - System32\Tasks\Sony Corporation\VAIO Update\Launch Application => C:\Program Files\SONY\VAIO Update\ShellExeProxy.exe [2014-01-27] (Sony Corporation)
Task: {6501AD0D-54B2-49C6-AE4F-638852C91C50} - System32\Tasks\PastaQuotes => C:\Program Files (x86)\pastaleads\ScheduledTask.exe <==== ATTENTION
Task: {66C592C0-8199-449E-ACBA-CAAAFB709D9F} - System32\Tasks\Sony Corporation\VAIO Care\VCRLog => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {70A9CF84-9312-4FB8-B2FE-0207DC1E1B8C} - System32\Tasks\VAIO Health Report => C:\Program Files (x86)\Sony\VAIO Health Report\VAIOHealthReport.exe [2013-06-20] (Sony Electronics)
Task: {8BE67D6A-49F1-4180-924E-7AF4859DBDB3} - System32\Tasks\SONY\VAIO Gate\StartExecuteProxy => C:\Program Files\Sony\VAIO Gate\ExecutionProxy.exe [2012-02-20] (Sony Corporation)
Task: {90AB5B9D-930F-4106-9432-4AF61ACB7C1E} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2014-02-27] (Sony Corporation)
Task: {95802200-B43B-47E9-BC08-D75A89996FA5} - System32\Tasks\Sony Corporation\VAIO Care\ActiveStatusCollect => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {968E6D33-B83B-43F8-AE62-BC5868CC8242} - System32\Tasks\Sony Corporation\VAIO Care\UploadPOT => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {9CD5576D-C7A7-4FE0-B4CA-8CC74760B59A} - System32\Tasks\BBQLeads => C:\Program Files (x86)\bbqleads\ScheduledTask.exe
Task: {A5171604-5DA5-47E0-9E43-1CE97ACEC42E} - System32\Tasks\Sony\VAIO Survey => C:\Program Files (x86)\Sony\VAIO Survey\VAIO Sat Survey.exe [2009-10-26] ()
Task: {AA2950D5-1407-488F-81C6-02EF875920A6} - System32\Tasks\Sony Corporation\VAIO Care\VCSelfHeal => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {AC6EC5C0-25A5-49E2-A1C1-C77A3A9DA684} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-19] (Adobe Systems Incorporated)
Task: {AE392C12-B7C2-480B-B12E-DF2997E9A0E3} - System32\Tasks\SONY\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2012-02-20] (Sony Corporation)
Task: {B01E3FD4-8AE1-44D7-B6C6-3FF7A2D5DC17} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate Restart => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2012-02-20] (Sony Corporation)
Task: {B11EE252-0038-493B-A69D-E9FD24CEF20D} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {B2C2ABFB-B243-4DA2-A038-0EBAF5459320} - System32\Tasks\USER_ESRV_SVC => Wscript.exe //B //NoLogo "C:\Program Files\Sony\VAIO Care\ESRV\task.vbs"
Task: {BA5ABE88-CD7E-4CC1-BA16-0D26B60BCDD1} - System32\Tasks\Sony Corporation\VAIO Care\CheckSystemInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {C66FB7F1-6726-40D3-95FF-E69DACFE6576} - System32\Tasks\Run_Bobby_Browser => C:\Users\Rizaldy Manabat\AppData\Local\BoBrowser\Application\bobrowser.exe <==== ATTENTION
Task: {C6D56435-C885-4A6F-BF1E-0D6A87453A77} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2013-05-13] (Microsoft Corporation)
Task: {C738B95C-4C01-4939-9D89-2B5935D5D598} - System32\Tasks\Driver Support-RTMUpdater => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe [2014-08-24] (PC Drivers Headquarters)
Task: {CD05732B-0AF0-44AE-93C2-4B4A02350AD2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-02] (Google Inc.)
Task: {CD459193-E89F-4B0E-9EA5-A8C415390C2A} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {D9C5D385-9438-4001-93EB-0AD8F3DE1BBF} - System32\Tasks\Driver Support-RTMScanRunOnce => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe [2014-08-24] (PC Drivers Headquarters)
Task: {E3ED0B6D-A97D-4370-9262-1701FFC7AA30} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: {EFC83E24-E44F-4DED-B41E-106AEAAD826E} - System32\Tasks\Sony Corporation\VAIO Care\GetPOTInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {F14F9020-1AFA-46FA-B6DA-23EDF818490D} - System32\Tasks\{C946ECC2-CA2E-42A6-A3CC-1B5C67FC4D4F} => pcalua.exe -a C:\PROGRA~2\SearchProtect\Main\bin\uninstall.exe -c /S <==== ATTENTION
Task: {F433E2E7-5788-4ED7-8965-8833A2940E1D} - System32\Tasks\Astromenda => C:\Users\RIZALD~1\AppData\Roaming\ASTROM~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {F7A524D4-3A9E-4C90-B23E-AF7CBFCF433C} - System32\Tasks\ASP => C:\Program Files (x86)\RegClean Pro\SystweakASP.exe <==== ATTENTION
Task: {F81D272A-0B86-44BD-9EDA-8A975CCF2BA5} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2014-02-28] (Sony Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Astromenda.job => C:\Users\RIZALD~1\AppData\Roaming\ASTROM~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\UpdaterEX.job => C:\Users\RIZALD~1\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

==================== Loaded Modules (Whitelisted) ==============

2015-03-01 19:10 - 2014-12-11 11:55 - 00073728 _____ () C:\Program Files (x86)\dataup\dataup.exe
2015-03-01 19:12 - 2015-03-01 19:12 - 00174592 _____ () C:\Users\Rizaldy Manabat\AppData\Roaming\638623A0-1425233465-11DF-8A06-0024BEF914AD\jnsq2AF.tmp
2015-03-01 20:15 - 2015-03-01 20:15 - 00099840 _____ () C:\Users\Rizaldy Manabat\AppData\Local\638623A0-1425237323-11DF-8A06-0024BEF914AD\inshA298.tmp
2015-03-01 19:11 - 2015-03-01 19:11 - 00113152 _____ () C:\Users\Rizaldy Manabat\AppData\Roaming\638623A0-1425233465-11DF-8A06-0024BEF914AD\nsqC211.tmpfs
2015-03-01 19:18 - 2015-03-01 19:18 - 00141824 _____ () C:\Users\Rizaldy Manabat\AppData\Local\638623A0-1425233841-11DF-8A06-0024BEF914AD\snsn14CB.tmp
2013-05-12 19:42 - 2010-01-19 23:58 - 00016384 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
2013-05-12 19:42 - 2010-01-19 23:58 - 00035328 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
2013-11-01 15:59 - 2013-11-01 15:59 - 00062464 _____ () C:\Program Files\Sony\VAIO Care\listener.exe
2015-04-19 15:08 - 2015-04-19 15:09 - 01563648 _____ () c:\Program Files (x86)\PathMaker\PathMaker.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-05-12 20:21 - 2010-03-02 19:22 - 00013824 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESBasePS.dll
2013-05-12 20:21 - 2010-03-02 19:22 - 00013312 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSubPS.dll
2013-05-12 20:13 - 2010-02-24 17:59 - 00379904 _____ () C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\sqlite3.dll
2013-05-12 19:42 - 2010-01-19 23:58 - 00125440 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\SonyCommonLib.dll
2013-05-12 19:42 - 2010-01-19 23:58 - 00007680 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\DebugMsg.dll
2013-05-12 19:42 - 2010-01-19 23:58 - 00009728 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\Resources.dll
2013-05-12 19:42 - 2010-01-19 23:58 - 00015360 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\SharedInterfaces.dll
2013-05-12 19:42 - 2010-01-19 23:58 - 00018944 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\DictionaryLookup.dll
2013-05-12 19:42 - 2010-01-19 23:58 - 00011264 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\MessageXML.dll
2013-05-12 19:42 - 2010-01-19 23:58 - 00004608 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.Power.dll
2013-05-12 19:42 - 2010-01-19 23:58 - 00023040 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.Generic.dll
2013-05-12 19:42 - 2010-01-19 23:58 - 00027648 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.BtPower.dll
2013-05-12 19:42 - 2010-01-19 23:58 - 00005120 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.Generic.dll
2013-05-12 19:42 - 2010-01-19 23:58 - 00015360 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.NativeWifiThirdPartyApp.dll
2013-05-12 19:42 - 2010-01-19 23:58 - 00009728 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.TosBtThirdPartyApp.dll
2013-05-12 19:42 - 2010-01-19 23:58 - 00006656 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.WlanPower.dll
2013-05-12 19:42 - 2010-01-19 23:58 - 00005120 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.ThirdPartyApp.dll
2013-05-12 19:42 - 2010-01-19 23:58 - 00005632 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\SystemPowerDLL.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasementDuster => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2580734851-187366485-276881293-1005\Control Panel\Desktop\\Wallpaper -> C:\Users\Rizaldy Manabat\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{7B1AFE03-FA3B-4906-A397-3E3C1BDC89F3}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{8D4D69FB-D0B8-42A3-8761-4BAE13B73DB0}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{85B1F90C-B4D8-452B-95A2-24C3DCA86614}] => (Allow) svchost.exe
FirewallRules: [{BD7B482C-E41C-41A9-A6D8-8CC0957BB9C3}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{2E4297F9-C29B-4C94-BD8C-1D8F766996C2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B948D80A-96BB-40F6-95C5-DDE0DDF2512D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5B6F4690-D55B-4252-B540-B81DBA6AD889}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0267D7F4-C6E9-463D-BBFA-6909D0BE209C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{AE13FE38-877E-4C3E-B055-EB3032E9B284}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{33DAAA22-4806-4D96-B0B6-A0EB6CB0A4A3}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{440261F1-54CD-4F68-B11A-54FFD03A49F1}] => (Allow) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
FirewallRules: [{86972B7F-6B22-4B1F-8DF0-3FB2ADE77829}] => (Allow) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
FirewallRules: [{BA203DD2-7A04-4DDC-8E52-1A05B11DEB7D}] => (Allow) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
FirewallRules: [TCP Query User{C89FAFEF-DB5E-4EF0-A954-849FA81EEB66}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe] => (Block) C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe
FirewallRules: [UDP Query User{63BCF5B3-049D-451E-989F-6A6B5A41E741}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe] => (Block) C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe
FirewallRules: [{CB2BB647-9CB2-48F8-A154-22D0F4DC276D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{330A3EA9-1E0C-4D37-B98E-3956FD9566CD}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{EE125A86-DD60-4DB4-9662-AF4F3A9DB8CA}] => (Allow) C:\Program Files\Sony\VAIO Care\VCAgent.exe
FirewallRules: [{AD59E4C4-1B82-4588-AB9E-21984F739032}] => (Allow) C:\Program Files\Sony\VAIO Care\VCAdmin.exe
FirewallRules: [{6999F772-9ACF-4395-837F-0DFDB6E3C061}] => (Allow) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
FirewallRules: [{FA6EE8D5-8AA9-4BF5-B4A7-704792773592}] => (Allow) C:\Program Files\Sony\VAIO Care\VAIOShell.exe
FirewallRules: [{EB0C0AA4-9F6F-46FF-96BF-F8758CE639EC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: cherimoya
Description: cherimoya
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: cherimoya
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/03/2015 05:06:46 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Click-2-Run package registration failure.

Error: (06/03/2015 05:06:46 PM) (Source: Application Virtualization Client) (EventID: 5009) (User: )
Description: {tid=1ED0}
The Application Virtualization Client could not connect to stream URL 'http://c2r.microsoft....7149.5001.sft'(rc 2460420A-40002EFD, original rc 2460420A-40002EFD).

Error: (05/31/2015 04:24:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: VCAgent.exe, version: 8.4.2.12030, time stamp: 0x5476d099
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000007fe85cdbac1
Faulting process id: 0x1b0c
Faulting application start time: 0xVCAgent.exe0
Faulting application path: VCAgent.exe1
Faulting module path: VCAgent.exe2
Report Id: VCAgent.exe3

Error: (05/31/2015 04:24:03 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: VCAgent.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
Stack:
   at VCAgent.View.MainWindow.WindowProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at System.Windows.Interop.HwndSource.PublicHooksFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.HwndSubclass.DefWndProcWrapper(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.IntGetMessageW(System.Windows.Interop.MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32)
   at MS.Win32.UnsafeNativeMethods.IntGetMessageW(System.Windows.Interop.MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32)
   at System.Windows.Threading.Dispatcher.GetMessage(System.Windows.Interop.MSG ByRef, IntPtr, Int32, Int32)
   at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Application.RunInternal(System.Windows.Window)
   at System.Windows.Application.Run()
   at VCAgent.App.Main()

Error: (05/31/2015 04:22:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1031104

Error: (05/31/2015 04:22:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1031104

Error: (05/31/2015 04:22:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/31/2015 03:55:27 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved

Error: (05/31/2015 03:53:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: nsyF56E.tmp, version: 0.0.0.0, time stamp: 0x2a425e19
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000005
Fault offset: 0x0005b732
Faulting process id: 0x1128
Faulting application start time: 0xnsyF56E.tmp0
Faulting application path: nsyF56E.tmp1
Faulting module path: nsyF56E.tmp2
Report Id: nsyF56E.tmp3

Error: (05/31/2015 03:41:51 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.17631 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1aa4

Start Time: 01d09bd9b38d9321

Termination Time: 115

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id: 0d953462-07cd-11e5-912c-0024bef914ad


System errors:
=============
Error: (06/03/2015 05:05:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdatem) service failed to start due to the following error:
%%1053

Error: (06/03/2015 05:05:03 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdatem) service to connect.

Error: (06/03/2015 05:05:03 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053gupdatem/comsvc{E225E692-4B47-4777-9BED-4FD7FE257F0E}

Error: (06/03/2015 05:02:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Energy Server Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/03/2015 05:00:12 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126

Error: (06/03/2015 04:59:44 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Intel® System Behavior Tracker Collector Service service hung on starting.

Error: (06/03/2015 04:59:04 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 114.12.0.0

    Update Source: %NT AUTHORITY51

    Update Stage: 4.8.0204.00

    Source Path: 4.8.0204.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\NETWORK SERVICE

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (06/03/2015 04:59:03 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.195.3766.0

    Update Source: %NT AUTHORITY51

    Update Stage: 4.8.0204.00

    Source Path: 4.8.0204.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\NETWORK SERVICE

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (06/03/2015 04:59:03 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.195.3766.0

    Update Source: %NT AUTHORITY51

    Update Stage: 4.8.0204.00

    Source Path: 4.8.0204.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\NETWORK SERVICE

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (06/03/2015 04:59:02 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.195.3766.0

    Update Source: %NT AUTHORITY59

    Update Stage: 4.8.0204.00

    Source Path: 4.8.0204.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608


Microsoft Office:
=========================
Error: (06/03/2015 05:06:46 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Click-2-Run package registration failure.

Error: (06/03/2015 05:06:46 PM) (Source: Application Virtualization Client) (EventID: 5009) (User: )
Description: {tid=1ED0}
http://c2r.microsoft...60420A-40002EFD

Error: (05/31/2015 04:24:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: VCAgent.exe8.4.2.120305476d099unknown0.0.0.000000000c0000005000007fe85cdbac11b0c01d09bdc4b2cc46aC:\Program Files\Sony\VAIO Care\VCAgent.exeunknownfb3219f2-07d2-11e5-981a-0024bef914ad

Error: (05/31/2015 04:24:03 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: VCAgent.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
Stack:
   at VCAgent.View.MainWindow.WindowProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at System.Windows.Interop.HwndSource.PublicHooksFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.HwndSubclass.DefWndProcWrapper(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.IntGetMessageW(System.Windows.Interop.MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32)
   at MS.Win32.UnsafeNativeMethods.IntGetMessageW(System.Windows.Interop.MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32)
   at System.Windows.Threading.Dispatcher.GetMessage(System.Windows.Interop.MSG ByRef, IntPtr, Int32, Int32)
   at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Application.RunInternal(System.Windows.Window)
   at System.Windows.Application.Run()
   at VCAgent.App.Main()

Error: (05/31/2015 04:22:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1031104

Error: (05/31/2015 04:22:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1031104

Error: (05/31/2015 04:22:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/31/2015 03:55:27 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved

Error: (05/31/2015 03:53:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: nsyF56E.tmp0.0.0.02a425e19ntdll.dll6.1.7601.18247521ea8e7c00000050005b732112801d09bdb63ab71f1C:\Users\RIZALD~1\AppData\Local\Temp\nsyF56E.tmpC:\Windows\SysWOW64\ntdll.dlla26820e6-07ce-11e5-981a-0024bef914ad

Error: (05/31/2015 03:41:51 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe11.0.9600.176311aa401d09bd9b38d9321115C:\Program Files\Internet Explorer\iexplore.exe0d953462-07cd-11e5-912c-0024bef914ad


==================== Memory info ===========================

Processor: AMD Athlon™ II P320 Dual-Core Processor
Percentage of memory in use: 52%
Total physical RAM: 3834.9 MB
Available physical RAM: 1804.3 MB
Total Pagefile: 7667.98 MB
Available Pagefile: 4828.86 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:288.63 GB) (Free:216.65 GB) NTFS
Drive d: (CD176A2) (CDROM) (Total:0.06 GB) (Free:0 GB) CDFS
Drive e: () (Removable) (Total:1.84 GB) (Free:1.8 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 192113DC)
Partition 1: (Not Active) - (Size=9.4 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=288.6 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 1.8 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End of log ============================

 


  • 0

Advertisements


#2
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello and welcome to Geeks To Go! My nickname is Pystryker :) , and I will be helping you with your issue today.


Before we get started, I have a few things I need to go over with you
  • If you are receiving help for this issue at another forum, please let me know so I can close this thread.
  • Please download to and run all requested tools from your Desktop.
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  • It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  • If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  • If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  • Please remember, the fixes are for your machine and your machine ONLY! Do not use these fixes on any other machine, each fix is tailor made for your system only. Using a fix on another machine can and will cause serious damage.
  • Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future
  • Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way. :)
Hello, we have much to do, so let's get started. :thumbsup:

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Chrome Uninstall and Program Uninstalls

Re-Install Google Chrome

Unfortunately, the malware infection has changed your Chrome browser into the Development Build. This greatly lowers the security of the browser and allows malware to install any extension it pleases. We need to resolve this first.

1. If you have bookmarks, let's save them by exporting them - Export Bookmarks
2. Then I need you to go Google Sync and sign into your account
3. Scroll down until you see the "Stop and Clear" button and click on the button. At the prompt click on "Ok"
4. Now we need to uninstall chromevia the Control Panel.
Note: When asked about user data or settings you must remove this also, so please check the box.
5. Restart the computer and reinstall chrome, You can download The latest version from here - Google Chrome
6. Import your bookmarks back into Chrome.
7. Sign back in to your Chrome browser so that your bookmarks sync with your online account.


Program Uninstalls

Please uninstall the following programs from your machine as they are adware/malware related. If one of the programs fails to uninstall, please move on to the next one in the list.
  • COupExtensiioin
  • Download &amp; Install Packages
  • Extended Update
  • FuunDealsa
  • IGS
  • igsc
  • PathMaker
  • SaavverExtension
  • Search Protect
Step 2: Fix with FRST
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

    NOTE: It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

Start
CreateRestorePoint:
CloseProcesses:
(OM Inc.) C:\Program Files (x86)\IGS\BasementDuster.exe
C:\Program Files (x86)\IGS
() C:\Program Files (x86)\dataup\dataup.exe
C:\Program Files (x86)\dataup
() C:\Users\Rizaldy Manabat\AppData\Roaming\638623A0-1425233465-11DF-8A06-0024BEF914AD\jnsq2AF.tmp
() C:\Users\Rizaldy Manabat\AppData\Local\638623A0-1425237323-11DF-8A06-0024BEF914AD\inshA298.tmp
() C:\Users\Rizaldy Manabat\AppData\Roaming\638623A0-1425233465-11DF-8A06-0024BEF914AD\nsqC211.tmpfs
() C:\Users\Rizaldy Manabat\AppData\Local\638623A0-1425233841-11DF-8A06-0024BEF914AD\snsn14CB.tmp
HKLM-x32\...\Run: [gmsd_us_265] => [X]
HKU\S-1-5-21-2580734851-187366485-276881293-1005\...\MountPoints2: {fe499bea-bb54-11e2-bcff-806e6f6e6963} - D:\Autorun.exe
C:\Program Files (x86)\Driver Support
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
AppInit_DLLs-x32: c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll => c:\Program Files (x86)\searchprotect\searchprotect\bin\spvc32loader.dll [181568 2014-06-23] ()
c:\progra~2\searchprotect
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Policy restriction on ProxySettings)
ProxyEnable: [HKLM] => ProxyEnable is set
ProxyEnable: [HKLM-x32] => ProxyEnable is set
ProxyServer: [HKLM] => http=127.0.0.1:8800;https=127.0.0.1:8800
ProxyServer: [HKLM-x32] => http=127.0.0.1:8800;https=127.0.0.1:8800
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://websearch.swe...&cc=US&unqvl=84
SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
SearchScopes: HKLM-x32 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.swe...&cc=US&unqvl=84
SearchScopes: HKLM-x32 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.swe...&cc=US&unqvl=84
SearchScopes: HKU\S-1-5-21-2580734851-187366485-276881293-1005 -> DefaultScope {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://astromenda.co...r=688668148&ir=
SearchScopes: HKU\S-1-5-21-2580734851-187366485-276881293-1005 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKU\S-1-5-21-2580734851-187366485-276881293-1005 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://astromenda.co...=1377854522&ir=
SearchScopes: HKU\S-1-5-21-2580734851-187366485-276881293-1005 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.swe...&cc=US&unqvl=84
SearchScopes: HKU\S-1-5-21-2580734851-187366485-276881293-1005 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://astromenda.co...r=688668148&ir=
BHO: SaavverExtension -> {4229A92F-7BD7-458B-814D-CE35A7C4E97F} -> C:\Program Files (x86)\SaavverExtension\zAo9IX6vnZM7ry.x64.dll [2015-06-03] ()
C:\Program Files (x86)\SaavverExtension
BHO: FuunDealsa -> {7AD465A3-6050-4DF7-9FB3-0F9959EAC07B} -> C:\Program Files (x86)\FuunDealsa\cQnY9o7ZQ5GJUD.x64.dll [2015-06-03] ()
C:\Program Files (x86)\FuunDealsa
BHO-x32: SaavverExtension -> {4229A92F-7BD7-458B-814D-CE35A7C4E97F} -> C:\Program Files (x86)\SaavverExtension\zAo9IX6vnZM7ry.dll [2015-06-03] ()
C:\Program Files (x86)\SaavverExtension
BHO-x32: FuunDealsa -> {7AD465A3-6050-4DF7-9FB3-0F9959EAC07B} -> C:\Program Files (x86)\FuunDealsa\cQnY9o7ZQ5GJUD.dll [2015-06-03] ()
Winsock: Catalog9 01 C:\Windows\SysWOW64\BDL.dll [318808 2015-03-01] (OM Inc.)
Winsock: Catalog9 02 C:\Windows\SysWOW64\BDL.dll [318808 2015-03-01] (OM Inc.)
Winsock: Catalog9 03 C:\Windows\SysWOW64\BDL.dll [318808 2015-03-01] (OM Inc.)
Winsock: Catalog9 04 C:\Windows\SysWOW64\BDL.dll [318808 2015-03-01] (OM Inc.)
Winsock: Catalog9 16 C:\Windows\SysWOW64\BDL.dll [318808 2015-03-01] (OM Inc.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
R2 BasementDuster; C:\Program Files (x86)\IGS\BasementDuster.exe [1463768 2015-02-24] (OM Inc.) [File not signed]
S4 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [2832704 2014-06-23] () [File not signed]
R2 Dataup; C:\Program Files (x86)\dataup\dataup.exe [73728 2014-12-11] () [File not signed] <==== ATTENTION
R2 qebeveqi; C:\Users\Rizaldy Manabat\AppData\Roaming\638623A0-1425233465-11DF-8A06-0024BEF914AD\jnsq2AF.tmp [174592 2015-03-01] () [File not signed]
R2 qiduvoko; C:\Users\Rizaldy Manabat\AppData\Local\638623A0-1425237323-11DF-8A06-0024BEF914AD\inshA298.tmp [99840 2015-03-01] () [File not signed]
C:\Users\Rizaldy Manabat\AppData\Local\638623A0-1425237323-11DF-8A06-0024BEF914AD
R2 zicymigi; C:\Users\Rizaldy Manabat\AppData\Local\638623A0-1425233841-11DF-8A06-0024BEF914AD\snsn14CB.tmp [141824 2015-03-01] () [File not signed]
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /svc [X] <==== ATTENTION
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /medsvc [X] <==== ATTENTION
R2 setekysi; C:\Users\Rizaldy Manabat\AppData\Roaming\638623A0-1425233465-11DF-8A06-0024BEF914AD\nsqC211.tmpfs [X]
S2 Update Browse Pax; "C:\Program Files (x86)\Browse Pax\updateBrowsePax.exe" [X]
C:\Program Files (x86)\Browse Pax
S1 cherimoya; system32\drivers\cherimoya.sys [X]
U2 IAStorDataMgrSvc; No ImagePath
R1 {97aac413-5ea0-4f6e-a044-c0672ad26b28}w64; C:\Windows\System32\drivers\{97aac413-5ea0-4f6e-a044-c0672ad26b28}w64.sys [48784 2015-03-01] (StdLib)
C:\Windows\System32\drivers\{97aac413-5ea0-4f6e-a044-c0672ad26b28}w64.sys
2015-06-03 16:54 - 2015-03-01 20:16 - 00010664 _____ C:\Windows\SysWOW64\BasementDuster.ini
2015-06-03 16:54 - 2015-03-01 19:29 - 00008568 _____ C:\Windows\SysWOW64\BasementDusterOff.ini
2015-06-03 16:54 - 2015-03-01 19:29 - 00008568 _____ C:\Windows\system32\BasementDusterOff.ini
2015-05-31 15:50 - 2014-07-28 13:50 - 00000318 _____ C:\Windows\Tasks\Astromenda.job
2015-05-31 15:50 - 2014-07-28 13:49 - 00000318 _____ C:\Windows\Tasks\UpdaterEX.job
Task: {232EF813-AA52-4DD4-9BE6-3E1C6114168A} - System32\Tasks\UpdaterEX => C:\Users\Rizaldy Manabat\AppData\Roaming\UpdaterEX\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {38F6EDBB-BCCD-4229-BD90-11972C243DE9} - System32\Tasks\PostPoneInstall => C:\Users\Rizaldy Manabat\AppData\Local\Temp\ce98ac2e-20c0-4a93-86f6-bdb3e61caf55.exe [2015-03-01] (C.L.A.R.A) <==== ATTENTION
Task: {445BACF1-D5E0-4BF1-84A6-01C1303B6519} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: {6501AD0D-54B2-49C6-AE4F-638852C91C50} - System32\Tasks\PastaQuotes => C:\Program Files (x86)\pastaleads\ScheduledTask.exe <==== ATTENTION
Task: {C66FB7F1-6726-40D3-95FF-E69DACFE6576} - System32\Tasks\Run_Bobby_Browser => C:\Users\Rizaldy Manabat\AppData\Local\BoBrowser\Application\bobrowser.exe <==== ATTENTION
Task: {E3ED0B6D-A97D-4370-9262-1701FFC7AA30} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: {F14F9020-1AFA-46FA-B6DA-23EDF818490D} - System32\Tasks\{C946ECC2-CA2E-42A6-A3CC-1B5C67FC4D4F} => pcalua.exe -a C:\PROGRA~2\SearchProtect\Main\bin\uninstall.exe -c /S <==== ATTENTION
Task: {F433E2E7-5788-4ED7-8965-8833A2940E1D} - System32\Tasks\Astromenda => C:\Users\RIZALD~1\AppData\Roaming\ASTROM~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {F7A524D4-3A9E-4C90-B23E-AF7CBFCF433C} - System32\Tasks\ASP => C:\Program Files (x86)\RegClean Pro\SystweakASP.exe <==== ATTENTION
Task: C:\Windows\Tasks\Astromenda.job => C:\Users\RIZALD~1\AppData\Roaming\ASTROM~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\UpdaterEX.job => C:\Users\RIZALD~1\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
C:\Windows\SysWOW64\BDL.dll
CMD: netsh winsock reset catalog
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:
Hosts:
End



NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.

Once you have executed these steps, you should be able to connect to the internet with the machine. We still have quite a ways to go, but this should get the machine back online.

Things I need to see in your next post:


Fixlog.txt Log

  • 1

#3
VortexR18

VortexR18

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts

Hello pystryker,

 

Thank you so much for the clear and prompt response. Below is the fixlog.txt you asked for

 

========================

 

Start
CreateRestorePoint:
CloseProcesses:
(OM Inc.) C:\Program Files (x86)\IGS\BasementDuster.exe
C:\Program Files (x86)\IGS
() C:\Program Files (x86)\dataup\dataup.exe
C:\Program Files (x86)\dataup
() C:\Users\Rizaldy Manabat\AppData\Roaming\638623A0-1425233465-11DF-8A06-0024BEF914AD\jnsq2AF.tmp
() C:\Users\Rizaldy Manabat\AppData\Local\638623A0-1425237323-11DF-8A06-0024BEF914AD\inshA298.tmp
() C:\Users\Rizaldy Manabat\AppData\Roaming\638623A0-1425233465-11DF-8A06-0024BEF914AD\nsqC211.tmpfs
() C:\Users\Rizaldy Manabat\AppData\Local\638623A0-1425233841-11DF-8A06-0024BEF914AD\snsn14CB.tmp
HKLM-x32\...\Run: [gmsd_us_265] => [X]
HKU\S-1-5-21-2580734851-187366485-276881293-1005\...\MountPoints2: {fe499bea-bb54-11e2-bcff-806e6f6e6963} - D:\Autorun.exe
C:\Program Files (x86)\Driver Support
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
AppInit_DLLs-x32: c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll => c:\Program Files (x86)\searchprotect\searchprotect\bin\spvc32loader.dll [181568 2014-06-23] ()
c:\progra~2\searchprotect
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Policy restriction on ProxySettings)
ProxyEnable: [HKLM] => ProxyEnable is set
ProxyEnable: [HKLM-x32] => ProxyEnable is set
ProxyServer: [HKLM] => http=127.0.0.1:8800;https=127.0.0.1:8800
ProxyServer: [HKLM-x32] => http=127.0.0.1:8800;https=127.0.0.1:8800
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://websearch.swe...&cc=US&unqvl=84
SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
SearchScopes: HKLM-x32 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.swe...&cc=US&unqvl=84
SearchScopes: HKLM-x32 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.swe...&cc=US&unqvl=84
SearchScopes: HKU\S-1-5-21-2580734851-187366485-276881293-1005 -> DefaultScope {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://astromenda.co...r=688668148&ir=
SearchScopes: HKU\S-1-5-21-2580734851-187366485-276881293-1005 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKU\S-1-5-21-2580734851-187366485-276881293-1005 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://astromenda.co...=1377854522&ir=
SearchScopes: HKU\S-1-5-21-2580734851-187366485-276881293-1005 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.swe...&cc=US&unqvl=84
SearchScopes: HKU\S-1-5-21-2580734851-187366485-276881293-1005 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://astromenda.co...r=688668148&ir=
BHO: SaavverExtension -> {4229A92F-7BD7-458B-814D-CE35A7C4E97F} -> C:\Program Files (x86)\SaavverExtension\zAo9IX6vnZM7ry.x64.dll [2015-06-03] ()
C:\Program Files (x86)\SaavverExtension
BHO: FuunDealsa -> {7AD465A3-6050-4DF7-9FB3-0F9959EAC07B} -> C:\Program Files (x86)\FuunDealsa\cQnY9o7ZQ5GJUD.x64.dll [2015-06-03] ()
C:\Program Files (x86)\FuunDealsa
BHO-x32: SaavverExtension -> {4229A92F-7BD7-458B-814D-CE35A7C4E97F} -> C:\Program Files (x86)\SaavverExtension\zAo9IX6vnZM7ry.dll [2015-06-03] ()
C:\Program Files (x86)\SaavverExtension
BHO-x32: FuunDealsa -> {7AD465A3-6050-4DF7-9FB3-0F9959EAC07B} -> C:\Program Files (x86)\FuunDealsa\cQnY9o7ZQ5GJUD.dll [2015-06-03] ()
Winsock: Catalog9 01 C:\Windows\SysWOW64\BDL.dll [318808 2015-03-01] (OM Inc.)
Winsock: Catalog9 02 C:\Windows\SysWOW64\BDL.dll [318808 2015-03-01] (OM Inc.)
Winsock: Catalog9 03 C:\Windows\SysWOW64\BDL.dll [318808 2015-03-01] (OM Inc.)
Winsock: Catalog9 04 C:\Windows\SysWOW64\BDL.dll [318808 2015-03-01] (OM Inc.)
Winsock: Catalog9 16 C:\Windows\SysWOW64\BDL.dll [318808 2015-03-01] (OM Inc.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
R2 BasementDuster; C:\Program Files (x86)\IGS\BasementDuster.exe [1463768 2015-02-24] (OM Inc.) [File not signed]
S4 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [2832704 2014-06-23] () [File not signed]
R2 Dataup; C:\Program Files (x86)\dataup\dataup.exe [73728 2014-12-11] () [File not signed] <==== ATTENTION
R2 qebeveqi; C:\Users\Rizaldy Manabat\AppData\Roaming\638623A0-1425233465-11DF-8A06-0024BEF914AD\jnsq2AF.tmp [174592 2015-03-01] () [File not signed]
R2 qiduvoko; C:\Users\Rizaldy Manabat\AppData\Local\638623A0-1425237323-11DF-8A06-0024BEF914AD\inshA298.tmp [99840 2015-03-01] () [File not signed]
C:\Users\Rizaldy Manabat\AppData\Local\638623A0-1425237323-11DF-8A06-0024BEF914AD
R2 zicymigi; C:\Users\Rizaldy Manabat\AppData\Local\638623A0-1425233841-11DF-8A06-0024BEF914AD\snsn14CB.tmp [141824 2015-03-01] () [File not signed]
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /svc [X] <==== ATTENTION
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /medsvc [X] <==== ATTENTION
R2 setekysi; C:\Users\Rizaldy Manabat\AppData\Roaming\638623A0-1425233465-11DF-8A06-0024BEF914AD\nsqC211.tmpfs [X]
S2 Update Browse Pax; "C:\Program Files (x86)\Browse Pax\updateBrowsePax.exe" [X]
C:\Program Files (x86)\Browse Pax
S1 cherimoya; system32\drivers\cherimoya.sys [X]
U2 IAStorDataMgrSvc; No ImagePath
R1 {97aac413-5ea0-4f6e-a044-c0672ad26b28}w64; C:\Windows\System32\drivers\{97aac413-5ea0-4f6e-a044-c0672ad26b28}w64.sys [48784 2015-03-01] (StdLib)
C:\Windows\System32\drivers\{97aac413-5ea0-4f6e-a044-c0672ad26b28}w64.sys
2015-06-03 16:54 - 2015-03-01 20:16 - 00010664 _____ C:\Windows\SysWOW64\BasementDuster.ini
2015-06-03 16:54 - 2015-03-01 19:29 - 00008568 _____ C:\Windows\SysWOW64\BasementDusterOff.ini
2015-06-03 16:54 - 2015-03-01 19:29 - 00008568 _____ C:\Windows\system32\BasementDusterOff.ini
2015-05-31 15:50 - 2014-07-28 13:50 - 00000318 _____ C:\Windows\Tasks\Astromenda.job
2015-05-31 15:50 - 2014-07-28 13:49 - 00000318 _____ C:\Windows\Tasks\UpdaterEX.job
Task: {232EF813-AA52-4DD4-9BE6-3E1C6114168A} - System32\Tasks\UpdaterEX => C:\Users\Rizaldy Manabat\AppData\Roaming\UpdaterEX\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {38F6EDBB-BCCD-4229-BD90-11972C243DE9} - System32\Tasks\PostPoneInstall => C:\Users\Rizaldy Manabat\AppData\Local\Temp\ce98ac2e-20c0-4a93-86f6-bdb3e61caf55.exe [2015-03-01] (C.L.A.R.A) <==== ATTENTION
Task: {445BACF1-D5E0-4BF1-84A6-01C1303B6519} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: {6501AD0D-54B2-49C6-AE4F-638852C91C50} - System32\Tasks\PastaQuotes => C:\Program Files (x86)\pastaleads\ScheduledTask.exe <==== ATTENTION
Task: {C66FB7F1-6726-40D3-95FF-E69DACFE6576} - System32\Tasks\Run_Bobby_Browser => C:\Users\Rizaldy Manabat\AppData\Local\BoBrowser\Application\bobrowser.exe <==== ATTENTION
Task: {E3ED0B6D-A97D-4370-9262-1701FFC7AA30} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: {F14F9020-1AFA-46FA-B6DA-23EDF818490D} - System32\Tasks\{C946ECC2-CA2E-42A6-A3CC-1B5C67FC4D4F} => pcalua.exe -a C:\PROGRA~2\SearchProtect\Main\bin\uninstall.exe -c /S <==== ATTENTION
Task: {F433E2E7-5788-4ED7-8965-8833A2940E1D} - System32\Tasks\Astromenda => C:\Users\RIZALD~1\AppData\Roaming\ASTROM~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {F7A524D4-3A9E-4C90-B23E-AF7CBFCF433C} - System32\Tasks\ASP => C:\Program Files (x86)\RegClean Pro\SystweakASP.exe <==== ATTENTION
Task: C:\Windows\Tasks\Astromenda.job => C:\Users\RIZALD~1\AppData\Roaming\ASTROM~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\UpdaterEX.job => C:\Users\RIZALD~1\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
C:\Windows\SysWOW64\BDL.dll
CMD: netsh winsock reset catalog
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:
Hosts:
End


  • 0

#4
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

Thank you so much for the clear and prompt response. Below is the fixlog.txt you asked for


You're quite welcome. :)

You have posted a copy of the fixlist.txt, not the fixlog. If you have run the fix, the fixlog should be located on your desktop. Please post it in your next reply. :thumbsup:
  • 0

#5
VortexR18

VortexR18

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts

!!!! Wow...that's a noob move...My apologies. Guess these things just slip away from you sometimes eh?

 

============================

 

Fix result of Farbar Recovery Scan Tool (x64) Version:03-06-2015
Ran by Rizaldy Manabat at 2015-06-03 22:55:00 Run:1
Running from C:\Users\Rizaldy Manabat\Downloads\Desktop
Loaded Profiles: Rizaldy Manabat (Available Profiles: Rizaldy Manabat)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
(OM Inc.) C:\Program Files (x86)\IGS\BasementDuster.exe
C:\Program Files (x86)\IGS
() C:\Program Files (x86)\dataup\dataup.exe
C:\Program Files (x86)\dataup
() C:\Users\Rizaldy Manabat\AppData\Roaming\638623A0-1425233465-11DF-8A06-0024BEF914AD\jnsq2AF.tmp
() C:\Users\Rizaldy Manabat\AppData\Local\638623A0-1425237323-11DF-8A06-0024BEF914AD\inshA298.tmp
() C:\Users\Rizaldy Manabat\AppData\Roaming\638623A0-1425233465-11DF-8A06-0024BEF914AD\nsqC211.tmpfs
() C:\Users\Rizaldy Manabat\AppData\Local\638623A0-1425233841-11DF-8A06-0024BEF914AD\snsn14CB.tmp
HKLM-x32\...\Run: [gmsd_us_265] => [X]
HKU\S-1-5-21-2580734851-187366485-276881293-1005\...\MountPoints2: {fe499bea-bb54-11e2-bcff-806e6f6e6963} - D:\Autorun.exe
C:\Program Files (x86)\Driver Support
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
AppInit_DLLs-x32: c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll => c:\Program Files (x86)\searchprotect\searchprotect\bin\spvc32loader.dll [181568 2014-06-23] ()
c:\progra~2\searchprotect
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Policy restriction on ProxySettings)
ProxyEnable: [HKLM] => ProxyEnable is set
ProxyEnable: [HKLM-x32] => ProxyEnable is set
ProxyServer: [HKLM] => http=127.0.0.1:8800;https=127.0.0.1:8800
ProxyServer: [HKLM-x32] => http=127.0.0.1:8800;https=127.0.0.1:8800
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://websearch.swe...&cc=US&unqvl=84
SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
SearchScopes: HKLM-x32 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.swe...&cc=US&unqvl=84
SearchScopes: HKLM-x32 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.swe...&cc=US&unqvl=84
SearchScopes: HKU\S-1-5-21-2580734851-187366485-276881293-1005 -> DefaultScope {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://astromenda.co....r=688668148=
SearchScopes: HKU\S-1-5-21-2580734851-187366485-276881293-1005 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKU\S-1-5-21-2580734851-187366485-276881293-1005 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://astromenda.co....=1377854522=
SearchScopes: HKU\S-1-5-21-2580734851-187366485-276881293-1005 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.swe...&cc=US&unqvl=84
SearchScopes: HKU\S-1-5-21-2580734851-187366485-276881293-1005 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://astromenda.co....r=688668148=
BHO: SaavverExtension -> {4229A92F-7BD7-458B-814D-CE35A7C4E97F} -> C:\Program Files (x86)\SaavverExtension\zAo9IX6vnZM7ry.x64.dll [2015-06-03] ()
C:\Program Files (x86)\SaavverExtension
BHO: FuunDealsa -> {7AD465A3-6050-4DF7-9FB3-0F9959EAC07B} -> C:\Program Files (x86)\FuunDealsa\cQnY9o7ZQ5GJUD.x64.dll [2015-06-03] ()
C:\Program Files (x86)\FuunDealsa
BHO-x32: SaavverExtension -> {4229A92F-7BD7-458B-814D-CE35A7C4E97F} -> C:\Program Files (x86)\SaavverExtension\zAo9IX6vnZM7ry.dll [2015-06-03] ()
C:\Program Files (x86)\SaavverExtension
BHO-x32: FuunDealsa -> {7AD465A3-6050-4DF7-9FB3-0F9959EAC07B} -> C:\Program Files (x86)\FuunDealsa\cQnY9o7ZQ5GJUD.dll [2015-06-03] ()
Winsock: Catalog9 01 C:\Windows\SysWOW64\BDL.dll [318808 2015-03-01] (OM Inc.)
Winsock: Catalog9 02 C:\Windows\SysWOW64\BDL.dll [318808 2015-03-01] (OM Inc.)
Winsock: Catalog9 03 C:\Windows\SysWOW64\BDL.dll [318808 2015-03-01] (OM Inc.)
Winsock: Catalog9 04 C:\Windows\SysWOW64\BDL.dll [318808 2015-03-01] (OM Inc.)
Winsock: Catalog9 16 C:\Windows\SysWOW64\BDL.dll [318808 2015-03-01] (OM Inc.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
R2 BasementDuster; C:\Program Files (x86)\IGS\BasementDuster.exe [1463768 2015-02-24] (OM Inc.) [File not signed]
S4 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [2832704 2014-06-23] () [File not signed]
R2 Dataup; C:\Program Files (x86)\dataup\dataup.exe [73728 2014-12-11] () [File not signed] <==== ATTENTION
R2 qebeveqi; C:\Users\Rizaldy Manabat\AppData\Roaming\638623A0-1425233465-11DF-8A06-0024BEF914AD\jnsq2AF.tmp [174592 2015-03-01] () [File not signed]
R2 qiduvoko; C:\Users\Rizaldy Manabat\AppData\Local\638623A0-1425237323-11DF-8A06-0024BEF914AD\inshA298.tmp [99840 2015-03-01] () [File not signed]
C:\Users\Rizaldy Manabat\AppData\Local\638623A0-1425237323-11DF-8A06-0024BEF914AD
R2 zicymigi; C:\Users\Rizaldy Manabat\AppData\Local\638623A0-1425233841-11DF-8A06-0024BEF914AD\snsn14CB.tmp [141824 2015-03-01] () [File not signed]
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /svc [X] <==== ATTENTION
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /medsvc [X] <==== ATTENTION
R2 setekysi; C:\Users\Rizaldy Manabat\AppData\Roaming\638623A0-1425233465-11DF-8A06-0024BEF914AD\nsqC211.tmpfs [X]
S2 Update Browse Pax; "C:\Program Files (x86)\Browse Pax\updateBrowsePax.exe" [X]
C:\Program Files (x86)\Browse Pax
S1 cherimoya; system32\drivers\cherimoya.sys [X]
U2 IAStorDataMgrSvc; No ImagePath
R1 {97aac413-5ea0-4f6e-a044-c0672ad26b28}w64; C:\Windows\System32\drivers\{97aac413-5ea0-4f6e-a044-c0672ad26b28}w64.sys [48784 2015-03-01] (StdLib)
C:\Windows\System32\drivers\{97aac413-5ea0-4f6e-a044-c0672ad26b28}w64.sys
2015-06-03 16:54 - 2015-03-01 20:16 - 00010664 _____ C:\Windows\SysWOW64\BasementDuster.ini
2015-06-03 16:54 - 2015-03-01 19:29 - 00008568 _____ C:\Windows\SysWOW64\BasementDusterOff.ini
2015-06-03 16:54 - 2015-03-01 19:29 - 00008568 _____ C:\Windows\system32\BasementDusterOff.ini
2015-05-31 15:50 - 2014-07-28 13:50 - 00000318 _____ C:\Windows\Tasks\Astromenda.job
2015-05-31 15:50 - 2014-07-28 13:49 - 00000318 _____ C:\Windows\Tasks\UpdaterEX.job
Task: {232EF813-AA52-4DD4-9BE6-3E1C6114168A} - System32\Tasks\UpdaterEX => C:\Users\Rizaldy Manabat\AppData\Roaming\UpdaterEX\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {38F6EDBB-BCCD-4229-BD90-11972C243DE9} - System32\Tasks\PostPoneInstall => C:\Users\Rizaldy Manabat\AppData\Local\Temp\ce98ac2e-20c0-4a93-86f6-bdb3e61caf55.exe [2015-03-01] (C.L.A.R.A) <==== ATTENTION
Task: {445BACF1-D5E0-4BF1-84A6-01C1303B6519} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: {6501AD0D-54B2-49C6-AE4F-638852C91C50} - System32\Tasks\PastaQuotes => C:\Program Files (x86)\pastaleads\ScheduledTask.exe <==== ATTENTION
Task: {C66FB7F1-6726-40D3-95FF-E69DACFE6576} - System32\Tasks\Run_Bobby_Browser => C:\Users\Rizaldy Manabat\AppData\Local\BoBrowser\Application\bobrowser.exe <==== ATTENTION
Task: {E3ED0B6D-A97D-4370-9262-1701FFC7AA30} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: {F14F9020-1AFA-46FA-B6DA-23EDF818490D} - System32\Tasks\{C946ECC2-CA2E-42A6-A3CC-1B5C67FC4D4F} => pcalua.exe -a C:\PROGRA~2\SearchProtect\Main\bin\uninstall.exe -c /S <==== ATTENTION
Task: {F433E2E7-5788-4ED7-8965-8833A2940E1D} - System32\Tasks\Astromenda => C:\Users\RIZALD~1\AppData\Roaming\ASTROM~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {F7A524D4-3A9E-4C90-B23E-AF7CBFCF433C} - System32\Tasks\ASP => C:\Program Files (x86)\RegClean Pro\SystweakASP.exe <==== ATTENTION
Task: C:\Windows\Tasks\Astromenda.job => C:\Users\RIZALD~1\AppData\Roaming\ASTROM~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\UpdaterEX.job => C:\Users\RIZALD~1\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
C:\Windows\SysWOW64\BDL.dll
CMD: netsh winsock reset catalog
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:
Hosts:
End
*****************

Restore point was successfully created.
Processes closed successfully.
C:\Program Files (x86)\IGS\BasementDuster.exe => No running process found
C:\Program Files (x86)\IGS => moved successfully.
C:\Program Files (x86)\dataup\dataup.exe => No running process found
C:\Program Files (x86)\dataup => moved successfully.
C:\Users\Rizaldy Manabat\AppData\Roaming\638623A0-1425233465-11DF-8A06-0024BEF914AD\jnsq2AF.tmp => No running process found
C:\Users\Rizaldy Manabat\AppData\Local\638623A0-1425237323-11DF-8A06-0024BEF914AD\inshA298.tmp => No running process found
C:\Users\Rizaldy Manabat\AppData\Roaming\638623A0-1425233465-11DF-8A06-0024BEF914AD\nsqC211.tmpfs => No running process found
C:\Users\Rizaldy Manabat\AppData\Local\638623A0-1425233841-11DF-8A06-0024BEF914AD\snsn14CB.tmp => No running process found
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\gmsd_us_265 => value removed successfully
"HKU\S-1-5-21-2580734851-187366485-276881293-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe499bea-bb54-11e2-bcff-806e6f6e6963}" => key removed successfully
HKCR\CLSID\{fe499bea-bb54-11e2-bcff-806e6f6e6963} => key not found.
"C:\Program Files (x86)\Driver Support" => File/Folder not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallDeleteDir => value removed successfully
"c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll" => value data removed successfully.
c:\progra~2\searchprotect => moved successfully.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxySettingsPerUser => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}" => key removed successfully
HKCR\CLSID\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}" => key removed successfully
HKCR\Wow6432Node\CLSID\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE} => key not found.
HKU\S-1-5-21-2580734851-187366485-276881293-1005\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-2580734851-187366485-276881293-1005\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => key removed successfully
HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => key not found.
"HKU\S-1-5-21-2580734851-187366485-276881293-1005\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}" => key removed successfully
HKCR\CLSID\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9} => key not found.
"HKU\S-1-5-21-2580734851-187366485-276881293-1005\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}" => key removed successfully
HKCR\CLSID\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE} => key not found.
"HKU\S-1-5-21-2580734851-187366485-276881293-1005\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}" => key removed successfully
HKCR\CLSID\{DECA3892-BA8F-44b8-A993-A466AD694AE4} => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4229A92F-7BD7-458B-814D-CE35A7C4E97F} => key not found.
"HKCR\CLSID\{4229A92F-7BD7-458B-814D-CE35A7C4E97F}" => key removed successfully
"C:\Program Files (x86)\SaavverExtension" => File/Folder not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7AD465A3-6050-4DF7-9FB3-0F9959EAC07B} => key not found.
"HKCR\CLSID\{7AD465A3-6050-4DF7-9FB3-0F9959EAC07B}" => key removed successfully
"C:\Program Files (x86)\FuunDealsa" => File/Folder not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4229A92F-7BD7-458B-814D-CE35A7C4E97F} => key not found.
"HKCR\Wow6432Node\CLSID\{4229A92F-7BD7-458B-814D-CE35A7C4E97F}" => key removed successfully
"C:\Program Files (x86)\SaavverExtension" => File/Folder not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7AD465A3-6050-4DF7-9FB3-0F9959EAC07B} => key not found.
"HKCR\Wow6432Node\CLSID\{7AD465A3-6050-4DF7-9FB3-0F9959EAC07B}" => key removed successfully
Winsock: Catalog entry 000000000001 => removed successfully
Winsock: Catalog entry 000000000002 => removed successfully
Winsock: Catalog entry 000000000003 => removed successfully
Winsock: Catalog entry 000000000004 => removed successfully
Winsock: Catalog entry 000000000016 => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4" => key removed successfully
BasementDuster => Service not found.
CltMngSvc => Service removed successfully
Dataup => Service removed successfully
qebeveqi => Service removed successfully
qiduvoko => Service not found.
"C:\Users\Rizaldy Manabat\AppData\Local\638623A0-1425237323-11DF-8A06-0024BEF914AD" => File/Folder not found.
zicymigi => Service removed successfully
globalUpdate => Service removed successfully
globalUpdatem => Service removed successfully
setekysi => Service removed successfully
Update Browse Pax => Service removed successfully
"C:\Program Files (x86)\Browse Pax" => File/Folder not found.
cherimoya => Service removed successfully
IAStorDataMgrSvc => Service removed successfully
{97aac413-5ea0-4f6e-a044-c0672ad26b28}w64 => Service stopped successfully.
{97aac413-5ea0-4f6e-a044-c0672ad26b28}w64 => Service removed successfully
C:\Windows\System32\drivers\{97aac413-5ea0-4f6e-a044-c0672ad26b28}w64.sys => moved successfully.
"C:\Windows\SysWOW64\BasementDuster.ini" => File/Folder not found.
C:\Windows\SysWOW64\BasementDusterOff.ini => moved successfully.
C:\Windows\system32\BasementDusterOff.ini => moved successfully.
C:\Windows\Tasks\Astromenda.job => moved successfully.
C:\Windows\Tasks\UpdaterEX.job => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{232EF813-AA52-4DD4-9BE6-3E1C6114168A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{232EF813-AA52-4DD4-9BE6-3E1C6114168A}" => key removed successfully
C:\Windows\System32\Tasks\UpdaterEX => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UpdaterEX" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{38F6EDBB-BCCD-4229-BD90-11972C243DE9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{38F6EDBB-BCCD-4229-BD90-11972C243DE9}" => key removed successfully
C:\Windows\System32\Tasks\PostPoneInstall => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PostPoneInstall" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{445BACF1-D5E0-4BF1-84A6-01C1303B6519}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{445BACF1-D5E0-4BF1-84A6-01C1303B6519}" => key removed successfully
C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineUA" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6501AD0D-54B2-49C6-AE4F-638852C91C50}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6501AD0D-54B2-49C6-AE4F-638852C91C50}" => key removed successfully
C:\Windows\System32\Tasks\PastaQuotes => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PastaQuotes" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C66FB7F1-6726-40D3-95FF-E69DACFE6576}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C66FB7F1-6726-40D3-95FF-E69DACFE6576}" => key removed successfully
C:\Windows\System32\Tasks\Run_Bobby_Browser => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Run_Bobby_Browser" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E3ED0B6D-A97D-4370-9262-1701FFC7AA30}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E3ED0B6D-A97D-4370-9262-1701FFC7AA30}" => key removed successfully
C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineCore" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F14F9020-1AFA-46FA-B6DA-23EDF818490D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F14F9020-1AFA-46FA-B6DA-23EDF818490D}" => key removed successfully
C:\Windows\System32\Tasks\{C946ECC2-CA2E-42A6-A3CC-1B5C67FC4D4F} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C946ECC2-CA2E-42A6-A3CC-1B5C67FC4D4F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F433E2E7-5788-4ED7-8965-8833A2940E1D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F433E2E7-5788-4ED7-8965-8833A2940E1D}" => key removed successfully
C:\Windows\System32\Tasks\Astromenda => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Astromenda" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F7A524D4-3A9E-4C90-B23E-AF7CBFCF433C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F7A524D4-3A9E-4C90-B23E-AF7CBFCF433C}" => key removed successfully
C:\Windows\System32\Tasks\ASP => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASP" => key removed successfully
C:\Windows\Tasks\Astromenda.job not found.
C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => moved successfully.
C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => moved successfully.
C:\Windows\Tasks\UpdaterEX.job not found.
C:\Windows\SysWOW64\BDL.dll => moved successfully.

=========  netsh winsock reset catalog =========

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

========= End of CMD: =========

=========  bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {5BFB0865-4381-4D68-A1A5-D0CCD3929DE4}.
Unable to cancel {D323BE5B-76AB-4588-9F66-C4312D42D678}.
Unable to cancel {E09E7F36-06C4-42FF-9BEA-95DF688B3A21}.
Unable to cancel {EA297570-4B92-4761-AB6F-738537A17BEA}.
{ED924CE9-8CB1-4BC7-810C-EBCCBFB9592C} canceled.
{85970DB2-442B-4DA9-AE19-545EF94F6E8A} canceled.
{31778280-05FD-4FE8-8D36-9927D54119A6} canceled.
{D59D106C-7F0F-4323-850B-A5F128DE80C3} canceled.
{0371912D-5438-4099-AA43-F79E44610A24} canceled.
{36B665F6-CC41-4F00-95BD-2396A105ED37} canceled.
6 out of 10 jobs canceled.

========= End of CMD: =========

=========  netsh advfirewall reset =========

Ok.

========= End of CMD: =========

=========  netsh advfirewall set allprofiles state on =========

Ok.

========= End of CMD: =========

=========  ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully.
Hosts restored successfully.
EmptyTemp: => 5.6 GB temporary data Removed.

The system needed a reboot..

==== End of Fixlog 22:56:35 ====

 

Good news is I am sending this message through the laptop itself now. No more switching back and forth from computers. You're the best!


  • 0

#6
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

!!!! Wow...that's a noob move...My apologies. Guess these things just slip away from you sometimes eh?


No need to apologize, happens all the time. :)
 

Good news is I am sending this message through the laptop itself now. No more switching back and forth from computers. You're the best!


Good news, indeed! Let's continue the cleaning. :thumbsup:


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.

Step 1: Junkware Removal Tool

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 2: AdwCleaner

Download ADWcleaner by clicking here. Please save it to your Desktop


adwcleanerscreen_zpsm6wq1ei9.jpg
  • Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
  • Close any open windows or browsers.
  • Pause your Anti-Virus program if it is running.
  • Once it starts, click on the Scan button.
  • Let the scan complete itself. This may take a few minutes.
  • Once the scan has finished, it will say "Pending, uncheck elements you don't want to remove.", don't worry about unchecking anything and then click the Cleaning button. When finished, it will ask to reboot. Please reboot.
  • When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
    • Click the Logfile button and the log will open. Copy and Paste the contents of the log file into your next reply.
    This report is also saved at C:\AdwCleaner[R0].txt
Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

Junkware Removal Tool Log

AdwCleaner Log

  • 0

#7
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hi :)

It's been over 24 hours since your last reply. Please let me know if you need assistance with the last set of instructions. :thumbsup:
  • 0

#8
VortexR18

VortexR18

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts

Hello, sorry for the response delay. Schedule has been busy, but I will be working on the next step now and should reply later. Thank you again


  • 0

#9
VortexR18

VortexR18

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts

Hello again.

 

Im not sure how big an error this is, but I ran JRT Scan and walked off for a bit. When I returned, the computer crashed...the battery died...I didn't see any log on the desktop from JRT, so I ran the scan again to pull up a log. It probably is a much different log than what came up the first time. Here it is...

 

=============================

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.8.9 (06.06.2015:1)
OS: Windows 7 Home Premium x64
Ran by Rizaldy Manabat on Sun 06/07/2015 at  4:30:43.15
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Tasks

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 06/07/2015 at  4:33:25.54
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

Interestingly enough, when the second scan finished, the log told me it saves the copy to a cached/private folder on my account and not on the desktop.


  • 0

#10
VortexR18

VortexR18

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts

# AdwCleaner v4.206 - Logfile created 07/06/2015 at 05:06:53
# Updated 01/06/2015 by Xplode
# Database : 2015-06-05.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Rizaldy Manabat - RIZALDYMANABAT
# Running from : C:\Users\Rizaldy Manabat\Downloads\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : 166881fa

***** [ Files / Folders ] *****

Folder Deleted : C:\SearchProtect
Folder Deleted : C:\ProgramData\pastaleads
Folder Deleted : C:\ProgramData\uc
Folder Deleted : C:\ProgramData\Yahoo! Companion
Folder Deleted : C:\ProgramData\1cc9e59400005848
Folder Deleted : C:\ProgramData\3c1e558000004d68
Folder Deleted : C:\ProgramData\57f0499a00002f93
Folder Deleted : C:\ProgramData\{099826c1-7e9a-f35f-0998-826c17e99b05}
Folder Deleted : C:\Program Files (x86)\pastaleads
Folder Deleted : C:\Program Files (x86)\Push to BlackBerry
Folder Deleted : C:\Windows\SysWOW64\SearchProtect
Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\PackageAware
Folder Deleted : C:\Program Files\shopperz
Folder Deleted : C:\Users\Rizaldy Manabat\AppData\Local\638623A0-1425233841-11DF-8A06-0024BEF914AD
Folder Deleted : C:\Users\Rizaldy Manabat\AppData\LocalLow\Yahoo! Companion
File Deleted : C:\Users\Rizaldy Manabat\Downloads\Desktop\Continue Live Installation.lnk
File Deleted : C:\Users\Rizaldy Manabat\Downloads\Desktop\Continue VuuPC Installation.lnk

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\290abe61-0b74-f743-e35e-be4550f1aceb
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{166881fa}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CF50C82-4C4B-43E9-B1B2-15CB1BD0C193}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7D8DAE88-BC05-4578-8C29-E541FFBA5757}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B5C4833B-847B-49CD-8EBE-CDD9B43C882F}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{14EF423E-3EE8-44AE-9337-07AC3F27B744}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5157DEF6-4D45-4AE0-982B-227A3458A01B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9A44AB5B-B488-42A3-8D2B-7A0DA772F3A4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
Key Deleted : HKCU\Software\Compete
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\KanarCore
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\TutoTag
Key Deleted : HKCU\Software\UpdaterEX
Key Deleted : HKCU\Software\BoBrowser
Key Deleted : HKCU\Software\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}
Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\TheBestDeals
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\SOFTWARE\CompeteInc
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\NpApp
Key Deleted : HKLM\SOFTWARE\SearchProtect
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\Clara
Key Deleted : HKLM\SOFTWARE\GAMESDESKTOP
Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Deleted : HKU\.DEFAULT\Software\Microsoft\KanarCore
Key Deleted : HKU\.DEFAULT\Software\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdater
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17801

*************************

AdwCleaner[R0].txt - [12461 bytes] - [07/06/2015 04:36:28]
AdwCleaner[S0].txt - [12205 bytes] - [07/06/2015 05:06:53]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [12265  bytes] ##########


  • 0

Advertisements


#11
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

Hello, sorry for the response delay. Schedule has been busy, but I will be working on the next step now and should reply later. Thank you again


No worries, real life always comes first and you are very welcome. :)
 

Im not sure how big an error this is, but I ran JRT Scan and walked off for a bit. When I returned, the computer crashed...the battery died...I didn't see any log on the desktop from JRT, so I ran the scan again to pull up a log. It probably is a much different log than what came up the first time. Here it is...


That's fine, JRT finished removing what it found and the second log shows that. :thumbsup:

Also, that AdwCleaner log looks good, a lot of garbage removed from the system. How is the computer running?



Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Scan with Malwarebytes


Please download Malwarebytes Anti-Malware to your desktop
Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings_zpsb6b9ada0.jpg

Go back to the Dashboard and select Scan Now

mbam21-console_zpslhr5hawa.jpg

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot_zps9089ab30.jpg

MBAMLog_zpsade07f42.jpg

On completion of the scan (or after the reboot), start MBAM,

Click History, then Application Logs, then check the Select box by the first Scan Log in the list.

Click View, then click Export, select text file and save to the desktop as MBAM.txt and post in your next reply.



Step 2: Scan with ESET Online Scanner


Please note: You can use Internet Explorer or Firefox for this step. Either browser used will have to be ran in admin mode.

Right click on either the Internet Explorer icon or the Firefox icon in the Start Menu or Quick Launch Bar on the Task bar and select Run as Administrator from the menu.

If you use Firefox, you will be prompted to download esetsmartinstaller_enu.exe. Please do so, then double click it to install it.

Please click on this link and then click the ESET Online Scanner bar ---->esetbar_zps93905f48.jpg
  • Select the option YES, I accept the Terms of Use then click on Start
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • Now click on Finish
  • Use notepad to open the logfile located at C:\Program Files(x86)\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Step 3: SecurityCheck Scan


Download Security Checksecuritycheck_zpsb7736812.jpg by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Things I need to see in your next post:
  • ESET Scan Log
  • MBAM Log
  • SecurityCheck Log

  • 0

#12
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hi :)

It's been over 24 hours since your last reply. Please let me know if you need assistance with the last set of instructions. :thumbsup:
  • 0

#13
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0

#14
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
User returned.
  • 0

#15
VortexR18

VortexR18

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts

ESET Scan Log

=======================

 

[email protected] as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# product=EOS
# version=8
# IEXPLORE.EXE=11.00.9600.16428 (winblue_gdr.131013-1700)
# EOSSerial=5fc41566efafb34b9d90809913c73d28
# end=init
# utc_time=2015-06-20 02:24:54
# local_time=2015-06-19 10:24:54 (-0500, Eastern Daylight Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 24416
# product=EOS
# version=8
# IEXPLORE.EXE=11.00.9600.16428 (winblue_gdr.131013-1700)
# EOSSerial=5fc41566efafb34b9d90809913c73d28
# end=updated
# utc_time=2015-06-20 02:29:50
# local_time=2015-06-19 10:29:50 (-0500, Eastern Daylight Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# IEXPLORE.EXE=11.00.9600.16428 (winblue_gdr.131013-1700)
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=5fc41566efafb34b9d90809913c73d28
# engine=24416
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-06-20 04:03:43
# local_time=2015-06-20 12:03:43 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 1582824 75143139 0 0
# scanned=166682
# found=16
# cleaned=0
# scan_time=5632
sh=B3B169E220BD591802B05759ADEE1C353E15B112 ft=1 fh=9d6c1fda665ceb54 vn="a variant of Win32/Toolbar.Perion.K potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\shopperz\krios.dll.vir"
sh=014302BCFCE8E95F675D856ADC42614B6769BD78 ft=1 fh=d796cde0598a222b vn="a variant of Win32/Toolbar.Perion.K potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\shopperz\krios64.dll.vir"
sh=57F3815D0942E3B0A9BEF621A7B4971F55FC74D7 ft=1 fh=c71c0011d20a434c vn="Win32/Adware.MultiPlug.KG application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Push to BlackBerry\Push to BlackBerry.exe.vir"
sh=D4C0B38292DA8389241C5FE7F44F3443CEE46493 ft=1 fh=c71c0011f844604a vn="a variant of Win32/SProtector.Q potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\3c1e558000004d68\3c1e558000004d68.dll.vir"
sh=EDA4A8295B1F3351419262D3341566A3AAE7873A ft=1 fh=4d522b7aab8db501 vn="a variant of Win32/Adware.MultiPlug.FH application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\{099826c1-7e9a-f35f-0998-826c17e99b05}\Showbox for PC.exe.vir"
sh=72245E4758077CFF2046A715CA21D5DE61E86940 ft=1 fh=c71c0011e8314178 vn="a variant of Win32/Adware.ConvertAd.BF application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rizaldy Manabat\AppData\Local\638623A0-1425233841-11DF-8A06-0024BEF914AD\onsn14CD.tmp.vir"
sh=10A114766BDFA634DE4A38AF3D41A8CB04CA8FD4 ft=1 fh=7d9c618404e855d1 vn="a variant of Win32/Adware.ConvertAd.QR application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rizaldy Manabat\AppData\Local\638623A0-1425233841-11DF-8A06-0024BEF914AD\pnsi1683.exe.vir"
sh=7AE17C65731B1405C564D0B4F731707E6B91C151 ft=1 fh=6d22dfbe543bad57 vn="a variant of Win32/Adware.ConvertAd.BQ application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rizaldy Manabat\AppData\Local\638623A0-1425233841-11DF-8A06-0024BEF914AD\rnsn14CC.exe.vir"
sh=50535CFB63D71DBE9369D426AF967CE9C4EBC9BC ft=1 fh=1c323c75552566eb vn="a variant of Win32/Adware.AdService.BL application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rizaldy Manabat\AppData\Local\638623A0-1425233841-11DF-8A06-0024BEF914AD\snsn14CB.tmp.vir"
sh=B563A4F73EFC5F261465B19D545C333210FF0898 ft=1 fh=c7b9cc65de893de6 vn="Win32/Adware.ConvertAd.PY application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rizaldy Manabat\AppData\Local\638623A0-1425233841-11DF-8A06-0024BEF914AD\Uninstall.exe.vir"
sh=DF96804C0D2D07D7543728DF582C86ACD3BEF3CF ft=1 fh=8676e6337a543f91 vn="Win32/Conduit.SearchProtect.H potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\progra~2\searchprotect\Main\bin\SPtool.dll_1391277995753"
sh=1142B3A99B2E45DCC99BCE89F66F44374C8ABAF9 ft=1 fh=f6c9edec430c0a0b vn="a variant of Win64/NetFilter.A potentially unsafe application" ac=I fn="C:\FRST\Quarantine\C\Windows\System32\drivers\{97aac413-5ea0-4f6e-a044-c0672ad26b28}w64.sys.xBAD"
sh=F714CB10BDECD30B61B4C67375D50B3E56B7CC46 ft=1 fh=b98efa324fe49199 vn="a variant of Win32/Komodia.A potentially unsafe application" ac=I fn="C:\FRST\Quarantine\C\Windows\SysWOW64\BDL.dll.xBAD"
sh=07D8745A7299D17AB49A5FAA22B3174C63F8CC0A ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.J potentially unwanted application" ac=I fn="C:\Users\Rizaldy Manabat\AppData\Roaming\Auslogics\Rescue\Sony Maintenance\130729223624893.rsc"
sh=B124D11FDA214467C1678335C9F5EF7C5E158B45 ft=1 fh=c71c001152a62bbb vn="a variant of Win32/TrojanDownloader.Agent.SEG trojan" ac=I fn="C:\Users\Rizaldy Manabat\AppData\Roaming\et\dz.exe"
sh=BDF2468F309045313DD1601619B5F248A58261E0 ft=1 fh=e70373af2cf7daf7 vn="a variant of Win32/InstallCore.PK potentially unwanted application" ac=I fn="C:\Users\Rizaldy Manabat\Downloads\Skype.exe"

 

MBAM Log

====================

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 6/19/2015
Scan Time: 6:07:55 PM
Logfile: MBAM.txt
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.06.19.04
Rootkit Database: v2015.06.15.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Rizaldy Manabat

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 356686
Time Elapsed: 50 min, 17 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 13
PUP.Optional.ConsumerInput.A, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}, Quarantined, [c6cab50794f6eb4b852c82f54fb405fb],
PUP.Optional.CrossRider.C, HKLM\SOFTWARE\WOW6432NODE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [40501ca044461d1988fb0de9ac579e62],
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\CLELPNEIGICMACKIBCBKIGOGPFFKKFLP, Quarantined, [018fb3090a806ec8584ae61023e02ad6],
PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{478472F9-9E09-492A-BDAB-42EE595EF1AD}, Quarantined, [93fd7a42d8b2fa3c4de05fa00ef5fc04],
PUP.Optional.DriverUpdate.A, HKLM\SOFTWARE\WOW6432NODE\SLIMWARE UTILITIES INC\DriverUpdate, Quarantined, [b3dd48743852f5418a737121bc4916ea],
PUP.Optional.ICinema.A, HKU\S-1-5-18\SOFTWARE\I - Cinema-nv, Quarantined, [711f9d1f9eec61d58ce8160615ef54ac],
PUP.Optional.ICinema.A, HKU\S-1-5-18\SOFTWARE\I - Cinema-nv-ie, Quarantined, [c1cf487404863df994e0cd4f848057a9],
PUP.Optional.Crossrider.C, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\_CrossriderRegNamePlaceHolder_, Quarantined, [5e3295273c4e50e65e74bad1c144e61a],
PUP.Optional.Shopperz.A, HKU\S-1-5-19\SOFTWARE\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}, Quarantined, [642c4c70c9c1e551297c16e61be82dd3],
PUP.Optional.Shopperz.A, HKU\S-1-5-20\SOFTWARE\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}, Quarantined, [0888f2caa5e5f83eb5f017e5e61d7a86],
PUP.Optional.ICinema.A, HKU\S-1-5-21-2580734851-187366485-276881293-1005\SOFTWARE\I - Cinema-nv-ie, Quarantined, [207003b9bfcb55e1076dde3ef80cfc04],
PUP.Optional.ICinema.A, HKU\S-1-5-21-2580734851-187366485-276881293-1005\SOFTWARE\I-Cinema, Quarantined, [3759ae0e3e4ccf6723a5a377fc08b848],
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-2580734851-187366485-276881293-1005\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\CLELPNEIGICMACKIBCBKIGOGPFFKKFLP, Quarantined, [1779efcdafdb75c16c37629430d3a858],

Registry Values: 3
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\clelpneigicmackibcbkigogpffkkflp|path, C:\Users\Rizaldy Manabat\AppData\Local\CRE\clelpneigicmackibcbkigogpffkkflp.crx, Quarantined, [018fb3090a806ec8584ae61023e02ad6]
PUP.Optional.Astromenda.C, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files (x86)\Astromenda\\, Quarantined, [6927e6d6b6d4f541740954a22fd406fa]
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-2580734851-187366485-276881293-1005\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\clelpneigicmackibcbkigogpffkkflp|path, C:\Users\Rizaldy Manabat\AppData\Local\CRE\clelpneigicmackibcbkigogpffkkflp.crx, Quarantined, [1779efcdafdb75c16c37629430d3a858]

Registry Data: 0
(No malicious items detected)

Folders: 4
PUP.Optional.MultiPlug.Gen, C:\Users\Rizaldy Manabat\AppData\Roaming\638623A0-1425233465-11DF-8A06-0024BEF914AD, Quarantined, [0c84dae21872d75fedadd5b33fc6c33d],
PUP.Optional.MultiPlug, C:\ProgramData\ggkdnbndkkgmefcnnnpfgneaclfambkg, Quarantined, [77195567dbaf50e6607fed9c9c6944bc],
PUP.Optional.MultiPlug, C:\ProgramData\hnlbemdcalghhdmaoikgdhmicjnpemhp, Quarantined, [6a264b710387201620bfb1d80ef7b749],
PUP.Optional.ClickerDU.A, C:\Program Files (x86)\data_up, Quarantined, [e4ac3d7f741650e66e6e24ca9f6456aa],

Files: 29
PUP.Optional.WebTInst.A, C:\Windows\System32\drivers\Msft_Kernel_webTinstMK_01009.Wdf, Delete-on-Reboot, ,
PUP.Optional.Squarenet, C:\ProgramData\a5srv5task\baidu.exe, Quarantined, [efa1ecd01872162040da3b665aabaf51],
PUP.Optional.Squarenet, C:\ProgramData\a5srv5task\baiduan.exe, Quarantined, [f7996854bbcf092daf69544de025c43c],
PUP.Optional.Multiplug, C:\Program Files (x86)\GenMaker\GenMaker.dll, Quarantined, [ace40eaea8e23afc6c3b3503ee14936d],
PUP.Optional.DriverUpdate.A, C:\Users\Rizaldy Manabat\Downloads\DriverUpdate-setup.exe, Quarantined, [1080ac100585ff373c80bdb017eb1fe1],
PUP.Optional.Bandoo, C:\Users\Rizaldy Manabat\Downloads\iLividSetup-r362-n-bc.exe, Quarantined, [652b6d4f4f3b80b60d848cb6ce338c74],
PUP.Optional.OptimumInstaller.A, C:\Users\Rizaldy Manabat\Downloads\Player-Chrome.exe, Quarantined, [d5bbd4e8d2b87eb8f364e4a2926f7a86],
PUP.Optional.InstallCore.A, C:\Users\Rizaldy Manabat\Downloads\Skype_Setup (1).exe, Quarantined, [1b750ab2a9e1d264d8abc6a859a93ac6],
PUP.Optional.InstallCore.A, C:\Users\Rizaldy Manabat\Downloads\Skype_Setup (2).exe, Quarantined, [7f116755484247ef51326d0134ce718f],
PUP.Optional.InstallCore.A, C:\Users\Rizaldy Manabat\Downloads\Skype_Setup (3).exe, Quarantined, [a9e7fdbf256537ff552ea1cd29d9b34d],
PUP.Optional.InstallCore.A, C:\Users\Rizaldy Manabat\Downloads\Skype_Setup.exe, Quarantined, [a5ebb20a16740432b6cd620c43bf758b],
PUP.Optional.Conduit.A, C:\Users\Rizaldy Manabat\Downloads\Translator_3_1_B2 (1).exe, Quarantined, [266a8438b7d3320433309db80ef30ef2],
PUP.Optional.Conduit.A, C:\Users\Rizaldy Manabat\Downloads\Translator_3_1_B2.exe, Quarantined, [345c318bfb8fde58d39035207b863ec2],
PUP.Optional.MultiPlug.Gen, C:\Users\Rizaldy Manabat\AppData\Roaming\638623A0-1425233465-11DF-8A06-0024BEF914AD\jnsq2AF.tmp, Quarantined, [0c84dae21872d75fedadd5b33fc6c33d],
PUP.Optional.MultiPlug.Gen, C:\Users\Rizaldy Manabat\AppData\Roaming\638623A0-1425233465-11DF-8A06-0024BEF914AD\nsqC211.tmpfs, Quarantined, [0c84dae21872d75fedadd5b33fc6c33d],
PUP.Optional.MultiPlug.Gen, C:\Users\Rizaldy Manabat\AppData\Roaming\638623A0-1425233465-11DF-8A06-0024BEF914AD\rnsgEFD7.exe, Quarantined, [0c84dae21872d75fedadd5b33fc6c33d],
PUP.Optional.MultiPlug.Gen, C:\Users\Rizaldy Manabat\AppData\Roaming\638623A0-1425233465-11DF-8A06-0024BEF914AD\Uninstall.exe, Quarantined, [0c84dae21872d75fedadd5b33fc6c33d],
PUP.Optional.MultiPlug.Gen, C:\Users\Rizaldy Manabat\AppData\Roaming\638623A0-1425233465-11DF-8A06-0024BEF914AD\vnsv49EE.tmp, Quarantined, [0c84dae21872d75fedadd5b33fc6c33d],
PUP.Optional.MultiPlug, C:\ProgramData\ggkdnbndkkgmefcnnnpfgneaclfambkg\lsdb.js, Quarantined, [77195567dbaf50e6607fed9c9c6944bc],
PUP.Optional.MultiPlug, C:\ProgramData\ggkdnbndkkgmefcnnnpfgneaclfambkg\background.html, Quarantined, [77195567dbaf50e6607fed9c9c6944bc],
PUP.Optional.MultiPlug, C:\ProgramData\ggkdnbndkkgmefcnnnpfgneaclfambkg\content.js, Quarantined, [77195567dbaf50e6607fed9c9c6944bc],
PUP.Optional.MultiPlug, C:\ProgramData\ggkdnbndkkgmefcnnnpfgneaclfambkg\manifest.json, Quarantined, [77195567dbaf50e6607fed9c9c6944bc],
PUP.Optional.MultiPlug, C:\ProgramData\ggkdnbndkkgmefcnnnpfgneaclfambkg\r6WZ05MPZb.js, Quarantined, [77195567dbaf50e6607fed9c9c6944bc],
PUP.Optional.MultiPlug, C:\ProgramData\hnlbemdcalghhdmaoikgdhmicjnpemhp\lsdb.js, Quarantined, [6a264b710387201620bfb1d80ef7b749],
PUP.Optional.MultiPlug, C:\ProgramData\hnlbemdcalghhdmaoikgdhmicjnpemhp\background.html, Quarantined, [6a264b710387201620bfb1d80ef7b749],
PUP.Optional.MultiPlug, C:\ProgramData\hnlbemdcalghhdmaoikgdhmicjnpemhp\content.js, Quarantined, [6a264b710387201620bfb1d80ef7b749],
PUP.Optional.MultiPlug, C:\ProgramData\hnlbemdcalghhdmaoikgdhmicjnpemhp\manifest.json, Quarantined, [6a264b710387201620bfb1d80ef7b749],
PUP.Optional.MultiPlug, C:\ProgramData\hnlbemdcalghhdmaoikgdhmicjnpemhp\weivTtw1.js, Quarantined, [6a264b710387201620bfb1d80ef7b749],
PUP.Optional.ClickerDU.A, C:\Program Files (x86)\data_up\data_up.exe, Quarantined, [e4ac3d7f741650e66e6e24ca9f6456aa],

Physical Sectors: 0
(No malicious items detected)

(end)

 

 

Security Log

================

 Results of screen317's Security Check version 1.004 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Microsoft Security Essentials  
  (On Access scanning disabled!)
 Error obtaining update status for antivirus! 
`````````Anti-malware/Other Utilities Check:`````````
 Java™ 6 Update 18 
 Java version 32-bit out of Date!
 Adobe Flash Player 10 Flash Player out of Date!
 Adobe Reader 9 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent```````` 
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 Sony VAIOCA~1 Iolo IOLOTO~1.EXE
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 5%
````````````````````End of Log``````````````````````
 

 


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP