Jump to content

Came late to the party....


Recommended Posts

Hi.  After googling a problem picked up by malwarebytes I came up with a previous post (now closed that sums up my problem)

 

PUP.Optional.AdvancedSystemProtector.A
Started by CTownNickAug 23 2013 02:10 AM
 
But I came to this late - the 5 infections I had already deleted using malwarebytes.  I then downloaded Roguekiller (as had been recommended for CTownNick) and came up with the report below.  I have not taken any action, but have left Roguekiller running.
 
Then I thought I had better check how to report this and saw the 'steps to take'.  I have run the DDS scan and below are the DDS and Attach reports.  I've come a bit late to the party but hopefully better late than never!
 
What should my next steps be, please?

Ric
 
 

 

 

 

 

 

 

 

 

 

 

RKreport0_S_11052013_152529.txt

dds.txt

attach.txt

Link to post
Share on other sites

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
You told us that you removed several items with Malwarebytes´ Antimalware. This tool creates a log on every run and we need to see them.


  • The logs can be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Zip any and all of these logs and attach the file to your next reply.

Link to post
Share on other sites

Hello Marius.  Thanks for your help  I cannot see how to attach the file in this thread so have copied and pasted the contents below.  You will see from the above that I was running RogueKiller.  It identified 5 or 6 PUM.UserWLoad problems, which I removed as I had to close down the computer.  This morning I ran Kaspersky TDSSKiller, which found no problems.  I use Kaspersky Internet Security 2012 on my computer.

 

mbam-log-2013-11-05 (08-56-14)

 

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.11.04.04
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
user :: RJC-VAIO [administrator]
 
Protection: Disabled
 
05/11/2013 08:56:14
mbam-log-2013-11-05 (08-56-14).txt
 
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 622624
Time elapsed: 5 hour(s), 40 minute(s), 37 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 1
HKCU\Software\AppDataLow\SProtector (PUP.Optional.SProtector.A) -> Quarantined and deleted successfully.
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
Link to post
Share on other sites

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[s1].txt also

 
 
 
 
Delete junk with JRT

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Link to post
Share on other sites

Marius,

 

Many thanks for the links and instructions.  Please find the results of both below.  You were right - the JRT took a while to complete its task!

 

R

 

AdwCleaner[s0]

 

# AdwCleaner v3.011 - Report created 06/11/2013 at 17:21:57
# Updated 03/11/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : user - RJC-VAIO
# Running from : C:\Users\user\AppData\Local\Temp\dlm6CE.tmp\adwcleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\ProgramData\SpeedyPC Software
Folder Deleted : C:\ProgramData\StarApp
Folder Deleted : C:\Program Files (x86)\SafeSaver
Folder Deleted : C:\Program Files (x86)\Common Files\SpeedyPC Software
Folder Deleted : C:\users\user\AppData\Roaming\DriverCure
Folder Deleted : C:\users\user\AppData\Roaming\SpeedyPC Software
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\SpeedyPC Software
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SpeedyPC Software
Key Deleted : HKLM\Software\SProtector
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16720
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [search Bar]
 
-\\ Google Chrome v30.0.1599.101
 
[ File : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted : icon_url
Deleted : search_url
Deleted : suggest_url
Deleted : keyword
Deleted : urls_to_restore_on_startup
 
*************************
 
AdwCleaner[R0].txt - [4822 octets] - [06/11/2013 17:11:55]
AdwCleaner[s0].txt - [4672 octets] - [06/11/2013 17:21:57]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [4732 octets] ##########

 

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

JRT

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by user on 06/11/2013 at 17:34:53.27
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
Successfully stopped: [service] backupstack 
Successfully deleted: [service] backupstack 
Successfully stopped: [service] cltmngsvc 
Successfully deleted: [service] cltmngsvc 
 
 
 
~~~ Registry Values
 
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ConduitFloatingPlugin_lipgolpfajiadodbcbljdpmbmbdmfcil
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\searchprotect
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\searchprotectall
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-4122584603-281543611-2346686656-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\priam_bho.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\searchprotect
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\wajam
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\toolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\searchprotect
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\wajam
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\wajam.wajambho
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\wajam.wajambho.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\wajam.wajamdownloader
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\wajam.wajamdownloader.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\searchprotect
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\wajam
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3306061
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9B37721B-9674-4B33-8C2A-4829221A4F19}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\end"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\conduit"
Successfully deleted: [Folder] "C:\Users\user\AppData\Roaming\searchprotect"
Successfully deleted: [Folder] "C:\Users\user\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\user\appdata\local\cre"
Successfully deleted: [Folder] "C:\Users\user\appdata\local\wajam"
Successfully deleted: [Folder] "C:\Users\user\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Failed to delete: [Folder] "C:\Program Files (x86)\mypc backup"
Successfully deleted: [Folder] "C:\Program Files (x86)\searchprotect"
Failed to delete: [Folder] "C:\Program Files (x86)\wajam"
Successfully deleted: [Folder] "C:\Users\user\AppData\Roaming\microsoft\windows\start menu\programs\mypc backup"
Successfully deleted: [Folder] "C:\Users\user\AppData\Roaming\microsoft\windows\start menu\programs\wajam"
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{1BC0EBD3-DCEB-4F02-960A-0B1089084443}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{32433CE1-6209-483C-AC08-0C48417CBC0A}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{581355D4-DB9B-41CF-8A69-AB99F3937B40}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{8C1D686D-28D2-44B3-ACD4-03586E135D99}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{C8D44044-184B-4B84-A3D4-3DABC99B6CBF}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{E9DFFAB6-A808-430A-97BA-5A86E791BDBF}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{EB34B945-A804-4CFC-988F-46EF38CEA7DE}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{F2DDF087-10EC-4C3B-81F2-F43A24EBA23E}
 
 
 
~~~ Chrome
 
Successfully deleted: [Folder] C:\Users\user\appdata\local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06/11/2013 at 17:53:41.88
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Link to post
Share on other sites

Full System Scan with Malwarebytes Antimalware


  • If not existing, please download
Malwarebytes' Anti-Malware to your desktop. Double-click mbam-setup.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.



If the program is already installed:

  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

 

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology

[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

Link to post
Share on other sites

Marius.  Sorry it has taken so long to respond.  The scan took just under 8 hours.  I already have Malwarebytes installed and updated it as you suggested.  I was surprised to find so many (36) problems, which I have removed.  I have not yet run the ESET programme but will do so after rebooting.  In the meantime here is the malwarebytes log.

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.11.07.02
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
user :: RJC-VAIO [administrator]
 
Protection: Enabled
 
07/11/2013 09:13:27
mbam-log-2013-11-07 (09-13-27).txt
 
Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 623295
Time elapsed: 7 hour(s), 59 minute(s), 38 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 5
HKCR\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5} (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D} (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
HKCR\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2} (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\WajamUpdaterV3 (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 4
C:\Program Files (x86)\Wajam (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Wajam\Updater (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\ct3306061 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\ct3306061\plugins (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
 
Files Detected: 29
C:\Program Files (x86)\Connect_DLC_5\Connect_DLC_5ToolbarHelper.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BQ1R5OE6\conduitinstaller[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BQ1R5OE6\Connect_DLC_5[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DWZZLLMM\wajam_install[1].exe (PUP.Optional.Wajam) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UJZ0IU1M\Connect_DLC_5_wpf[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UJZ0IU1M\statisticsstub[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZEI2X2Z3\checktbexist[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZEI2X2Z3\SPSetup[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\nsa7A89.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\nsb2FD.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\nsbE914.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\nsgA8FC.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\SPStub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\ct3306061\chLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\ct3306061\ctbe.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\ct3306061\ieLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\ct3306061\spch.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\ct3306061\statisticsStub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\ct3306061\stub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\dlm6CE.tmp\LuckyLeap0816.exe (PUP.Optional.LuckyLeap.A) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\dlm6CE.tmp\mconduitinstaller.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\dlm6CE.tmp\wajam0715.exe (PUP.Optional.Wajam) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Wajam\Updater\WajamUpdaterV3.exe (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\ct3306061\chromeid.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\ct3306061\CT3306061.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\ct3306061\initdata.json (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\ct3306061\manifest.json (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\ct3306061\setup.ini.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\ct3306061\plugins\TBVerifier.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
 
(end)
Link to post
Share on other sites

Had to leave it running overnight. This morning it reported 4 issues.  There was however no obvious way of saving the information - and it has now taken me to a webpage asking me to download for home different versions of ESET.  Sorry - not sure what happened.  Do you want me to re-run this again?

Link to post
Share on other sites

Hi Marius.  7hrs 25 mins this time but I have the report below:  

 

C:\Program Files (x86)\Connect_DLC_5\tbConn.dll a variant of Win32/Toolbar.Conduit.B application
C:\Users\user\AppData\Local\Temp\dlm6CE.tmp\mypcbackuptier2_0529.exe Win32/MyPCBackup.A application
C:\Users\user\AppData\LocalLow\Connect_DLC_5\tbConn.dll a variant of Win32/Toolbar.Conduit.B application
C:\Users\user\Documents\Computer\cbsidlm-cbsi134-AdwCleaner-ORG-75851221.exe probably a variant of Win32/CNETInstaller.A application
 
Thanks again.
 
R
Link to post
Share on other sites

Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)

  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

Link to post
Share on other sites

Marius, good morning.  Thank you for the link.  Here are the results:

 

First, FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-11-2013 01
Ran by user (administrator) on RJC-VAIO on 11-11-2013 08:21:35
Running from C:\Users\user\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
(Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Alcatel-Lucent) C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.3.1.7.bt.1.3\ma\bin\MAHostService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Joyent, Inc) C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.3.1.7.bt.1.3\ma\bin\node.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
(Sony Corporation) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
(Sony Corporation) C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesApp64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Alcatel-Lucent) C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
() C:\Program Files (x86)\MultiScreen\MultiScreen.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
() C:\Users\user\AppData\Local\Viber\Viber.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcContextHookShim.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
() C:\Program Files\Sony\VAIO Care\VCPerfService.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(ALPS) C:\Program Files\Apoint\Apvfb.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apntex.exe
() C:\Program Files\Sony\VAIO Care\listener.exe
(TradeStation Technologies, Inc.) C:\Program Files (x86)\TradeStation 9.1\Program\ORPlat.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(TradeStation Technologies, Inc.) C:\Program Files (x86)\TradeStation 9.1\Program\ordllhst.exe
(Microsoft) C:\Program Files (x86)\TradeStation 9.1\Program\TradeStationAgentForms.exe
(TradeStation Technologies, Inc.) C:\Program Files (x86)\TradeStation 9.1\Program\whserver.exe
(TradeStation Technologies, Inc.) C:\Program Files (x86)\TradeStation 9.1\Program\orcal.exe
(TradeStation Technologies, Inc.) C:\Program Files (x86)\TradeStation 9.1\Program\orclprxy.exe
(TradeStation Technologies, Inc.) C:\Program Files (x86)\TradeStation 9.1\Program\TSScanner.exe
(TradeStation Technologies, Inc.) C:\Program Files (x86)\TradeStation 9.1\Program\orchart.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\system32\prevhost.exe
(Microsoft Corporation) C:\PROGRA~2\MICROS~1\Office14\POWERPNT.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\prevhost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10775584 2010-06-21] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2040352 2010-06-21] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint\Apoint.exe [212480 2010-05-14] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028384 2013-10-18] (NVIDIA Corporation)
HKLM\...\Run: [btbb_McciTrayApp] - C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe [2821808 2013-01-22] (Alcatel-Lucent)
HKLM\...\Run: [shadowPlay] - C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
Winlogon\Notify\klogon: C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
HKCU\...\Run: [MultiScreen] - C:\Program Files (x86)\MultiScreen\MultiScreen.exe [303104 2009-08-11] ()
HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564528 2013-11-06] (Samsung)
HKCU\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845168 2013-11-06] (Samsung)
HKCU\...\Run: [Viber] - C:\Users\user\AppData\Local\Viber\Viber.exe [912904 2013-07-31] ()
MountPoints2: {432bda3b-673d-11e0-a718-889ffae4624f} - "E:\WD SmartWare.exe" autoplay=true
HKLM-x32\...\Run: [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [206448 2012-10-31] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-11-06] (Samsung Electronics Co., Ltd.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=SVEE&bmod=SVEE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKLM-x32 - (No Name) - {d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} - No File
URLSearchHook: HKCU - (No Name) - {d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} - No File
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {2D8E2C12-4641-4F45-8041-05ABC5FBE35B} URL = http://rover.ebay.com/rover/1/710-42480-16445-15/4?satitle={searchTerms}
SearchScopes: HKCU - {6305523F-0229-418E-A120-AEDE9CB092C2} URL = http://services.zinio.com/search?s={searchTerms}&rf=sonyslices
SearchScopes: HKCU - {E6A8DA3E-CD1A-46D9-B5CC-D8A8CDF485D8} URL = http://uk.shopping.com/?linkin_id=8056359
BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - No Name - {d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 192.168.1.254
 
Chrome: 
=======
CHR DefaultSearchURL: (Conduit) - http://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN33512874045943002&ctid=CT3306061&UM=2
CHR DefaultSuggestURL: (Conduit) - http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}&CUI=UN33512874045943002&UM=2
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll (Kaspersky Lab ZAO)
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\plugin/npVKPlugin.dll (Kaspersky Lab ZAO)
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll (Kaspersky Lab ZAO)
CHR Plugin: (Skype Toolbars) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.240.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java Platform SE 6 U24) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (ActiveTouch General Plugin Container) - C:\Users\user\AppData\Roaming\Mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (BlackBerry AppWorld) - C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Adblock Plus) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6.1_0
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Kaspersky URL Advisor) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0
CHR Extension: (BT DesktopHelp extension) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnkogchec\1.0_0
CHR Extension: (Virtual Keyboard) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0
CHR Extension: (Skype Click to Call) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_0
CHR Extension: (Google Wallet) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR Extension: (Anti-Banner) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ChromeExt\urladvisor.crx
CHR HKLM-x32\...\Chrome\Extension: [edmgmpmklgfbohogafcfobonnkogchec] - C:\Program Files (x86)\Common Files\Motive\extensions\MotiveRequest.crx
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ChromeExt\virtkbd.crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM-x32\...\Chrome\Extension: [lipgolpfajiadodbcbljdpmbmbdmfcil] - C:\Users\user\AppData\Local\CRE\lipgolpfajiadodbcbljdpmbmbdmfcil.crx
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ChromeExt\ab.crx
 
==================== Services (Whitelisted) =================
 
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [206448 2012-10-31] (Kaspersky Lab ZAO)
R3 Blackberry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited)
R2 BT Help Wizard; C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.3.1.7.bt.1.3\ma\bin\MAHostService.exe [321024 2013-10-02] (Alcatel-Lucent)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostServiceSony; C:\Program Files (x86)\Sony\MSS\3.0.271\McCHSvc.exe [237328 2012-03-30] (McAfee, Inc.)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15122208 2013-10-18] (NVIDIA Corporation)
R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [467280 2012-11-27] (Alcatel-Lucent)
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [156672 2012-08-06] ()
S3 TuneUp.Defrag; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe [607040 2012-01-02] (TuneUp Software)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [1403200 2011-11-15] (TuneUp Software)
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
R2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [887000 2011-01-20] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1368624 2013-08-01] (Sony Corporation)
 
==================== Drivers (Whitelisted) ====================
 
R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [460888 2011-03-04] (Kaspersky Lab ZAO)
R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11864 2011-03-04] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [637272 2012-10-31] (Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29488 2011-03-10] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [22544 2009-11-02] (Kaspersky Lab)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [44480 2011-05-17] (http://libusb-win32.sourceforge.net)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 MREMP50; C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [21248 2013-03-24] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MREMP50a64; C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [43008 2013-03-24] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [20096 2013-03-24] (Printing Communications Assoc., Inc. (PCAUSA))
R3 MRESP50a64; C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [40960 2013-03-24] (Printing Communications Assoc., Inc. (PCAUSA))
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-09-27] (NVIDIA Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [11856 2009-10-14] (TuneUp Software)
S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [x]
S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-11-11 08:21 - 2013-11-11 08:21 - 00000000 ____D C:\FRST
2013-11-11 08:17 - 2013-11-11 08:18 - 01957590 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe
2013-11-10 17:54 - 2013-11-10 17:54 - 00000000 ____D C:\Program Files (x86)\MyFree Codec
2013-11-10 17:31 - 2013-11-10 17:31 - 00000000 ____D C:\Program Files (x86)\MarkAny
2013-11-10 12:26 - 2013-11-10 12:26 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-11-08 14:23 - 2013-11-10 18:35 - 00014913 _____ C:\Users\user\Desktop\Amazon Cloud Player List.xlsx
2013-11-08 09:33 - 2013-11-11 07:37 - 00000000 ____D C:\Users\user\AppData\Roaming\ViberPC
2013-11-08 09:33 - 2013-11-08 09:33 - 00001061 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Viber.lnk
2013-11-08 09:33 - 2013-11-08 09:33 - 00001053 _____ C:\Users\user\Desktop\Viber.lnk
2013-11-08 09:16 - 2013-11-11 07:35 - 00000000 ____D C:\Users\user\AppData\Local\Viber
2013-11-07 17:37 - 2013-11-07 17:37 - 00000000 ____D C:\Program Files (x86)\ESET
2013-11-07 11:49 - 2013-11-07 14:22 - 00012714 _____ C:\Users\user\Desktop\Freezer data.xlsx
2013-11-06 17:46 - 2013-11-06 18:17 - 00000000 ____D C:\Users\user\SyncFolder
2013-11-06 17:46 - 2013-11-06 17:46 - 00004024 _____ C:\Windows\System32\Tasks\LaunchApp
2013-11-06 17:34 - 2013-11-06 17:34 - 00000000 ____D C:\Windows\ERUNT
2013-11-06 17:17 - 2013-11-06 17:17 - 00000000 ____D C:\Program Files (x86)\Connect_DLC_5
2013-11-06 17:16 - 2013-11-06 17:16 - 00000000 ____D C:\Users\user\AppData\Local\NativeMessaging
2013-11-06 17:13 - 2013-11-06 18:49 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-11-06 17:11 - 2013-11-06 17:23 - 00000000 ____D C:\AdwCleaner
2013-11-05 22:37 - 2013-11-05 22:37 - 00000000 ____D C:\Users\user\AppData\Local\CrashDumps
2013-11-04 14:36 - 2013-10-08 07:50 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-11-04 14:36 - 2013-10-08 07:46 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-11-04 14:36 - 2013-10-08 07:46 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-11-04 14:36 - 2013-10-08 07:46 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-11-04 14:34 - 2013-11-04 14:36 - 00004154 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-11-02 23:35 - 2013-11-02 23:35 - 00000000 ____D C:\Windows\SysWOW64\%Report%
2013-10-29 14:15 - 2013-01-29 08:35 - 01510176 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco64.dll
2013-10-29 14:14 - 2013-10-23 10:30 - 30344480 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2013-10-29 14:14 - 2013-10-23 10:30 - 25257248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-10-29 14:14 - 2013-10-23 10:30 - 22933792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-10-29 14:14 - 2013-10-23 10:30 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-10-29 14:14 - 2013-10-23 10:30 - 15855568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-10-29 14:14 - 2013-10-23 10:30 - 12572960 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-10-29 14:14 - 2013-10-23 10:30 - 11426568 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-10-29 14:14 - 2013-10-23 10:30 - 11374520 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-10-29 14:14 - 2013-10-23 10:30 - 09524088 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-10-29 14:14 - 2013-10-23 10:30 - 09480328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-10-29 14:14 - 2013-10-23 10:30 - 03131680 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-10-29 14:14 - 2013-10-23 10:30 - 03124512 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-10-29 14:14 - 2013-10-23 10:30 - 02946848 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-10-29 14:14 - 2013-10-23 10:30 - 02747168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-10-29 14:14 - 2013-10-23 10:30 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433165.dll
2013-10-29 14:14 - 2013-10-23 10:30 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433165.dll
2013-10-29 14:14 - 2013-10-23 10:30 - 00696096 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2013-10-29 14:14 - 2013-10-23 10:30 - 00655136 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2013-10-29 14:14 - 2013-10-23 10:30 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-10-29 14:14 - 2013-10-23 10:30 - 00560416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-10-29 14:14 - 2013-10-23 10:30 - 00023287 _____ C:\Windows\system32\nvinfo.pb
2013-10-28 17:51 - 2013-10-18 01:36 - 01063200 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2013-10-28 17:51 - 2013-10-18 01:36 - 00955168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2013-10-28 17:49 - 2013-09-27 23:01 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2013-10-28 17:49 - 2013-09-27 23:01 - 00028960 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2013-10-24 08:36 - 2013-11-11 08:16 - 00000000 ____D C:\Users\user\Documents\Computer
2013-10-23 03:02 - 2013-10-23 03:02 - 00589600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2013-10-22 18:18 - 2013-10-16 00:48 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433158.dll
2013-10-22 18:18 - 2013-10-16 00:48 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433158.dll
2013-10-21 21:48 - 2013-10-21 21:48 - 00001845 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2013-10-21 21:47 - 2013-10-21 21:48 - 00000000 ____D C:\Program Files (x86)\QuickTime
 
==================== One Month Modified Files and Folders =======
 
2013-11-11 08:21 - 2013-11-11 08:21 - 00000000 ____D C:\FRST
2013-11-11 08:18 - 2013-11-11 08:17 - 01957590 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe
2013-11-11 08:17 - 2011-06-18 13:55 - 00000000 ____D C:\Users\user\Documents\CCMR
2013-11-11 08:16 - 2013-10-24 08:36 - 00000000 ____D C:\Users\user\Documents\Computer
2013-11-11 07:50 - 2011-03-07 17:20 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-11-11 07:49 - 2009-07-14 04:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-11 07:49 - 2009-07-14 04:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-11 07:46 - 2012-12-12 19:45 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-11 07:39 - 2009-07-14 05:13 - 00783458 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-11 07:37 - 2013-11-08 09:33 - 00000000 ____D C:\Users\user\AppData\Roaming\ViberPC
2013-11-11 07:35 - 2013-11-08 09:16 - 00000000 ____D C:\Users\user\AppData\Local\Viber
2013-11-11 07:34 - 2010-10-11 20:06 - 00000000 ____D C:\ProgramData\NVIDIA
2013-11-11 07:34 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-11 07:34 - 2009-07-14 04:51 - 00160991 _____ C:\Windows\setupact.log
2013-11-10 18:36 - 2011-03-07 16:03 - 01944499 _____ C:\Windows\WindowsUpdate.log
2013-11-10 18:35 - 2013-11-08 14:23 - 00014913 _____ C:\Users\user\Desktop\Amazon Cloud Player List.xlsx
2013-11-10 17:56 - 2010-10-11 20:03 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-11-10 17:54 - 2013-11-10 17:54 - 00000000 ____D C:\Program Files (x86)\MyFree Codec
2013-11-10 17:54 - 2013-09-24 11:22 - 00000000 ____D C:\Program Files (x86)\Samsung
2013-11-10 17:54 - 2013-09-24 11:11 - 00000000 ____D C:\Users\user\AppData\Local\Downloaded Installations
2013-11-10 17:50 - 2013-09-24 11:39 - 00002002 _____ C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
2013-11-10 17:31 - 2013-11-10 17:31 - 00000000 ____D C:\Program Files (x86)\MarkAny
2013-11-10 12:26 - 2013-11-10 12:26 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-11-10 12:25 - 2013-09-24 11:09 - 00000000 ____D C:\Users\user\AppData\Roaming\Samsung
2013-11-08 22:02 - 2011-04-14 11:13 - 00022835 _____ C:\Windows\SysWOW64\error.log
2013-11-08 20:32 - 2012-02-01 08:23 - 00000598 _____ C:\Windows\Tasks\TradeStation Backup - Weekly.job
2013-11-08 20:10 - 2011-04-12 19:07 - 00000000 ____D C:\Program Files (x86)\TradeStation Archives
2013-11-08 20:10 - 2011-04-07 16:45 - 171515208 _____ C:\Windows\DYNAZIP.LOG
2013-11-08 10:38 - 2013-03-09 11:50 - 00000000 ____D C:\Users\user\Documents\Personal
2013-11-08 09:33 - 2013-11-08 09:33 - 00001061 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Viber.lnk
2013-11-08 09:33 - 2013-11-08 09:33 - 00001053 _____ C:\Users\user\Desktop\Viber.lnk
2013-11-07 17:37 - 2013-11-07 17:37 - 00000000 ____D C:\Program Files (x86)\ESET
2013-11-07 17:28 - 2010-10-11 20:06 - 00088276 _____ C:\Windows\PFRO.log
2013-11-07 14:22 - 2013-11-07 11:49 - 00012714 _____ C:\Users\user\Desktop\Freezer data.xlsx
2013-11-06 18:49 - 2013-11-06 17:13 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-11-06 18:49 - 2011-03-07 16:06 - 00000000 ___RD C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-06 18:17 - 2013-11-06 17:46 - 00000000 ____D C:\Users\user\SyncFolder
2013-11-06 17:46 - 2013-11-06 17:46 - 00004024 _____ C:\Windows\System32\Tasks\LaunchApp
2013-11-06 17:34 - 2013-11-06 17:34 - 00000000 ____D C:\Windows\ERUNT
2013-11-06 17:23 - 2013-11-06 17:11 - 00000000 ____D C:\AdwCleaner
2013-11-06 17:17 - 2013-11-06 17:17 - 00000000 ____D C:\Program Files (x86)\Connect_DLC_5
2013-11-06 17:16 - 2013-11-06 17:16 - 00000000 ____D C:\Users\user\AppData\Local\NativeMessaging
2013-11-05 22:37 - 2013-11-05 22:37 - 00000000 ____D C:\Users\user\AppData\Local\CrashDumps
2013-11-05 16:01 - 2013-09-20 07:13 - 00003796 _____ C:\Windows\System32\Tasks\Java Update Scheduler
2013-11-04 14:38 - 2013-09-18 21:22 - 00000000 ____D C:\ProgramData\Oracle
2013-11-04 14:36 - 2013-11-04 14:34 - 00004154 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-11-04 14:36 - 2010-11-30 03:59 - 00000000 ____D C:\Program Files (x86)\Java
2013-11-02 23:35 - 2013-11-02 23:35 - 00000000 ____D C:\Windows\SysWOW64\%Report%
2013-10-29 14:30 - 2011-07-04 19:46 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-10-28 17:51 - 2013-09-21 10:18 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-10-28 17:51 - 2010-10-11 20:02 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-10-24 09:58 - 2013-09-21 21:26 - 00000000 ____D C:\Users\user\AppData\Roaming\iolo
2013-10-24 09:57 - 2013-09-21 21:26 - 00000000 ____D C:\ProgramData\iolo
2013-10-23 10:30 - 2013-10-29 14:14 - 30344480 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2013-10-23 10:30 - 2013-10-29 14:14 - 25257248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-10-23 10:30 - 2013-10-29 14:14 - 22933792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-10-23 10:30 - 2013-10-29 14:14 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-10-23 10:30 - 2013-10-29 14:14 - 15855568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-10-23 10:30 - 2013-10-29 14:14 - 12572960 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-10-23 10:30 - 2013-10-29 14:14 - 11426568 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-10-23 10:30 - 2013-10-29 14:14 - 11374520 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-10-23 10:30 - 2013-10-29 14:14 - 09524088 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-10-23 10:30 - 2013-10-29 14:14 - 09480328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-10-23 10:30 - 2013-10-29 14:14 - 03131680 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-10-23 10:30 - 2013-10-29 14:14 - 03124512 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-10-23 10:30 - 2013-10-29 14:14 - 02946848 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-10-23 10:30 - 2013-10-29 14:14 - 02747168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-10-23 10:30 - 2013-10-29 14:14 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433165.dll
2013-10-23 10:30 - 2013-10-29 14:14 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433165.dll
2013-10-23 10:30 - 2013-10-29 14:14 - 00696096 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2013-10-23 10:30 - 2013-10-29 14:14 - 00655136 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2013-10-23 10:30 - 2013-10-29 14:14 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-10-23 10:30 - 2013-10-29 14:14 - 00560416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-10-23 10:30 - 2013-10-29 14:14 - 00023287 _____ C:\Windows\system32\nvinfo.pb
2013-10-23 10:30 - 2013-09-21 10:18 - 00061216 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2013-10-23 10:30 - 2013-09-21 10:18 - 00053024 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2013-10-23 10:30 - 2013-09-21 10:16 - 18286416 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2013-10-23 10:30 - 2013-09-21 10:16 - 18199872 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2013-10-23 10:30 - 2013-09-21 10:16 - 15212336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2013-10-23 10:30 - 2013-09-21 10:16 - 03067560 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2013-10-23 10:30 - 2013-09-21 10:16 - 02695200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2013-10-23 09:27 - 2011-03-27 18:15 - 00000000 ____D C:\Users\user\Documents\Financial Risk Management
2013-10-23 08:20 - 2013-09-21 10:18 - 06669600 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2013-10-23 08:20 - 2013-09-21 10:18 - 03489568 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2013-10-23 08:20 - 2013-09-21 10:18 - 02559776 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2013-10-23 08:20 - 2013-09-21 10:18 - 00922912 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2013-10-23 08:20 - 2013-09-21 10:18 - 00219424 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2013-10-23 08:20 - 2013-09-21 10:18 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2013-10-23 03:02 - 2013-10-23 03:02 - 00589600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2013-10-22 07:27 - 2013-01-26 09:58 - 00001340 _____ C:\Users\Public\Desktop\BT Desktop Help.lnk
2013-10-21 21:54 - 2012-02-08 22:40 - 00000000 ____D C:\Users\user\AppData\Local\Apple Computer
2013-10-21 21:48 - 2013-10-21 21:48 - 00001845 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2013-10-21 21:48 - 2013-10-21 21:47 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-10-18 01:36 - 2013-10-28 17:51 - 01063200 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2013-10-18 01:36 - 2013-10-28 17:51 - 00955168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2013-10-16 00:48 - 2013-10-22 18:18 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433158.dll
2013-10-16 00:48 - 2013-10-22 18:18 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433158.dll
2013-10-14 17:20 - 2010-11-30 03:58 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-10-14 17:20 - 2010-11-30 03:58 - 00000000 ____D C:\ProgramData\Skype
 
Some content of TEMP:
====================
C:\Users\user\AppData\Local\Temp\jzgcxqye.dll
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-10-31 11:33
 
==================== End Of Log ============================
 
Second, Addition.txt
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-11-2013 01
Ran by user at 2013-11-11 08:27:24
Running from C:\Users\user\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
64 Bit HP CIO Components Installer (Version: 7.2.8)
7400_Help (x32 Version: 1.00.0000)
Adobe AIR (x32 Version: 3.8.0.1430)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Photoshop Elements 8.0 (x32 Version: 8.0)
Adobe Premiere Elements 8.0 (x32 Version: 8.0)
Adobe Reader X (10.1.8) (x32 Version: 10.1.8)
Alps Pointing-device for VAIO
Apple Application Support (x32 Version: 2.3.2)
Apple Software Update (x32 Version: 2.1.3.127)
ArcSoft Magic-i Visual Effects 2 (x32 Version: 2.0.1.115)
ArcSoft ShowBiz (x32 Version: )
ArcSoft WebCam Companion 3 (x32 Version: 3.0.21.368)
BBC iPlayer Desktop (x32 Version: 3.2.15)
BBC iPlayer Downloads (x32 Version: 1.0.2)
Bitcoin (HKCU Version: 0.8.1)
BlackBerry App World Browser Plugin (x32 Version: 3.0.3.2)
BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.41)
Bonjour (Version: 3.0.0.10)
bpd_scan (x32 Version: 3.00.0000)
BPDSoftware (x32 Version: 130.0.000.000)
BPDSoftware_Ini (x32 Version: 1.00.0000)
BT Desktop Help (x32)
BufferChm (x32 Version: 130.0.331.000)
Cisco WebEx Meetings (HKCU)
Corel WinDVD (x32 Version: 10.0.5.804)
D3DX10 (x32 Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Destinations (x32 Version: 130.0.0.0)
DeviceDiscovery (x32 Version: 130.0.465.000)
DocProc (x32 Version: 13.0.0.0)
ESET Online Scanner v3 (x32)
Garmin ANT Agent (Version: 2.3.4)
Garmin Communicator Plugin (x32 Version: 4.0.4)
Garmin Communicator Plugin x64 (Version: 4.0.4)
Garmin USB Drivers (x32 Version: 2.3.1.0)
GeForce Experience NvStream Client Components (Version: 1.6.28)
Google Chrome (x32 Version: 30.0.1599.101)
Google Earth (x32 Version: 7.1.1.1888)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4601.54)
Google Update Helper (x32 Version: 1.3.21.165)
GPBaseService2 (x32 Version: 130.0.371.000)
Hewlett-Packard ACLM.NET v1.1.0.0 (x32 Version: 1.00.0000)
HP Customer Participation Program 13.0 (Version: 13.0)
HP Imaging Device Functions 13.0 (Version: 13.0)
HP OfficeJet L7400 Series (Version: 13.0)
HP Product Detection (x32 Version: 11.14.0001)
HP Smart Web Printing 4.51 (Version: 4.51)
HP Solution Center 13.0 (Version: 13.0)
HP Update (x32 Version: 5.005.000.002)
HPDiagnosticAlert (x32 Version: 1.00.0000)
HPProductAssistant (x32 Version: 130.0.371.000)
HPSSupply (x32 Version: 130.0.371.000)
HyperCam 2 (x32 Version: 2.25.01)
ImgBurn (x32 Version: 2.5.7.0)
Intel® Control Center (x32 Version: 1.2.1.1007)
Intel® Rapid Storage Technology (x32 Version: 9.6.0.1014)
Intel® Turbo Boost Technology Driver (x32 Version: 01.01.01.1007)
Java 7 Update 45 (x32 Version: 7.0.450)
Java Auto Updater (x32 Version: 2.1.9.8)
Java 6 Update 20 (64-bit) (Version: 6.0.200)
Java 6 Update 24 (x32 Version: 6.0.240)
Java 6 Update 3 (x32 Version: 1.6.0.30)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Kaspersky Internet Security 2012 (x32 Version: 12.0.0.374)
L7400 (x32 Version: 130.0.000.000)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
MarketResearch (x32 Version: 130.0.374.000)
Media Gallery (Version: 1.4.0.16250)
Mesh Runtime (x32 Version: 15.4.5722.2)
Messenger Companion (x32 Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Home and Business 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook Connector (x32 Version: 14.0.5118.5000)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (x32 Version: 14.0.5120.5000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319)
MPM (x32 Version: 1.00.0000)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (x32 Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)
MultiScreen (x32 Version: 1.00.0000)
MyFreeCodec (HKCU)
NVIDIA 3D Vision Driver 331.65 (Version: 331.65)
NVIDIA Control Panel 331.65 (Version: 331.65)
NVIDIA GeForce Experience 1.7 (Version: 1.7)
NVIDIA Graphics Driver 331.65 (Version: 331.65)
NVIDIA HD Audio Driver 1.3.26.4 (Version: 1.3.26.4)
NVIDIA Install Application (Version: 2.1002.140.952)
NVIDIA LED Visualizer 1.0 (Version: 1.0)
NVIDIA PhysX (x32 Version: 9.13.0725)
NVIDIA PhysX System Software 9.13.0725 (Version: 9.13.0725)
NVIDIA ShadowPlay 9.3.16 (Version: 9.3.16)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3165)
NVIDIA Update 9.3.16 (Version: 9.3.16)
NVIDIA Update Components (Version: 9.3.16)
NVIDIA Virtual Audio 1.2.9 (Version: 1.2.9)
OCR Software by I.R.I.S. 13.0 (Version: 13.0)
PMB (x32 Version: 5.3.00.06040)
PMB VAIO Edition plug-in (Click to Disc) (Version: 3.4.00.12020)
PMB VAIO Edition plug-in (VAIO Movie Story) (Version: 2.4.00.12020)
ProductContext (x32 Version: 130.0.000.000)
PVSonyDll (Version: 1.00.0001)
QuickTime (x32 Version: 7.71.80.42)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6098)
Remote Keyboard (x32 Version: 1.1.1.03020)
Remote Play with PlayStation 3 (x32 Version: 1.1.0.12240)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.4.1)
Samsung Kies (x32 Version: 2.6.0.13091_9)
Samsung Story Album Viewer (x32 Version: 1.0.0.13054_1)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.29.0)
Samsung_MonSetup (x32 Version: 1.00.0000)
Scan (x32 Version: 13.0.0.0)
SHIELD Streaming (Version: 1.6.34)
Shop for HP Supplies (Version: 13.0)
Skype Click to Call (x32 Version: 6.13.13771)
Skype™ 6.6 (x32 Version: 6.6.106)
SmartSound Quicktracks for Premiere Elements 8.0 (x32 Version: 3.11.3090)
SmartWebPrinting (x32 Version: 130.0.457.000)
SolutionCenter (x32 Version: 130.0.373.000)
Status (x32 Version: 130.0.469.000)
Toolbox (x32 Version: 130.0.648.000)
TradeStation 9.1 (x32 Version: 9.01.00.12536)
TrayApp (x32 Version: 130.0.422.000)
TuneUp Utilities (x32 Version: 9.0.6020.7)
TuneUp Utilities Language Pack (en-GB) (x32 Version: 9.0.6020.7)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2494150) (x32)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32)
Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition (x32)
USB Video/Audio Device Driver (x32 Version: 1.00.0000)
VAIO - Media Gallery (x32 Version: 1.4.3.16250)
VAIO - PMB VAIO Edition Guide (x32 Version: 1.5.00.03020)
VAIO - PMB VAIO Edition plug-in (Click to Disc) (x32 Version: 3.4.00.12130)
VAIO - PMB VAIO Edition plug-in (VAIO Image Optimizer) (x32 Version: 1.4.00.12020)
VAIO - PMB VAIO Edition plug-in (VAIO Movie Story) (x32 Version: 2.4.00.12130)
VAIO - Remote Keyboard (x32 Version: 1.0.1.03020)
VAIO - Remote Play with PlayStation®3 (x32 Version: 1.1.0.12240)
VAIO - Xperia Link (x32 Version: 1.1.2.08070)
VAIO Care (Version: 8.1.0.10120)
VAIO Control Center (x32 Version: 4.3.0.05310)
VAIO Data Restore Tool (x32 Version: 1.4.0.05240)
VAIO DVD Menu Data (x32 Version: 2.3.00.12130)
VAIO Gate (x32 Version: 2.4.1.09230)
VAIO Gate Default (x32 Version: 2.2.0.07020)
VAIO Hardware Diagnostics (x32 Version: 4.0.0.06230)
VAIO Manual (x32 Version: 1.1.0.05280)
VAIO Media plus (Version: 2.1.0)
VAIO Media plus (x32 Version: 2.1.0.18210)
VAIO Media plus Opening Movie (x32 Version: 2.1.0.13220)
VAIO Movie Story Template Data (x32 Version: 2.3.00.06040)
VAIO Movie Story Template Data (x32 Version: 2.4.00.12130)
VAIO Sample Contents (x32 Version: 1.3.0.06041)
VAIO screensaver (x32 Version: 1.0.0.0)
VAIO Smart Network (x32 Version: 3.3.1.08110)
VAIO Transfer Support (x32 Version: 1.2.0.06230)
VAIO Update (x32 Version: 6.3.0.08010)
Viber (HKCU Version: 3.0.0.133634)
VU5x64 (Version: 1.1.0)
VU5x86 (x32 Version: 1.0.0)
VU5x86 (x32 Version: 1.1.0)
WebReg (x32 Version: 130.0.132.017)
WIDCOMM Bluetooth Software (Version: 6.3.0.5600)
Windows Driver Package - Dynastream Innovations (libusb0) LibUsbDevices  (07/07/2009 1.12.2) (Version: 07/07/2009 1.12.2)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (Version: 04/19/2012 2.3.1.0)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (Version: 02/06/2007 3.1)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3555.0308)
Windows Live Family Safety (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live Sync (x32 Version: 14.0.8117.416)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
XperiaLinkx86 (x32 Version: 1.0.0)
 
==================== Restore Points  =========================
 
29-10-2013 07:44:06 Windows Update
01-11-2013 09:48:27 Windows Update
04-11-2013 14:32:58 Installed Java 7 Update 45
05-11-2013 09:00:42 Windows Update
09-11-2013 11:49:18 Windows Update
10-11-2013 17:54:58 Installed Samsung Story Album Viewer
 
==================== Hosts content: ==========================
 
2009-07-14 02:34 - 2009-06-10 21:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {08F9443F-7C01-4693-AC05-41C90A8E053F} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-10-12] (Sony Corporation)
Task: {0A7275D7-3517-4521-A136-02DD19A4601E} - System32\Tasks\{E7EB3878-1A35-4B0B-9EF3-3A1408D21D2D} => C:\Program Files (x86)\TradeStation 9.1\Program\ORPlat.exe [2013-09-24] (TradeStation Technologies, Inc.)
Task: {10F76699-846B-45AF-9B4A-EA4C600C1B32} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2011-09-23] (Sony Corporation)
Task: {114E067F-9835-4C2A-AFD0-C5D42AF33431} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-10-12] (Sony Corporation)
Task: {11DFC40F-4E8C-462B-B57B-94F77AAB7B76} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2013-08-01] (Sony Corporation)
Task: {13A5ECC6-ED51-43CD-8977-ED38D5F3F0E2} - System32\Tasks\Sony Corporation\VAIO Personalization Manager\VpmLM Task Music user => C:\Program Files\Sony\VAIO Personalization Manager\VpmLM.exe [2010-11-05] (Sony Corporation)
Task: {165E9112-3E2B-4CD9-A4BD-377E171FB26B} - System32\Tasks\LaunchApp => C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
Task: {1DEF33BB-6B98-4FFC-B5C6-440B7A5C7CCD} - System32\Tasks\Sony Corporation\VAIO Gate\StartExecuteProxy => C:\Program Files\Sony\VAIO Gate\ExecutionProxy.exe [2011-09-23] (Sony Corporation)
Task: {2D2A5A64-A501-4617-ADAB-DFC6A909BB2B} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: {336DA3FF-148B-472E-846F-3D143D7B6821} - System32\Tasks\Sony Corporation\Xperia Link\Xperia Link Logon Start => C:\Program Files (x86)\Sony\Xperia Link\Xperia Link.exe [2013-05-28] (Sony Corporation)
Task: {4C4D0452-8C01-466A-9191-87D6CA13E240} - System32\Tasks\SONY\SUS-BCF\Level4Month => C:\Program Files (x86)\Sony\Setting Utility Series\WBCBatteryCare.exe [2010-07-26] (Sony Corporation)
Task: {4E27E9E4-3C70-4C41-8DA4-468F509CB987} - System32\Tasks\Sony Corporation\VAIO Care\CRMReminder => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-10-12] (Sony Corporation)
Task: {58791A18-EA68-4B97-8166-B89485D09DC7} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2013-08-01] (Sony Corporation)
Task: {62B5614A-F9D2-4252-8181-CBA1D2FA76C1} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-10-12] (Sony Corporation)
Task: {6B255612-4C8E-46D1-9C27-49F196183900} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)
Task: {798A6C34-8103-4C01-8F5C-B39713D31D81} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-30] (Google Inc.)
Task: {8359376C-40D8-4700-9C3C-61B7035167BE} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-10-12] (Sony Corporation)
Task: {9C518529-4F9F-4347-A977-B54F5363AFE5} - System32\Tasks\SONY\VAIO Power Management\VPM Unlock => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-06-21] (Sony Corporation)
Task: {9C552F4A-DE13-4DB4-BD5B-8CB61A668D4A} - System32\Tasks\SONY\SUS-BCF\Level4Daily => C:\Program Files (x86)\Sony\Setting Utility Series\WBCBatteryCare.exe [2010-07-26] (Sony Corporation)
Task: {A115D250-D2F2-4885-9F88-F5F96553751A} - System32\Tasks\TradeStation Backup - Monthly => C:\Program Files (x86)\TradeStation 9.1\Program\TSBackupRestore.exe [2013-09-24] (TradeStation Technologies, Inc.)
Task: {AC72C0CE-533E-48B6-9A47-3A4D00A56A39} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09] (Adobe Systems Incorporated)
Task: {ACBCEBA0-5A79-40ED-9E9E-507193445A74} - System32\Tasks\ArcSoft Connect Daemon => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-10-27] (ArcSoft Inc.)
Task: {C41D01C3-0005-463D-B225-D74A8DB56148} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-30] (Google Inc.)
Task: {C5CCEB86-2BB0-41AD-BD9B-FCCDE0A426D1} - System32\Tasks\TradeStation Backup - Weekly => C:\Program Files (x86)\TradeStation 9.1\Program\TSBackupRestore.exe [2013-09-24] (TradeStation Technologies, Inc.)
Task: {C902A88F-45B8-4729-B1FC-1AE82A45E01B} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance => C:\Program Files (x86)\TuneUp Utilities 2010\OneClick.exe [2011-11-15] (TuneUp Software)
Task: {D8171E5F-C7B0-4AFF-979C-23DD10678898} - System32\Tasks\SONY\VAIO Wallpaper Setting Tool\VAIO Wallpaper Setting Tool => C:\Program Files (x86)\Sony\VAIO Wallpaper Setting Tool\VWSet.exe
Task: {E1FC24E8-2C2C-47C0-A905-BEF6E5C1AEC4} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate Restart => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2011-09-23] (Sony Corporation)
Task: {E54A9D0B-D560-4292-BC88-BB2C142A53B8} - System32\Tasks\HP online update program => C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [2011-05-10] (Hewlett-Packard)
Task: {E85D0960-2AE3-45A5-BF7E-D95A2AE9618B} - System32\Tasks\SONY\VAIO Power Management\VPM Logon Start => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-06-21] (Sony Corporation)
Task: {E99D47D2-76FB-4021-BAD4-FEA200BD75F2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {F85F74B9-6C26-467D-98BC-FC1E59A419E3} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {FB1E0727-D7D6-4D52-8793-AA6D8C90B0A5} - System32\Tasks\SONY\VAIO Power Management\VPM Session Change => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-06-21] (Sony Corporation)
Task: {FBD3DBF8-4991-412F-B2FC-E6A7003F6CCE} - System32\Tasks\Sony Corporation\VAIO Care\VCSelfHeal => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-10-12] (Sony Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\TradeStation Backup - Monthly.job => C:\Program Files (x86)\TradeStation 9.1\Program\TSBackupRestore.exe
Task: C:\Windows\Tasks\TradeStation Backup - Weekly.job => C:\Program Files (x86)\TradeStation 9.1\Program\TSBackupRestore.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-10-02 22:30 - 2013-10-02 22:30 - 00241664 _____ () C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.3.1.7.bt.1.3\ma\node_modules\motive-activex-wrapper\build\Release\NodeActiveXWrapper.node
2013-04-24 12:05 - 2013-04-24 12:05 - 00268288 _____ () C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.3.1.7.bt.1.3\ma\node_modules\motive-osbridge\build\Release\MotiveOSBridgeNodeModule.node
2013-04-24 12:05 - 2013-04-24 12:05 - 00233984 _____ () C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.3.1.7.bt.1.3\ma\node_modules\motive-xmpps\build\Release\MotiveXMPPSNode.node
2012-07-12 11:37 - 2012-07-12 11:37 - 01380864 _____ () C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.3.1.7.bt.1.3\ma\node_modules\libxmljs\build\Release\libxmljs.node
2012-06-26 08:40 - 2012-06-26 08:40 - 00068096 _____ () C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.3.1.7.bt.1.3\ma\node_modules\dnode\node_modules\weak\build\Release\weakref.node
2010-06-12 10:27 - 2010-06-12 10:27 - 00135168 _____ () C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\Extension\MrsMpegParser.dll
2010-11-30 03:29 - 2010-05-31 19:18 - 00013824 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESBasePS.dll
2010-11-30 03:29 - 2010-05-31 19:18 - 00013312 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSubPS.dll
2011-03-11 22:00 - 2009-08-11 13:54 - 00094208 _____ () C:\Program Files (x86)\MultiScreen\TitleBar.dll
2011-03-11 22:00 - 2009-08-11 13:54 - 00053248 _____ () C:\Program Files (x86)\MultiScreen\SmartMouseDll.dll
2011-03-11 22:00 - 2009-08-11 13:56 - 00053248 _____ () C:\Program Files (x86)\MultiScreen\MGResEng.dll
2013-11-08 09:33 - 2013-07-31 19:07 - 12632576 _____ () C:\Users\user\AppData\Local\Viber\3.1.1.60\libViber.dll
2013-11-08 09:33 - 2013-04-30 09:48 - 00679936 _____ () C:\Users\user\AppData\Local\Viber\3.1.1.60\libGLESv2.dll
2013-11-08 09:33 - 2013-04-30 09:48 - 00060416 _____ () C:\Users\user\AppData\Local\Viber\3.1.1.60\libEGL.dll
2013-11-08 09:33 - 2013-04-30 09:53 - 00821760 _____ () C:\Users\user\AppData\Local\Viber\3.1.1.60\platforms\qwindows.dll
2013-11-08 09:33 - 2013-04-30 09:52 - 00022016 _____ () C:\Users\user\AppData\Local\Viber\3.1.1.60\imageformats\qgif.dll
2013-11-08 09:33 - 2013-04-30 09:53 - 00021504 _____ () C:\Users\user\AppData\Local\Viber\3.1.1.60\imageformats\qico.dll
2013-11-08 09:33 - 2013-04-30 09:53 - 00205312 _____ () C:\Users\user\AppData\Local\Viber\3.1.1.60\imageformats\qjpeg.dll
2013-11-08 09:33 - 2013-04-30 09:55 - 00218624 _____ () C:\Users\user\AppData\Local\Viber\3.1.1.60\imageformats\qmng.dll
2013-11-08 09:33 - 2013-04-30 09:53 - 00016384 _____ () C:\Users\user\AppData\Local\Viber\3.1.1.60\imageformats\qsvg.dll
2013-11-08 09:33 - 2013-04-30 09:55 - 00015872 _____ () C:\Users\user\AppData\Local\Viber\3.1.1.60\imageformats\qtga.dll
2013-11-08 09:33 - 2013-04-30 09:55 - 00282112 _____ () C:\Users\user\AppData\Local\Viber\3.1.1.60\imageformats\qtiff.dll
2013-11-08 09:33 - 2013-04-30 09:55 - 00015360 _____ () C:\Users\user\AppData\Local\Viber\3.1.1.60\imageformats\qwbmp.dll
2013-11-08 09:33 - 2013-04-30 09:52 - 00557056 _____ () C:\Users\user\AppData\Local\Viber\3.1.1.60\sqldrivers\qsqlite.dll
2011-04-24 23:13 - 2011-04-24 23:13 - 02118032 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtCore4.dll
2011-04-24 23:13 - 2011-04-24 23:13 - 07008656 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtGui4.dll
2011-04-24 23:13 - 2011-04-24 23:13 - 02089360 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtDeclarative4.dll
2011-04-24 23:13 - 2011-04-24 23:13 - 01270160 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtScript4.dll
2011-04-24 23:13 - 2011-04-24 23:13 - 00192912 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtSql4.dll
2011-04-24 23:13 - 2011-04-24 23:13 - 00758160 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtNetwork4.dll
2011-04-20 19:56 - 2011-04-20 19:56 - 00025088 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll
2013-08-15 06:55 - 2013-08-15 06:55 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\44bfa824a3b8a6f789fda79a2e01a8db\IsdiInterop.ni.dll
2010-10-11 20:03 - 2010-03-04 03:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2009-12-29 08:59 - 2009-12-29 08:59 - 00344130 _____ () C:\Program Files (x86)\TradeStation 9.1\Program\SQLITE3.dll
2009-12-29 08:59 - 2009-12-29 08:59 - 00134144 _____ () C:\Program Files (x86)\TradeStation 9.1\Program\zlib1.dll
2013-09-24 15:09 - 2013-09-24 15:09 - 00148992 _____ () C:\Program Files (x86)\TradeStation 9.1\Program\tssess.dll
2013-10-16 13:31 - 2013-10-09 00:01 - 00698832 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\libglesv2.dll
2013-10-16 13:31 - 2013-10-09 00:01 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\libegl.dll
2013-10-16 13:31 - 2013-10-09 00:02 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll
2013-10-16 13:31 - 2013-10-09 00:02 - 00415184 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
2013-10-16 13:31 - 2013-10-09 00:01 - 01604560 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll
2011-03-16 23:11 - 2011-03-16 23:11 - 04297568 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2013-09-03 13:53 - 2013-09-03 13:53 - 00305520 _____ () C:\Program Files (x86)\Adobe\Reader 10.0\Reader\sqlite.dll
2012-07-27 20:51 - 2012-07-27 20:51 - 06549432 _____ () C:\Program Files (x86)\Adobe\Reader 10.0\Reader\authplay.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/11/2013 08:15:53 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (11/11/2013 07:46:45 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: C:\Program Files (x86)\Samsung\Kies\Kies.exe . Error code = 0x800700d8
 
Error: (11/11/2013 07:46:44 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: C:\Program Files (x86)\Samsung\Kies\Kies.exe . Error code = 0x800700d8
 
Error: (11/08/2013 00:20:10 PM) (Source: Application Hang) (User: )
Description: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 120c
 
Start Time: 01cedbdee1feaa14
 
Termination Time: 1993
 
Application Path: C:\Windows\Explorer.EXE
 
Report Id: 12eedc47-4870-11e3-bdd1-889ffae4624f
 
Error: (11/08/2013 08:02:38 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (11/08/2013 08:02:34 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (11/08/2013 08:02:31 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (11/08/2013 08:02:26 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (11/08/2013 00:27:51 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (11/07/2013 05:37:36 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
 
System errors:
=============
Error: (11/11/2013 07:40:17 AM) (Source: Service Control Manager) (User: )
Description: The VAIO Care Performance Service service hung on starting.
 
Error: (11/11/2013 07:34:24 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\Windows\system32\athExt.dll
Error Code: 126
 
Error: (11/11/2013 07:34:23 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 18:35:59 on ‎10/‎11/‎2013 was unexpected.
 
Error: (11/10/2013 10:07:55 AM) (Source: Service Control Manager) (User: )
Description: The VAIO Care Performance Service service hung on starting.
 
Error: (11/10/2013 10:04:18 AM) (Source: Service Control Manager) (User: )
Description: The VAIO Media plus Device Searcher service terminated with the following error: 
%%-2147467259
 
Error: (11/10/2013 10:04:18 AM) (Source: DCOM) (User: )
Description: 1053SpfService{A13E129C-F190-4B14-9AD5-A6C09004E43E}
 
Error: (11/10/2013 10:04:10 AM) (Source: Service Control Manager) (User: )
Description: The VAIO Entertainment Common Service service failed to start due to the following error: 
%%1053
 
Error: (11/10/2013 10:04:10 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the VAIO Entertainment Common Service service to connect.
 
Error: (11/10/2013 10:03:02 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\Windows\system32\athExt.dll
Error Code: 126
 
Error: (11/10/2013 10:03:00 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 21:23:40 on ‎09/‎11/‎2013 was unexpected.
 
 
Microsoft Office Sessions:
=========================
Error: (11/11/2013 08:15:53 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\user\Downloads\esetsmartinstaller_enu.exe
 
Error: (11/11/2013 07:46:45 AM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: C:\Program Files (x86)\Samsung\Kies\Kies.exe . Error code = 0x800700d8 
C:\Program Files (x86)\Samsung\Kies\Kies.exe
 
Error: (11/11/2013 07:46:44 AM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: C:\Program Files (x86)\Samsung\Kies\Kies.exe . Error code = 0x800700d8 
C:\Program Files (x86)\Samsung\Kies\Kies.exe
 
Error: (11/08/2013 00:20:10 PM) (Source: Application Hang)(User: )
Description: Explorer.EXE6.1.7601.17567120c01cedbdee1feaa141993C:\Windows\Explorer.EXE12eedc47-4870-11e3-bdd1-889ffae4624f
 
Error: (11/08/2013 08:02:38 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\user\Downloads\esetsmartinstaller_enu.exe
 
Error: (11/08/2013 08:02:34 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\user\Downloads\esetsmartinstaller_enu.exe
 
Error: (11/08/2013 08:02:31 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\user\Downloads\esetsmartinstaller_enu.exe
 
Error: (11/08/2013 08:02:26 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\user\Downloads\esetsmartinstaller_enu.exe
 
Error: (11/08/2013 00:27:51 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
 
Error: (11/07/2013 05:37:36 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\user\Downloads\esetsmartinstaller_enu.exe
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 75%
Total physical RAM: 4076.93 MB
Available physical RAM: 1003.59 MB
Total Pagefile: 8152.04 MB
Available Pagefile: 3773.75 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:452.81 GB) (Free:86.86 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: FCB4CFCB)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=453 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
Link to post
Share on other sites

Fix with FRST (normal mode)

  • Open notepad (Start =>All Programs => Accessories => Notepad).
  • Please copy the entire contents of the code box below.
    (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
  • Save it to the same direction as frst.exe (or frst64.exe) as fixlist.txt.

    C:\Program Files (x86)\Connect_DLC_5C:\Users\user\AppData\Local\Temp\dlm6CE.tmpC:\Users\user\AppData\LocalLow\Connect_DLC_5C:\Users\user\Documents\Computer\cbsidlm-cbsi134-AdwCleaner-ORG-75851221.exeC:\Users\user\AppData\Local\Temp\jzgcxqye.dll
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run frst.exe (on 64bit, run frst64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

 

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[s1].txt also


SecurityCheck

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.

Link to post
Share on other sites

I think that worked ok - here is the fix.log.  I'll run Adwcleaner now.

 

R

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-11-2013 01
Ran by user at 2013-11-11 08:58:31 Run:1
Running from C:\Users\user\Downloads
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
C:\Program Files (x86)\Connect_DLC_5C:\Users\user\AppData\Local\Temp\dlm6CE.tmpC:\Users\user\AppData\LocalLow\Connect_DLC_5C:\Users\user\Documents\Computer\cbsidlm-cbsi134-AdwCleaner-ORG-75851221.exeC:\Users\user\AppData\Local\Temp\jzgcxqye.dll
*****************
 
"C:\Program Files (x86)\Connect_DLC_5C:\Users\user\AppData\Local\Temp\dlm6CE.tmpC:\Users\user\AppData\LocalLow\Connect_DLC_5C:\Users\user\Documents\Computer\cbsidlm-cbsi134-AdwCleaner-ORG-75851221.exeC:\Users\user\AppData\Local\Temp\jzgcxqye.dll" => File/Directory not found.
 
==== End of Fixlog ====
Link to post
Share on other sites

Sorry. I copied it from the e-mail, not from the link above.  Here is the text - I hope it is correct this time.  Do you want me to run Adwcleaner again now?

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-11-2013 01
Ran by user at 2013-11-11 09:46:14 Run:2
Running from C:\Users\user\Downloads
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
C:\Program Files (x86)\Connect_DLC_5
C:\Users\user\AppData\Local\Temp\dlm6CE.tmp
C:\Users\user\AppData\LocalLow\Connect_DLC_5
C:\Users\user\Documents\Computer\cbsidlm-cbsi134-AdwCleaner-ORG-75851221.exe
C:\Users\user\AppData\Local\Temp\jzgcxqye.dll
*****************
 
"C:\Program Files (x86)\Connect_DLC_5" => File/Directory not found.
C:\Users\user\AppData\Local\Temp\dlm6CE.tmp => Moved successfully.
"C:\Users\user\AppData\LocalLow\Connect_DLC_5" => File/Directory not found.
C:\Users\user\Documents\Computer\cbsidlm-cbsi134-AdwCleaner-ORG-75851221.exe => Moved successfully.
C:\Users\user\AppData\Local\Temp\jzgcxqye.dll => Moved successfully.
 
==== End of Fixlog ====
Link to post
Share on other sites

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[s1].txt also


SecurityCheck

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.

Link to post
Share on other sites

Great.  This is what it looks like now.

 

First adwcleanerlog

 

# AdwCleaner v3.012 - Report created 11/11/2013 at 10:04:19
# Updated 11/11/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : user - RJC-VAIO
# Running from : C:\Users\user\Downloads\adwcleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16720
 
 
-\\ Google Chrome v30.0.1599.101
 
[ File : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted : icon_url
Deleted : search_url
Deleted : suggest_url
Deleted : keyword
 
*************************
 
AdwCleaner[R0].txt - [4822 octets] - [06/11/2013 17:11:55]
AdwCleaner[R1].txt - [3492 octets] - [11/11/2013 09:09:39]
AdwCleaner[R2].txt - [1173 octets] - [11/11/2013 09:59:23]
AdwCleaner[s0].txt - [4828 octets] - [06/11/2013 17:21:57]
AdwCleaner[s1].txt - [3487 octets] - [11/11/2013 09:15:18]
AdwCleaner[s2].txt - [1007 octets] - [11/11/2013 10:04:19]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s2].txt - [1067 octets] ##########
 
Second, Security Check log
 
 Results of screen317's Security Check version 0.99.76  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 TuneUp Utilities    
 TuneUp Utilities Language Pack (en-GB) 
 TuneUp Utilities    
 Java 6 Update 24  
 Java 7 Update 45  
 Java 6 Update 3  
 Adobe Flash Player 11.9.900.117  
 Adobe Reader 10.1.8 Adobe Reader out of Date!  
 Google Chrome 30.0.1599.101  
 Google Chrome 30.0.1599.69  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
 Kaspersky Lab Kaspersky Internet Security 2012 avp.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 2% 
````````````````````End of Log`````````````````````` 
Link to post
Share on other sites

Your system is clean! :)

 

 

Adobe Reader out of date

Your Adobe Reader is outdated. We will fix this.


  • Get the actual software from here. Important: Uncheck any optional software (for example Google Chrome, etc.) offered.
  • Run setup and follow the instructions.
  • Click upon Start-->control panel-->add/remove programs.
  • Search for and remove any older reader versions.

 

 

 

Uninstall our tools using delfix

Please follow these steps in order:

  1. In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
  2. In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
  3. In any case please download delfix to your desktop.
    • Close all other programms and start delfix.
    • Please check all the boxes and run the tool.
    • delfix will now delete all found traces of our removal process

[*] If there is still something left please delete it manualy.

 

 

 

How to protect yourself

  • System Updates
    Beeing up to date is very important. Please be sure to activate automatic updates in your control panel.
    Windows XP | Windows Vista |
    Windows 7 | windows 8
  • Protection
    What you need is one (not more) good virus scanner with backgroud protection. Additionally I recommend a special malwarescanner that you run from time to time.
    Personally I am using the avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer you good protection for free use. But please remember: You get only the full protection if you use the payed versions of your security software.
  • Up to date Software
    Stay up to date with all the programs you use. Some of those really have to have an eye on are: your browser(s) including add-ons and plug-ins, Java, Flash Player, your virus scanner, and basically every software you use often. These link may help you to check:

    [*] Backups
    There are chances for an emergency every day. So be prepared. Back up your data on a regular basis. If you burn it to DVDs from time to time, use a cloud-drive or a professional network backup system is your choice. [*] Brains
    It's no joke! You really need one of those things. :) It is very important not just to click anywhere it is colored or flashing while you surfing on the web. Do not click an OK button on any popping window without reading what it says. While installing software always choose the custom mode, read what those windows says and uncheck adware that will be installed along the software you want.

Link to post
Share on other sites

Marius,

 

Many thanks indeed. 

 

Windows Update is on: last update yesterday.

Protection.  I have the paid version of Malwarebytes.  I will look at the Avast! as well - thank you.

Up to date software.  This is a weakness.  Sometimes I don't check.  Thanks for the links.

Backups.  I backup once a month onto 2 x 2Tb WD HDDs (2 - in case one fails!).  The last backup was last week.  I don't use the Cloud as our internet connection is too slow.

Brains.   I thought I was pretty 'savvy' (wise) but I have previously ignored your good advice (even when downloading Adobe Reader today I forgot to uncheck a Norton AntiVirus download!).  So yes, this is the weakest spot.  I am also conscious that I may have picked up something when in Eastern Europe on business - I use a flashdrive to transfer presentations and although Kaspersky is pretty good some nasty stuff may have got through.

 

I have taken the liberty of making a small Paypal donation in gratitude for your help.

 

Best wishes

 

R

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.