Jump to content

Ad's playing in background etc.


Recommended Posts

Hello, I hope I posted this in the correct spot. I've been searching online and here for 2 days now trying to figure out how to fix my laptop. I went out of town and I'm guessing the housesitter used my laptop and so ever since I got back it's been doing weird stuff.

 

First I noticed a bunch of toolbars on my browser so I got rid of those. I also noticed some "anti-virus" software on my computer so deleted those as well. I let my son borrow my laptop and then he brought it back saying something was weird. I booted it up and immediately an ad started playing, but I had no windows open. I did control+alt+delete and there are a bunch of processes running, but not sure which ones are safe.

 

I ended up deleting "speedupmypc" and other uniblue products and that's when it really got crazy. Whenever windows would load, it would say there was a file error and then make a noise and go to a blue screen that would say crash dump at the bottom and a lot of other writing that I couldn't tell you what it says because it goes away pretty quickly and then windows restarts.

 

I went into safe mode and did a system restore which fixed the error code, but the ad still plays.

Link to post
Share on other sites

Hello Osteward and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Please follow the instructions here and then post the log files in your next reply.

http://forums.malwarebytes.org/index.php?showtopic=9573

Link to post
Share on other sites

Thank you for replying!

 

I hope I did this correctly.

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.08.07.06
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
Olivia :: OLIVIA-VAIO [administrator]
 
Protection: Enabled
 
8/7/2013 2:02:38 PM
MBAM-log-2013-08-07 (14-09-25).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 218848
Time elapsed: 5 minute(s), 46 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 6
HKCR\AppID\{F85FA3F2-D2C8-4D4D-BB1C-3181E691AF2B} (PUP.FaceThemes) -> No action taken.
HKCR\CLSID\{2A28729E-2280-4986-BDB4-EC2623EAFBA4} (PUP.FaceThemes) -> No action taken.
HKCR\TypeLib\{A3F56272-CDB4-4310-9BB1-9A0D0757A3B3} (PUP.FaceThemes) -> No action taken.
HKCR\Interface\{D6975F9E-15B2-4FE7-9D16-FC2E85CB201B} (PUP.FaceThemes) -> No action taken.
HKCR\SelectionLinks.SelectionLinksBHO.1 (PUP.FaceThemes) -> No action taken.
HKCU\Software\teeveewatchSA (Adware.HotBar.TVW) -> No action taken.
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.Conduit) -> Bad: (http://search.conduit.com?SearchSource=10&CUI=UN91314892051419158&UM=2&ctid=CT3298566) Good: (http://www.google.com) -> No action taken.
 
Folders Detected: 21
C:\Program Files (x86)\DealPly (PUP.Optional.DealPly) -> No action taken.
C:\Users\Olivia\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> No action taken.
C:\Users\Olivia\AppData\Roaming\player (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\Olivia\AppData\Roaming\player\images (PUP.Optional.VPLMedia.A) -> No action taken.
C:\ProgramData\DealPlyLive (PUP.Optional.DealPly.A) -> No action taken.
C:\ProgramData\DealPlyLive\Update (PUP.Optional.DealPly.A) -> No action taken.
C:\ProgramData\DealPlyLive\Update\Log (PUP.Optional.DealPly.A) -> No action taken.
C:\Users\Olivia\AppData\Roaming\Dealply (PUP.Optional.DealPly.A) -> No action taken.
C:\Users\Olivia\AppData\Roaming\Dealply\UpdateProc (PUP.Optional.DealPly.A) -> No action taken.
C:\Program Files (x86)\DealPlyLive (PUP.Optional.DealPly.A) -> No action taken.
C:\Program Files (x86)\DealPlyLive\CrashReports (PUP.Optional.DealPly.A) -> No action taken.
C:\Program Files (x86)\DealPlyLive\Update (PUP.Optional.DealPly.A) -> No action taken.
C:\Program Files (x86)\DealPlyLive\Update\Download (PUP.Optional.DealPly.A) -> No action taken.
C:\Program Files (x86)\DealPlyLive\Update\Install (PUP.Optional.DealPly.A) -> No action taken.
C:\Program Files (x86)\DealPlyLive\Update\Offline (PUP.Optional.DealPly.A) -> No action taken.
C:\Program Files (x86)\DealPlyLive\Update\Offline\{ACE056E0-A5D0-433F-9446-2582FE8E1E48} (PUP.Optional.DealPly.A) -> No action taken.
C:\ProgramData\Tarma Installer (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504} (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Cache (PUP.Optional.Tarma.A) -> No action taken.
C:\Program Files (x86)\Tuguu SL\VAFPlayer (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages (PUP.Optional.VPLMedia.A) -> No action taken.
 
Files Detected: 106
C:\Users\Olivia\AppData\Local\Temp\checktbexist.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Olivia\AppData\Local\Temp\SecondStepInstaller.exe (PUP.Optional.Conduit) -> No action taken.
C:\Users\Olivia\AppData\Local\Temp\ToolbarHelper.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Olivia\AppData\Local\Temp\ct3290238\ctbe.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Olivia\AppData\Local\Temp\ct3290238\ffLogic.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Olivia\AppData\Local\Temp\ct3290238\spff.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Olivia\AppData\Local\Temp\ct3290238\statisticsStub.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Olivia\AppData\Local\Temp\ct3298566\chLogic.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Olivia\AppData\Local\Temp\ct3298566\ctbe.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Olivia\AppData\Local\Temp\ct3298566\ffLogic.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Olivia\AppData\Local\Temp\ct3298566\ieLogic.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Olivia\AppData\Local\Temp\ct3298566\spch.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Olivia\AppData\Local\Temp\ct3298566\spff.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Olivia\AppData\Local\Temp\ct3298566\statisticsStub.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Olivia\AppData\Local\Temp\DM\Player_Setup.exe\qCUWfSgIj6vtVj1\installer.exe (PUP.Adware.DomaIQ) -> No action taken.
C:\Users\Olivia\AppData\Local\Temp\DM\Player_Setup.exe\qCUWfSgIj6vtVj1\Player_Setup.exe (Adware.DomaIQ) -> No action taken.
C:\Users\Olivia\AppData\Local\Temp\DM\Player_Setup.exe\qCUWfSgIj6vtVj1\setup__120.exe (PUP.Optional.Amonetize) -> No action taken.
C:\Users\Olivia\AppData\Local\Temp\is88410971\MyBabylonTB.exe (PUP.Optional.Babylon.A) -> No action taken.
C:\Users\Olivia\AppData\Local\Temp\is88410971\PricePeepInstaller-IronSource.exe (Adware.Agent) -> No action taken.
C:\Users\Olivia\Downloads\downloadmanager_Setup.exe (PUP.Bundle.Installer.OI) -> No action taken.
C:\Users\Olivia\Downloads\FlashPlayer_V.140892939b.exe (PUP.FakeFlash.Domaiq) -> No action taken.
C:\Users\Olivia\Downloads\mplayer_Setup.exe (PUP.Optional.IBryte) -> No action taken.
C:\Users\Olivia\Downloads\Player_Setup.exe (PUP.Adware.DomaIQ) -> No action taken.
C:\Users\Olivia\Downloads\slender_setup(1).exe (PUP.Optional.Ibryte) -> No action taken.
C:\Users\Olivia\Downloads\Slender_Setup(2).exe (PUP.Optional.Ibryte) -> No action taken.
C:\Users\Olivia\Downloads\Slender_Setup.exe (PUP.Optional.Ibryte) -> No action taken.
C:\Program Files (x86)\DealPly\DealPly.crx (PUP.Optional.DealPly) -> No action taken.
C:\Program Files (x86)\DealPly\DealPly.xpi (PUP.Optional.DealPly) -> No action taken.
C:\Users\Olivia\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> No action taken.
C:\Users\Olivia\AppData\Roaming\player\playlist.vpl (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\Olivia\AppData\Roaming\player\images\channel_ld_103.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\Olivia\AppData\Roaming\player\images\channel_ld_11.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\Olivia\AppData\Roaming\player\images\channel_ld_120.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\Olivia\AppData\Roaming\player\images\channel_ld_121.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\Olivia\AppData\Roaming\player\images\channel_ld_122.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\Olivia\AppData\Roaming\player\images\channel_ld_123.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\Olivia\AppData\Roaming\player\images\channel_ld_124.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\Olivia\AppData\Roaming\player\images\channel_ld_125.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\Olivia\AppData\Roaming\player\images\channel_ld_126.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\Olivia\AppData\Roaming\player\images\channel_ld_127.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\Olivia\AppData\Roaming\player\images\channel_ld_136.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\Olivia\AppData\Roaming\player\images\channel_ld_137.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\Olivia\AppData\Roaming\player\images\channel_ld_140.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\Olivia\AppData\Roaming\player\images\channel_ld_141.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\Olivia\AppData\Roaming\player\images\channel_ld_149.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\Olivia\AppData\Roaming\player\images\channel_ld_150.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\Olivia\AppData\Roaming\player\images\channel_ld_160.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\Olivia\AppData\Roaming\player\images\channel_ld_165.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\Olivia\AppData\Roaming\player\images\channel_ld_181.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\Olivia\AppData\Roaming\player\images\channel_ld_191.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\Olivia\AppData\Roaming\player\images\channel_ld_193.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\Olivia\AppData\Roaming\player\images\channel_ld_199.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\Olivia\AppData\Roaming\player\images\channel_ld_200.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\Olivia\AppData\Roaming\player\images\channel_ld_201.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\Olivia\AppData\Roaming\player\images\channel_ld_204.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\Olivia\AppData\Roaming\player\images\channel_ld_221.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\Olivia\AppData\Roaming\player\images\channel_ld_224.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\Olivia\AppData\Roaming\player\images\channel_ld_28.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\Olivia\AppData\Roaming\player\images\channel_ld_34.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\Olivia\AppData\Roaming\player\images\channel_ld_37.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\Olivia\AppData\Roaming\player\images\channel_ld_49.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\Olivia\AppData\Roaming\player\images\channel_ld_57.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\Olivia\AppData\Roaming\player\images\channel_ld_86.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\Olivia\AppData\Roaming\player\images\channel_ld_99.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\ProgramData\DealPlyLive\Update\Log\DealPlyLive.log (PUP.Optional.DealPly.A) -> No action taken.
C:\Users\Olivia\AppData\Roaming\Dealply\UpdateProc\config.dat (PUP.Optional.DealPly.A) -> No action taken.
C:\Users\Olivia\AppData\Roaming\Dealply\UpdateProc\TTL.DAT (PUP.Optional.DealPly.A) -> No action taken.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.dat (PUP.Optional.Tarma.A) -> No action taken.
C:\Program Files (x86)\Tuguu SL\VAFPlayer\VAFPlayer.InstallState (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\Arabic.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\Bulgarian.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\Catalan.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\Chinese (Simplified).gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\Chinese (Traditional).gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\Czech.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\Danish.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\Dutch.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\English.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\Estonian.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\Finnish.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\French.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\German.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\Greek.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\Haitian Creole.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\Hebrew.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\Hindi.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\Hungarian.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\Indonesian.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\Italian.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\Japanese.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\Korean.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\Latvian.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\Lithuanian.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\Norwegian.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\Polish.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\Portuguese.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\Romanian.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\Russian.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\Slovak.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\Slovenian.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\Spanish.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\Swedish.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\Thai.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\Turkish.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\Ukrainian.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\Vietnamese.gif (PUP.Optional.VPLMedia.A) -> No action taken.
 
(end)
Link to post
Share on other sites

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system.  You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-08-2013

Ran by Olivia (administrator) on 08-08-2013 08:31:12

Running from C:\Users\Olivia\Downloads

Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 10

Boot Mode: Safe Mode (with Networking)

 

==================== Processes (Whitelisted) =================

 

(Google Inc.) C:\Users\Olivia\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Olivia\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Olivia\AppData\Local\Google\Chrome\Application\chrome.exe

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2012-03-13] (Realtek Semiconductor)

HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [1020576 2012-02-23] (Atheros Commnucations)

HKLM\...\Run: [AthBtTray] - C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [800416 2012-02-23] (Atheros Commnucations)

HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2885904 2012-03-13] (Synaptics Incorporated)

HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)

Winlogon\Notify\klogon: %SystemRoot%\System32\klogon.dll (Kaspersky Lab ZAO)

HKCU\...\Run: [Google Update] - C:\Users\Olivia\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-09-12] (Google Inc.)

HKCU\...\Run: [Messenger (Yahoo!)] - C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)

HKCU\...\Run: [F.lux] - C:\Users\Olivia\Local Settings\Apps\F.lux\flux.exe [966656 2009-08-29] ()

HKCU\...\Run: [steam] - C:\Program Files (x86)\Steam\Steam.exe [1672616 2013-07-09] (Valve Corporation)

HKCU\...\Run: [backupAgent] - C:\Program Files (x86)\Strongvault Online Backup\BackupAgent.exe [197448 2013-03-19] (Strongvault LLC)

HKLM-x32\...\Run: [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)

HKLM-x32\...\Run: [uSB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-22] (Intel Corporation)

HKLM-x32\...\Run: [] -  [x]

HKLM-x32\...\Run: [iSBMgr.exe] - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [60552 2011-09-20] (Sony Corporation)

HKLM-x32\...\Run: [PMBVolumeWatcher] - c:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [693608 2012-02-21] (Sony Corporation)

HKLM-x32\...\Run: [sSDMonitor] - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe [105120 2012-08-21] (PC Tools)

HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)

HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)

HKLM-x32\...\Run: [sMessaging] - C:\Users\Olivia\AppData\Local\Strongvault Online Backup\SMessaging.exe [31664 2012-04-04] (Stronghold Online Backup)

HKLM-x32\...\Run: [avp] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [207040 2013-08-07] (Kaspersky Lab ZAO)

Startup: C:\Users\Olivia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

Startup: C:\Users\Olivia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StrongVaultApp.lnk

ShortcutTarget: StrongVaultApp.lnk -> C:\Users\Olivia\AppData\Local\Strongvault\StrongVaultApp.exe ()

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&CUI=UN91314892051419158&UM=2&ctid=CT3298566

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sony.msn.com

URLSearchHook: (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} -  No File

SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=SNYVDF&pc=MASA&src=IE-SearchBox

SearchScopes: HKLM-x32 - DefaultScope {23011D9A-E926-4957-A8F2-758D67AC7312} URL = 


SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searchTerms}&affID=110803&tt=4312_8&babsrc=SP_ss&mntrId=8018aa7f000000000000844bf5d13517

SearchScopes: HKCU - {23011D9A-E926-4957-A8F2-758D67AC7312} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3298566&CUI=UN91314892051419158&UM=2

SearchScopes: HKCU - {281CF51C-DC45-44AD-98C1-38C54F6BEFBF} URL = http://search.conduit.com/Results.aspx?ctid=CT3300018&SearchSource=45&UM=2&q={searchTerms}


BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)

BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File

BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO-x32: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)

BHO-x32: No Name - {7365A975-D1E8-41ed-8C66-FA70EDB97A39} -  No File

BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)

BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

 

FireFox:

========

FF ProfilePath: C:\Users\Olivia\AppData\Roaming\Mozilla\Firefox\Profiles\a5l2oido.default

FF user.js: detected! => C:\Users\Olivia\AppData\Roaming\Mozilla\Firefox\Profiles\a5l2oido.default\user.js

FF Homepage: about:home

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()

FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()

FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF Plugin-x32: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF Plugin-x32: @playstation.com/PsndlCheck,version=1.00 - C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)

FF Plugin-x32: @sony.com/ReaderDesktop - C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)

FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 - C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)

FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Olivia\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Olivia\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Olivia\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF SearchPlugin: C:\Users\Olivia\AppData\Roaming\Mozilla\Firefox\Profiles\a5l2oido.default\searchplugins\amazon.xml

FF SearchPlugin: C:\Users\Olivia\AppData\Roaming\Mozilla\Firefox\Profiles\a5l2oido.default\searchplugins\babylon.xml

FF SearchPlugin: C:\Users\Olivia\AppData\Roaming\Mozilla\Firefox\Profiles\a5l2oido.default\searchplugins\BrowserDefender.xml

FF SearchPlugin: C:\Users\Olivia\AppData\Roaming\Mozilla\Firefox\Profiles\a5l2oido.default\searchplugins\vafmusic9-customized-web-search.xml

FF Extension: Lyrics-Monkey - C:\Users\Olivia\AppData\Roaming\Mozilla\Firefox\Profiles\a5l2oido.default\Extensions\125

FF Extension: Vgrabber v1  - C:\Users\Olivia\AppData\Roaming\Mozilla\Firefox\Profiles\a5l2oido.default\Extensions\{7f7f82f1-7c95-47cd-814f-950b56d58fc3}

FF Extension: Vafmusic9  - C:\Users\Olivia\AppData\Roaming\Mozilla\Firefox\Profiles\a5l2oido.default\Extensions\{845cab51-d8d2-472f-8bd9-2b44642d97c2}

FF Extension: DealPly  Shopping - C:\Users\Olivia\AppData\Roaming\Mozilla\Firefox\Profiles\a5l2oido.default\Extensions\{906000a4-88d9-4d52-b209-7a772970d91f}

FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru

FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru

FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru

FF Extension: Kaspersky Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru

FF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru

FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru

 

Chrome: 

=======



CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}

CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}

CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ChromeExt\urladvisor.crx

CHR HKLM-x32\...\Chrome\Extension: [fdkednngfjmpnljkolbapdednncafhen] - C:\Users\Olivia\AppData\Local\CRE\fdkednngfjmpnljkolbapdednncafhen.crx

CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ChromeExt\virtkbd.crx

CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ChromeExt\ab.crx

 

==================== Services (Whitelisted) =================

 

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)

S2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [207040 2013-08-07] (Kaspersky Lab ZAO)

S3 DCDhcpService; C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [112256 2012-03-21] (Atheros Communication Inc.)

S2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe [427432 2013-02-22] ()

S2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-03-13] ()

S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-03-13] (Intel Corporation)

S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

S2 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [794272 2012-08-21] (PC Tools)

S2 PMBDeviceInfoProvider; c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [473960 2012-02-21] (Sony Corporation)

S2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [258048 2013-03-04] (Sony Corporation)

S2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.)

S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe [427432 2013-02-22] ()

S2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [960160 2011-12-29] (Sony Corporation)

S2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [158880 2012-02-23] (Atheros)

S3 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [x]

 

==================== Drivers (Whitelisted) ====================

 

S3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)

S3 BTATH_VDP; C:\Windows\System32\drivers\btath_vdp.sys [421664 2012-02-23] (Atheros)

R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [460888 2011-03-04] (Kaspersky Lab ZAO)

R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11864 2011-03-04] (Kaspersky Lab ZAO)

S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [637272 2013-08-07] (Kaspersky Lab)

R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29488 2011-03-10] (Kaspersky Lab ZAO)

S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [22544 2009-11-02] (Kaspersky Lab)

S3 lehidmini; C:\Windows\system32\drivers\leath_hid.sys [36128 2012-02-23] (Atheros)

S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

S3 semav6thermal64ro; C:\Windows\system32\drivers\semav6thermal64ro.sys [13792 2012-11-06] ()

S3 SmbDrv; C:\Windows\system32\drivers\Smb_driver.sys [21264 2012-03-13] (Synaptics Incorporated)

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2013-08-08 08:30 - 2013-08-08 08:30 - 01790059 _____ (Farbar) C:\Users\Olivia\Downloads\FRST64.exe

2013-08-08 08:18 - 2013-08-08 08:18 - 00262144 _____ C:\Windows\Minidump\080813-56300-01.dmp

2013-08-07 17:48 - 2013-08-07 17:48 - 00000512 _____ C:\Users\Olivia\AppData\Local\WebpageIcons.db-journal

2013-08-07 17:48 - 2013-08-07 17:48 - 00000000 _____ C:\Users\Olivia\AppData\Local\WebpageIcons.db

2013-08-07 17:47 - 2013-08-07 17:47 - 00000000 ___RD C:\Users\Olivia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices

2013-08-07 17:46 - 2013-08-07 17:46 - 00003120 _____ C:\Windows\System32\Tasks\Advanced System Protector_startup

2013-08-07 17:44 - 2013-08-07 17:44 - 00291552 _____ C:\Windows\Minidump\080713-47517-01.dmp

2013-08-07 17:26 - 2013-08-07 17:26 - 00688992 _____ (Swearware) C:\Users\Olivia\Downloads\dds.com

2013-08-07 14:01 - 2013-08-07 14:01 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-08-07 14:01 - 2013-08-07 14:01 - 00000000 ____D C:\Users\Olivia\AppData\Roaming\Malwarebytes

2013-08-07 14:01 - 2013-08-07 14:01 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-08-07 14:01 - 2013-08-07 14:01 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-08-07 14:01 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2013-08-07 14:00 - 2013-08-07 14:00 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Olivia\Downloads\mbam-setup-1.75.0.1300.exe

2013-08-07 11:41 - 2013-08-08 08:18 - 00000000 ____D C:\Windows\Minidump

2013-08-07 11:41 - 2013-08-08 08:17 - 718719390 _____ C:\Windows\MEMORY.DMP

2013-08-07 11:41 - 2013-08-07 11:41 - 00279168 _____ C:\Windows\Minidump\080713-44819-01.dmp

2013-08-07 11:08 - 2013-08-07 11:08 - 00000000 ____D C:\Users\Olivia\AppData\Roaming\Registry Mechanic

2013-08-06 21:03 - 2013-08-06 21:03 - 00000000 ____D C:\ProgramData\Systweak

2013-08-06 16:04 - 2013-08-07 00:10 - 00000000 ____D C:\ProgramData\MFAData

2013-08-06 16:04 - 2013-08-06 16:04 - 00000000 ____D C:\Users\Olivia\AppData\Local\MFAData

2013-08-06 16:04 - 2013-08-06 16:04 - 00000000 ____D C:\Users\Olivia\AppData\Local\Avg2013

2013-08-05 11:34 - 2013-08-07 11:32 - 00000000 ____D C:\Users\Olivia\Garrys.Mod.13.v159

2013-08-05 11:33 - 2013-08-07 11:33 - 00000000 ____D C:\Program Files (x86)\Lyrics_Monkey

2013-08-04 09:55 - 2013-08-07 02:39 - 00000000 ____D C:\Program Files (x86)\DealPlyLive

2013-08-04 09:55 - 2013-08-04 09:55 - 00000000 ____D C:\Users\Olivia\AppData\Local\DealPlyLive

2013-08-04 09:55 - 2013-08-04 09:55 - 00000000 ____D C:\ProgramData\DealPlyLive

2013-08-04 09:54 - 2013-08-07 11:33 - 00000000 ____D C:\Users\Olivia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly

2013-08-04 09:54 - 2013-08-07 11:33 - 00000000 ____D C:\Program Files (x86)\DealPly

2013-08-04 09:54 - 2013-08-07 11:32 - 00000000 ____D C:\Users\Olivia\AppData\Roaming\SmartPCFix

2013-08-04 09:54 - 2013-08-07 02:42 - 00000000 ____D C:\Users\Olivia\AppData\Roaming\Dealply

2013-08-03 18:12 - 2013-08-03 18:12 - 00000000 ____D C:\Program Files\Strogino CS Portal

2013-08-03 17:06 - 2013-08-07 11:32 - 00000000 ____D C:\Users\Olivia\Garrys Mod v13.07.05

2013-08-03 17:04 - 2013-08-07 11:33 - 00000000 ____D C:\Users\Olivia\AppData\Roaming\GoforFiles

2013-08-03 16:57 - 2013-08-07 11:32 - 00000000 ____D C:\Users\Olivia\AppData\Roaming\player

2013-08-03 16:57 - 2013-08-03 16:57 - 00000000 ____D C:\Program Files (x86)\Tuguu SL

2013-08-03 16:56 - 2013-08-03 16:56 - 00000000 ____D C:\Users\Olivia\AppData\Roaming\Uniblue

2013-08-03 16:54 - 2013-08-07 11:33 - 00000000 ____D C:\Users\Olivia\AppData\Local\SwvUpdater

2013-08-03 16:54 - 2013-08-07 11:33 - 00000000 ____D C:\Program Files (x86)\7-Zip

2013-08-03 16:54 - 2013-08-07 11:32 - 00000000 ____D C:\Users\Olivia\AppData\Roaming\Web Cake

2013-08-02 15:08 - 2013-08-02 15:14 - 00000000 ____D C:\Users\Olivia\Documents\DungeonParty

2013-08-01 20:31 - 2013-08-01 20:31 - 00000000 ____D C:\Users\Olivia\AppData\Local\Warframe

2013-07-30 15:45 - 2013-07-30 15:45 - 00000000 ____D C:\Users\Olivia\Documents\Eidos

2013-07-30 15:30 - 2013-08-07 11:33 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies

2013-07-28 16:06 - 2013-07-28 16:06 - 00000000 ____D C:\Users\Olivia\Documents\ROBLOX

2013-07-28 12:44 - 2013-08-07 11:33 - 00000000 ____D C:\Users\Olivia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox

2013-07-28 12:44 - 2013-07-28 13:02 - 00000000 ____D C:\Users\Olivia\AppData\Local\Roblox

2013-07-28 12:37 - 2013-08-07 11:32 - 00000000 ____D C:\Users\Olivia\AppData\Roaming\SearchProtect

2013-07-24 11:03 - 2013-07-24 11:03 - 00000094 _____ C:\Users\Olivia\AppData\Local\fusioncache.dat

2013-07-24 11:03 - 2013-07-24 11:03 - 00000000 ____D C:\Users\Olivia\AppData\Local\Turbine

2013-07-22 19:28 - 2013-07-22 19:28 - 01062552 _____ C:\Users\Olivia\Downloads\mplayer_Setup.exe

2013-07-22 19:27 - 2013-08-07 15:45 - 00000000 ____D C:\Users\Olivia\AppData\Local\Strongvault Online Backup

2013-07-22 19:27 - 2013-08-07 11:37 - 00000000 ____D C:\Users\Olivia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Strongvault Online Backup

2013-07-22 19:27 - 2013-08-07 11:36 - 00000000 ____D C:\Users\Olivia\AppData\Local\Strongvault

2013-07-22 19:27 - 2013-08-07 11:36 - 00000000 ____D C:\Program Files (x86)\Strongvault Online Backup

2013-07-22 19:27 - 2013-07-24 07:20 - 00000000 ____D C:\ProgramData\Strongvault Online Backup

2013-07-22 19:27 - 2013-07-22 19:27 - 00001158 _____ C:\Users\Olivia\Desktop\Shortcut to Strongvault.lnk

2013-07-22 19:27 - 2013-07-22 19:27 - 00000000 __SHD C:\AI_RecycleBin

2013-07-22 19:27 - 2013-07-22 19:27 - 00000000 ____D C:\Users\Olivia\Documents\My Web Backups

2013-07-22 19:27 - 2013-07-22 19:27 - 00000000 ____D C:\Users\Olivia\AppData\Roaming\Strongvault

2013-07-22 19:25 - 2013-07-22 19:25 - 00543040 _____ C:\Users\Olivia\Downloads\Player_Setup.exe

2013-07-21 22:55 - 2013-07-21 22:55 - 01939968 _____ (                                                            ) C:\Users\Olivia\Desktop\setup.exe

2013-07-21 22:55 - 2013-07-21 22:55 - 00000579 _____ C:\Users\Olivia\Desktop\Continue Video Downloader Installation.lnk

2013-07-15 16:56 - 2013-07-15 16:56 - 00062084 _____ C:\Windows\system32\s000001.dat

2013-07-14 18:53 - 2013-07-14 18:54 - 00675988 _____ C:\Users\Olivia\Downloads\Minecraft.exe

2013-07-14 09:04 - 2013-06-11 19:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-07-14 09:04 - 2013-06-11 19:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-07-14 09:04 - 2013-06-11 19:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-07-14 09:04 - 2013-06-11 19:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-07-14 09:04 - 2013-06-11 19:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-07-14 09:04 - 2013-06-11 19:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-07-14 09:04 - 2013-06-11 19:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-07-14 09:04 - 2013-06-11 19:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-07-14 09:04 - 2013-06-11 19:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-07-14 09:04 - 2013-06-11 19:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-07-14 09:04 - 2013-06-11 19:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-07-14 09:04 - 2013-06-11 19:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-07-14 09:04 - 2013-06-11 19:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-07-14 09:04 - 2013-06-11 19:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-07-14 09:04 - 2013-06-11 19:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-07-14 09:04 - 2013-06-11 19:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2013-07-14 09:04 - 2013-06-11 19:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-07-14 09:04 - 2013-06-11 19:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-07-14 09:04 - 2013-06-11 19:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-07-14 09:04 - 2013-06-11 19:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-07-14 09:04 - 2013-06-11 19:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-07-14 09:04 - 2013-06-11 19:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-07-14 09:04 - 2013-06-11 19:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-07-14 09:04 - 2013-06-11 19:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2013-07-14 09:04 - 2013-06-11 19:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2013-07-14 09:04 - 2013-06-11 19:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-07-14 09:04 - 2013-06-11 19:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2013-07-14 09:04 - 2013-06-11 18:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-07-14 09:04 - 2013-06-11 18:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2013-07-14 09:04 - 2013-06-06 23:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-07-14 09:04 - 2013-06-06 22:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-07-14 03:02 - 2013-07-14 03:02 - 00000000 ____D C:\592a55012c90e5e9003d

2013-07-14 01:10 - 2013-05-06 02:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL

2013-07-14 01:10 - 2013-05-06 00:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL

2013-07-14 01:09 - 2013-06-04 23:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2013-07-14 01:09 - 2013-04-09 19:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll

2013-07-14 01:09 - 2013-04-02 18:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll

2013-07-13 20:08 - 2013-06-04 02:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll

2013-07-13 20:08 - 2013-06-04 00:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll

139

 

==================== One Month Modified Files and Folders =======

 

2013-08-08 08:30 - 2013-08-08 08:30 - 01790059 _____ (Farbar) C:\Users\Olivia\Downloads\FRST64.exe

2013-08-08 08:18 - 2013-08-08 08:18 - 00262144 _____ C:\Windows\Minidump\080813-56300-01.dmp

2013-08-08 08:18 - 2013-08-07 11:41 - 00000000 ____D C:\Windows\Minidump

2013-08-08 08:18 - 2012-11-15 09:17 - 00000286 _____ C:\Windows\Tasks\RMAutoUpdate.job

2013-08-08 08:18 - 2012-11-11 21:02 - 00000000 ____D C:\Program Files (x86)\PC Tools Registry Mechanic

2013-08-08 08:18 - 2012-04-28 01:40 - 00000000 ____D C:\ProgramData\Kaspersky Lab

2013-08-08 08:18 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-08-08 08:18 - 2009-07-14 00:51 - 00066067 _____ C:\Windows\setupact.log

2013-08-08 08:17 - 2013-08-07 11:41 - 718719390 _____ C:\Windows\MEMORY.DMP

2013-08-07 17:48 - 2013-08-07 17:48 - 00000512 _____ C:\Users\Olivia\AppData\Local\WebpageIcons.db-journal

2013-08-07 17:48 - 2013-08-07 17:48 - 00000000 _____ C:\Users\Olivia\AppData\Local\WebpageIcons.db

2013-08-07 17:47 - 2013-08-07 17:47 - 00000000 ___RD C:\Users\Olivia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices

2013-08-07 17:47 - 2013-04-01 19:24 - 00000000 ____D C:\Program Files (x86)\Steam

2013-08-07 17:46 - 2013-08-07 17:46 - 00003120 _____ C:\Windows\System32\Tasks\Advanced System Protector_startup

2013-08-07 17:44 - 2013-08-07 17:44 - 00291552 _____ C:\Windows\Minidump\080713-47517-01.dmp

2013-08-07 17:32 - 2012-04-28 01:40 - 00637272 _____ (Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys

2013-08-07 17:30 - 2012-04-28 01:42 - 00153053 _____ C:\Windows\system32\Drivers\klin.dat

2013-08-07 17:30 - 2012-04-28 01:42 - 00107384 _____ C:\Windows\system32\Drivers\klick.dat

2013-08-07 17:26 - 2013-08-07 17:26 - 00688992 _____ (Swearware) C:\Users\Olivia\Downloads\dds.com

2013-08-07 15:45 - 2013-07-22 19:27 - 00000000 ____D C:\Users\Olivia\AppData\Local\Strongvault Online Backup

2013-08-07 14:01 - 2013-08-07 14:01 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-08-07 14:01 - 2013-08-07 14:01 - 00000000 ____D C:\Users\Olivia\AppData\Roaming\Malwarebytes

2013-08-07 14:01 - 2013-08-07 14:01 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-08-07 14:01 - 2013-08-07 14:01 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-08-07 14:00 - 2013-08-07 14:00 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Olivia\Downloads\mbam-setup-1.75.0.1300.exe

2013-08-07 12:26 - 2009-07-14 01:08 - 00032624 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2013-08-07 12:14 - 2012-09-12 19:36 - 00000000 ____D C:\Users\Olivia\AppData\Local\CrashDumps

2013-08-07 12:12 - 2012-08-11 10:49 - 01813016 _____ C:\Windows\WindowsUpdate.log

2013-08-07 11:57 - 2009-07-14 00:45 - 00020928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-08-07 11:57 - 2009-07-14 00:45 - 00020928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-08-07 11:55 - 2012-04-28 02:28 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-08-07 11:42 - 2012-09-12 17:56 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2281063097-3860207789-260810463-1001UA.job

2013-08-07 11:41 - 2013-08-07 11:41 - 00279168 _____ C:\Windows\Minidump\080713-44819-01.dmp

2013-08-07 11:37 - 2013-07-22 19:27 - 00000000 ____D C:\Users\Olivia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Strongvault Online Backup

2013-08-07 11:37 - 2012-09-12 17:57 - 00000000 ____D C:\Users\Olivia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome

2013-08-07 11:37 - 2012-09-12 17:47 - 00000000 ___RD C:\Users\Olivia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2013-08-07 11:37 - 2012-09-12 17:44 - 00000000 ____D C:\Users\Olivia

2013-08-07 11:37 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\sysprep

2013-08-07 11:36 - 2013-07-22 19:27 - 00000000 ____D C:\Users\Olivia\AppData\Local\Strongvault

2013-08-07 11:36 - 2013-07-22 19:27 - 00000000 ____D C:\Program Files (x86)\Strongvault Online Backup

2013-08-07 11:36 - 2013-05-18 19:57 - 00000000 ____D C:\Program Files (x86)\Advanced System Protector

2013-08-07 11:36 - 2013-04-14 20:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-08-07 11:34 - 2009-07-13 23:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy

2013-08-07 11:34 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy

2013-08-07 11:34 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\Msdtc

2013-08-07 11:34 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\AppCompat

2013-08-07 11:33 - 2013-08-05 11:33 - 00000000 ____D C:\Program Files (x86)\Lyrics_Monkey

2013-08-07 11:33 - 2013-08-04 09:54 - 00000000 ____D C:\Users\Olivia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly

2013-08-07 11:33 - 2013-08-04 09:54 - 00000000 ____D C:\Program Files (x86)\DealPly

2013-08-07 11:33 - 2013-08-03 17:04 - 00000000 ____D C:\Users\Olivia\AppData\Roaming\GoforFiles

2013-08-07 11:33 - 2013-08-03 16:54 - 00000000 ____D C:\Users\Olivia\AppData\Local\SwvUpdater

2013-08-07 11:33 - 2013-08-03 16:54 - 00000000 ____D C:\Program Files (x86)\7-Zip

2013-08-07 11:33 - 2013-07-30 15:30 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies

2013-08-07 11:33 - 2013-07-28 12:44 - 00000000 ____D C:\Users\Olivia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox

2013-08-07 11:33 - 2013-05-04 19:23 - 00000000 ____D C:\Program Files (x86)\MyPC Backup

2013-08-07 11:33 - 2013-05-04 19:22 - 00000000 ____D C:\Program Files (x86)\Conduit

2013-08-07 11:32 - 2013-08-05 11:34 - 00000000 ____D C:\Users\Olivia\Garrys.Mod.13.v159

2013-08-07 11:32 - 2013-08-04 09:54 - 00000000 ____D C:\Users\Olivia\AppData\Roaming\SmartPCFix

2013-08-07 11:32 - 2013-08-03 17:06 - 00000000 ____D C:\Users\Olivia\Garrys Mod v13.07.05

2013-08-07 11:32 - 2013-08-03 16:57 - 00000000 ____D C:\Users\Olivia\AppData\Roaming\player

2013-08-07 11:32 - 2013-08-03 16:54 - 00000000 ____D C:\Users\Olivia\AppData\Roaming\Web Cake

2013-08-07 11:32 - 2013-07-28 12:37 - 00000000 ____D C:\Users\Olivia\AppData\Roaming\SearchProtect

2013-08-07 11:32 - 2013-07-02 19:51 - 00000000 ____D C:\Users\Olivia\Downloads\New folder

2013-08-07 11:30 - 2013-06-16 14:08 - 00000000 ____D C:\Users\Olivia\AppData\Roaming\.minecraft

2013-08-07 11:30 - 2013-05-18 19:55 - 00000000 ____D C:\Users\Olivia\AppData\Roaming\Systweak

2013-08-07 11:30 - 2012-09-12 17:47 - 00000000 ____D C:\Users\Olivia\AppData\Local\VirtualStore

2013-08-07 11:30 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration

2013-08-07 11:27 - 2012-04-28 01:04 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

2013-08-07 11:08 - 2013-08-07 11:08 - 00000000 ____D C:\Users\Olivia\AppData\Roaming\Registry Mechanic

2013-08-07 02:42 - 2013-08-04 09:54 - 00000000 ____D C:\Users\Olivia\AppData\Roaming\Dealply

2013-08-07 02:39 - 2013-08-04 09:55 - 00000000 ____D C:\Program Files (x86)\DealPlyLive

2013-08-07 00:10 - 2013-08-06 16:04 - 00000000 ____D C:\ProgramData\MFAData

2013-08-06 21:03 - 2013-08-06 21:03 - 00000000 ____D C:\ProgramData\Systweak

2013-08-06 16:04 - 2013-08-06 16:04 - 00000000 ____D C:\Users\Olivia\AppData\Local\MFAData

2013-08-06 16:04 - 2013-08-06 16:04 - 00000000 ____D C:\Users\Olivia\AppData\Local\Avg2013

2013-08-04 09:55 - 2013-08-04 09:55 - 00000000 ____D C:\Users\Olivia\AppData\Local\DealPlyLive

2013-08-04 09:55 - 2013-08-04 09:55 - 00000000 ____D C:\ProgramData\DealPlyLive

2013-08-03 18:12 - 2013-08-03 18:12 - 00000000 ____D C:\Program Files\Strogino CS Portal

2013-08-03 16:57 - 2013-08-03 16:57 - 00000000 ____D C:\Program Files (x86)\Tuguu SL

2013-08-03 16:57 - 2013-05-04 19:22 - 00000000 ____D C:\Users\Olivia\AppData\Local\CRE

2013-08-03 16:57 - 2013-05-04 19:10 - 00000009 _____ C:\END

2013-08-03 16:56 - 2013-08-03 16:56 - 00000000 ____D C:\Users\Olivia\AppData\Roaming\Uniblue

2013-08-02 15:14 - 2013-08-02 15:08 - 00000000 ____D C:\Users\Olivia\Documents\DungeonParty

2013-08-01 20:31 - 2013-08-01 20:31 - 00000000 ____D C:\Users\Olivia\AppData\Local\Warframe

2013-07-30 22:35 - 2012-09-12 17:48 - 00000000 ____D C:\Users\Olivia\Documents\Bluetooth Folder

2013-07-30 15:45 - 2013-07-30 15:45 - 00000000 ____D C:\Users\Olivia\Documents\Eidos

2013-07-28 16:06 - 2013-07-28 16:06 - 00000000 ____D C:\Users\Olivia\Documents\ROBLOX

2013-07-28 13:02 - 2013-07-28 12:44 - 00000000 ____D C:\Users\Olivia\AppData\Local\Roblox

2013-07-27 07:59 - 2012-09-17 15:12 - 00000023 _____ C:\Windows\Model.txt

2013-07-27 07:59 - 2012-09-17 15:12 - 00000000 _____ C:\Windows\Model.log

2013-07-26 20:54 - 2012-11-15 09:17 - 00000416 _____ C:\Windows\SysWOW64\AppLog.log

2013-07-26 20:54 - 2012-11-11 21:02 - 00000286 _____ C:\Windows\Tasks\RMSchedule.job

2013-07-26 20:47 - 2012-09-12 17:56 - 00000860 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2281063097-3860207789-260810463-1001Core.job

2013-07-24 11:03 - 2013-07-24 11:03 - 00000094 _____ C:\Users\Olivia\AppData\Local\fusioncache.dat

2013-07-24 11:03 - 2013-07-24 11:03 - 00000000 ____D C:\Users\Olivia\AppData\Local\Turbine

2013-07-24 09:21 - 2011-02-10 19:03 - 00809880 _____ C:\Windows\SysWOW64\PerfStringBackup.INI

2013-07-24 07:49 - 2013-04-01 19:36 - 00000000 ____D C:\Users\Olivia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam

2013-07-24 07:20 - 2013-07-22 19:27 - 00000000 ____D C:\ProgramData\Strongvault Online Backup

2013-07-22 19:28 - 2013-07-22 19:28 - 01062552 _____ C:\Users\Olivia\Downloads\mplayer_Setup.exe

2013-07-22 19:27 - 2013-07-22 19:27 - 00001158 _____ C:\Users\Olivia\Desktop\Shortcut to Strongvault.lnk

2013-07-22 19:27 - 2013-07-22 19:27 - 00000000 __SHD C:\AI_RecycleBin

2013-07-22 19:27 - 2013-07-22 19:27 - 00000000 ____D C:\Users\Olivia\Documents\My Web Backups

2013-07-22 19:27 - 2013-07-22 19:27 - 00000000 ____D C:\Users\Olivia\AppData\Roaming\Strongvault

2013-07-22 19:27 - 2013-06-21 01:28 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin

2013-07-22 19:25 - 2013-07-22 19:25 - 00543040 _____ C:\Users\Olivia\Downloads\Player_Setup.exe

2013-07-21 22:55 - 2013-07-21 22:55 - 01939968 _____ (                                                            ) C:\Users\Olivia\Desktop\setup.exe

2013-07-21 22:55 - 2013-07-21 22:55 - 00000579 _____ C:\Users\Olivia\Desktop\Continue Video Downloader Installation.lnk

2013-07-20 09:02 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF

2013-07-19 10:51 - 2009-07-14 01:13 - 00773940 _____ C:\Windows\system32\PerfStringBackup.INI

2013-07-18 20:32 - 2013-06-21 01:43 - 00000000 ____D C:\Users\Olivia\AppData\Local\PMB Files

2013-07-15 17:34 - 2012-09-12 17:56 - 00003884 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2281063097-3860207789-260810463-1001UA

2013-07-15 17:34 - 2012-09-12 17:56 - 00003488 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2281063097-3860207789-260810463-1001Core

2013-07-15 16:56 - 2013-07-15 16:56 - 00062084 _____ C:\Windows\system32\s000001.dat

2013-07-15 16:52 - 2012-11-14 15:07 - 00000102 _____ C:\Windows\system32\sstates.sdt

2013-07-15 16:52 - 2012-11-14 15:07 - 00000040 _____ C:\Windows\system32\sstate_prev.sdt

2013-07-14 18:54 - 2013-07-14 18:53 - 00675988 _____ C:\Users\Olivia\Downloads\Minecraft.exe

2013-07-14 11:01 - 2013-07-04 09:58 - 00003841 _____ C:\Users\Olivia\Downloads\server.log

2013-07-14 11:01 - 2013-07-04 09:58 - 00000554 _____ C:\Users\Olivia\Downloads\server.properties

2013-07-14 11:01 - 2013-07-04 09:58 - 00000111 _____ C:\Users\Olivia\Downloads\banned-players.txt

2013-07-14 11:01 - 2013-07-04 09:58 - 00000111 _____ C:\Users\Olivia\Downloads\banned-ips.txt

2013-07-14 11:01 - 2013-07-04 09:58 - 00000000 ____D C:\Users\Olivia\Downloads\world

2013-07-14 11:01 - 2013-07-04 09:58 - 00000000 _____ C:\Users\Olivia\Downloads\ops.txt

2013-07-14 08:58 - 2009-07-14 00:45 - 00342296 _____ C:\Windows\system32\FNTCACHE.DAT

2013-07-14 08:56 - 2013-03-13 20:46 - 00000000 ____D C:\Program Files\Microsoft Silverlight

2013-07-14 08:56 - 2013-03-13 20:46 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight

2013-07-14 08:56 - 2012-02-24 00:01 - 00000000 ____D C:\Program Files\Windows Journal

2013-07-14 03:02 - 2013-07-14 03:02 - 00000000 ____D C:\592a55012c90e5e9003d

2013-07-14 03:02 - 2012-09-16 13:58 - 00000000 ____D C:\ProgramData\Microsoft Help

2013-07-14 00:10 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\Windows Defender

2013-07-14 00:10 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2013-07-27 21:28

 

==================== End Of Log ============================

 


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-08-2013

Ran by Olivia at 2013-08-08 08:31:44

Running from C:\Users\Olivia\Downloads

Boot Mode: Safe Mode (with Networking)

==========================================================

 

 

==================== Installed Programs =======================

 

   

Ace of Spades (x32)

ACID Music Studio 8.0 (x32 Version: 8.0.178)

Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)

Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)

Adobe Reader X MUI (x32 Version: 10.0.0)

Adobe Shockwave Player 12.0 (x32 Version: 12.0.2.122)

Advanced System Protector (x32 Version: 2.1.1000.10844)

Apple Application Support (x32 Version: 2.1.5)

Apple Software Update (x32 Version: 2.1.3.127)

Application Manager for VAIO (x32)

ArcSoft Magic-i Visual Effects 2 (x32 Version: 2.0.1.161)

ArcSoft WebCam Companion 4 (x32 Version: 4.0.21.484)

Atheros Bluetooth Suite (64) (Version: 7.4.0.125)

Chess Helper v3 Freeware (x32)

Counter-Strike (x32)

CyberLink PowerDVD (x32 Version: 9.0.5009.52)

D3DX10 (x32 Version: 15.4.2368.0902)

DMUninstaller (x32)

Dungeons & Dragons Online® (x32)

DVD Architect Studio 5.0 (x32 Version: 5.0.157)

Evernote v. 4.5.2 (x32 Version: 4.5.2.5904)

F.lux (HKCU)

FDUx86 (x32 Version: 1.0.0)

Google Chrome (HKCU Version: 28.0.1500.72)

Gotham City Impostors: Free To Play (x32)

Intel® Control Center (x32 Version: 1.2.1.1007)

Intel® Management Engine Components (x32 Version: 8.0.2.1410)

Intel® OpenCL CPU Runtime (x32)

Intel® Processor Graphics (x32 Version: 8.15.10.2618)

Intel® Rapid Storage Technology (x32 Version: 11.0.0.1032)

Intel® USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.3.214)

Intel® Trusted Connect Service Client (Version: 1.23.605.1)

Java Auto Updater (x32 Version: 2.1.5.1)

Java 7 Update 1 (64-bit) (Version: 7.0.10)

Java 7 Update 1 (x32 Version: 7.0.10)

Junk Mail filter update (x32 Version: 15.4.3502.0922)

Just Cause 2 Demo (x32)

Kaspersky Internet Security 2012 (x32 Version: 12.0.0.445)

Keyboard_Shortcuts (x32 Version: 1.1.0.12190)

KUx86 (x32 Version: 1.0.0)

League of Legends (x32 Version: 3.0.0)

Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)

Media Gallery (Version: 2.1.0.13300)

Media Go (x32 Version: 2.0.317)

Mesh Runtime (x32 Version: 15.4.5722.2)

Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322)

Microsoft .NET Framework 4 Extended (Version: 4.0.30319)

Microsoft Application Error Reporting (Version: 12.0.6015.5000)

Microsoft Office 2007 Service Pack 3 (SP3) (x32)

Microsoft Office 2010 (x32 Version: 14.0.4763.1000)

Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)

Microsoft Office Click-to-Run 2010 (x32 Version: 14.0.4763.1000)

Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)

Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014)

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)

Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office Starter 2010 - English (x32 Version: 14.0.5139.5005)

Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Silverlight (Version: 5.1.20513.0)

Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)

Microsoft SQL Server Compact 3.5 SP2 ENU (x32 Version: 3.5.8080.0)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319)

Microsoft XNA Framework Redistributable 4.0 (x32 Version: 4.0.20823.0)

MicroVolts (x32)

Mozilla Firefox 21.0 (x86 en-US) (x32 Version: 21.0)

Mozilla Firefox Packages (HKCU)

MSVCRT (x32 Version: 15.4.2862.0708)

MSVCRT Redists (x32 Version: 1.0)

MSVCRT_amd64 (x32 Version: 15.4.2862.0708)

MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0)

MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)

MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)

Oasis2Service (x32 Version: 1.0.4)

Pando Media Booster (x32 Version: 2.6.0.7)

PC Tools Registry Mechanic 11.1 (x32 Version: 11.1)

Play Pickle Games Console (HKCU Version: 1.1.4)

PlayMemories Home (x32 Version: 6.1.01.14210)

PlayReady PC Runtime amd64 (Version: 1.3.0)

PlayStation®Network Downloader (x32 Version: 2.07.00849)

PlayStation®Store (x32 Version: 4.5.15.13232)

Portal (x32)

Qualcomm Atheros Direct Connect (x32 Version: 3.1)

Qualcomm Atheros WiFi Driver Installation (x32 Version: 3.0)

QuickTime (x32 Version: 7.71.80.42)

Reader for PC (x32 Version: 1.1.02.10070)

Realtek High Definition Audio Driver (x32 Version: 6.0.1.6564)

Realtek PCIE Card Reader (x32 Version: 6.1.7601.91)

Remote Keyboard (x32 Version: 1.2.0.09270)

Remote Play with PlayStation®3 (x32 Version: 1.1.0.21090)

rosoft .NET Framework 4 Client Profile (Version: 4.0.30319)

Skype™ 5.10 (x32 Version: 5.10.116)

Slender (HKCU Version: 1.0.0)

Sound Forge Audio Studio 10.0 (x32 Version: 10.0.176)

SSLx64 (Version: 1.0.0)

SSLx86 (x32 Version: 1.0.0)

Steam (x32 Version: 1.0.0.0)

Strongvault Online Backup (x32 Version: 2.1.4.0)

swMSM (x32 Version: 12.0.0.1)

Synaptics Pointing Device Driver (Version: 16.0.1.0)

Team Fortress 2 (x32)

Team Fortress Classic (x32)

Terraria (x32)

TrackID with BRAVIA (x32 Version: 1.2.0.09270)

TriDef 3D (Sony) 2.0.5 (x32 Version: 2.0.5)

Unity Web Player (HKCU Version: )

Update for 2007 Microsoft Office System (KB967642) (x32)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)

Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32)

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32)

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)

Update for Microsoft Office Excel 2007 Help (KB963678) (x32)

Update for Microsoft Office OneNote 2007 Help (KB963670) (x32)

Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32)

Update for Microsoft Office Script Editor Help (KB963671) (x32)

Update for Microsoft Office Word 2007 Help (KB963665) (x32)

V3DPx86 (x32 Version: 1.0.0)

VAIO - Microsoft Visual C++ 2010 SP1 Runtime 10.0.40219.325 (Version: 1.0.00.01300)

VAIO - PlayMemories Home Plug-in (Version: 2.0.00.14200)

VAIO - Remote Keyboard (x32 Version: 1.2.0.09270)

VAIO - Remote Keyboard with PlayStation®3 (x32 Version: 1.2.0.09210)

VAIO - Remote Play with PlayStation®3 (x32 Version: 1.1.0.21090)

VAIO - TrackID™ with BRAVIA (x32 Version: 1.2.0.09270)

VAIO 3D Portal (x32 Version: 1.2.0.10131)

VAIO Care (Version: 7.3.0.14170)

VAIO Control Center (x32 Version: 5.2.1.15070)

VAIO CPU Fan Diagnostic (x32 Version: 1.1.0.09200)

VAIO Data Restore Tool (x32 Version: 1.9.0.13190)

VAIO Easy Connect (x32 Version: 1.1.2.01120)

VAIO Gate (x32 Version: 2.4.1.09230)

VAIO Gate Default (x32 Version: 2.5.2.02090)

VAIO Gesture Control (x32 Version: 1.0.0.12300)

VAIO Help and Support (x32 Version: 17.00.0109)

VAIO Improvement (x32 Version: 1.3.0.12280)

VAIO Manual (x32 Version: 2.3.0.12300)

VAIO Messenger (x32 Version: 2.0.550.0)

VAIO OOBE (x32 Version: 12.2.1.2483)

VAIO Sample Contents (x32 Version: 1.4.0.09010)

VAIO Satisfaction Survey. (x32 Version: 3.0)

VAIO Smart Network (x32 Version: 3.11.1.15220)

VAIO Transfer Support (x32 Version: 1.7.0.02231)

VCCx64 (Version: 1.0.0)

VCCx86 (x32 Version: 1.0.0)

Vegas Movie Studio HD Platinum 11.0 (x32 Version: 11.0.256)

VHD (x32 Version: 1.0.0)

VIx64 (Version: 1.0.0)

VIx86 (x32 Version: 1.0.0)

VMLx86 (x32 Version: 1.0.0)

VPMx64 (Version: 1.0.0)

VSNx64 (Version: 1.0.0)

VSNx86 (x32 Version: 1.0.0)

VSSTx64 (Version: 1.0.0)

VSSTx86 (x32 Version: 1.0.0)

VU5x64 (Version: 1.1.0)

VU5x86 (x32 Version: 1.0.0)

VU5x86 (x32 Version: 1.1.0)

VWSTx86 (x32 Version: 1.0.0)

Windows Live Communications Platform (x32 Version: 15.4.3502.0922)

Windows Live Essentials (x32 Version: 15.4.3502.0922)

Windows Live Essentials (x32 Version: 15.4.3538.0513)

Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)

Windows Live Installer (x32 Version: 15.4.3502.0922)

Windows Live Language Selector (Version: 15.4.3538.0513)

Windows Live Mail (x32 Version: 15.4.3502.0922)

Windows Live Mesh (x32 Version: 15.4.3502.0922)

Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)

Windows Live Messenger (x32 Version: 15.4.3538.0513)

Windows Live MIME IFilter (Version: 15.4.3502.0922)

Windows Live Movie Maker (x32 Version: 15.4.3502.0922)

Windows Live Photo Common (x32 Version: 15.4.3502.0922)

Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)

Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)

Windows Live Remote Client (Version: 15.4.5722.2)

Windows Live Remote Client Resources (Version: 15.4.5722.2)

Windows Live Remote Service (Version: 15.4.5722.2)

Windows Live Remote Service Resources (Version: 15.4.5722.2)

Windows Live SOXE (x32 Version: 15.4.3502.0922)

Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)

Windows Live UX Platform (x32 Version: 15.4.3502.0922)

Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)

Windows Live Writer (x32 Version: 15.4.3502.0922)

Windows Live Writer Resources (x32 Version: 15.4.3502.0922)

WinRAR 4.20 (32-bit) (x32 Version: 4.20.0)

Yahoo! Messenger (x32)

Yahoo! Software Update (x32)

 

==================== Restore Points  =========================

 

30-07-2013 18:46:03 Windows Update

30-07-2013 19:27:59 Installed DirectX

30-07-2013 19:29:22 Installed Microsoft Visual C++ 2005 Redistributable

31-07-2013 01:16:25 Installed DirectX

03-08-2013 20:56:35 Uniblue SpeedUpMyPC installation

06-08-2013 07:05:37 Windows Update

06-08-2013 12:58:07 Windows Defender Checkpoint

07-08-2013 15:53:15 Windows Update

 

==================== Hosts content: ==========================

 

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (whitelisted) =============

 

Task: {10005656-696C-413D-AEC3-121DD150BADD} - System32\Tasks\Sony Corporation\Sony Home Network Library\SOHLib TaskTray => C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe [2012-01-06] (Sony Corporation)

Task: {162A0DA8-9659-47FC-86BF-EA7B262EEEE6} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-13] (Microsoft Corporation)

Task: {1970529C-0010-44C0-9A0E-7387C0C418DF} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementMonitorUser => C:\Program Files\Sony\VAIO Improvement\vim.exe [2011-12-27] (Sony Corporation)

Task: {1D8A7FB2-2FF9-46CF-91E8-AA5A96EAB20B} - System32\Tasks\VAIO® Messenger (Administrator) => C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe [2013-07-03] (Digital Delivery Networks, Inc.)

Task: {1E5754C4-E0B5-4E88-9B06-1978174C87DB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2281063097-3860207789-260810463-1001UA => C:\Users\Olivia\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-12] (Google Inc.)

Task: {242ECB2E-9A9E-4DD3-803F-5E3AF5E5C6EC} - System32\Tasks\Sony Corporation\VAIO Personalization Manager\VpmLM Task Music Olivia => C:\Program Files\Sony\VAIO Personalization Manager\VpmLM.exe [2011-10-03] (Sony Corporation)

Task: {2A47743F-80F5-4061-BDF5-075488D1B4E8} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\viuploader.exe [2011-12-27] (Sony Corporation)

Task: {3990CBB4-C2F0-4966-8422-51E363EC1F29} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Daily => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-03-07] (Sony Corporation)

Task: {547B00D1-3202-428A-B605-31EA94A36353} - \RunAsStdUser Task No Task File

Task: {55373CA3-7266-42B0-AB5C-ABA698301B9F} - System32\Tasks\VHDInformationCheck => C:\Program Files (x86)\Sony\VAIO Recovery\plugins\InformationCheck.exe [2012-02-24] (Sony Corporation)

Task: {5A1F31F8-C399-4901-BF86-1D2580296A7E} - System32\Tasks\Sony Corporation\VAIO Care\VAU => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-01-31] (Sony Corporation)

Task: {6A6B3581-A0BD-42D3-8FEE-FD354AFBE39D} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-01-31] (Sony Corporation)

Task: {7359BA1A-B92A-4B51-B18D-254E83C021E1} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-01-31] (Sony Corporation)

Task: {74DCE4E1-C9B3-4A03-82C0-19997AF51C49} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-11] (Adobe Systems Incorporated)

Task: {7AF1851E-054A-4498-89FC-710A7B98180F} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2011-09-23] (Sony Corporation)

Task: {82D9D9A3-C069-45C3-A816-3D58295B9324} - System32\Tasks\DDNi Startup => C:\Program Files (x86)\DDNi\Oasis\DDNiStartup.exe [2013-07-03] (Digital Delivery Networks, Inc.)

Task: {9826E515-C0D9-48A0-B085-934173E22CDF} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task

Task: {9BC534C3-D612-45E3-8491-6A8064EA2264} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Month => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-03-07] (Sony Corporation)

Task: {A7B8EA6E-187B-4C5F-B4EF-FBEBE8C35039} - System32\Tasks\RMAutoUpdate => C:\Program Files (x86)\PC Tools Registry Mechanic\SULauncher.exe [2012-11-27] (PC Tools)

Task: {A8CEA257-C743-4EDF-A2C7-A4C678B3608F} - System32\Tasks\Sony Corporation\VAIO Care\CRMReminder => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-01-31] (Sony Corporation)

Task: {AD7E3629-22BB-4DD9-86A6-E9726E2D5E8A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2281063097-3860207789-260810463-1001Core => C:\Users\Olivia\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-12] (Google Inc.)

Task: {B2CE0122-CC60-4C43-BE1D-D284838B32DB} - System32\Tasks\VAIO® Messenger (Olivia) => C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe [2013-07-03] (Digital Delivery Networks, Inc.)

Task: {B33AFD6F-7B28-429D-8B06-651D716B2FB5} - System32\Tasks\Sony Corporation\VAIO Gesture Control\VCGULogonTask => C:\Program Files (x86)\Sony\VAIO Camera Gesture Utility\VCGU.exe [2011-12-27] (Sony Corporation)

Task: {C005359E-330B-42BB-8D1E-376DCCBA472B} - System32\Tasks\USER_ESRV_SVC => C:\Windows\System32\Wscript.exe [2009-07-13] (Microsoft Corporation)

Task: {CCFA870E-4312-497C-A7CD-4C82861FF0D1} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-01-31] (Sony Corporation)

Task: {D030A59E-0D98-4A7B-AA16-8D5411A1B106} - System32\Tasks\Sony Corporation\VAIO Gate\StartExecuteProxy => C:\Program Files\Sony\VAIO Gate\ExecutionProxy.exe [2011-09-23] (Sony Corporation)

Task: {DA48CE70-7CAA-44AF-95B1-270DF99A1D8A} - System32\Tasks\RMSchedule => C:\Program Files (x86)\PC Tools Registry Mechanic\RegMech.exe [2012-11-27] (PC Tools)

Task: {DB930CE6-B223-4F14-8EFA-AB3FEAD1FC2E} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementMonitorSystem => C:\Program Files\Sony\VAIO Improvement\vim.exe [2011-12-27] (Sony Corporation)

Task: {DC2E20CE-3F6C-471E-9BF2-2C3C85594331} - System32\Tasks\Sony Corporation\VAIO Care\AutoCheckMessage => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-01-31] (Sony Corporation)

Task: {E5F6F3A0-6703-44B9-8A15-0356310D508B} - System32\Tasks\Sony\Keyboard Shortcuts => C:\Program Files (x86)\Sony\Keyboard Shortcuts\KeyboardShortcuts.exe [2012-03-20] ()

Task: {E6F8DA22-686D-4AA1-8904-AEDEDEA3D2AF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {E7B1DFA2-AA4A-42D9-ADAD-3EA3566A6B18} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-01-31] (Sony Corporation)

Task: {F1A862FE-E30A-4ECF-8FF2-58EE4E8763B1} - System32\Tasks\Advanced System Protector_startup => C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe [2013-04-09] (Systweak)

Task: {FB1F3930-7FAD-4C36-A911-73643A6F256D} - System32\Tasks\Sony Corporation\VAIO Smart Network\VSN Logon Start => C:\Windows\System32\net No File

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2281063097-3860207789-260810463-1001Core.job => C:\Users\Olivia\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2281063097-3860207789-260810463-1001UA.job => C:\Users\Olivia\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\RMAutoUpdate.job => C:\Program Files (x86)\PC Tools Registry Mechanic\SULauncher.exe

Task: C:\Windows\Tasks\RMSchedule.job => C:\Program Files (x86)\PC Tools Registry Mechanic\RegMech.exe

 

==================== Faulty Device Manager Devices =============

 

Name: Security Processor Loader Driver

Description: Security Processor Loader Driver

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer: 

Service: spldr

Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)

Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.

Devices stay in this state if they have been prepared for removal.

After you remove the device, this error disappears.Remove the device, and this error should be resolved.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (08/08/2013 08:30:00 AM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (08/07/2013 05:45:51 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (08/07/2013 03:14:28 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (08/07/2013 01:09:03 PM) (Source: Application Error) (User: )

Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1

Faulting module name: MSHTML.dll, version: 10.0.9200.16635, time stamp: 0x51b7ad9b

Exception code: 0xc0000005

Fault offset: 0x000000000064de43

Faulting process id: 0x1c24

Faulting application start time: 0xsvchost.exe0

Faulting application path: svchost.exe1

Faulting module path: svchost.exe2

Report Id: svchost.exe3

 

Error: (08/07/2013 00:44:33 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (08/07/2013 00:42:02 PM) (Source: Application Error) (User: )

Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1

Faulting module name: MSHTML.dll, version: 10.0.9200.16635, time stamp: 0x51b7ad9b

Exception code: 0xc0000005

Fault offset: 0x000000000064de43

Faulting process id: 0xce4

Faulting application start time: 0xsvchost.exe0

Faulting application path: svchost.exe1

Faulting module path: svchost.exe2

Report Id: svchost.exe3

 

Error: (08/07/2013 00:24:19 PM) (Source: Application Error) (User: )

Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1

Faulting module name: MSHTML.dll, version: 10.0.9200.16635, time stamp: 0x51b7ad9b

Exception code: 0xc0000005

Fault offset: 0x000000000064de43

Faulting process id: 0xf40

Faulting application start time: 0xsvchost.exe0

Faulting application path: svchost.exe1

Faulting module path: svchost.exe2

Report Id: svchost.exe3

 

Error: (08/07/2013 00:21:30 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (08/07/2013 00:18:30 PM) (Source: Application Error) (User: )

Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1

Faulting module name: ieframe.dll, version: 10.0.9200.16635, time stamp: 0x51b7ad13

Exception code: 0xc0000005

Fault offset: 0x000000000002c74a

Faulting process id: 0xf84

Faulting application start time: 0xsvchost.exe0

Faulting application path: svchost.exe1

Faulting module path: svchost.exe2

Report Id: svchost.exe3

 

Error: (08/07/2013 00:14:08 PM) (Source: Application Error) (User: )

Description: Faulting application name: KeyboardShortcuts.exe, version: 1.1.0.12190, time stamp: 0x4ef1961d

Faulting module name: KERNELBASE.dll, version: 6.1.7601.18015, time stamp: 0x50b83c8a

Exception code: 0xe0434352

Fault offset: 0x0000c41f

Faulting process id: 0x19b4

Faulting application start time: 0xKeyboardShortcuts.exe0

Faulting application path: KeyboardShortcuts.exe1

Faulting module path: KeyboardShortcuts.exe2

Report Id: KeyboardShortcuts.exe3

 

 

System errors:

=============

Error: (08/08/2013 08:29:10 AM) (Source: Service Control Manager) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 

%%1068

 

Error: (08/08/2013 08:29:10 AM) (Source: Service Control Manager) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 

%%1068

 

Error: (08/08/2013 08:29:10 AM) (Source: Service Control Manager) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 

%%1068

 

Error: (08/08/2013 08:29:09 AM) (Source: Service Control Manager) (User: )

Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: 

%%1068

 

Error: (08/08/2013 08:29:06 AM) (Source: Service Control Manager) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 

%%1068

 

Error: (08/08/2013 08:29:06 AM) (Source: Service Control Manager) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 

%%1068

 

Error: (08/08/2013 08:29:06 AM) (Source: Service Control Manager) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 

%%1068

 

Error: (08/08/2013 08:29:02 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)

Description: WLAN Extensibility Module has failed to start.

 

Module Path: C:\Program Files (x86)\Qualcomm Atheros WiFi Driver Installation\AthIhvWlanExt.dll

Error Code: 21

 

Error: (08/08/2013 08:28:51 AM) (Source: DCOM) (User: )

Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

 

Error: (08/08/2013 08:28:51 AM) (Source: DCOM) (User: )

Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

 

 

Microsoft Office Sessions:

=========================

 

CodeIntegrity Errors:

===================================

  Date: 2013-08-08 08:18:10.232

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-08-07 17:44:45.427

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-08-07 11:42:20.335

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-08-07 11:37:51.828

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-08-07 10:59:36.080

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-08-06 23:52:21.459

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-08-06 23:45:42.082

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-08-06 22:17:19.276

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-08-06 22:11:54.745

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-08-06 22:06:39.474

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

 

 

==================== Memory info =========================== 

 

Percentage of memory in use: 21%

Total physical RAM: 6046.36 MB

Available physical RAM: 4752.73 MB

Total Pagefile: 12090.89 MB

Available Pagefile: 10853.08 MB

Total Virtual: 8192 MB

Available Virtual: 8191.81 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:679.8 GB) (Free:544.9 GB) NTFS (Disk=0 Partition=3)

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 0CAD94FF)

Partition 1: (Not Active) - (Size=18 GB) - (Type=27)

Partition 2: (Active) - (Size=350 MB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=680 GB) - (Type=07 NTFS)

 

==================== End Of Log ============================

Link to post
Share on other sites

Step 1

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  • Step 2

    Please download AdwCleaner by Xplode onto your desktop.

    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile with your next answer.
    • You can find the logfile at C:\AdwCleaner[s1].txt as well.
    Step 3

    Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

    Please visit this webpage and read the ComboFix User's Guide:

    • Once you've read the article and are ready to use the program you can download it directly from the link below.
    • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
    • Direct download link for: ComboFix.exe
    • Please make sure you disable your security applications before running ComboFix.
    • Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
    • Please copy/paste the contents or attach that log file to your next reply.
    • If needed the file can be located here: C:\combofix.txt
    • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.
    In your next reply, post the following log files:
    • Junkware Removal Tool log
    • AdwCleaner log
    • ComboFix log
Link to post
Share on other sites

I just wanted to say thank you for continuing to follow up with me and helping me. I will most def. be sending a donation your way next time I get paid (even if all this doesn't fix my laptop), you guys are amazing!!

 

Also, I failed to mention that I was running all of this in safe mode with networking. Not sure if that makes a difference at all.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.3.8 (08.07.2013:4)
OS: Windows 7 Home Premium x64
Ran by Olivia on Thu 08/08/2013 at 13:43:52.39
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-2281063097-3860207789-260810463-1001\Software\Microsoft\Internet Explorer\Main\\Start Page
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\distromatic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\stronghold online backup
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\systweak
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\trolltech
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\alxssb.alxtbssb
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\alxssb.alxtbssb.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3298566
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{23011D9A-E926-4957-A8F2-758D67AC7312}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{281CF51C-DC45-44AD-98C1-38C54F6BEFBF}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
 
 
 
~~~ Files
 
Successfully deleted [File] C:\Windows\Tasks\rmschedule.job
Successfully deleted: [File] "C:\end"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\dealplylive"
Successfully deleted: [Folder] "C:\ProgramData\strongvault online backup"
Successfully deleted: [Folder] "C:\ProgramData\systweak"
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\Users\Olivia\AppData\Roaming\advanced system protector"
Successfully deleted: [Folder] "C:\Users\Olivia\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\Olivia\AppData\Roaming\dealply"
Successfully deleted: [Folder] "C:\Users\Olivia\AppData\Roaming\goforfiles"
Successfully deleted: [Folder] "C:\Users\Olivia\AppData\Roaming\registry mechanic"
Successfully deleted: [Folder] "C:\Users\Olivia\AppData\Roaming\searchprotect"
Successfully deleted: [Folder] "C:\Users\Olivia\AppData\Roaming\strongvault"
Successfully deleted: [Folder] "C:\Users\Olivia\AppData\Roaming\systweak"
Successfully deleted: [Folder] "C:\Users\Olivia\AppData\Roaming\uniblue\speedupmypc"
Successfully deleted: [Folder] "C:\Users\Olivia\AppData\Roaming\web cake"
Successfully deleted: [Folder] "C:\Users\Olivia\appdata\local\dealplylive"
Successfully deleted: [Folder] "C:\Users\Olivia\appdata\local\strongvault"
Successfully deleted: [Folder] "C:\Users\Olivia\appdata\local\strongvault online backup"
Successfully deleted: [Folder] "C:\Users\Olivia\appdata\local\swvupdater"
Successfully deleted: [Folder] "C:\Users\Olivia\appdata\local\visi_coupon"
Successfully deleted: [Folder] "C:\Users\Olivia\appdata\locallow\babylontoolbar"
Successfully deleted: [Folder] "C:\Users\Olivia\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Olivia\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Program Files (x86)\advanced system protector"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\dealply"
Successfully deleted: [Folder] "C:\Program Files (x86)\dealplylive"
Successfully deleted: [Folder] "C:\Program Files (x86)\lyrics_monkey"
Successfully deleted: [Folder] "C:\Program Files (x86)\mypc backup"
Successfully deleted: [Folder] "C:\Program Files (x86)\oapps"
Successfully deleted: [Folder] "C:\Program Files (x86)\strongvault online backup"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\advanced system protector"
Successfully deleted: [Folder] "C:\Users\Olivia\AppData\Roaming\microsoft\windows\start menu\programs\dealply"
Successfully deleted: [Folder] "C:\Users\Olivia\AppData\Roaming\microsoft\windows\start menu\programs\strongvault online backup"
Successfully deleted: [Folder] "C:\ai_recyclebin"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\Olivia\appdata\local\{1836E39C-A8DB-4B14-BA15-A2064EA5755D}
Successfully deleted: [Empty Folder] C:\Users\Olivia\appdata\local\{55E2BF62-57BB-4955-8021-95A5138F4420}
Successfully deleted: [Empty Folder] C:\Users\Olivia\appdata\local\{A5C9D13D-05DC-4C83-B9FD-05746897B702}
Successfully deleted: [Empty Folder] C:\Users\Olivia\appdata\local\{C8108FA6-8313-4FEE-B983-26907E7B0D55}
Successfully deleted: [Empty Folder] C:\Users\Olivia\appdata\local\{DAB6E994-57AF-4D26-98D0-2EE045DF9E39}
Successfully deleted: [Empty Folder] C:\Users\Olivia\appdata\local\{F3022282-C212-4243-9260-AF39A57E5370}
 
 
 
~~~ FireFox
 
Successfully deleted: [File] C:\Users\Olivia\AppData\Roaming\mozilla\firefox\profiles\a5l2oido.default\user.js
Successfully deleted: [File] C:\Users\Olivia\AppData\Roaming\mozilla\firefox\profiles\a5l2oido.default\searchplugins\babylon.xml
Successfully deleted: [Folder] C:\Users\Olivia\AppData\Roaming\mozilla\firefox\profiles\a5l2oido.default\smartbar
Successfully deleted: [Folder] C:\Users\Olivia\AppData\Roaming\mozilla\firefox\profiles\a5l2oido.default\extensions\125
Successfully deleted: [Folder] C:\Users\Olivia\AppData\Roaming\mozilla\firefox\profiles\a5l2oido.default\extensions\{906000a4-88d9-4d52-b209-7a772970d91f}
Successfully deleted the following from C:\Users\Olivia\AppData\Roaming\mozilla\firefox\profiles\a5l2oido.default\prefs.js
 
user_pref("CT3290238.installType", "conduitnsisintegration");
user_pref("CT3290238.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9wcmljZWdvbmcuY29uZHVpdGFwcHMuY29tL01BTS92MS9odG1sX2NvbXAuaHRtbCIsIm9wdGlvbnN
user_pref("CT3290238.search.searchAppId", "130070432565212939");
user_pref("CT3290238.search.searchCount", "0");
user_pref("CT3290238.smartbar.CTID", "CT3290238");
user_pref("CT3290238.smartbar.Uninstall", "0");
user_pref("CT3290238.smartbar.homepage", "true");
user_pref("CT3290238.smartbar.isHidden", true);
user_pref("CT3290238.smartbar.toolbarName", "New Great Fun V1 ");
user_pref("Smartbar.ConduitHomepagesList", "");
user_pref("Smartbar.ConduitSearchEngineList", "");
user_pref("Smartbar.ConduitSearchUrlList", "");
user_pref("Smartbar.keywordURLSelectedCTID", "CT3298566");
user_pref("browser.search.defaultthis.engineName", "MixiDJ V30 Customized Web Search");
user_pref("extensions.AMAZONNEW_NS_PH.searchconf", "{\n  \"google\" : {\n    \"urlexp\" : \"hxxp(s)?:\\\\/\\\\/www\\\\.google\\\\..*\\\\/.*[?#&]q=([^&]+)\",\n    \"rankometer\
user_pref("smartbar.addressBarOwnerCTID", "CT3290238");
user_pref("smartbar.defaultSearchOwnerCTID", "CT3298566");
user_pref("smartbar.machineId", "RASRDIKWYGDGMN6JMJL2KJRYZSERMYHDT14VLBRGSGRFVESIDVV2RUZMUQO5QAR0VIOSNP3E/LQKZ25WLV252A");
user_pref("smartbar.originalHomepage", "about:home");
user_pref("smartbar.originalSearchEngine", "New Great Fun V1 Customized Web Search");
Emptied folder: C:\Users\Olivia\AppData\Roaming\mozilla\firefox\profiles\a5l2oido.default\minidumps [49 files]
 
 
 
~~~ Chrome
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google\Chrome\extensioninstallforcelist [blacklisted Policy]
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\extensioninstallforcelist [blacklisted Policy]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 08/08/2013 at 13:53:09.78
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
 
 
 
 
# AdwCleaner v2.306 - Logfile created 08/08/2013 at 13:56:30
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Olivia - OLIVIA-VAIO
# Boot Mode : Safe mode with networking
# Running from : C:\Users\Olivia\Downloads\AdwCleaner.exe
# Option [Delete]
 
 
***** [services] *****
 
 
***** [Files / Folders] *****
 
File Deleted : C:\Users\Olivia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Deleted : C:\Users\Olivia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
File Deleted : C:\Users\Olivia\AppData\Roaming\Mozilla\Firefox\Profiles\a5l2oido.default\searchplugins\BrowserDefender.xml
Folder Deleted : C:\Users\Olivia\AppData\Roaming\Mozilla\Firefox\Profiles\a5l2oido.default\CT3268935
Folder Deleted : C:\Users\Olivia\AppData\Roaming\Mozilla\Firefox\Profiles\a5l2oido.default\CT3303002
Folder Deleted : C:\Users\Olivia\AppData\Roaming\Mozilla\Firefox\Profiles\a5l2oido.default\extensions\{7f7f82f1-7c95-47cd-814f-950b56d58fc3}
Folder Deleted : C:\Users\Olivia\AppData\Roaming\Mozilla\Firefox\Profiles\a5l2oido.default\extensions\{845cab51-d8d2-472f-8bd9-2b44642d97c2}
 
***** [Registry] *****
 
Key Deleted : HKCU\Software\Alexa Internet
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1F02FB61-2BE5-4C16-8199-AEAA16EB0342}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DA9FC525-41ED-4C00-B046-946DA7CDD305}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E57091A7-B5F0-4C42-9329-72ED3E59ED31}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E57091A7-B5F0-4C42-9329-72ED3E59ED31}
 
***** [internet Browsers] *****
 
-\\ Internet Explorer v10.0.9200.16635
 
[OK] Registry is clean.
 
-\\ Mozilla Firefox v21.0 (en-US)
 
File : C:\Users\Olivia\AppData\Roaming\Mozilla\Firefox\Profiles\a5l2oido.default\prefs.js
 
Deleted : user_pref("CT3290238.CT3290238ads1.enc", "JTdCJTIyYWRzJTIyJTNBJTVCJTdCJTIyYWlkJTIyJTNBJTIyMzY2ODElMj[...]
Deleted : user_pref("CT3290238.CT3290238current_term.enc", "");
Deleted : user_pref("CT3290238.CT3290238sdate.enc", "Nw==");
Deleted : user_pref("CT3290238.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3290238.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Deleted : user_pref("CT3290238.FF19Solved", "true");
Deleted : user_pref("CT3290238.FirstTime", "true");
Deleted : user_pref("CT3290238.FirstTimeFF3", "true");
Deleted : user_pref("CT3290238.PG_ENABLE", "dHJ1ZQ==");
Deleted : user_pref("CT3290238.PG_ENABLE.enc", "dHJ1ZQ==");
Deleted : user_pref("CT3290238.PrintItGreenStatus.enc", "dHJ1ZQ==");
Deleted : user_pref("CT3290238.SF_JUST_INSTALLED.enc", "RkFMU0U=");
Deleted : user_pref("CT3290238.SF_STATUS.enc", "RU5BQkxFRA==");
Deleted : user_pref("CT3290238.SF_USER_ID.enc", "Y2lkXzY1MjAxMzE2MjQzNTc5Mzk1Nw==");
Deleted : user_pref("CT3290238.UserID", "UN30664627739710875");
Deleted : user_pref("CT3290238.addressBarTakeOverEnabledInHidden", "true");
Deleted : user_pref("CT3290238.autoDisableScopes", -1);
Deleted : user_pref("CT3290238.browser.search.defaultthis.engineName", "true");
Deleted : user_pref("CT3290238.countryCode", "US");
Deleted : user_pref("CT3290238.defaultSearch", "true");
Deleted : user_pref("CT3290238.enableAlerts", "true");
Deleted : user_pref("CT3290238.enableFix404ByUser", "TRUE");
Deleted : user_pref("CT3290238.enableSearchFromAddressBar", "true");
Deleted : user_pref("CT3290238.firstTimeDialogOpened", "true");
Deleted : user_pref("CT3290238.fixPageNotFoundError", "true");
Deleted : user_pref("CT3290238.fixPageNotFoundErrorByUser", "true");
Deleted : user_pref("CT3290238.fixPageNotFoundErrorInHidden", "true");
Deleted : user_pref("CT3290238.fixUrls", true);
Deleted : user_pref("CT3290238.fullUserID", "UN30664627739710875.UP.20130704192550");
Deleted : user_pref("CT3290238.hxxp___cdn_printitgreen_com.APP_WIN_FEATURES.enc", "cmVzaXphYmxlPW5vLGhzY3JvbGw[...]
Deleted : user_pref("CT3290238.installDate", "4/5/2013 19:10:22");
Deleted : user_pref("CT3290238.installId", "stub.exe");
Deleted : user_pref("CT3290238.installSessionId", "{3ACB081C-B455-4781-964C-12837EE84870}");
Deleted : user_pref("CT3290238.installSp", "TRUE");
Deleted : user_pref("CT3290238.installUsage", "2013-05-05T02:11:53.9797188+03:00");
Deleted : user_pref("CT3290238.installUsageEarly", "2013-05-05T02:11:54.0106346+03:00");
Deleted : user_pref("CT3290238.installerVersion", "1.4.1.3");
Deleted : user_pref("CT3290238.isCheckedStartAsHidden", true);
Deleted : user_pref("CT3290238.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3290238.isFirstTimeToolbarLoading", "false");
Deleted : user_pref("CT3290238.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT3290238.keyword", "true");
Deleted : user_pref("CT3290238.lastVersion", "10.16.4.519");
Deleted : user_pref("CT3290238.mam_gk_appStateReportTime.enc", "MTM2Nzk1NzMxMzIyMw==");
Deleted : user_pref("CT3290238.mam_gk_appState_CouponBuddy.enc", "b24=");
Deleted : user_pref("CT3290238.mam_gk_appState_Easytobook.enc", "b24=");
Deleted : user_pref("CT3290238.mam_gk_appState_Easytobook_targeted.enc", "b24=");
Deleted : user_pref("CT3290238.mam_gk_appState_PriceGong.enc", "b24=");
Deleted : user_pref("CT3290238.mam_gk_appState_WindowShopper.enc", "b24=");
Deleted : user_pref("CT3290238.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
Deleted : user_pref("CT3290238.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IkVhc3l0b2Jvb2tfdGF[...]
Deleted : user_pref("CT3290238.mam_gk_currentVersion.enc", "MS40LjQuNg==");
Deleted : user_pref("CT3290238.mam_gk_eventsCache.enc", "eyI5ZTU1MmNmYy1hNjk2LTQ2MjctOTVmMC00YjU2NDczZDQ0NTAiO[...]
Deleted : user_pref("CT3290238.mam_gk_first_time.enc", "MQ==");
Deleted : user_pref("CT3290238.mam_gk_gadgetOpen.enc", "d2VsY29tZQ==");
Deleted : user_pref("CT3290238.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Deleted : user_pref("CT3290238.mam_gk_lastLoginTime.enc", "MTM2Nzk1NzMwOTI1OA==");
Deleted : user_pref("CT3290238.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50[...]
Deleted : user_pref("CT3290238.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Deleted : user_pref("CT3290238.mam_gk_settings1.4.4.6.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVyd[...]
Deleted : user_pref("CT3290238.mam_gk_showCloseButton.enc", "dHJ1ZQ==");
Deleted : user_pref("CT3290238.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Deleted : user_pref("CT3290238.mam_gk_userId.enc", "ZmNhZDNiNmYtMmFlMC00OGQ0LTgwNGUtODlkN2E4MTI5ZjZj");
Deleted : user_pref("CT3290238.migrateAppsAndComponents", true);
Deleted : user_pref("CT3290238.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.youtube.com%[...]
Deleted : user_pref("CT3290238.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Deleted : user_pref("CT3290238.openThankYouPage", "false");
Deleted : user_pref("CT3290238.openUninstallPage", "true");
Deleted : user_pref("CT3290238.revertSettingsEnabled", "false");
Deleted : user_pref("CT3290238.searchFromAddressBarEnabledByUser", "true");
Deleted : user_pref("CT3290238.searchInNewTabEnabledByUser", "true");
Deleted : user_pref("CT3290238.searchInNewTabEnabledInHidden", "true");
Deleted : user_pref("CT3290238.searchRevert", "false");
Deleted : user_pref("CT3290238.searchSuggestEnabledByUser", "false");
Deleted : user_pref("CT3290238.searchUserMode", "2");
Deleted : user_pref("CT3290238.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3290238.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Deleted : user_pref("CT3290238.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Deleted : user_pref("CT3290238.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Deleted : user_pref("CT3290238.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3290238.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3290238.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Deleted : user_pref("CT3290238.serviceLayer_services_Configuration_lastUpdate", "1374581130085");
Deleted : user_pref("CT3290238.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1368731375217");
Deleted : user_pref("CT3290238.serviceLayer_services_appsMetadata_lastUpdate", "1369178072874");
Deleted : user_pref("CT3290238.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1368920055097");
Deleted : user_pref("CT3290238.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1367709109[...]
Deleted : user_pref("CT3290238.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1367709109451")[...]
Deleted : user_pref("CT3290238.serviceLayer_services_location_lastUpdate", "1372459290773");
Deleted : user_pref("CT3290238.serviceLayer_services_login_10.15.2.23_lastUpdate", "1367790403971");
Deleted : user_pref("CT3290238.serviceLayer_services_login_10.15.2.523_lastUpdate", "1368561445632");
Deleted : user_pref("CT3290238.serviceLayer_services_login_10.16.2.509_lastUpdate", "1372452090380");
Deleted : user_pref("CT3290238.serviceLayer_services_login_10.16.4.519_lastUpdate", "1374581130176");
Deleted : user_pref("CT3290238.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1368920055218");
Deleted : user_pref("CT3290238.serviceLayer_services_searchAPI_lastUpdate", "1374581130028");
Deleted : user_pref("CT3290238.serviceLayer_services_serviceMap_lastUpdate", "1374581129893");
Deleted : user_pref("CT3290238.serviceLayer_services_setupAPI_lastUpdate", "1367709053693");
Deleted : user_pref("CT3290238.serviceLayer_services_toolbarContextMenu_lastUpdate", "1368920055165");
Deleted : user_pref("CT3290238.serviceLayer_services_toolbarSettings_lastUpdate", "1374581129931");
Deleted : user_pref("CT3290238.serviceLayer_services_translation_lastUpdate", "1372459290738");
Deleted : user_pref("CT3290238.settingsINI", true);
Deleted : user_pref("CT3290238.shouldFirstTimeDialog", "false");
Deleted : user_pref("CT3290238.showToolbarPermission", "false");
Deleted : user_pref("CT3290238.startPage", "true");
Deleted : user_pref("CT3290238.toolbarBornServerTime", "5-5-2013");
Deleted : user_pref("CT3290238.toolbarCurrentServerTime", "23-7-2013");
Deleted : user_pref("CT3290238.toolbarLoginClientTime", "Sat May 04 2013 19:11:46 GMT-0400 (Eastern Daylight T[...]
Deleted : user_pref("CT3290238.url_history0001.enc", "amF2YXNjcmlwdDp2b2lkKDApOzo6OmNsaWNraGFuZGxlcjo6OjEzNjc4[...]
Deleted : user_pref("CT3290238.versionFromInstaller", "10.15.2.23");
Deleted : user_pref("CT3290238_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Deleted : user_pref("CT3298566_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Deleted : user_pref("show.CT3290238", false);
 
-\\ Google Chrome v28.0.1500.72
 
File : C:\Users\Olivia\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
 
*************************
 
AdwCleaner[s1].txt - [12242 octets] - [08/08/2013 13:56:30]
 
########## EOF - C:\AdwCleaner[s1].txt - [12303 octets] ##########
 
 
 
 
ComboFix 13-08-07.01 - Olivia 08/08/2013  14:13:54.1.4 - x64 NETWORK
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6046.4161 [GMT -4:00]
Running from: c:\users\Olivia\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Outdated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\DRM\D3E8.tmp
c:\users\Olivia\Desktop\Setup.exe
c:\users\Public\AlexaNSISPlugin.42808.dll
.
.
(((((((((((((((((((((((((   Files Created from 2013-07-08 to 2013-08-08  )))))))))))))))))))))))))))))))
.
.
2013-08-08 18:21 . 2013-08-08 18:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-08 18:11 . 2013-08-08 18:11 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{848AAB3B-09D8-444C-9583-49FDB4EAA09D}\offreg.dll
2013-08-08 17:43 . 2013-08-08 17:43 -------- d-----w- c:\windows\ERUNT
2013-08-08 12:31 . 2013-08-08 12:31 -------- d-----w- C:\FRST
2013-08-07 18:01 . 2013-08-07 18:01 -------- d-----w- c:\users\Olivia\AppData\Roaming\Malwarebytes
2013-08-07 18:01 . 2013-08-07 18:01 -------- d-----w- c:\programdata\Malwarebytes
2013-08-07 18:01 . 2013-08-07 18:01 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-08-07 18:01 . 2013-04-04 18:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-08-07 16:03 . 2013-07-02 08:34 9460976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{848AAB3B-09D8-444C-9583-49FDB4EAA09D}\mpengine.dll
2013-08-06 20:04 . 2013-08-07 04:10 -------- d-----w- c:\programdata\MFAData
2013-08-06 20:04 . 2013-08-06 20:04 -------- d-----w- c:\users\Olivia\AppData\Local\MFAData
2013-08-06 20:04 . 2013-08-06 20:04 -------- d-----w- c:\users\Olivia\AppData\Local\Avg2013
2013-08-05 15:34 . 2013-08-07 15:32 -------- d-----w- c:\users\Olivia\Garrys.Mod.13.v159
2013-08-04 13:54 . 2013-08-07 15:32 -------- d-----w- c:\users\Olivia\AppData\Roaming\SmartPCFix
2013-08-04 13:54 . 2013-08-04 13:54 -------- d--h--w- c:\programdata\Common Files
2013-08-03 22:12 . 2013-08-03 22:12 -------- d-----w- c:\program files\Strogino CS Portal
2013-08-03 21:06 . 2013-08-07 15:32 -------- d-----w- c:\users\Olivia\Garrys Mod v13.07.05
2013-08-03 20:57 . 2013-08-07 15:32 -------- d-----w- c:\users\Olivia\AppData\Roaming\player
2013-08-03 20:57 . 2013-08-03 20:57 -------- d-----w- c:\program files (x86)\Tuguu SL
2013-08-03 20:56 . 2013-08-08 17:45 -------- d-----w- c:\users\Olivia\AppData\Roaming\Uniblue
2013-08-03 20:54 . 2013-08-07 15:33 -------- d-----w- c:\program files (x86)\7-Zip
2013-08-02 00:31 . 2013-08-02 00:31 -------- d-----w- c:\users\Olivia\AppData\Local\Warframe
2013-07-30 19:30 . 2013-08-07 15:33 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2013-07-28 16:44 . 2013-07-28 17:02 -------- d-----w- c:\users\Olivia\AppData\Local\Roblox
2013-07-24 15:03 . 2013-07-24 15:03 -------- d-----w- c:\users\Olivia\AppData\Local\Turbine
2013-07-24 15:03 . 2013-07-24 15:04 -------- d-----w- c:\users\Olivia\AppData\Local\ApplicationHistory
2013-07-24 13:20 . 2013-07-24 13:20 -------- d-----w- c:\windows\SysWow64\URTTEMP
2013-07-23 04:12 . 2013-08-07 15:36 -------- d-----w- c:\program files\Uninstaller
2013-07-14 07:02 . 2013-07-14 07:02 -------- d-----w- C:\592a55012c90e5e9003d
2013-07-14 05:10 . 2013-05-06 06:03 1887744 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-14 05:10 . 2013-05-06 04:56 1620480 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-07-14 05:09 . 2013-06-05 03:34 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-07-14 05:09 . 2013-04-10 05:48 1732608 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2013-07-14 05:09 . 2013-04-10 05:46 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2013-07-14 05:09 . 2013-04-10 05:46 1393152 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2013-07-14 05:09 . 2013-04-10 05:46 1367040 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-14 05:09 . 2013-04-10 05:03 936448 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-14 05:09 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-07-14 05:09 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-07-14 00:09 . 2013-05-27 05:50 1011712 ----a-w- c:\program files\Windows Defender\MpSvc.dll
2013-07-14 00:09 . 2013-05-27 05:50 571904 ----a-w- c:\program files\Windows Defender\MpClient.dll
2013-07-14 00:09 . 2013-05-27 05:50 314880 ----a-w- c:\program files\Windows Defender\MpCommu.dll
2013-07-14 00:09 . 2013-05-27 04:57 4608 ----a-w- c:\program files (x86)\Windows Defender\MsMpLics.dll
2013-07-14 00:09 . 2013-05-27 04:57 54784 ----a-w- c:\program files (x86)\Windows Defender\MpOAV.dll
2013-07-14 00:09 . 2013-05-27 04:57 392704 ----a-w- c:\program files (x86)\Windows Defender\MpClient.dll
2013-07-14 00:09 . 2013-05-27 03:15 9216 ----a-w- c:\program files (x86)\Windows Defender\MpAsDesc.dll
2013-07-14 00:08 . 2013-06-04 06:00 624128 ----a-w- c:\windows\system32\qedit.dll
2013-07-14 00:08 . 2013-06-04 04:53 509440 ----a-w- c:\windows\SysWow64\qedit.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-07 21:32 . 2012-04-28 05:40 637272 ----a-w- c:\windows\system32\drivers\klif.sys
2013-06-18 11:13 . 2013-06-18 11:13 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-06-18 11:13 . 2013-06-18 11:13 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-06-18 11:13 . 2013-06-18 11:13 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-06-18 11:13 . 2013-06-18 11:13 81408 ----a-w- c:\windows\system32\icardie.dll
2013-06-18 11:13 . 2013-06-18 11:13 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-06-18 11:13 . 2013-06-18 11:13 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-06-18 11:13 . 2013-06-18 11:13 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-06-18 11:13 . 2013-06-18 11:13 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-06-18 11:13 . 2013-06-18 11:13 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-06-18 11:13 . 2013-06-18 11:13 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-06-18 11:13 . 2013-06-18 11:13 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-06-18 11:13 . 2013-06-18 11:13 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-06-18 11:13 . 2013-06-18 11:13 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-06-18 11:13 . 2013-06-18 11:13 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-06-18 11:13 . 2013-06-18 11:13 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-06-18 11:13 . 2013-06-18 11:13 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-06-18 11:13 . 2013-06-18 11:13 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-06-18 11:13 . 2013-06-18 11:13 441856 ----a-w- c:\windows\system32\html.iec
2013-06-18 11:13 . 2013-06-18 11:13 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-06-18 11:13 . 2013-06-18 11:13 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-06-18 11:13 . 2013-06-18 11:13 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-06-18 11:13 . 2013-06-18 11:13 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-06-18 11:13 . 2013-06-18 11:13 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-06-18 11:13 . 2013-06-18 11:13 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-06-18 11:13 . 2013-06-18 11:13 235008 ----a-w- c:\windows\system32\url.dll
2013-06-18 11:13 . 2013-06-18 11:13 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-06-18 11:13 . 2013-06-18 11:13 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-06-18 11:13 . 2013-06-18 11:13 216064 ----a-w- c:\windows\system32\msls31.dll
2013-06-18 11:13 . 2013-06-18 11:13 197120 ----a-w- c:\windows\system32\msrating.dll
2013-06-18 11:13 . 2013-06-18 11:13 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-06-18 11:13 . 2013-06-18 11:13 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-06-18 11:13 . 2013-06-18 11:13 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-06-18 11:13 . 2013-06-18 11:13 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-06-18 11:13 . 2013-06-18 11:13 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-06-18 11:13 . 2013-06-18 11:13 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-06-18 11:13 . 2013-06-18 11:13 149504 ----a-w- c:\windows\system32\occache.dll
2013-06-18 11:13 . 2013-06-18 11:13 144896 ----a-w- c:\windows\system32\wextract.exe
2013-06-18 11:13 . 2013-06-18 11:13 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-06-18 11:13 . 2013-06-18 11:13 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-06-18 11:13 . 2013-06-18 11:13 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-06-18 11:13 . 2013-06-18 11:13 13824 ----a-w- c:\windows\system32\mshta.exe
2013-06-18 11:13 . 2013-06-18 11:13 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-06-18 11:13 . 2013-06-18 11:13 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-06-18 11:13 . 2013-06-18 11:13 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-06-18 11:13 . 2013-06-18 11:13 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-06-18 11:13 . 2013-06-18 11:13 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-06-18 11:13 . 2013-06-18 11:13 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-06-18 11:13 . 2013-06-18 11:13 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-06-18 11:13 . 2013-06-18 11:13 102912 ----a-w- c:\windows\system32\inseng.dll
2013-06-12 00:55 . 2012-04-28 06:28 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 00:55 . 2012-04-28 06:28 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-17 00:16 . 2011-03-29 01:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-13 05:51 . 2013-06-12 14:28 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-05-13 05:51 . 2013-06-12 14:28 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-05-13 05:51 . 2013-06-12 14:28 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-05-13 05:50 . 2013-06-12 14:28 52224 ----a-w- c:\windows\system32\certenc.dll
2013-05-13 04:45 . 2013-06-12 14:28 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-05-13 04:45 . 2013-06-12 14:28 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-05-13 04:45 . 2013-06-12 14:28 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-05-13 03:43 . 2013-06-12 14:28 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-12 14:28 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-05-13 03:08 . 2013-06-12 14:28 43008 ----a-w- c:\windows\SysWow64\certenc.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2012-05-25 6595928]
"F.lux"="c:\users\Olivia\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-07-10 1672616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-11-30 284440]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-22 291608]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2011-09-20 60552]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe" [2012-02-21 693608]
"SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2012-08-21 105120]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"avp"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2013-08-07 207040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2013-04-04 532040]
.
c:\users\Olivia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
R2 ESRV_SVC;Energy Server Service;c:\program files\Sony\VAIO Care\esrv\esrv_svc.exe --AUTO_START --start --address 127.0.0.1;c:\program files\Sony\VAIO Care\esrv\esrv_svc.exe --AUTO_START --start --address 127.0.0.1 [x]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
R2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [x]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service\Oasis2Service.exe;c:\program files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [x]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [x]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [x]
R2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe;c:\program files\Sony\VAIO Care\VCPerfService.exe [x]
R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [x]
R2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [x]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
R2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [x]
R2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [x]
R2 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [x]
R2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe;c:\program files\Sony\VAIO Smart Network\VSNService.exe [x]
R2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys;c:\windows\SYSNATIVE\DRIVERS\ArcSoftKsUFilter.sys [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\drivers\btath_hcrp.sys;c:\windows\SYSNATIVE\drivers\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\drivers\btath_rcp.sys;c:\windows\SYSNATIVE\drivers\btath_rcp.sys [x]
R3 BTATH_VDP;Bluetooth VDP Driver;c:\windows\system32\drivers\btath_vdp.sys;c:\windows\SYSNATIVE\drivers\btath_vdp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 DCDhcpService;DCDhcpService;c:\program files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe;c:\program files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [x]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1y60x64.sys [x]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
R3 lehidmini;Bluetooth Low Energy Hid Device;c:\windows\system32\drivers\leath_hid.sys;c:\windows\SYSNATIVE\drivers\leath_hid.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
R3 semav6thermal64ro;semav6thermal64ro;c:\windows\system32\drivers\semav6thermal64ro.sys;c:\windows\SYSNATIVE\drivers\semav6thermal64ro.sys [x]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
R3 SmbDrv;SmbDrv;c:\windows\system32\drivers\Smb_driver.sys;c:\windows\SYSNATIVE\drivers\Smb_driver.sys [x]
R3 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [x]
R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USER_ESRV_SVC;User Energy Server Service;c:\program files\Sony\VAIO Care\esrv\esrv_svc.exe;c:\program files\Sony\VAIO Care\esrv\esrv_svc.exe [x]
R3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe;c:\program files\Sony\VAIO Power Management\SPMService.exe [x]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [x]
R3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe;c:\program files\Sony\VAIO Care\VCService.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\drivers\iusb3hcs.sys;c:\windows\SYSNATIVE\drivers\iusb3hcs.sys [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys;c:\windows\SYSNATIVE\DRIVERS\kl2.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\drivers\btath_bus.sys;c:\windows\SYSNATIVE\drivers\btath_bus.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\drivers\iusb3hub.sys;c:\windows\SYSNATIVE\drivers\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\drivers\iusb3xhc.sys;c:\windows\SYSNATIVE\drivers\iusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys;c:\windows\SYSNATIVE\drivers\SFEP.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-28 00:55]
.
2013-07-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2281063097-3860207789-260810463-1001Core.job
- c:\users\Olivia\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-12 21:56]
.
2013-08-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2281063097-3860207789-260810463-1001UA.job
- c:\users\Olivia\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-12 21:56]
.
2013-08-08 c:\windows\Tasks\RMAutoUpdate.job
- c:\program files (x86)\PC Tools Registry Mechanic\SULauncher.exe [2012-11-27 23:00]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-03-13 1156712]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2012-02-23 1020576]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2012-02-23 800416]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-14 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-14 398104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-14 440600]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{3C5A64A6-15D6-4ED6-93B3-FE2E5DA97A4C}\0596A7A7167423: NameServer = 172.16.0.1
FF - ProfilePath - c:\users\Olivia\AppData\Roaming\Mozilla\Firefox\Profiles\a5l2oido.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - ExtSQL: 2013-07-28 12:37; {7f7f82f1-7c95-47cd-814f-950b56d58fc3}; c:\users\Olivia\AppData\Roaming\Mozilla\Firefox\Profiles\a5l2oido.default\extensions\{7f7f82f1-7c95-47cd-814f-950b56d58fc3}
FF - ExtSQL: 2013-08-03 16:56; {845cab51-d8d2-472f-8bd9-2b44642d97c2}; c:\users\Olivia\AppData\Roaming\Mozilla\Firefox\Profiles\a5l2oido.default\extensions\{845cab51-d8d2-472f-8bd9-2b44642d97c2}
FF - ExtSQL: 2013-08-04 09:54; {906000a4-88d9-4d52-b209-7a772970d91f}; c:\users\Olivia\AppData\Roaming\Mozilla\Firefox\Profiles\a5l2oido.default\extensions\{906000a4-88d9-4d52-b209-7a772970d91f}
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
BHO-{7365A975-D1E8-41ed-8C66-FA70EDB97A39} - (no file)
Wow6432Node-HKCU-Run-BackupAgent - c:\program files (x86)\Strongvault Online Backup\BackupAgent.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-SMessaging - c:\users\Olivia\AppData\Local\Strongvault Online Backup\SMessaging.exe
Wow6432Node-HKU-Default-Run-SearchProtect - \SearchProtect\bin\cltmng.exe
c:\users\Olivia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StrongVaultApp.lnk - c:\users\Olivia\AppData\Local\Strongvault\StrongVaultApp.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1 - c:\program files (x86)\Advanced System Protector\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"&_\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\%C3 &_ Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-08-08  14:25:09
ComboFix-quarantined-files.txt  2013-08-08 18:25
.
Pre-Run: 584,440,905,728 bytes free
Post-Run: 584,341,590,016 bytes free
.
- - End Of File - - EFF2E1B0282B65D9BBEEACF99A73C191
D41D8CD98F00B204E9800998ECF8427E
Link to post
Share on other sites

Thank you! :)

It is no problem for now.

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

      Save it to your Desktop.

    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
Link to post
Share on other sites

I'm to the point of pressing start on ESET online scanner, but below it says, "another antivirus software was detected (Kaspersky)". Should I click start? I've tried opening kaspersky to disable it but it just wants an activation key.

Link to post
Share on other sites

I was able to disable kaspersky

 

C:\Program Files\Uninstaller\Uninstall.exe MSIL/DomaIQ.A application cleaned by deleting - quarantined
C:\Users\Olivia\Downloads\call-of-duty-black-ops-2.exe a variant of Win32/InstallCore.BH application cleaned by deleting - quarantined
C:\Users\Olivia\Downloads\downloadmanager_Setup.exe a variant of Win32/Adware.iBryte.D application cleaned by deleting - quarantined
C:\Users\Olivia\Downloads\Firefox_Setup_16.0.1.exe a variant of Win32/InstallCore.AY application cleaned by deleting - quarantined
C:\Users\Olivia\Downloads\FlashPlayer_V.140892939b.exe multiple threats cleaned by deleting - quarantined
C:\Users\Olivia\Downloads\FlashPlayer__2114_i14610575_il42840.exe a variant of Win32/Amonetize.D application cleaned by deleting - quarantined
C:\Users\Olivia\Downloads\FlashPlayer__2114_i15946062_il42840.exe a variant of Win32/Amonetize.D application cleaned by deleting - quarantined
C:\Users\Olivia\Downloads\mplayer_Setup.exe a variant of Win32/Adware.iBryte.G application cleaned by deleting - quarantined
C:\Users\Olivia\Downloads\Player_Setup.exe Win32/DomaIQ.T application cleaned by deleting - quarantined
C:\Users\Olivia\Downloads\slender_setup(1).exe a variant of Win32/Adware.iBryte.G application cleaned by deleting - quarantined
C:\Users\Olivia\Downloads\Slender_Setup(2).exe a variant of Win32/Adware.iBryte.G application cleaned by deleting - quarantined
C:\Users\Olivia\Downloads\Slender_Setup.exe a variant of Win32/Adware.iBryte.G application cleaned by deleting - quarantined
Link to post
Share on other sites

Step 1

Please download Malwarebytes Anti-Rootkit from here

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt
Step 2

Now you should run the fixdamage.exe application, located in the same MBAR directory as mbar.exe. Clicking on fixdamage.exe will open the console application and request confirmation to apply any fixes to the operating system. Input “Y” to being the fix. After the fix is complete, it will request you to restart the system again.

Link to post
Share on other sites

Before I forget.... I'm running the program right now and mbam keeps blocking access to a potentially malicious website: 46.249.42.193. Type: outgoing and process: svchost.exe 

 

I'll post the logs when it's done.. I just didn't want to forget that info.

Link to post
Share on other sites

1st scan:

 

Malwarebytes Anti-Rootkit BETA 1.06.1.1005
www.malwarebytes.org
 
Database version: v2013.08.09.04
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
Olivia :: OLIVIA-VAIO [administrator]
 
8/9/2013 10:22:09 AM
mbar-log-2013-08-09 (10-22-09).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
Objects scanned: 248833
Time elapsed: 46 minute(s), 1 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 1
HKCU\SOFTWARE\teeveewatchSA (Adware.HotBar.TVW) -> Delete on reboot.
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 2
Master Boot Record on Drive #0 (Rootkit.Harbinger.MBR) -> Replace on reboot.
Physical Sector #1465148901 on Drive #0 (Forged physical sector) -> Replace on reboot.
 
 
 
2nd scan:
 
Malwarebytes Anti-Rootkit BETA 1.06.1.1005
www.malwarebytes.org
 
Database version: v2013.08.09.04
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
Olivia :: OLIVIA-VAIO [administrator]
 
8/9/2013 11:19:32 AM
mbar-log-2013-08-09 (11-19-32).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 248125
Time elapsed: 30 minute(s), 3 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 
 
(end)
Link to post
Share on other sites

oh and system log

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.1.1005
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 10.0.9200.16635
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 2.494000 GHz
Memory total: 6340063232, free: 2354208768
 
Downloaded database version: v2013.08.08.01
Downloaded database version: v2013.08.08.02
Downloaded database version: v2013.08.08.03
Downloaded database version: v2013.08.08.04
Downloaded database version: v2013.08.08.05
Downloaded database version: v2013.08.08.06
Downloaded database version: v2013.08.08.07
Downloaded database version: v2013.08.09.01
Downloaded database version: v2013.08.09.02
Downloaded database version: v2013.08.09.03
Downloaded database version: v2013.08.09.04
Initializing...
------------ Kernel report ------------
     08/09/2013 10:21:59
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\iusb3hcs.sys
\SystemRoot\system32\DRIVERS\kl1.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\compbatt.sys
\SystemRoot\system32\drivers\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\iaStor.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\wd.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\klif.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\kl2.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\klim6.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\drivers\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\iusb3xhc.sys
\SystemRoot\system32\drivers\USBD.SYS
\SystemRoot\system32\drivers\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\athrx.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\RtsPStor.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\drivers\SFEP.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\drivers\SynTP.sys
\SystemRoot\system32\DRIVERS\klmouflt.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\CmBatt.sys
\SystemRoot\system32\drivers\intelppm.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\btath_bus.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\drivers\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\iusb3hub.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\system32\DRIVERS\btfilter.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\ArcSoftKsUFilter.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\system32\drivers\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\system32\drivers\btath_avdt.sys
\SystemRoot\system32\drivers\btath_vdp.sys
\SystemRoot\system32\drivers\btath_rcp.sys
\SystemRoot\system32\drivers\HIDCLASS.SYS
\SystemRoot\system32\drivers\HIDPARSE.SYS
\SystemRoot\system32\drivers\btath_a2dp.sys
\SystemRoot\system32\drivers\btath_hcrp.sys
\SystemRoot\system32\DRIVERS\btath_flt.sys
\SystemRoot\system32\DRIVERS\btath_lwflt.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\Sftvollh.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\system32\DRIVERS\Sftfslh.sys
\SystemRoot\system32\DRIVERS\Sftplaylh.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\system32\DRIVERS\Sftredirlh.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Windows\system32\drivers\semav6thermal64ro.sys
\SystemRoot\System32\cdd.dll
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8008af9060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa8006601050
Lower Device Driver Name: \00000465\
IRP handler 0 of \Driver\iaStor points to an unknown module
Unhooking enabled.
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8008af9060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa8006601050
Lower Device Driver Name: \00000465\
Driver name found: iaStor
Initialization returned 0x0
Load Function returned 0x0
<<<2>>>
Device number: 0, partition: 3
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8008af9060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8008af9b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8008af9060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8006601050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \00000465\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a00318d590, 0xfffffa8008af9060, 0xfffffa8008af7090
Lower DeviceData: 0xfffff8a004fd2dd0, 0xfffffa8006601050, 0xfffffa800e147940
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 3
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 3
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
MBR buffers are not equal
MBR is forged! [0c09dbfb6e001608950df0db533ee0d1]
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: CAD94FF
 
Partition information:
 
    Partition 0 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 38789120
 
    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 38791168  Numsec = 716800
    Partition file system is NTFS
    Partition is bootable
 
    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 39507968  Numsec = 1425639152
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Infected: MBR on Drive 0 --> [Rootkit.Harbinger.MBR]
Replacement MBR for a drive 0 found
MBR infection found on drive 0
Disk Size: 750156374016 bytes
Sector size: 512 bytes
 
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1465129168-1465149168)...
Sectors 1465148901 - 1465149167 --> [Forged physical sectors]
Done!
Infected: HKCU\SOFTWARE\teeveewatchSA --> [Adware.HotBar.TVW]
Scan finished
Creating System Restore point...
Cleaning up...
<<<2>>>
Device number: 0, partition: 3
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 3
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================
 
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.1.1005
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 10.0.9200.16635
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 2.494000 GHz
Memory total: 6340063232, free: 4373655552
 
Initializing...
------------ Kernel report ------------
     08/09/2013 11:19:28
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\iusb3hcs.sys
\SystemRoot\system32\DRIVERS\kl1.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\compbatt.sys
\SystemRoot\system32\drivers\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\iaStor.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\wd.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\klif.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\kl2.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\klim6.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\drivers\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\iusb3xhc.sys
\SystemRoot\system32\drivers\USBD.SYS
\SystemRoot\system32\drivers\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\athrx.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\RtsPStor.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\drivers\SFEP.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\drivers\SynTP.sys
\SystemRoot\system32\DRIVERS\klmouflt.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\CmBatt.sys
\SystemRoot\system32\drivers\intelppm.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\btath_bus.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\drivers\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\iusb3hub.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\system32\DRIVERS\btfilter.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\ArcSoftKsUFilter.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\system32\drivers\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\system32\drivers\btath_avdt.sys
\SystemRoot\system32\drivers\btath_vdp.sys
\SystemRoot\system32\drivers\btath_rcp.sys
\SystemRoot\system32\drivers\HIDCLASS.SYS
\SystemRoot\system32\drivers\HIDPARSE.SYS
\SystemRoot\system32\drivers\btath_a2dp.sys
\SystemRoot\system32\drivers\btath_hcrp.sys
\SystemRoot\system32\DRIVERS\btath_flt.sys
\SystemRoot\system32\DRIVERS\btath_lwflt.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\Sftvollh.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\system32\DRIVERS\Sftfslh.sys
\SystemRoot\system32\DRIVERS\Sftplaylh.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\Sftredirlh.sys
\??\C:\Windows\system32\drivers\semav6thermal64ro.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8008b13060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-0\
Lower Device Object: 0xfffffa8006606050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Device number: 0, partition: 3
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8008b13060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8008b13b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8008b13060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8006606050, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 3
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 3
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: CAD94FF
 
Partition information:
 
    Partition 0 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 38789120
 
    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 38791168  Numsec = 716800
    Partition file system is NTFS
    Partition is bootable
 
    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 39507968  Numsec = 1425639152
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 750156374016 bytes
Sector size: 512 bytes
 
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1465129168-1465149168)...
Done!
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_1_38791168_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
Removal finished
Link to post
Share on other sites

Update: Laptop has been on for almost 30 minutes since last scan and running the fix. No ad's have played, no weird stuff going on. :) 

 

Still waiting for you to advise me on what to do next before I give it back to the kiddo.

Link to post
Share on other sites

Glad I could help! :)

Step 1

  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
Step 2
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Uninstall
  • Confirm with Yes
Step 3

Please uninstall ESET Online Scanner and manually delete Malwarebytes' Anti-Rootkit

Step 4

Some malware prevention tips:

users.telenet.be/bluepatchy/miekiemoes/prevention.html

Safe surfing! :)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.