Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

BSOD %hs file is missing [Solved]


  • This topic is locked This topic is locked

#16
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Looking much better now. :)

Moving along

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right click JRT.exe and "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
After that

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • Click the green ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
    then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
  • Make sure that the option Scan archives is checked.
  • If you are given an option to quarantine files ensure the scan is set to do so.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Then click on: Finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
So when you return please post
  • JRT.txt
  • ESET scan results
  • and tell me how the machine is now

  • 0

Advertisements


#17
BKuke

BKuke

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Both scans are now completed
Here are the results:



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by Penwitt on Sat 12/14/2013 at 23:28:12.61
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Suspicious HKCU\..\Run entries found. Trojan:JS/Medfos.B?

Value Name Type Value Data
========================================================================================
BackgroundContainer REG_SZ "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Penwitt\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun




~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\distromatic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\searchprotect
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\pricegong
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\toolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\searchprotect
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\alxssb.alxtbssb
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\alxssb.alxtbssb.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\alxtb2.toolbarproxy
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\alxtb2.toolbarproxy.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3293216
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{44DC3E1A-F92C-4B24-AB84-7A1104DF879E}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{46197f3d-30e7-4905-a14b-02bee3aaeb58}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{46197f3d-30e7-4905-a14b-02bee3aaeb58}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}



~~~ Files

Successfully deleted: [File] C:\Windows\syswow64\shoA9BD.tmp



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\Users\Penwitt\AppData\Roaming\printatree"
Successfully deleted: [Folder] "C:\Users\Penwitt\AppData\Roaming\yontoo"
Successfully deleted: [Folder] "C:\Users\Penwitt\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\Penwitt\appdata\local\cre"
Successfully deleted: [Folder] "C:\Users\Penwitt\appdata\local\searchprotect"
Successfully deleted: [Folder] "C:\Users\Penwitt\appdata\locallow\comcasttb"
Successfully deleted: [Folder] "C:\Users\Penwitt\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Penwitt\appdata\locallow\iac"
Successfully deleted: [Folder] "C:\Users\Penwitt\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Program Files (x86)\comcasttb"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\mypc backup"
Successfully deleted: [Folder] "C:\Program Files (x86)\searchprotect"
Successfully deleted: [Folder] "C:\Program Files (x86)\yontoo"
Successfully deleted: [Empty Folder] C:\Users\Penwitt\appdata\local\{463D306F-243A-446F-8568-7118903CCF1F}
Successfully deleted: [Empty Folder] C:\Users\Penwitt\appdata\local\{BE364330-614C-4E96-BF67-27353DCF7E21}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 12/14/2013 at 23:48:04.87
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=8
# IEXPLORE.EXE=10.00.9200.16521 (win8_gdr_soc_ie.130216-2100)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=19100f89cfe22446936d5f36e8e97578
# engine=16274
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-12-15 07:41:35
# local_time=2013-12-15 01:41:35 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 82 12991484 138636745 0 0
# scanned=168632
# found=14
# cleaned=13
# scan_time=5562
sh=20A2E417F1D8E36A536364AEE3ADD8102BA5D8AF ft=1 fh=494d20b369828d7b vn="Win32/Toolbar.MyWebSearch application" ac=I fn="C:\Windows\SysWOW64\p5PSSavr.scr"
sh=737D70C09B888A11F687A8CDB020FD5394D4ED96 ft=1 fh=2bd1acaa4e01c158 vn="a variant of Win32/Toolbar.Visicom.B application (cleaned by deleting (after the next restart) - quarantined)" ac=C fn="C:\Program Files (x86)\xfin_portal\comcastdx.dll"
sh=EFACF95B980D73274F817953E5D2029A30EF649D ft=1 fh=f999fd34447eddfa vn="a variant of Win32/Toolbar.Visicom.A application (cleaned by deleting (after the next restart) - quarantined)" ac=C fn="C:\Program Files (x86)\xfin_portal\comcasttb.dll"
sh=DA03B4A5B82EDF67AE6067663595D78C5D75B2C6 ft=1 fh=c71c00114d73177a vn="a variant of Win32/Toolbar.Visicom.C application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files (x86)\xfin_portal\dtuser.exe"
sh=2483CFDDB0EECDA8762E74A25AFEA48A6706E440 ft=0 fh=0000000000000000 vn="JS/Redirector.NCG trojan (deleted - quarantined)" ac=C fn="C:\Users\Penwitt\AppData\Local\a8132ebe-cd8a-4003-8d20-fc3db8fc756e.crx"
sh=BB64EAB4A8D339B38E2C84ECCDC1EB9BCB508661 ft=1 fh=b9050071cbb9d4b1 vn="a variant of Win32/Toolbar.Conduit.P application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Penwitt\AppData\LocalLow\Vgrabber_v1.5\ldrtbVgr0.dll"
sh=9B3B44428CC80CC43F085AE514E7E16F7963EACC ft=1 fh=4c03fc1250fa29f9 vn="a variant of Win32/Toolbar.Conduit.P application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Penwitt\AppData\LocalLow\Vgrabber_v1.5\ldrtbVgr2.dll"
sh=87BE5F13318AC3BA3F403A73E332E1784304C21D ft=1 fh=3e5cd6b65c184efc vn="a variant of Win32/Toolbar.Conduit.P application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Penwitt\AppData\LocalLow\Vgrabber_v1.5\ldrtbVgra.dll"
sh=41565A5C7C5DE65C949CC2C3566265E05A0BA782 ft=1 fh=95024ab9b65b3320 vn="a variant of Win32/Toolbar.Conduit.B application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Penwitt\AppData\LocalLow\Vgrabber_v1.5\tbVgr0.dll"
sh=33457E2F2405727124C107D6DEAF24C94E992463 ft=1 fh=e719e166edfd7994 vn="a variant of Win32/Toolbar.Conduit.B application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Penwitt\AppData\LocalLow\Vgrabber_v1.5\tbVgr2.dll"
sh=1E6279D9317A709616211812CCA5AB8B26EB4AB2 ft=1 fh=dd2582521ac42eea vn="a variant of Win32/Toolbar.Conduit.B application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Penwitt\AppData\LocalLow\Vgrabber_v1.5\tbVgra.dll"
sh=12626B55C3C03E0B3CB6005F2DFBAFDBC5CCAD89 ft=1 fh=c0b533973faf1f0d vn="a variant of Win32/Toolbar.Visicom.B application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Penwitt\AppData\LocalLow\xfin_portal\comcastdx.dll"
sh=20A2E417F1D8E36A536364AEE3ADD8102BA5D8AF ft=1 fh=494d20b369828d7b vn="Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined)" ac=C fn="C:\Windows\System32\p5PSSavr.scr"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="multiple threats (contained infected files)" ac=C fn="${Memory}"
  • 0

#18
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
How is the machine now?
  • 0

#19
BKuke

BKuke

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Once I restarted the machine, an error popped up once the desktop loaded.


(X) There was a problem starting
C:\Users\Penwitt\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll

The specified module could not be found



I am assuming that is a remnant of something we just removed.

Edited by BKuke, 15 December 2013 - 02:20 AM.

  • 0

#20
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

I am assuming that is a remnant of something we just removed.


Yep, that one is a bad one. While it can't work it looks like it's not completely gone.

Let's do this:

Download : ADWCleaner to your desktop.

NOTE: If using Internet Explorer and get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs and click on the AdwCleaner icon.

Posted Image

Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy and paste back here. If a report doesn't appear, press the report button and Copy & Paste the contents on your next reply.

A copy of the report is also saved in the C:\AdwCleaner folder.

After that

Please run a scan with Farbar Recovery Scan Tool again and post the FRST.txt back here.

So when you return please post
  • AdwCleaner log
  • FRST.txt

  • 0

#21
BKuke

BKuke

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
# AdwCleaner v3.015 - Report created 15/12/2013 at 02:30:47
# Updated 10/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Penwitt - PENWITT-VAIO
# Running from : C:\Users\Penwitt\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Searchprotect
Folder Deleted : C:\Program Files (x86)\xfin_portal
Folder Deleted : C:\Users\Penwitt\AppData\Local\PackageAware
Folder Deleted : C:\Users\Penwitt\AppData\LocalLow\comcasttb
Folder Deleted : C:\Users\Penwitt\AppData\LocalLow\xfin_portal
Folder Deleted : C:\Users\Penwitt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Video downloader
Folder Deleted : C:\Users\Penwitt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam
Folder Deleted : C:\Users\Penwitt\AppData\Local\Google\Chrome\User Data\Default\Extensions\hchkdglnjoagfcnikmcebkjlfbcbkhnm
File Deleted : C:\Windows\System32\Tasks\BackgroundContainer Startup Task
File Deleted : C:\Windows\System32\Tasks\Printatree

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Messenger\View Inbox.lnk

***** [ Registry ] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam
Key Deleted : HKCU\Software\Google\Chrome\Extensions\hchkdglnjoagfcnikmcebkjlfbcbkhnm
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hchkdglnjoagfcnikmcebkjlfbcbkhnm
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [BackgroundContainer]
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1F02FB61-2BE5-4C16-8199-AEAA16EB0342}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{08635077-8829-49E2-B338-C968817EB460}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{20A3F109-F7C1-47B4-8098-8E654B264B1D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8C7478AB-3155-463E-936F-55F91F0F10D0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9E1B65EE-A131-42B4-94CA-847505E2F611}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A1BBE49-C6F1-40EA-9D2F-262F0AF6DDE3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2022154E-7E3E-4809-871E-1B45A6FC7058}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{292ECB89-350E-45D2-816F-52C15305B144}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{36CC2180-B6BF-4951-9578-6B0C40044AAA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44A36944-22C6-4A08-BC7C-161F3E540DBF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{51F04BD6-3888-4849-864C-617FAE709CE0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6247DD2C-8CF9-4041-A235-93691D71B8B4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{835BED79-DF7E-4096-B355-ED43FA2EA87B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C953EC4-8CFA-44FB-B32E-1249E5505091}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8E863BD6-50DE-47D0-A6F1-3C1F6DB72451}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9DD36F1E-5111-41C5-ADED-A2A11A2FF3E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A2FB8217-E320-434E-BA79-513E357AD54F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9CEBBF4-9129-479A-9231-E833ED3D3A8F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AFD4D1F9-167C-4884-95AE-B5A9797B0D16}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B3EAD50C-ECB0-459A-9EDA-F505AB99675B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C47788B1-9604-4D7A-A684-F4D450F2D7D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA3B41D0-D4C1-4808-B248-75DA27238828}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D4A2FF6C-087F-4D40-8DFE-92AAD484BFB8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D88B9D5C-A9CF-4C69-906D-1CCA5D85A2EF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E4E394E0-D331-431F-B76D-E3A19193D5F6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F83AF01C-AA2F-469F-8BE7-D178FB15FD07}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A11A6BD-7880-49BD-92D4-6F09D0BD3250}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{68DE31F7-43FF-4EE2-B88B-10665016970D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C39937A9-C59D-4506-A9FC-0A0138192287}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1791C1B5-FFD0-4D4B-ABCD-7A7DF6EAA89C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E57091A7-B5F0-4C42-9329-72ED3E59ED31}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Deleted : HKCU\Software\WEDLMNGR
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Deleted : HKCU\Software\AppDataLow\Software\PopularScreensavers
Key Deleted : HKCU\Software\AppDataLow\Software\xfin_portal
Key Deleted : HKLM\Software\DeviceVM
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\xfin_portal
Key Deleted : [x64] HKLM\SOFTWARE\Amazon Browser Bar
Key Deleted : [x64] HKLM\SOFTWARE\DeviceVM
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16686


-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\Penwitt\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [8090 octets] - [15/12/2013 02:26:40]
AdwCleaner[S0].txt - [7983 octets] - [15/12/2013 02:30:47]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8043 octets] ##########










Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-12-2013 01
Ran by Penwitt (administrator) on PENWITT-VAIO on 15-12-2013 02:35:30
Running from D:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(White Sky, Inc.) C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe
(Sony Corporation) C:\Program Files (x86)\Sony\Media Gallery\ElbServer.exe
(White Sky, Inc.) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
(Sony Corporation) C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
() C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(ALPS) C:\Program Files\Apoint\Apvfb.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
(Digital Delivery Networks, Inc.) C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Sony Corporation) C:\Program Files\Sony\VCM Manager Settings\VcmMgrNotification64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe
(Digital Delivery Networks, Inc.) C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe [518784 2011-03-28] (Conexant Systems, Inc.)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint\Apoint.exe [226672 2011-02-16] (Alps Electric Co., Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [HP Deskjet 3050A J611 series (NET)] - C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe [2676584 2011-06-08] (Hewlett-Packard Co.)
HKCU\...\Run: [Elbserver] - C:\Program Files (x86)\Sony\Media Gallery\ElbServer.exe [83344 2011-04-02] (Sony Corporation)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19603048 2013-06-03] (Skype Technologies S.A.)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [2757312 2011-02-15] (Sony Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] - C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [648032 2010-11-27] (Sony Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
AppInit_DLLs: C:\Program Files (x86)\KeyCryptSDK\KeyCrypt64(4).dll [88376 2013-07-24] (Zemana Ltd.)
AppInit_DLLs-x32: C:\PROGRA~2\KEYCRY~1\KeyCrypt32(4).dll [81160 2013-07-24] (Zemana Ltd.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://xfinity.comca...id=mtmh06182013
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Constant Guard Protection Suite - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.13.1030.3\NativeBHO.dll (WhiteSky)
BHO-x32: Updater For XFIN_PORTAL - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll No File
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 4.2.2.1 4.2.2.2

Chrome:
=======
CHR RestoreOnStartup: "https://www.google.c...rce=search_app"
CHR DefaultSearchKeyword: google.com
CHR DefaultSearchProvider: Google
CHR DefaultSearchURL: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultNewTabURL: {google:baseURL}_/chrome/newtab?{google:RLZ}{google:instantExtendedEnabledParameter}{google:ntpIsThemedParameter}ie={inputEncoding}
CHR Extension: (Google Docs) - C:\Users\Penwitt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Penwitt\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Penwitt\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Penwitt\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Print a Tree) - C:\Users\Penwitt\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmibjfmphcpfoacbchialfobiohmhged\1.0_0
CHR Extension: (AdBlock) - C:\Users\Penwitt\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.16_0
CHR Extension: (Skype Click to Call) - C:\Users\Penwitt\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_0
CHR Extension: (Google Wallet) - C:\Users\Penwitt\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\Penwitt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM\...\Chrome\Extension: [dmibjfmphcpfoacbchialfobiohmhged] - C:\Users\Penwitt\AppData\Roaming\PRINTA~1\printatreeChrome.crx
CHR HKLM-x32\...\Chrome\Extension: [dmibjfmphcpfoacbchialfobiohmhged] - C:\Users\Penwitt\AppData\Roaming\PRINTA~1\printatreeChrome.crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx

==================== Services (Whitelisted) =================

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [259192 2011-01-29] (Sony Corporation)
S2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.)
R2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [887000 2011-01-20] (Sony Corporation)

==================== Drivers (Whitelisted) ====================

R1 AntiLog32; C:\Windows\system32\drivers\AntiLog64.sys [49240 2013-12-14] (Zemana Ltd.)
R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
R3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [25056 2013-07-24] (Zemana Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-15 02:26 - 2013-12-15 02:31 - 00000000 ____D C:\AdwCleaner
2013-12-15 02:26 - 2013-12-15 02:24 - 01226802 _____ C:\Users\Penwitt\Desktop\AdwCleaner.exe
2013-12-15 02:17 - 2013-12-15 02:17 - 00003436 _____ C:\Windows\System32\Tasks\VAIO® Messenger (Penwitt)
2013-12-14 23:28 - 2013-12-14 23:28 - 00000000 ____D C:\Windows\ERUNT
2013-12-14 20:54 - 2013-12-14 23:12 - 00000000 ____D C:\Qoobox
2013-12-14 20:54 - 2011-06-26 00:45 - 00256000 _____ C:\Windows\PEV.exe
2013-12-14 20:54 - 2010-11-07 11:20 - 00208896 _____ C:\Windows\MBR.exe
2013-12-14 20:54 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-12-14 20:54 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-12-14 20:54 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-12-14 20:54 - 2000-08-30 18:00 - 00098816 _____ C:\Windows\sed.exe
2013-12-14 20:54 - 2000-08-30 18:00 - 00080412 _____ C:\Windows\grep.exe
2013-12-14 20:54 - 2000-08-30 18:00 - 00068096 _____ C:\Windows\zip.exe
2013-12-14 20:53 - 2013-12-14 21:31 - 00000000 ____D C:\Windows\erdnt
2013-12-14 20:52 - 2013-12-14 20:53 - 00000000 ____D C:\Users\Penwitt\Desktop\Symantec Endpoint Client 12.1.3 x64 windows 8
2013-12-14 20:50 - 2013-12-14 20:50 - 00000000 __HDC C:\ProgramData\{AA28280A-C4CA-4B4F-9DF1-593032D2F3EC}
2013-12-14 20:36 - 2013-12-14 20:50 - 00000000 ____D C:\ProgramData\DDNi
2013-12-14 20:36 - 2013-12-14 20:50 - 00000000 ____D C:\Program Files (x86)\DDNi
2013-12-14 20:36 - 2013-12-14 20:36 - 00003316 _____ C:\Windows\System32\Tasks\DDNi Startup
2013-12-14 19:55 - 2013-12-15 02:32 - 00000392 _____ C:\Windows\setupact.log
2013-12-14 19:55 - 2013-12-14 19:55 - 00000000 _____ C:\Windows\setuperr.log
2013-12-14 19:54 - 2013-12-15 02:13 - 00206098 _____ C:\Windows\PFRO.log
2013-12-14 19:38 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2013-12-14 19:33 - 2013-12-14 19:39 - 00009168 _____ C:\Windows\IE11_main.log
2013-12-14 19:14 - 2013-12-14 19:14 - 00002215 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-12-14 17:48 - 2013-12-14 17:48 - 00000303 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog
2013-12-14 17:25 - 2013-08-27 19:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-12-14 17:16 - 2013-12-14 17:16 - 00002776 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-12-14 17:16 - 2013-12-14 17:16 - 00001069 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-14 17:16 - 2013-12-14 17:16 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-12-14 17:16 - 2013-12-14 17:16 - 00000000 ____D C:\Users\Penwitt\AppData\Roaming\Malwarebytes
2013-12-14 17:16 - 2013-12-14 17:16 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-14 17:16 - 2013-12-14 17:16 - 00000000 ____D C:\Program Files\CCleaner
2013-12-14 17:16 - 2013-12-14 17:16 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-14 17:16 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-12-14 00:56 - 2013-12-15 02:35 - 00000000 ____D C:\FRST

==================== One Month Modified Files and Folders =======

2013-12-15 02:36 - 2012-08-28 15:08 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-15 02:35 - 2013-12-14 00:56 - 00000000 ____D C:\FRST
2013-12-15 02:35 - 2012-04-13 09:59 - 00000000 ____D C:\Users\Penwitt\AppData\Roaming\Skype
2013-12-15 02:35 - 2012-03-15 08:04 - 00000000 ____D C:\Users\Penwitt\AppData\Roaming\ID Vault
2013-12-15 02:35 - 2011-12-20 09:34 - 01427710 _____ C:\Windows\WindowsUpdate.log
2013-12-15 02:32 - 2013-12-14 19:55 - 00000392 _____ C:\Windows\setupact.log
2013-12-15 02:32 - 2012-08-28 15:08 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-15 02:32 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-15 02:31 - 2013-12-15 02:26 - 00000000 ____D C:\AdwCleaner
2013-12-15 02:27 - 2009-07-13 23:13 - 00783360 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-15 02:24 - 2013-12-15 02:26 - 01226802 _____ C:\Users\Penwitt\Desktop\AdwCleaner.exe
2013-12-15 02:24 - 2012-06-02 22:39 - 00000342 _____ C:\Windows\Tasks\HP Photo Creations Communicator.job
2013-12-15 02:23 - 2009-07-13 22:45 - 00020928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-15 02:23 - 2009-07-13 22:45 - 00020928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-15 02:17 - 2013-12-15 02:17 - 00003436 _____ C:\Windows\System32\Tasks\VAIO® Messenger (Penwitt)
2013-12-15 02:13 - 2013-12-14 19:54 - 00206098 _____ C:\Windows\PFRO.log
2013-12-15 01:41 - 2012-04-18 08:33 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-14 23:35 - 2012-02-11 23:52 - 00003950 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{823E3463-0B62-4D91-A636-313DA05A83F6}
2013-12-14 23:28 - 2013-12-14 23:28 - 00000000 ____D C:\Windows\ERUNT
2013-12-14 23:12 - 2013-12-14 20:54 - 00000000 ____D C:\Qoobox
2013-12-14 22:55 - 2009-07-13 20:34 - 00000215 _____ C:\Windows\system.ini
2013-12-14 21:31 - 2013-12-14 20:53 - 00000000 ____D C:\Windows\erdnt
2013-12-14 20:53 - 2013-12-14 20:52 - 00000000 ____D C:\Users\Penwitt\Desktop\Symantec Endpoint Client 12.1.3 x64 windows 8
2013-12-14 20:50 - 2013-12-14 20:50 - 00000000 __HDC C:\ProgramData\{AA28280A-C4CA-4B4F-9DF1-593032D2F3EC}
2013-12-14 20:50 - 2013-12-14 20:36 - 00000000 ____D C:\ProgramData\DDNi
2013-12-14 20:50 - 2013-12-14 20:36 - 00000000 ____D C:\Program Files (x86)\DDNi
2013-12-14 20:45 - 2013-08-15 13:49 - 00000000 ____D C:\Windows\system32\MRT
2013-12-14 20:36 - 2013-12-14 20:36 - 00003316 _____ C:\Windows\System32\Tasks\DDNi Startup
2013-12-14 20:11 - 2009-07-13 22:45 - 00310264 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-14 20:08 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-12-14 19:56 - 2011-02-10 16:48 - 00000000 ____D C:\Windows\Panther
2013-12-14 19:55 - 2013-12-14 19:55 - 00000000 _____ C:\Windows\setuperr.log
2013-12-14 19:55 - 2013-03-13 19:20 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-12-14 19:55 - 2013-03-13 19:20 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-12-14 19:42 - 2011-02-10 17:03 - 00775974 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-12-14 19:41 - 2012-04-18 08:33 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-14 19:41 - 2012-04-18 08:33 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-14 19:41 - 2012-04-18 08:33 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-14 19:39 - 2013-12-14 19:33 - 00009168 _____ C:\Windows\IE11_main.log
2013-12-14 19:17 - 2013-04-19 23:19 - 00000000 ____D C:\Program Files (x86)\vGrabber-software
2013-12-14 19:14 - 2013-12-14 19:14 - 00002215 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-12-14 19:13 - 2012-08-28 15:08 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-14 18:49 - 2012-04-28 02:16 - 00007477 _____ C:\test.xml
2013-12-14 17:54 - 2012-02-15 15:24 - 00000000 ____D C:\Users\Penwitt\AppData\Local\CrashDumps
2013-12-14 17:48 - 2013-12-14 17:48 - 00000303 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog
2013-12-14 17:48 - 2012-03-15 08:02 - 00000000 ____D C:\Program Files (x86)\Constant Guard Protection Suite
2013-12-14 17:47 - 2013-01-13 10:08 - 00049240 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\AntiLog64.sys
2013-12-14 17:47 - 2013-01-13 10:08 - 00002149 _____ C:\Users\Public\Desktop\Constant Guard.lnk
2013-12-14 17:47 - 2013-01-13 10:08 - 00000000 ____D C:\Windows\SysWOW64\ZALSDK_uninst
2013-12-14 17:44 - 2012-04-13 09:58 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-12-14 17:44 - 2012-04-13 09:58 - 00000000 ____D C:\ProgramData\Skype
2013-12-14 17:31 - 2012-08-28 15:08 - 00003896 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-14 17:31 - 2012-08-28 15:08 - 00003644 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-14 17:16 - 2013-12-14 17:16 - 00002776 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-12-14 17:16 - 2013-12-14 17:16 - 00001069 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-14 17:16 - 2013-12-14 17:16 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-12-14 17:16 - 2013-12-14 17:16 - 00000000 ____D C:\Users\Penwitt\AppData\Roaming\Malwarebytes
2013-12-14 17:16 - 2013-12-14 17:16 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-14 17:16 - 2013-12-14 17:16 - 00000000 ____D C:\Program Files\CCleaner
2013-12-14 17:16 - 2013-12-14 17:16 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-14 16:09 - 2012-02-11 23:43 - 00000000 ____D C:\Users\Penwitt
2013-12-11 18:11 - 2013-08-19 17:59 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-11 18:11 - 2013-08-19 17:59 - 00000000 ____D C:\Program Files\iTunes
2013-12-11 18:11 - 2013-01-13 10:36 - 00000000 ____D C:\Program Files (x86)\Norton Security Suite
2013-12-11 18:11 - 2012-04-12 17:33 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-11 18:11 - 2012-03-05 16:39 - 00000000 ____D C:\Windows\system32\Macromed
2013-12-11 18:11 - 2012-02-19 02:32 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-12-11 18:11 - 2012-02-12 13:06 - 00000000 ____D C:\ProgramData\HP Photo Creations
2013-12-11 18:11 - 2012-02-12 13:06 - 00000000 ____D C:\Program Files (x86)\HP Photo Creations
2013-12-11 18:11 - 2011-05-04 01:33 - 00000000 ____D C:\ProgramData\Norton
2013-12-11 18:11 - 2011-05-04 00:50 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2013-12-11 18:11 - 2011-05-04 00:44 - 00000000 ____D C:\ProgramData\Sony Corporation
2013-12-11 18:11 - 2009-07-13 23:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-11 18:11 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\NDF
2013-12-11 18:11 - 2009-07-13 21:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-12-11 18:08 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\registration
2013-12-11 18:04 - 2012-02-12 13:20 - 00000000 ____D C:\Users\Penwitt\AppData\Roaming\SoftGrid Client
2013-12-11 18:03 - 2012-03-15 08:04 - 00000000 ____D C:\Users\Penwitt\AppData\Local\ID Vault
2013-12-11 18:02 - 2012-02-19 02:32 - 00000000 ____D C:\Program Files\iPod
2013-12-11 18:01 - 2012-02-12 13:25 - 00000000 ___RD C:\MSOCache
2013-12-01 14:42 - 2012-03-28 10:40 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\Penwitt\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-23 17:50

==================== End Of Log ============================
  • 0

#22
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello again BKuke,

The logs look okay to me now. :thumbsup:

Unless there is still an issue we will go to clearing away the tools we have been using.

We have a couple of last steps to perform and then you're all set.Posted Image

Follow these steps to uninstall Combofix and tools used in the removal of malware. This will also clean out and reset your Restore Points.

  • Go to Start > Programs > Accessories and click on Run
  • Copy and paste the the bolded text below in the box then hit OK

    Combofix /Uninstall

    Posted Image
Step 2
  • Double-click OTL.exe to run it. (Vista users, please right click on OTL.exe and select "Run as an Administrator")
  • Click on the CleanUp! button
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.
Step 3
To remove AdwCleaner double click on adwcleaner.exe to run the tool.
Click on Uninstall, then confirm with yes to remove AdwCleaner from your computer.

Any remaining tools may be deleted.

-------------------------------------------------------------------------------------------------------------------

A reminder: Remember to (re-install if uninstalled during cleaning) update and turn back on any anti-malware programs you may have turned off during the cleaning process.
-------------------------------------------------------------------------------------------------------------------

Here are some things that I think are worth having a look at if you don't already know about them:

---------------------------------------------------------------------------------------------------------------------

It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article Strong passwords: How to create and use them.

----------------------------------------------------------------------------------------------------------------------

Java warning

Java is a popular point of entry to your computer for malicous programs. The United States Department of Homeland Security recommends that computer users disable Java, see here. Unless you need it to run an important software the safest approach is to completely uninstall Java. Where you do require it, then the next safest option is to disable it in your browsers until you need it, then enable it.

How to disable Java in your web browser and How to unplug Java from the browser

If you do still need Java then regularly check that it is up to date. Older versions are the most vulnerable to malicious attack.

  • Download Java for Windows

    Reboot your computer.
    You also need to unininstall older versions of Java.
  • Click Start > Control Panel > Add or Remove Programs
  • Remove all Java updates except the latest one you have just installed.
--------------------------------------------------------------------------------------------------------------------

CryptoLocker Warning

There is a particularly nasty infection out there at the moment.

Go here for information about CryptoLocker Ransomeware

Download CryptoPrevent free for home use.

--------------------------------------------------------------------------------------------------------------------

To help protect your computer in the future:



If you do not already have automatic updates set then it is recommended that you do set Windows to check, download and install your updates automatically.

* Click Start > Control Panel > System and Security > Windows Update
* Under Windows Update click on Turn automatic updating on or off
* Check items shown to ensure you receive updates automatically. Click OK.

Be aware of what emails you open and websites you visit.

Go here for some good advice about how to prevent infection.

A fun way to check your online safety literacy.

Quiz - getsafeonline

Have a safe and happy computing day!
  • 0

#23
BKuke

BKuke

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I will run through this process


Thank you very much. You were extremely helpful.

Have a great holiday season
  • 0

#24
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

Thank you very much.


You are very welcome. :happy:

I will keep this topic open for a day or two in case any issue arises.
  • 0

#25
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP