# AdwCleaner v3.015 - Report created 15/12/2013 at 02:30:47
# Updated 10/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Penwitt - PENWITT-VAIO
# Running from : C:\Users\Penwitt\Desktop\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Searchprotect
Folder Deleted : C:\Program Files (x86)\xfin_portal
Folder Deleted : C:\Users\Penwitt\AppData\Local\PackageAware
Folder Deleted : C:\Users\Penwitt\AppData\LocalLow\comcasttb
Folder Deleted : C:\Users\Penwitt\AppData\LocalLow\xfin_portal
Folder Deleted : C:\Users\Penwitt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Video downloader
Folder Deleted : C:\Users\Penwitt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam
Folder Deleted : C:\Users\Penwitt\AppData\Local\Google\Chrome\User Data\Default\Extensions\hchkdglnjoagfcnikmcebkjlfbcbkhnm
File Deleted : C:\Windows\System32\Tasks\BackgroundContainer Startup Task
File Deleted : C:\Windows\System32\Tasks\Printatree
***** [ Shortcuts ] *****
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Messenger\View Inbox.lnk
***** [ Registry ] *****
Key Deleted : HKCU\Software\Google\Chrome\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam
Key Deleted : HKCU\Software\Google\Chrome\Extensions\hchkdglnjoagfcnikmcebkjlfbcbkhnm
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hchkdglnjoagfcnikmcebkjlfbcbkhnm
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [BackgroundContainer]
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1F02FB61-2BE5-4C16-8199-AEAA16EB0342}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{08635077-8829-49E2-B338-C968817EB460}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{20A3F109-F7C1-47B4-8098-8E654B264B1D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8C7478AB-3155-463E-936F-55F91F0F10D0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9E1B65EE-A131-42B4-94CA-847505E2F611}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A1BBE49-C6F1-40EA-9D2F-262F0AF6DDE3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2022154E-7E3E-4809-871E-1B45A6FC7058}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{292ECB89-350E-45D2-816F-52C15305B144}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{36CC2180-B6BF-4951-9578-6B0C40044AAA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44A36944-22C6-4A08-BC7C-161F3E540DBF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{51F04BD6-3888-4849-864C-617FAE709CE0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6247DD2C-8CF9-4041-A235-93691D71B8B4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{835BED79-DF7E-4096-B355-ED43FA2EA87B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C953EC4-8CFA-44FB-B32E-1249E5505091}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8E863BD6-50DE-47D0-A6F1-3C1F6DB72451}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9DD36F1E-5111-41C5-ADED-A2A11A2FF3E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A2FB8217-E320-434E-BA79-513E357AD54F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9CEBBF4-9129-479A-9231-E833ED3D3A8F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AFD4D1F9-167C-4884-95AE-B5A9797B0D16}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B3EAD50C-ECB0-459A-9EDA-F505AB99675B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C47788B1-9604-4D7A-A684-F4D450F2D7D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA3B41D0-D4C1-4808-B248-75DA27238828}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D4A2FF6C-087F-4D40-8DFE-92AAD484BFB8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D88B9D5C-A9CF-4C69-906D-1CCA5D85A2EF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E4E394E0-D331-431F-B76D-E3A19193D5F6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F83AF01C-AA2F-469F-8BE7-D178FB15FD07}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A11A6BD-7880-49BD-92D4-6F09D0BD3250}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{68DE31F7-43FF-4EE2-B88B-10665016970D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C39937A9-C59D-4506-A9FC-0A0138192287}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1791C1B5-FFD0-4D4B-ABCD-7A7DF6EAA89C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E57091A7-B5F0-4C42-9329-72ED3E59ED31}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Deleted : HKCU\Software\WEDLMNGR
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Deleted : HKCU\Software\AppDataLow\Software\PopularScreensavers
Key Deleted : HKCU\Software\AppDataLow\Software\xfin_portal
Key Deleted : HKLM\Software\DeviceVM
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\xfin_portal
Key Deleted : [x64] HKLM\SOFTWARE\Amazon Browser Bar
Key Deleted : [x64] HKLM\SOFTWARE\DeviceVM
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
***** [ Browsers ] *****
-\\ Internet Explorer v10.0.9200.16686
-\\ Google Chrome v31.0.1650.63
[ File : C:\Users\Penwitt\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [8090 octets] - [15/12/2013 02:26:40]
AdwCleaner[S0].txt - [7983 octets] - [15/12/2013 02:30:47]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8043 octets] ##########
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-12-2013 01
Ran by Penwitt (administrator) on PENWITT-VAIO on 15-12-2013 02:35:30
Running from D:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(White Sky, Inc.) C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe
(Sony Corporation) C:\Program Files (x86)\Sony\Media Gallery\ElbServer.exe
(White Sky, Inc.) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
(Sony Corporation) C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
() C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(ALPS) C:\Program Files\Apoint\Apvfb.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
(Digital Delivery Networks, Inc.) C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Sony Corporation) C:\Program Files\Sony\VCM Manager Settings\VcmMgrNotification64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe
(Digital Delivery Networks, Inc.) C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe [518784 2011-03-28] (Conexant Systems, Inc.)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint\Apoint.exe [226672 2011-02-16] (Alps Electric Co., Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [HP Deskjet 3050A J611 series (NET)] - C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe [2676584 2011-06-08] (Hewlett-Packard Co.)
HKCU\...\Run: [Elbserver] - C:\Program Files (x86)\Sony\Media Gallery\ElbServer.exe [83344 2011-04-02] (Sony Corporation)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19603048 2013-06-03] (Skype Technologies S.A.)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [2757312 2011-02-15] (Sony Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] - C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [648032 2010-11-27] (Sony Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
AppInit_DLLs: C:\Program Files (x86)\KeyCryptSDK\KeyCrypt64(4).dll [88376 2013-07-24] (Zemana Ltd.)
AppInit_DLLs-x32: C:\PROGRA~2\KEYCRY~1\KeyCrypt32(4).dll [81160 2013-07-24] (Zemana Ltd.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://xfinity.comca...id=mtmh06182013
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Constant Guard Protection Suite - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.13.1030.3\NativeBHO.dll (WhiteSky)
BHO-x32: Updater For XFIN_PORTAL - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll No File
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000}
http://download.macr...director/sw.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5}
http://download.eset...lineScanner.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 4.2.2.1 4.2.2.2
Chrome:
=======
CHR RestoreOnStartup: "
https://www.google.c...rce=search_app"
CHR DefaultSearchKeyword: google.com
CHR DefaultSearchProvider: Google
CHR DefaultSearchURL: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultNewTabURL: {google:baseURL}_/chrome/newtab?{google:RLZ}{google:instantExtendedEnabledParameter}{google:ntpIsThemedParameter}ie={inputEncoding}
CHR Extension: (Google Docs) - C:\Users\Penwitt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Penwitt\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Penwitt\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Penwitt\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Print a Tree) - C:\Users\Penwitt\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmibjfmphcpfoacbchialfobiohmhged\1.0_0
CHR Extension: (AdBlock) - C:\Users\Penwitt\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.16_0
CHR Extension: (Skype Click to Call) - C:\Users\Penwitt\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_0
CHR Extension: (Google Wallet) - C:\Users\Penwitt\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\Penwitt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM\...\Chrome\Extension: [dmibjfmphcpfoacbchialfobiohmhged] - C:\Users\Penwitt\AppData\Roaming\PRINTA~1\printatreeChrome.crx
CHR HKLM-x32\...\Chrome\Extension: [dmibjfmphcpfoacbchialfobiohmhged] - C:\Users\Penwitt\AppData\Roaming\PRINTA~1\printatreeChrome.crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
==================== Services (Whitelisted) =================
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [259192 2011-01-29] (Sony Corporation)
S2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.)
R2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [887000 2011-01-20] (Sony Corporation)
==================== Drivers (Whitelisted) ====================
R1 AntiLog32; C:\Windows\system32\drivers\AntiLog64.sys [49240 2013-12-14] (Zemana Ltd.)
R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
R3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [25056 2013-07-24] (Zemana Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-12-15 02:26 - 2013-12-15 02:31 - 00000000 ____D C:\AdwCleaner
2013-12-15 02:26 - 2013-12-15 02:24 - 01226802 _____ C:\Users\Penwitt\Desktop\AdwCleaner.exe
2013-12-15 02:17 - 2013-12-15 02:17 - 00003436 _____ C:\Windows\System32\Tasks\VAIO® Messenger (Penwitt)
2013-12-14 23:28 - 2013-12-14 23:28 - 00000000 ____D C:\Windows\ERUNT
2013-12-14 20:54 - 2013-12-14 23:12 - 00000000 ____D C:\Qoobox
2013-12-14 20:54 - 2011-06-26 00:45 - 00256000 _____ C:\Windows\PEV.exe
2013-12-14 20:54 - 2010-11-07 11:20 - 00208896 _____ C:\Windows\MBR.exe
2013-12-14 20:54 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-12-14 20:54 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-12-14 20:54 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-12-14 20:54 - 2000-08-30 18:00 - 00098816 _____ C:\Windows\sed.exe
2013-12-14 20:54 - 2000-08-30 18:00 - 00080412 _____ C:\Windows\grep.exe
2013-12-14 20:54 - 2000-08-30 18:00 - 00068096 _____ C:\Windows\zip.exe
2013-12-14 20:53 - 2013-12-14 21:31 - 00000000 ____D C:\Windows\erdnt
2013-12-14 20:52 - 2013-12-14 20:53 - 00000000 ____D C:\Users\Penwitt\Desktop\Symantec Endpoint Client 12.1.3 x64 windows 8
2013-12-14 20:50 - 2013-12-14 20:50 - 00000000 __HDC C:\ProgramData\{AA28280A-C4CA-4B4F-9DF1-593032D2F3EC}
2013-12-14 20:36 - 2013-12-14 20:50 - 00000000 ____D C:\ProgramData\DDNi
2013-12-14 20:36 - 2013-12-14 20:50 - 00000000 ____D C:\Program Files (x86)\DDNi
2013-12-14 20:36 - 2013-12-14 20:36 - 00003316 _____ C:\Windows\System32\Tasks\DDNi Startup
2013-12-14 19:55 - 2013-12-15 02:32 - 00000392 _____ C:\Windows\setupact.log
2013-12-14 19:55 - 2013-12-14 19:55 - 00000000 _____ C:\Windows\setuperr.log
2013-12-14 19:54 - 2013-12-15 02:13 - 00206098 _____ C:\Windows\PFRO.log
2013-12-14 19:38 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2013-12-14 19:33 - 2013-12-14 19:39 - 00009168 _____ C:\Windows\IE11_main.log
2013-12-14 19:14 - 2013-12-14 19:14 - 00002215 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-12-14 17:48 - 2013-12-14 17:48 - 00000303 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog
2013-12-14 17:25 - 2013-08-27 19:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-12-14 17:16 - 2013-12-14 17:16 - 00002776 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-12-14 17:16 - 2013-12-14 17:16 - 00001069 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-14 17:16 - 2013-12-14 17:16 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-12-14 17:16 - 2013-12-14 17:16 - 00000000 ____D C:\Users\Penwitt\AppData\Roaming\Malwarebytes
2013-12-14 17:16 - 2013-12-14 17:16 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-14 17:16 - 2013-12-14 17:16 - 00000000 ____D C:\Program Files\CCleaner
2013-12-14 17:16 - 2013-12-14 17:16 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-14 17:16 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-12-14 00:56 - 2013-12-15 02:35 - 00000000 ____D C:\FRST
==================== One Month Modified Files and Folders =======
2013-12-15 02:36 - 2012-08-28 15:08 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-15 02:35 - 2013-12-14 00:56 - 00000000 ____D C:\FRST
2013-12-15 02:35 - 2012-04-13 09:59 - 00000000 ____D C:\Users\Penwitt\AppData\Roaming\Skype
2013-12-15 02:35 - 2012-03-15 08:04 - 00000000 ____D C:\Users\Penwitt\AppData\Roaming\ID Vault
2013-12-15 02:35 - 2011-12-20 09:34 - 01427710 _____ C:\Windows\WindowsUpdate.log
2013-12-15 02:32 - 2013-12-14 19:55 - 00000392 _____ C:\Windows\setupact.log
2013-12-15 02:32 - 2012-08-28 15:08 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-15 02:32 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-15 02:31 - 2013-12-15 02:26 - 00000000 ____D C:\AdwCleaner
2013-12-15 02:27 - 2009-07-13 23:13 - 00783360 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-15 02:24 - 2013-12-15 02:26 - 01226802 _____ C:\Users\Penwitt\Desktop\AdwCleaner.exe
2013-12-15 02:24 - 2012-06-02 22:39 - 00000342 _____ C:\Windows\Tasks\HP Photo Creations Communicator.job
2013-12-15 02:23 - 2009-07-13 22:45 - 00020928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-15 02:23 - 2009-07-13 22:45 - 00020928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-15 02:17 - 2013-12-15 02:17 - 00003436 _____ C:\Windows\System32\Tasks\VAIO® Messenger (Penwitt)
2013-12-15 02:13 - 2013-12-14 19:54 - 00206098 _____ C:\Windows\PFRO.log
2013-12-15 01:41 - 2012-04-18 08:33 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-14 23:35 - 2012-02-11 23:52 - 00003950 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{823E3463-0B62-4D91-A636-313DA05A83F6}
2013-12-14 23:28 - 2013-12-14 23:28 - 00000000 ____D C:\Windows\ERUNT
2013-12-14 23:12 - 2013-12-14 20:54 - 00000000 ____D C:\Qoobox
2013-12-14 22:55 - 2009-07-13 20:34 - 00000215 _____ C:\Windows\system.ini
2013-12-14 21:31 - 2013-12-14 20:53 - 00000000 ____D C:\Windows\erdnt
2013-12-14 20:53 - 2013-12-14 20:52 - 00000000 ____D C:\Users\Penwitt\Desktop\Symantec Endpoint Client 12.1.3 x64 windows 8
2013-12-14 20:50 - 2013-12-14 20:50 - 00000000 __HDC C:\ProgramData\{AA28280A-C4CA-4B4F-9DF1-593032D2F3EC}
2013-12-14 20:50 - 2013-12-14 20:36 - 00000000 ____D C:\ProgramData\DDNi
2013-12-14 20:50 - 2013-12-14 20:36 - 00000000 ____D C:\Program Files (x86)\DDNi
2013-12-14 20:45 - 2013-08-15 13:49 - 00000000 ____D C:\Windows\system32\MRT
2013-12-14 20:36 - 2013-12-14 20:36 - 00003316 _____ C:\Windows\System32\Tasks\DDNi Startup
2013-12-14 20:11 - 2009-07-13 22:45 - 00310264 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-14 20:08 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-12-14 19:56 - 2011-02-10 16:48 - 00000000 ____D C:\Windows\Panther
2013-12-14 19:55 - 2013-12-14 19:55 - 00000000 _____ C:\Windows\setuperr.log
2013-12-14 19:55 - 2013-03-13 19:20 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-12-14 19:55 - 2013-03-13 19:20 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-12-14 19:42 - 2011-02-10 17:03 - 00775974 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-12-14 19:41 - 2012-04-18 08:33 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-14 19:41 - 2012-04-18 08:33 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-14 19:41 - 2012-04-18 08:33 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-14 19:39 - 2013-12-14 19:33 - 00009168 _____ C:\Windows\IE11_main.log
2013-12-14 19:17 - 2013-04-19 23:19 - 00000000 ____D C:\Program Files (x86)\vGrabber-software
2013-12-14 19:14 - 2013-12-14 19:14 - 00002215 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-12-14 19:13 - 2012-08-28 15:08 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-14 18:49 - 2012-04-28 02:16 - 00007477 _____ C:\test.xml
2013-12-14 17:54 - 2012-02-15 15:24 - 00000000 ____D C:\Users\Penwitt\AppData\Local\CrashDumps
2013-12-14 17:48 - 2013-12-14 17:48 - 00000303 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog
2013-12-14 17:48 - 2012-03-15 08:02 - 00000000 ____D C:\Program Files (x86)\Constant Guard Protection Suite
2013-12-14 17:47 - 2013-01-13 10:08 - 00049240 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\AntiLog64.sys
2013-12-14 17:47 - 2013-01-13 10:08 - 00002149 _____ C:\Users\Public\Desktop\Constant Guard.lnk
2013-12-14 17:47 - 2013-01-13 10:08 - 00000000 ____D C:\Windows\SysWOW64\ZALSDK_uninst
2013-12-14 17:44 - 2012-04-13 09:58 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-12-14 17:44 - 2012-04-13 09:58 - 00000000 ____D C:\ProgramData\Skype
2013-12-14 17:31 - 2012-08-28 15:08 - 00003896 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-14 17:31 - 2012-08-28 15:08 - 00003644 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-14 17:16 - 2013-12-14 17:16 - 00002776 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-12-14 17:16 - 2013-12-14 17:16 - 00001069 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-14 17:16 - 2013-12-14 17:16 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-12-14 17:16 - 2013-12-14 17:16 - 00000000 ____D C:\Users\Penwitt\AppData\Roaming\Malwarebytes
2013-12-14 17:16 - 2013-12-14 17:16 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-14 17:16 - 2013-12-14 17:16 - 00000000 ____D C:\Program Files\CCleaner
2013-12-14 17:16 - 2013-12-14 17:16 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-14 16:09 - 2012-02-11 23:43 - 00000000 ____D C:\Users\Penwitt
2013-12-11 18:11 - 2013-08-19 17:59 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-11 18:11 - 2013-08-19 17:59 - 00000000 ____D C:\Program Files\iTunes
2013-12-11 18:11 - 2013-01-13 10:36 - 00000000 ____D C:\Program Files (x86)\Norton Security Suite
2013-12-11 18:11 - 2012-04-12 17:33 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-11 18:11 - 2012-03-05 16:39 - 00000000 ____D C:\Windows\system32\Macromed
2013-12-11 18:11 - 2012-02-19 02:32 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-12-11 18:11 - 2012-02-12 13:06 - 00000000 ____D C:\ProgramData\HP Photo Creations
2013-12-11 18:11 - 2012-02-12 13:06 - 00000000 ____D C:\Program Files (x86)\HP Photo Creations
2013-12-11 18:11 - 2011-05-04 01:33 - 00000000 ____D C:\ProgramData\Norton
2013-12-11 18:11 - 2011-05-04 00:50 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2013-12-11 18:11 - 2011-05-04 00:44 - 00000000 ____D C:\ProgramData\Sony Corporation
2013-12-11 18:11 - 2009-07-13 23:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-11 18:11 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\NDF
2013-12-11 18:11 - 2009-07-13 21:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-12-11 18:08 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\registration
2013-12-11 18:04 - 2012-02-12 13:20 - 00000000 ____D C:\Users\Penwitt\AppData\Roaming\SoftGrid Client
2013-12-11 18:03 - 2012-03-15 08:04 - 00000000 ____D C:\Users\Penwitt\AppData\Local\ID Vault
2013-12-11 18:02 - 2012-02-19 02:32 - 00000000 ____D C:\Program Files\iPod
2013-12-11 18:01 - 2012-02-12 13:25 - 00000000 ___RD C:\MSOCache
2013-12-01 14:42 - 2012-03-28 10:40 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
Some content of TEMP:
====================
C:\Users\Penwitt\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-09-23 17:50
==================== End Of Log ============================