Jump to content

Malware "Driver Support" "My PC Backup" "Sync Folder" "Cut the Rope" (url shortcut)


Recommended Posts

A Firefox download yesterday by another person included a PUP bundle loading rogue software that put Driver Support, My PC Backup, Sync Folder and "Cut the Rope" shortcut icons on the desktop. There was also an application called Fast Clean Pro that seemed to be running in the task tray. I used the task manager to stop it, then performed the Control Panel uninstall to try to remove it. Next, I tried running my MBAM Pro which quarantined six items, but the PC Backup "warning" window showed up. My Kaspersky Internet Security AV does not find anything. It seems I cannot clean it off my system. I tried using System Restore to take my system back to 8/9/14 (point created just before I did a Java 7 Update 67). This took out three icons, but it still has the "cut the rope" shortcut. I suspect that not all is cleared from the system. I also wish to remove the Firefox program. I noticed in my download folder the "Driver Support" folder that was downloaded on 8/15. I only "deleted" that to the Recycle Bin.

I found the FRST scan among the instructions for this forum and have attached the two files to this post.

Thank you in advance for helping.

FRST_16-08-2014_15-01-58.txt

Addition.txt

Link to post
Share on other sites

Hi & :welcome:

My name is Jürgen and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully. :excl:

  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
P2P/Piracy Warning:
  • If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.
  • Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now and read the policy on Piracy.
Step 1

Scan with mbam.pngMalwarebytes Antimalware

  • Please update the database by clicking on the "Update Now" button.
  • Following the update and click "Settings" and go to "Detection and Protection"
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard, then click on Scan Now to start the scan.

    (If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt so that you can decide what you want to do. I suggest "Quarantine". Click the button: Apply All Actions.)

  • A window with an option to view the detailed log will appear. Click on "View Detailed Log".
  • After viewing the results, please click on the "Copy to Clipboard" button and then OK.
  • Return to our forum. Paste your log into your next reply.
Step 2

Please download adwcleaner.png AdwCleaner (by Xplode) and save it to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select "Run As Administrator"

  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[s#].txt) will open automatically.

    Copy and paste the contents of that logfile in your next reply.

Link to post
Share on other sites

Jurgen - Thank you for your guidance.

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 8/16/2014
Scan Time: 6:45:17 PM
Logfile: 
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.08.16.07
Rootkit Database: v2014.08.16.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 8
CPU: x64
File System: NTFS
User: David Chang
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 323309
Time Elapsed: 9 min, 49 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
I am doing step 2 now. Will post that log separately after reboot. Thank you.
Link to post
Share on other sites

Here is the Step 2 log:

 

# AdwCleaner v3.306 - Report created 16/08/2014 at 19:18:02
# Updated 15/08/2014 by Xplode
# Operating System : Windows 8  (64 bits)
# Username : David Chang - DAVID-VAIO
# Running from : C:\Users\David Chang\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Program Files (x86)\wse_astromenda
Folder Deleted : C:\Users\David Chang\AppData\Roaming\UpdaterEX
Folder Deleted : C:\Users\David Chang\AppData\Roaming\wse_astromenda
Folder Deleted : C:\Users\David Chang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.17028
 
 
-\\ Mozilla Firefox v
 
-\\ Google Chrome v36.0.1985.125
 
[ File : C:\Users\David Chang\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [1359 octets] - [16/08/2014 19:14:21]
AdwCleaner[s0].txt - [1294 octets] - [16/08/2014 19:18:02]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1354 octets] ##########
Link to post
Share on other sites

Hi,

Step 1

Please download the eset.pngESET Online Scanner and save it to your Desktop.

  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.

    Note: This scan might take a long time! Please be patient.

  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.

    Copy and paste the content of this log file in your next reply.

Note: Do not forget to re-enable your antivirus application after running the above scan!

Step 2

frst.pngfrstscan.png

Start FRST with administator privileges.

  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.

    Please copy and paste these logs in your next reply.

lesestoff.png

Can you please tell me which problems still persist now?

Link to post
Share on other sites

ESET scan log:

 

ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=f1adf9c951c4ac4e836837e8b6e2c9b9
# engine=19703
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-08-17 07:45:19
# local_time=2014-08-17 03:45:19 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.2.9200 NT 
# compatibility_mode_1='Kaspersky Internet Security'
# compatibility_mode=1292 16777213 100 100 0 38835941 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 8030821 22105013 0 0
# scanned=228127
# found=0
# cleaned=0
# scan_time=2667
 
FRST scan log:
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-08-2014 04
Ran by David Chang (administrator) on DAVID-VAIO on 17-08-2014 15:53:59
Running from C:\Users\David Chang\Downloads
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Improvement\vim.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Improvement\vim.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(ESET) C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-08-17] (Realtek Semiconductor)
HKLM\...\Run: [intelliType Pro] => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1464944 2012-11-02] (Microsoft Corporation)
HKLM\...\Run: [intelliPoint] => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2076272 2012-11-02] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [277504 2012-08-28] (Intel Corporation)
HKLM-x32\...\Run: [iSBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [68776 2012-08-18] (Sony Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [724576 2012-07-27] (Sony Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "c:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [intel AT Service signup] => c:\Program Files (x86)\Intel Corporation\Intel AT Service signup\IntelATServiceSignup.exe [382976 2012-02-15] (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [btvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [129664 2012-12-28] ( (Qualcomm Atheros Commnucations))
Startup: C:\Users\David Chang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://xfinity.comcast.net/?cid=insDate03052013
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sony13.msn.com
SearchScopes: HKCU - {180780f0-b348-4b44-8210-94a8f3ee15b2} URL = http://search.comcast.net/search/?cat=Web&con=toolbar&q={searchTerms}
SearchScopes: HKCU - {181385DB-D947-4947-876E-99E50698680C} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASAJS
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.13.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-02-11]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-02-11]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-02-11]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-02-11]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-02-11]
FF HKLM-x32\...\Firefox\Extensions: [VIP5X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client [2012-11-26]
 
Chrome: 
=======
CHR HomePage: 
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\pdf.dll ()
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\David Chang\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\plugin/npUrlAdvisor.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\David Chang\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\plugin/online_banking_npapi.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\David Chang\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4190_0\plugin/npVKPlugin.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\David Chang\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\plugin/npABPlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java Platform SE 7 U17) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10516.0\npctrl.dll No File
CHR Extension: (Google Docs) - C:\Users\David Chang\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-02-19]
CHR Extension: (Google Drive) - C:\Users\David Chang\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-02-19]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\David Chang\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]
CHR Extension: (Kaspersky Protection) - C:\Users\David Chang\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa [2014-03-29]
CHR Extension: (YouTube) - C:\Users\David Chang\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-19]
CHR Extension: (Adblock Plus) - C:\Users\David Chang\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-08-15]
CHR Extension: (Adblock for Youtube™) - C:\Users\David Chang\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2014-08-15]
CHR Extension: (Google Search) - C:\Users\David Chang\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-19]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\David Chang\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2013-02-19]
CHR Extension: (Whirlpool Galaxy Theme) - C:\Users\David Chang\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnopmmndacidkofjhjnbeonjebidapml [2013-02-19]
CHR Extension: (Safe Money) - C:\Users\David Chang\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2013-02-19]
CHR Extension: (Dangerous Websites Blocker) - C:\Users\David Chang\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2014-02-11]
CHR Extension: (Virtual Keyboard) - C:\Users\David Chang\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2013-02-19]
CHR Extension: (Google Wallet) - C:\Users\David Chang\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (Gmail) - C:\Users\David Chang\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-19]
CHR Extension: (Anti-Banner) - C:\Users\David Chang\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2013-02-19]
CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [2013-02-19]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-11-16]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-11-16]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-11-16]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-11-16]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-11-16]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [226944 2012-12-28] (Qualcomm Atheros Commnucations)
R2 avp; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-11-16] (Kaspersky Lab ZAO)
S2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-19] (Intel Corporation)
R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-08-28] (Intel Corporation) [File not signed]
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 NetworkSupport; C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe [639576 2013-05-10] (Sony Corporation)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [474208 2012-07-27] (Sony Corporation)
R3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-19] (Intel Corporation)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [972000 2012-11-07] (Sony Corporation)
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84080 2012-04-19] (Symantec Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-27] (Sony Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-12-28] (Atheros) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2012-12-28] (Qualcomm Atheros)
S3 BTATH_VDP; C:\Windows\system32\drivers\btath_vdp.sys [428008 2012-12-28] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-11-16] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29792 2013-11-16] (Kaspersky Lab)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-03-27] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625760 2014-03-27] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2013-11-16] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [29280 2014-02-18] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-11-16] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [65120 2014-03-27] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [178272 2014-02-11] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-17] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
S3 semav6thermal64ro; C:\Windows\system32\drivers\semav6thermal64ro.sys [13792 2014-04-08] ()
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44344 2012-09-27] (Synaptics Incorporated)
R3 SOWS; C:\Windows\System32\drivers\sows.sys [24280 2012-06-10] (Sony Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-17 13:23 - 2014-08-17 13:23 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-08-17 13:15 - 2014-08-17 13:14 - 02347384 _____ (ESET) C:\Users\David Chang\Desktop\esetsmartinstaller_enu.exe
2014-08-17 13:14 - 2014-08-17 13:14 - 02347384 _____ (ESET) C:\Users\David Chang\Downloads\esetsmartinstaller_enu.exe
2014-08-16 19:22 - 2014-08-01 20:15 - 00704480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-16 19:22 - 2014-08-01 20:15 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-16 19:14 - 2014-08-16 19:18 - 00000000 ____D () C:\AdwCleaner
2014-08-16 19:14 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-16 19:05 - 2014-08-16 19:04 - 01361203 _____ () C:\Users\David Chang\Desktop\AdwCleaner.exe
2014-08-16 19:04 - 2014-08-16 19:04 - 01361203 _____ () C:\Users\David Chang\Downloads\AdwCleaner.exe
2014-08-16 15:01 - 2014-08-16 15:01 - 00028735 _____ () C:\Users\David Chang\Downloads\Addition.txt
2014-08-16 15:00 - 2014-08-17 15:54 - 00025624 _____ () C:\Users\David Chang\Downloads\FRST.txt
2014-08-16 14:51 - 2014-08-17 15:54 - 00000000 ____D () C:\FRST
2014-08-16 14:50 - 2014-08-16 14:50 - 02101760 _____ (Farbar) C:\Users\David Chang\Downloads\FRST64.exe
2014-08-16 13:09 - 2014-07-15 18:51 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys
2014-08-16 13:07 - 2014-06-10 18:44 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-16 13:07 - 2014-06-10 18:43 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-16 12:51 - 2014-06-12 21:57 - 01453400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-16 12:51 - 2014-06-12 21:55 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-08-16 12:50 - 2014-07-24 08:11 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-16 12:50 - 2014-07-24 08:10 - 02240000 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-16 12:50 - 2014-07-24 08:10 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-16 12:50 - 2014-07-24 08:10 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-08-16 12:50 - 2014-07-24 08:10 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-08-16 12:50 - 2014-07-24 08:09 - 19279872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-16 12:50 - 2014-07-24 08:09 - 15399936 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-16 12:50 - 2014-07-24 08:09 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-16 12:50 - 2014-07-24 08:09 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-16 12:50 - 2014-07-24 08:09 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-16 12:50 - 2014-07-24 08:09 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-16 12:50 - 2014-07-24 08:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-16 12:50 - 2014-07-24 08:09 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-16 12:50 - 2014-07-24 08:09 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-16 12:50 - 2014-07-24 08:09 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-16 12:50 - 2014-07-24 08:09 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-16 12:50 - 2014-07-24 08:09 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-08-16 12:50 - 2014-07-24 08:09 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-16 12:50 - 2014-07-24 08:09 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-16 12:50 - 2014-07-24 08:09 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-16 12:50 - 2014-07-24 08:09 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-16 12:50 - 2014-07-24 06:52 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-16 12:50 - 2014-07-24 06:52 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-16 12:50 - 2014-07-24 06:52 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-08-16 12:50 - 2014-07-24 06:51 - 14371328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-16 12:50 - 2014-07-24 06:51 - 13757440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-16 12:50 - 2014-07-24 06:51 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-16 12:50 - 2014-07-24 06:51 - 02054656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-16 12:50 - 2014-07-24 06:51 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-16 12:50 - 2014-07-24 06:51 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-08-16 12:50 - 2014-07-24 06:51 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-16 12:50 - 2014-07-24 06:51 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-16 12:50 - 2014-07-24 06:51 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-16 12:50 - 2014-07-24 06:51 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-16 12:50 - 2014-07-24 06:51 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-16 12:50 - 2014-07-24 06:51 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-08-16 12:50 - 2014-07-24 06:51 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-16 12:50 - 2014-07-24 06:51 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-16 12:50 - 2014-07-24 06:51 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-16 12:50 - 2014-07-24 06:51 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-16 12:50 - 2014-07-24 06:33 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-16 12:50 - 2014-07-24 06:29 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-16 12:50 - 2014-07-24 04:03 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-08-16 12:49 - 2014-06-19 19:35 - 01312768 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-16 12:49 - 2014-06-19 18:24 - 00694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-16 12:49 - 2014-06-05 13:56 - 00112984 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-16 12:49 - 2014-06-05 13:30 - 10116608 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-08-16 12:49 - 2014-06-05 13:29 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-16 12:49 - 2014-06-05 13:29 - 00393216 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-16 12:49 - 2014-06-05 13:28 - 02306560 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-16 12:49 - 2014-06-05 13:28 - 02146304 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-08-16 12:49 - 2014-06-05 09:12 - 08857600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-08-16 12:49 - 2014-06-05 09:11 - 02416128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-16 12:49 - 2014-06-05 09:11 - 00295424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-16 12:49 - 2014-06-05 09:10 - 02037760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-16 12:49 - 2014-06-05 09:10 - 00754176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-08-16 12:49 - 2014-05-29 00:04 - 00094552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2014-08-16 12:49 - 2014-05-07 21:34 - 00328024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2014-08-15 20:54 - 2014-08-15 20:54 - 00000264 _____ () C:\Users\David Chang\Desktop\Cut the Rope.url
2014-08-15 20:54 - 2014-08-15 20:54 - 00000000 ____D () C:\Users\David Chang\AppData\Local\IsolatedStorage
2014-08-15 20:53 - 2014-08-15 20:53 - 00000000 ____D () C:\Users\David Chang\AppData\Local\Mozilla
2014-08-15 20:52 - 2014-08-15 20:52 - 00000000 ____D () C:\ProgramData\UAB
2014-08-15 20:52 - 2014-08-15 20:52 - 00000000 ____D () C:\ProgramData\Driver Support
2014-08-15 20:52 - 2014-08-15 20:52 - 00000000 ____D () C:\Program Files (x86)\Driver Support
2014-08-15 20:51 - 2014-08-16 12:00 - 00000000 ____D () C:\Users\David Chang\AppData\Local\fastcleanpro
2014-08-09 08:14 - 2014-08-09 08:14 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\79D854E9.sys
2014-08-09 08:14 - 2014-08-09 08:14 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\47E05BE4.sys
2014-08-03 00:03 - 2014-08-03 00:03 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\46FC51FC.sys
2014-08-02 16:52 - 2014-08-16 12:04 - 00000000 ____D () C:\Users\David Chang\AppData\Roaming\dvdcss
2014-08-02 16:42 - 2014-08-16 12:04 - 00000000 ____D () C:\Users\David Chang\AppData\Roaming\vlc
2014-08-02 16:40 - 2014-08-02 16:40 - 00000871 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-08-02 16:40 - 2014-08-02 16:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-08-02 16:40 - 2014-08-02 16:40 - 00000000 ____D () C:\Program Files\VideoLAN
2014-08-02 16:35 - 2014-08-02 16:26 - 25611537 _____ () C:\Users\David Chang\Documents\vlc-2.1.5-win64.exe
2014-08-02 16:26 - 2014-08-02 16:26 - 25611537 _____ () C:\Users\David Chang\Downloads\vlc-2.1.5-win64.exe
2014-07-21 21:21 - 2014-07-21 21:21 - 00308464 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-21 21:19 - 2014-07-11 02:56 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-21 21:18 - 2014-08-16 12:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-21 21:18 - 2014-07-21 21:18 - 00004489 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-21 21:18 - 2014-07-11 03:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-21 21:18 - 2014-07-11 02:56 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-21 21:18 - 2014-07-11 02:55 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-17 15:54 - 2014-08-16 15:00 - 00025624 _____ () C:\Users\David Chang\Downloads\FRST.txt
2014-08-17 15:54 - 2014-08-16 14:51 - 00000000 ____D () C:\FRST
2014-08-17 15:43 - 2013-02-19 22:35 - 00000930 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-17 15:05 - 2012-11-26 20:39 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-08-17 15:00 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\system32\sru
2014-08-17 14:57 - 2012-07-26 03:28 - 00850046 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-17 14:51 - 2014-04-11 21:05 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-17 14:51 - 2013-02-19 22:35 - 00000926 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-17 14:50 - 2012-07-26 03:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-17 13:23 - 2014-08-17 13:23 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-08-17 13:14 - 2014-08-17 13:15 - 02347384 _____ (ESET) C:\Users\David Chang\Desktop\esetsmartinstaller_enu.exe
2014-08-17 13:14 - 2014-08-17 13:14 - 02347384 _____ (ESET) C:\Users\David Chang\Downloads\esetsmartinstaller_enu.exe
2014-08-17 06:27 - 2012-11-26 20:26 - 01980923 _____ () C:\Windows\WindowsUpdate.log
2014-08-16 20:11 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\rescache
2014-08-16 19:21 - 2012-08-02 22:22 - 00015570 _____ () C:\Windows\PFRO.log
2014-08-16 19:19 - 2012-07-26 04:12 - 00000000 ___RD () C:\Windows\ToastData
2014-08-16 19:18 - 2014-08-16 19:14 - 00000000 ____D () C:\AdwCleaner
2014-08-16 19:04 - 2014-08-16 19:05 - 01361203 _____ () C:\Users\David Chang\Desktop\AdwCleaner.exe
2014-08-16 19:04 - 2014-08-16 19:04 - 01361203 _____ () C:\Users\David Chang\Downloads\AdwCleaner.exe
2014-08-16 17:45 - 2013-02-19 22:48 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-16 15:01 - 2014-08-16 15:01 - 00028735 _____ () C:\Users\David Chang\Downloads\Addition.txt
2014-08-16 14:50 - 2014-08-16 14:50 - 02101760 _____ (Farbar) C:\Users\David Chang\Downloads\FRST64.exe
2014-08-16 13:21 - 2012-07-26 03:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-08-16 13:18 - 2013-08-17 08:32 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-16 13:16 - 2013-02-16 04:06 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-16 13:07 - 2013-02-15 22:28 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-969918562-1012382177-976764884-1001
2014-08-16 12:49 - 2013-02-16 08:24 - 00000000 ____D () C:\Update
2014-08-16 12:39 - 2013-02-15 22:21 - 00000000 ____D () C:\Windows\pss
2014-08-16 12:18 - 2012-07-26 01:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-08-16 12:13 - 2013-02-15 22:21 - 00000000 ____D () C:\Users\David Chang
2014-08-16 12:04 - 2014-08-02 16:52 - 00000000 ____D () C:\Users\David Chang\AppData\Roaming\dvdcss
2014-08-16 12:04 - 2014-08-02 16:42 - 00000000 ____D () C:\Users\David Chang\AppData\Roaming\vlc
2014-08-16 12:03 - 2014-07-21 21:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-16 12:03 - 2014-07-10 23:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-16 12:03 - 2014-07-10 23:49 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-16 12:03 - 2014-04-08 01:42 - 00000000 __RHD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care
2014-08-16 12:03 - 2013-03-19 20:36 - 00000000 ____D () C:\ProgramData\Atheros
2014-08-16 12:03 - 2013-02-19 22:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-16 12:02 - 2014-07-10 23:49 - 00000000 ____D () C:\Program Files\iTunes
2014-08-16 12:02 - 2014-07-10 23:49 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-16 12:02 - 2013-02-16 22:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-16 12:00 - 2014-08-15 20:51 - 00000000 ____D () C:\Users\David Chang\AppData\Local\fastcleanpro
2014-08-16 11:57 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\registration
2014-08-16 11:56 - 2014-07-10 23:49 - 00000000 ____D () C:\Program Files\iPod
2014-08-16 11:56 - 2013-10-17 23:11 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-16 11:56 - 2012-11-26 20:00 - 00000000 ____D () C:\Program Files\Sony
2014-08-15 20:54 - 2014-08-15 20:54 - 00000264 _____ () C:\Users\David Chang\Desktop\Cut the Rope.url
2014-08-15 20:54 - 2014-08-15 20:54 - 00000000 ____D () C:\Users\David Chang\AppData\Local\IsolatedStorage
2014-08-15 20:54 - 2013-02-17 10:33 - 00000000 ____D () C:\Users\David Chang\AppData\Local\CrashDumps
2014-08-15 20:53 - 2014-08-15 20:53 - 00000000 ____D () C:\Users\David Chang\AppData\Local\Mozilla
2014-08-15 20:53 - 2013-02-16 22:18 - 00000000 ____D () C:\Users\David Chang\AppData\Roaming\Mozilla
2014-08-15 20:52 - 2014-08-15 20:52 - 00000000 ____D () C:\ProgramData\UAB
2014-08-15 20:52 - 2014-08-15 20:52 - 00000000 ____D () C:\ProgramData\Driver Support
2014-08-15 20:52 - 2014-08-15 20:52 - 00000000 ____D () C:\Program Files (x86)\Driver Support
2014-08-15 19:23 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-08-10 22:16 - 2012-07-26 03:21 - 00039031 _____ () C:\Windows\setupact.log
2014-08-10 18:04 - 2014-03-23 01:25 - 00000000 ____D () C:\Users\David Chang\Documents\Dharma Practice
2014-08-10 13:07 - 2013-02-20 23:13 - 00000000 ____D () C:\Users\David Chang\Documents\Quicken
2014-08-10 13:01 - 2013-03-27 20:23 - 00000000 ____D () C:\Users\David Chang\Documents\Auto Records
2014-08-09 17:49 - 2013-10-17 23:14 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-09 14:21 - 2013-02-17 11:18 - 00000000 ____D () C:\Users\David Chang\Documents\RR 401k Fidelity
2014-08-09 08:58 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-09 08:31 - 2013-03-16 17:48 - 00000000 ____D () C:\Users\David Chang\Documents\Cards and bank statements
2014-08-09 08:14 - 2014-08-09 08:14 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\79D854E9.sys
2014-08-09 08:14 - 2014-08-09 08:14 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\47E05BE4.sys
2014-08-09 08:13 - 2014-05-25 18:52 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys
2014-08-03 00:03 - 2014-08-03 00:03 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\46FC51FC.sys
2014-08-02 16:40 - 2014-08-02 16:40 - 00000871 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-08-02 16:40 - 2014-08-02 16:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-08-02 16:40 - 2014-08-02 16:40 - 00000000 ____D () C:\Program Files\VideoLAN
2014-08-02 16:26 - 2014-08-02 16:35 - 25611537 _____ () C:\Users\David Chang\Documents\vlc-2.1.5-win64.exe
2014-08-02 16:26 - 2014-08-02 16:26 - 25611537 _____ () C:\Users\David Chang\Downloads\vlc-2.1.5-win64.exe
2014-08-01 20:15 - 2014-08-16 19:22 - 00704480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-01 20:15 - 2014-08-16 19:22 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-30 21:13 - 2014-05-18 20:24 - 00000000 ____D () C:\MAGICDVDCOPY_TEMP
2014-07-27 21:35 - 2013-03-31 03:11 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-27 21:35 - 2013-03-31 03:11 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-27 21:30 - 2013-03-31 03:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-24 08:11 - 2014-08-16 12:50 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-24 08:10 - 2014-08-16 12:50 - 02240000 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-24 08:10 - 2014-08-16 12:50 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-24 08:10 - 2014-08-16 12:50 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-07-24 08:10 - 2014-08-16 12:50 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-07-24 08:09 - 2014-08-16 12:50 - 19279872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-24 08:09 - 2014-08-16 12:50 - 15399936 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-24 08:09 - 2014-08-16 12:50 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-24 08:09 - 2014-08-16 12:50 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-24 08:09 - 2014-08-16 12:50 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-24 08:09 - 2014-08-16 12:50 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-24 08:09 - 2014-08-16 12:50 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-24 08:09 - 2014-08-16 12:50 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-24 08:09 - 2014-08-16 12:50 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-24 08:09 - 2014-08-16 12:50 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-24 08:09 - 2014-08-16 12:50 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-24 08:09 - 2014-08-16 12:50 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-07-24 08:09 - 2014-08-16 12:50 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-24 08:09 - 2014-08-16 12:50 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-24 08:09 - 2014-08-16 12:50 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-24 08:09 - 2014-08-16 12:50 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-24 06:52 - 2014-08-16 12:50 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-24 06:52 - 2014-08-16 12:50 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-24 06:52 - 2014-08-16 12:50 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-07-24 06:51 - 2014-08-16 12:50 - 14371328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-24 06:51 - 2014-08-16 12:50 - 13757440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-24 06:51 - 2014-08-16 12:50 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-24 06:51 - 2014-08-16 12:50 - 02054656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-24 06:51 - 2014-08-16 12:50 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-24 06:51 - 2014-08-16 12:50 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-07-24 06:51 - 2014-08-16 12:50 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-24 06:51 - 2014-08-16 12:50 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-24 06:51 - 2014-08-16 12:50 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-24 06:51 - 2014-08-16 12:50 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-24 06:51 - 2014-08-16 12:50 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-24 06:51 - 2014-08-16 12:50 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-07-24 06:51 - 2014-08-16 12:50 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-24 06:51 - 2014-08-16 12:50 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-24 06:51 - 2014-08-16 12:50 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-24 06:51 - 2014-08-16 12:50 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-24 06:33 - 2014-08-16 12:50 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-24 06:29 - 2014-08-16 12:50 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-24 04:03 - 2014-08-16 12:50 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-07-23 22:03 - 2012-07-26 01:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-07-21 21:21 - 2014-07-21 21:21 - 00308464 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-21 21:18 - 2014-07-21 21:18 - 00004489 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
 
Some content of TEMP:
====================
C:\Users\David Chang\AppData\Local\Temp\GLF23A3.EXE
C:\Users\David Chang\AppData\Local\Temp\GLF27F9.EXE
C:\Users\David Chang\AppData\Local\Temp\GLF2AFC.EXE
C:\Users\David Chang\AppData\Local\Temp\GLF2D89.EXE
C:\Users\David Chang\AppData\Local\Temp\GLF2FA0.EXE
C:\Users\David Chang\AppData\Local\Temp\GLF30E5.EXE
C:\Users\David Chang\AppData\Local\Temp\GLF312A.EXE
C:\Users\David Chang\AppData\Local\Temp\GLF360D.EXE
C:\Users\David Chang\AppData\Local\Temp\GLF3DE3.EXE
C:\Users\David Chang\AppData\Local\Temp\GLF41CF.EXE
C:\Users\David Chang\AppData\Local\Temp\GLF41FB.EXE
C:\Users\David Chang\AppData\Local\Temp\GLF455A.EXE
C:\Users\David Chang\AppData\Local\Temp\GLF4ADC.EXE
C:\Users\David Chang\AppData\Local\Temp\GLF4C3D.EXE
C:\Users\David Chang\AppData\Local\Temp\GLF4E8E.EXE
C:\Users\David Chang\AppData\Local\Temp\GLF50E4.EXE
C:\Users\David Chang\AppData\Local\Temp\GLF50E7.EXE
C:\Users\David Chang\AppData\Local\Temp\GLF522A.EXE
C:\Users\David Chang\AppData\Local\Temp\GLF5381.EXE
C:\Users\David Chang\AppData\Local\Temp\GLF54CD.EXE
C:\Users\David Chang\AppData\Local\Temp\GLF68F1.EXE
C:\Users\David Chang\AppData\Local\Temp\GLF6D04.EXE
C:\Users\David Chang\AppData\Local\Temp\GLF6E70.EXE
C:\Users\David Chang\AppData\Local\Temp\GLF6FC5.EXE
C:\Users\David Chang\AppData\Local\Temp\GLF7062.EXE
C:\Users\David Chang\AppData\Local\Temp\GLF7797.EXE
C:\Users\David Chang\AppData\Local\Temp\GLF7B42.EXE
C:\Users\David Chang\AppData\Local\Temp\GLF8044.EXE
C:\Users\David Chang\AppData\Local\Temp\GLF820C.EXE
C:\Users\David Chang\AppData\Local\Temp\GLF8672.EXE
C:\Users\David Chang\AppData\Local\Temp\GLF88CE.EXE
C:\Users\David Chang\AppData\Local\Temp\GLF8F77.EXE
C:\Users\David Chang\AppData\Local\Temp\GLFB0E3.EXE
C:\Users\David Chang\AppData\Local\Temp\GLFB7AB.EXE
C:\Users\David Chang\AppData\Local\Temp\GLFCAC6.EXE
C:\Users\David Chang\AppData\Local\Temp\GLFCE26.EXE
C:\Users\David Chang\AppData\Local\Temp\GLFCF99.EXE
C:\Users\David Chang\AppData\Local\Temp\GLFD2BB.EXE
C:\Users\David Chang\AppData\Local\Temp\GLFD79C.EXE
C:\Users\David Chang\AppData\Local\Temp\GLFD8AA.EXE
C:\Users\David Chang\AppData\Local\Temp\GLFD8BE.EXE
C:\Users\David Chang\AppData\Local\Temp\GLFDAF6.EXE
C:\Users\David Chang\AppData\Local\Temp\GLFDE81.EXE
C:\Users\David Chang\AppData\Local\Temp\GLFDE92.EXE
C:\Users\David Chang\AppData\Local\Temp\GLFDED9.EXE
C:\Users\David Chang\AppData\Local\Temp\GLFE04D.EXE
C:\Users\David Chang\AppData\Local\Temp\GLFE293.EXE
C:\Users\David Chang\AppData\Local\Temp\GLFE728.EXE
C:\Users\David Chang\AppData\Local\Temp\GLFF7BA.EXE
C:\Users\David Chang\AppData\Local\Temp\GLFFEDF.EXE
C:\Users\David Chang\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\David Chang\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\David Chang\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\David Chang\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\David Chang\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\David Chang\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\David Chang\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\David Chang\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\David Chang\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\David Chang\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-15 14:28
 
==================== End Of Log ============================
 
 
Link to post
Share on other sites


This is 2nd part - it was too long for posting.

 

FRST Addition log:

 


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-08-2014 04

Ran by David Chang at 2014-08-17 15:54:52

Running from C:\Users\David Chang\Downloads

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)

Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

ArtRage Studio (HKLM-x32\...\{5A9FE63F-F201-4D55-9F5F-06DDB239AC4F}) (Version: 3.5.5 - Ambient Design)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Canon MX890 series On-screen Manual (HKLM-x32\...\Canon MX890 series On-screen Manual) (Version:  - )

EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)

ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )

FDUx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)

Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden

Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3114 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.4.1001 - Intel Corporation)

Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)

Intel® AT Service signup (HKLM-x32\...\{CD49AEDB-FFB4-4A9A-A3C2-E9AF814FE6FE}) (Version: 2.0.0.3 - Intel Corporation)

Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden

iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)

iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)

Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.650 - Oracle)

Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden

Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)

Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden

KUx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden

Magic DVD Copier V8.2.0 (HKLM-x32\...\Magic DVD Copier_is1) (Version:  - Magic DVD Software, Inc.)

Magic DVD Ripper V8.2.0 (HKLM-x32\...\Magic DVD Ripper_is1) (Version:  - Magic DVD Software, Inc.)

Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)

Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.0.162.0 - Microsoft Corporation)

Microsoft Mouse and Keyboard Center (Version: 2.0.162.0 - Microsoft Corporation) Hidden

Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.5.0 - Mozilla)

Mozilla Thunderbird 24.6.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 en-US)) (Version: 24.6.0 - Mozilla)

Networkx64 (Version: 1.0.0 - Sony Corporation) Hidden

OpenOffice.org 3.4.1 (HKLM-x32\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation)

PlayMemories Home (HKLM-x32\...\{10DD6128-A810-4A90-9523-475D573FBB37}) (Version: 6.3.02.07270 - Sony Corporation)

Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.218 - Qualcomm Atheros Communications)

Quicken 2013 (HKLM-x32\...\{034DD4BB-F0D6-4ECF-B064-8E39E3EF7076}) (Version: 22.1.12.7 - Intuit)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6695 - Realtek Semiconductor Corp.)

Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.8400.28121 - Realtek Semiconductor Corp.)

Restore (x32 Version: 1.0.0 - Sony Corporation) Hidden

SSLx64 (Version: 1.0.0 - Sony Corporation ) Hidden

SSLx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.16.2 - Synaptics Incorporated)

VAIO - Xperia Link (HKLM-x32\...\{D91558BF-D1F3-411F-AEFE-8774CB406512}) (Version: 1.0.0.08170 - Sony Corporation)

VAIO Care (HKLM\...\{92907606-B2FC-4193-B0CE-A21159DA3ABB}) (Version: 8.4.0.14286 - Sony Corporation)

VAIO Care Hardware Diagnostics Plugin (HKLM-x32\...\{EC153498-00E1-4C9C-89BE-81527C6750BE}) (Version: 4.11.1.11220 - Sony Corporation)

VAIO Care Recovery (HKLM\...\{15B9204E-BA09-485E-8F2C-094AC0077664}) (Version: 1.1.2.13230 - Sony Corporation)

VAIO Control Center (HKLM-x32\...\{8E797841-A110-41FD-B17A-3ABC0641187A}) (Version: 6.0.0.08200 - Sony Corporation)

VAIO CPU Fan Diagnostic (HKLM-x32\...\{BCE6E3D7-B565-4E1B-AC77-F780666A35FB}) (Version: 1.1.0.09200 - Sony Corporation)

VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.10.0.07270 - Sony Corporation)

VAIO Easy Connect (x32 Version: 8.2.0.14170 - Sony Corporation) Hidden

VAIO Gate (HKLM-x32\...\{14AC95A2-7675-4988-A5BD-3F5B943AED08}) (Version: 3.0.1.02270 - Sony Corporation)

VAIO Gate Default (HKLM-x32\...\{B7546697-2A80-4256-A24B-1C33163F535B}) (Version: 3.0.0.08060 - Sony Corporation)

VAIO Gesture Control (HKLM-x32\...\{692955F2-DE9F-4078-8FAA-858D6F3A1776}) (Version: 2.0.0.08240 - Sony Corporation)

VAIO Gesture Control (x32 Version: 2.0.0.08240 - Sony Corporation) Hidden

VAIO Image Optimizer (HKLM-x32\...\InstallShield_{5597C927-029A-46A7-A0C0-8DABD9891A50}) (Version: 3.3.00.10220 - Sony Corporation)

VAIO Image Optimizer (x32 Version: 3.0.00.08170 - Sony Corporation) Hidden

VAIO Improvement (HKLM-x32\...\{3A26D9BD-0F73-432D-B522-2BA18138F7EF}) (Version: 2.0.0.08090 - Sony Corporation)

VAIO Manual (HKLM-x32\...\{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}) (Version: 3.0.0.08100 - Sony Corporation)

VAIO Media Server Settings (HKLM\...\{62A172B2-550E-499D-9A82-5190D18390AA}) (Version: 1.0.2.11060 - Sony Corporation)

VAIO Movie Creator Template Data (HKLM-x32\...\InstallShield_{00A663F1-6C03-48CA-8E85-55806AAE2615}) (Version: 4.0.00.08170 - Sony Corporation)

VAIO Movie Creator Template Data (x32 Version: 4.0.00.08170 - Sony Corporation) Hidden

VAIO Touch Search (HKLM\...\{F792DDDD-71C8-419E-AE05-46B0CDB1BEC8}) (Version: 1.1.0.1511 - Sony Corporation)

VAIO Transfer Support (HKLM-x32\...\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}) (Version: 1.8.0.08212 - Sony Corporation)

VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 7.0.0.14270 - Sony Corporation)

VCCx64 (Version: 1.0.0 - Sony Corporation) Hidden

VCCx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden

VGClientX64 (Version: 1.0.0 - Sony Corporation) Hidden

VHD (x32 Version: 1.0.0 - Sony Corporation) Hidden

VIP Access (HKLM-x32\...\{E8D46836-CD55-453C-A107-A59EC51CB8DC}) (Version: 2.0.5.13 - VeriSign)

VIx64 (Version: 1.0.0 - Sony Corporation) Hidden

VIx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden

VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)

VMLx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden

VPMx64 (Version: 1.0.0 - Sony Corporation ) Hidden

VSSTx64 (Version: 1.0.0 - Sony Corporation ) Hidden

VSSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden

VU5x64 (Version: 1.0.0 - Sony Corporation ) Hidden

VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden

VU5x86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden

VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden

VUx64 (Version: 1.0.0 - Sony Corporation ) Hidden

VUx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden

VWSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden

XperiaLinkx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

 

==================== Restore Points  =========================

 

28-07-2014 01:27:54 Windows Update

02-08-2014 20:07:14 before VLC media player software install

09-08-2014 21:48:34 Installed Java 7 Update 67

11-08-2014 00:54:41 Removed VAIO Easy Connect

16-08-2014 07:30:39 Removed FastCleanPro.

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2012-07-26 01:26 - 2012-07-26 01:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {081A02F7-019E-4687-B9F7-85F2ED124AC7} - System32\Tasks\Sony Corporation\VAIO Care\UpdateSolution => C:\Program Files\Sony\VAIO Care\Solution.Updater.exe [2014-02-27] (Sony Corporation)

Task: {0F1F023D-FF49-419E-9E38-F53314DAC1C1} - System32\Tasks\Sony Corporation\VAIO Care\UploadPOT => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)

Task: {15C79A59-4358-439D-A849-2DB184E6FCD3} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-01-30] (Microsoft Corporation)

Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask

Task: {1CA3B520-48CF-46FC-AF68-210B2CF81C5A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-19] (Google Inc.)

Task: {1D38C84A-6805-4071-89B5-E9E13BA51948} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2014-02-28] (Sony Corporation)

Task: {1E721D66-FA41-4484-B787-427D142A5DEF} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-08-16] (Microsoft Corporation)

Task: {209D99AF-ECC2-4507-9041-6BAC0F738CA0} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2012-11-02] (Microsoft)

Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList

Task: {26F662CC-9097-4F5B-B668-7B809818E568} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)

Task: {278F21D2-882F-40AB-BACD-757E2BE97000} - System32\Tasks\Sony Corporation\VAIO Update\Launch Application => C:\Program Files\SONY\VAIO Update\ShellExeProxy.exe [2014-01-27] (Sony Corporation)

Task: {402E247E-DE16-4E83-BE63-AA95304DC0DF} - System32\Tasks\USER_ESRV_SVC => Wscript.exe //B //NoLogo "C:\Program Files\Sony\VAIO Care\ESRV\task.vbs"

Task: {47C72C6E-A9E8-4202-B489-2BD7C5B23AAA} - System32\Tasks\Sony Corporation\VAIO Care\GetPOTInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)

Task: {4F6F3CDB-8535-4CD5-9AC1-6643949E298E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-19] (Google Inc.)

Task: {5273E3E2-2DBA-46CD-9404-E94B511A1FBB} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-09-27] (Synaptics Incorporated)

Task: {6751F4E2-3374-400C-A4F8-F1D821B56F4B} - System32\Tasks\Sony Corporation\VAIO Gesture Control\VCGULogonTask => C:\Program Files (x86)\Sony\VAIO Camera Gesture Utility\VCGU.exe [2012-08-04] (Sony Corporation)

Task: {69A9A634-9D20-4574-AA61-B120B38203CC} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)

Task: {6DA52367-C834-4295-B5E8-0AA206D7CC7A} - System32\Tasks\Sony Corporation\VAIO Care\DeployCRMflag => C:\Program Files\Sony\VAIO Care\DeployCRMflag.exe [2014-01-16] (Sony Corporation)

Task: {6F43A0BB-05B5-44D1-8781-2759BC4E0295} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)

Task: {7786C085-12F4-4A20-B920-045D0D96087E} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2013-02-21] (Sony Corporation)

Task: {87617262-3A73-496C-91D3-841018D35227} - System32\Tasks\Sony Corporation\VAIO Control Center\NetworkSetting\NetworkSetting Logon Start => C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient

Task: {884AE630-B2AD-48F8-A878-1B2F83DD2B92} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)

Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing

Task: {B238A0CF-9F7C-4231-B485-478F4290F5F3} - System32\Tasks\Sony Corporation\VAIO Care\CheckSystemInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)

Task: {BA910510-6C04-4896-A446-B85E131DC7F8} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2012-11-02] (Microsoft Corporation)

Task: {BC41C1BD-0DAE-46E1-ADC3-FA2608A2DF7F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {BD0D616B-BE4D-4D3D-AE19-A5A142B9AD8A} - System32\Tasks\Sony Corporation\VAIO Care\VCSelfHeal => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)

Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState

Task: {CE30EC35-A0B0-48F8-A403-AD3E707CD028} - System32\Tasks\Sony Corporation\VAIO Care\UpdateContacts => %ProgramData%\Sony Corporation\VAIO Care\UpdateContacts.exe

Task: {CEBEB647-E7E9-40D8-A2C5-79AF38682437} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementMonitorUser => C:\Program Files\Sony\VAIO Improvement\vim.exe [2013-04-03] (Sony Corporation)

Task: {CF3E1B66-89EC-492F-9148-699BB5256D08} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementMonitorSystem => C:\Program Files\Sony\VAIO Improvement\vim.exe [2013-04-03] (Sony Corporation)

Task: {D06D26A6-C48A-403A-B93E-4BFBAAA5AAA1} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Month => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-08-18] (Sony Corporation)

Task: {D3F6850D-E3EF-4366-8220-F7CE8DC023A8} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Daily => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-08-18] (Sony Corporation)

Task: {D5208B67-92E0-40B8-8625-18B3EC667F70} - System32\Tasks\Sony Corporation\VAIO Care\VCRLog => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)

Task: {D63F7734-9020-477B-A8CE-FD888F7F7825} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2012-11-02] (Microsoft Corporation)

Task: {E1B9B5D2-0752-4793-9608-4728E43E51D7} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\viuploader.exe [2012-08-09] (Sony Corporation)

Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask

Task: {FA2AC52F-910E-4866-9417-D8CC06326790} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2014-02-27] (Sony Corporation)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) =============

 

2012-12-28 12:07 - 2012-12-28 12:07 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll

2012-12-28 12:04 - 2012-12-28 12:04 - 00084480 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll

2012-12-28 12:09 - 2012-12-28 12:09 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe

2012-08-19 20:39 - 2012-08-17 13:33 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2013-06-17 13:35 - 2013-06-17 13:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll

2013-05-08 15:52 - 2013-05-08 15:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll

2012-08-10 17:51 - 2012-08-10 17:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll

2014-02-15 11:18 - 2014-02-15 11:18 - 00017920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\c60f9ed947eba130e69ed04c2862c8fe\PSIClient.ni.dll

2012-11-26 20:18 - 2012-06-25 14:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

2014-08-16 17:45 - 2014-08-06 23:20 - 00718152 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libglesv2.dll

2014-08-16 17:45 - 2014-08-06 23:20 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libegl.dll

2014-08-16 17:45 - 2014-08-06 23:20 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\pdf.dll

2014-08-16 17:45 - 2014-08-06 23:20 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll

2014-08-16 17:45 - 2014-08-06 23:20 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ffmpegsumo.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

==================== EXE Association (whitelisted) =============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

(Currently there is no automatic fix for this section.)

 

 

==================== Faulty Device Manager Devices =============

 

Name: Qualcomm Atheros AR3012 Bluetooth® Adapter

Description: Qualcomm Atheros AR3012 Bluetooth® Adapter

Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}

Manufacturer: Qualcomm Atheros Communications

Service: BTHUSB

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (08/17/2014 02:59:06 PM) (Source: SideBySide) (EventID: 78) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

 

Error: (08/17/2014 02:59:04 PM) (Source: SideBySide) (EventID: 78) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

 

Error: (08/17/2014 02:54:56 PM) (Source: SideBySide) (EventID: 78) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

 

Error: (08/17/2014 02:53:10 PM) (Source: SideBySide) (EventID: 78) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

 

Error: (08/17/2014 01:23:46 PM) (Source: SideBySide) (EventID: 78) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

 

Error: (08/17/2014 01:23:46 PM) (Source: SideBySide) (EventID: 78) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

 

Error: (08/17/2014 01:23:46 PM) (Source: SideBySide) (EventID: 78) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

 

Error: (08/17/2014 01:23:43 PM) (Source: SideBySide) (EventID: 78) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

 

Error: (08/17/2014 01:16:26 PM) (Source: SideBySide) (EventID: 78) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

 

Error: (08/17/2014 01:15:43 PM) (Source: SideBySide) (EventID: 78) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

 

 

System errors:

=============

Error: (08/17/2014 02:52:49 PM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The Energy Server Service service terminated with the following error: 

%%268439612

 

Error: (08/17/2014 02:50:46 PM) (Source: EventLog) (EventID: 6008) (User: )

Description: The previous system shutdown at 2:16:39 PM on ‎8/‎17/‎2014 was unexpected.

 

Error: (08/16/2014 07:24:13 PM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The Energy Server Service service terminated with the following error: 

%%268439612

 

Error: (08/16/2014 00:41:52 PM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The Energy Server Service service terminated with the following error: 

%%268439612

 

Error: (08/16/2014 00:39:28 PM) (Source: DCOM) (EventID: 10005) (User: David-VAIO)

Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

 

Error: (08/16/2014 00:38:51 PM) (Source: DCOM) (EventID: 10005) (User: David-VAIO)

Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

 

Error: (08/16/2014 00:38:34 PM) (Source: DCOM) (EventID: 10005) (User: David-VAIO)

Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

 

Error: (08/16/2014 00:35:39 PM) (Source: DCOM) (EventID: 10005) (User: David-VAIO)

Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

 

Error: (08/16/2014 00:33:43 PM) (Source: DCOM) (EventID: 10005) (User: David-VAIO)

Description: 1084WSearchUnavailable{9E175B6D-F52A-11D8-B9A5-505054503030}

 

Error: (08/16/2014 00:33:43 PM) (Source: DCOM) (EventID: 10005) (User: David-VAIO)

Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

 

 

Microsoft Office Sessions:

=========================

Error: (08/17/2014 02:59:06 PM) (Source: SideBySide) (EventID: 78) (User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\David Chang\Desktop\esetsmartinstaller_enu.exe

 

Error: (08/17/2014 02:59:04 PM) (Source: SideBySide) (EventID: 78) (User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\David Chang\Desktop\esetsmartinstaller_enu.exe

 

Error: (08/17/2014 02:54:56 PM) (Source: SideBySide) (EventID: 78) (User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

 

Error: (08/17/2014 02:53:10 PM) (Source: SideBySide) (EventID: 78) (User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\David Chang\Desktop\esetsmartinstaller_enu.exe

 

Error: (08/17/2014 01:23:46 PM) (Source: SideBySide) (EventID: 78) (User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\David Chang\Desktop\esetsmartinstaller_enu.exe

 

Error: (08/17/2014 01:23:46 PM) (Source: SideBySide) (EventID: 78) (User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\David Chang\Desktop\esetsmartinstaller_enu.exe

 

Error: (08/17/2014 01:23:46 PM) (Source: SideBySide) (EventID: 78) (User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\David Chang\Desktop\esetsmartinstaller_enu.exe

 

Error: (08/17/2014 01:23:43 PM) (Source: SideBySide) (EventID: 78) (User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\David Chang\Desktop\esetsmartinstaller_enu.exe

 

Error: (08/17/2014 01:16:26 PM) (Source: SideBySide) (EventID: 78) (User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\David Chang\Desktop\esetsmartinstaller_enu.exe

 

Error: (08/17/2014 01:15:43 PM) (Source: SideBySide) (EventID: 78) (User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\David Chang\Desktop\esetsmartinstaller_enu.exe

 

 

==================== Memory info =========================== 

 

Processor: Intel® Core i3-3217U CPU @ 1.80GHz

Percentage of memory in use: 57%

Total physical RAM: 3975.27 MB

Available physical RAM: 1703.53 MB

Total Pagefile: 4679.27 MB

Available Pagefile: 2146.37 MB

Total Virtual: 8192 MB

Available Virtual: 8191.84 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:433.95 GB) (Free:289.51 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 465.8 GB) (Disk ID: 2BFCBD62)

 

Partition: GPT Partition Type.

 

========================================================

Disk: 1 (Size: 11.2 GB) (Disk ID: 8946E023)

 

Partition: GPT Partition Type.

 

==================== End Of Log ============================

 

Comments: 

The ESET scan seemed to get stuck at 99% the first time I ran it. My computer then stopped responding and I had to reboot to try again which gave these scans.

 

 

Remaining problems:

 

From FRST Scan log (modified folders):


2014-08-15 20:54 - 2014-08-15 20:54 - 00000264 _____ () C:\Users\David Chang\Desktop\Cut the Rope.url

2014-08-15 20:54 - 2014-08-15 20:54 - 00000000 ____D () C:\Users\David Chang\AppData\Local\IsolatedStorage

2014-08-15 20:54 - 2013-02-17 10:33 - 00000000 ____D () C:\Users\David Chang\AppData\Local\CrashDumps

2014-08-15 20:53 - 2014-08-15 20:53 - 00000000 ____D () C:\Users\David Chang\AppData\Local\Mozilla

2014-08-15 20:53 - 2013-02-16 22:18 - 00000000 ____D () C:\Users\David Chang\AppData\Roaming\Mozilla

2014-08-15 20:52 - 2014-08-15 20:52 - 00000000 ____D () C:\ProgramData\UAB

2014-08-15 20:52 - 2014-08-15 20:52 - 00000000 ____D () C:\ProgramData\Driver Support

2014-08-15 20:52 - 2014-08-15 20:52 - 00000000 ____D () C:\Program Files (x86)\Driver Support

2014-08-15 19:23 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\AUInstallAgent

 

From FRST scan log (Created folders):


2014-08-15 20:54 - 2014-08-15 20:54 - 00000264 _____ () C:\Users\David Chang\Desktop\Cut the Rope.url

2014-08-15 20:54 - 2014-08-15 20:54 - 00000000 ____D () C:\Users\David Chang\AppData\Local\IsolatedStorage

2014-08-15 20:53 - 2014-08-15 20:53 - 00000000 ____D () C:\Users\David Chang\AppData\Local\Mozilla

2014-08-15 20:52 - 2014-08-15 20:52 - 00000000 ____D () C:\ProgramData\UAB

2014-08-15 20:52 - 2014-08-15 20:52 - 00000000 ____D () C:\ProgramData\Driver Support

2014-08-15 20:52 - 2014-08-15 20:52 - 00000000 ____D () C:\Program Files (x86)\Driver Support

2014-08-15 20:51 - 2014-08-16 12:00 - 00000000 ____D () C:\Users\David Chang\AppData\Local\fastcleanpro

 

These did not get found during the recent ESET scans. I still see the desktop icon for the Cut the Rope url, too. I can't tell whether there are any other hkeys or other items remaining from the malware.

Thanks.



 


 

Link to post
Share on other sites

Hi,

no more active malware or adware has been found.

Step 1

frst.pngfrstfix.png

Please download the attached fixlist txt.gif and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.

    Please copy and paste its contents in your next reply.

fixlist.txt

That's it! abklatsch.gif

Your logs look clean to me at the moment. icon_thumb.gif

We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.

My help is free for everybody.

If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif

Thank you!

Clean Upcleanupm.PNG

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:

  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Download delfix.pngDelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.
Closing security holes

Many infections happen via drive-by downloads that run unnoticed in the background while the user visits an infected website. To achieve this malware exploits security holes in installed software (e.g. browser or its plugins). Older versions of such software often have lots of known exploitable holes. Therefor it's very important to always keep your software up-to-date.

The following software is outdated. Make sure you remove all old versions and install the current one instead if you need the program:

Java™ 7 Update 65

Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.

Link to post
Share on other sites

Hi!

 

Here is the fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-08-2014 04
Ran by David Chang at 2014-08-18 21:10:02 Run:2
Running from C:\Users\David Chang\Downloads
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
2014-08-15 20:54 - 2014-08-15 20:54 - 00000264 _____ () C:\Users\David Chang\Desktop\Cut the Rope.url
2014-08-15 20:54 - 2014-08-15 20:54 - 00000000 ____D () C:\Users\David Chang\AppData\Local\IsolatedStorage
2014-08-15 20:53 - 2014-08-15 20:53 - 00000000 ____D () C:\Users\David Chang\AppData\Local\Mozilla
2014-08-15 20:52 - 2014-08-15 20:52 - 00000000 ____D () C:\ProgramData\UAB
2014-08-15 20:52 - 2014-08-15 20:52 - 00000000 ____D () C:\ProgramData\Driver Support
2014-08-15 20:52 - 2014-08-15 20:52 - 00000000 ____D () C:\Program Files (x86)\Driver Support
2014-08-15 20:51 - 2014-08-16 12:00 - 00000000 ____D () C:\Users\David Chang\AppData\Local\fastcleanpro
EmptyTemp:
*****************
 
C:\Users\David Chang\Desktop\Cut the Rope.url => Moved successfully.
C:\Users\David Chang\AppData\Local\IsolatedStorage => Moved successfully.
C:\Users\David Chang\AppData\Local\Mozilla => Moved successfully.
C:\ProgramData\UAB => Moved successfully.
C:\ProgramData\Driver Support => Moved successfully.
C:\Program Files (x86)\Driver Support => Moved successfully.
C:\Users\David Chang\AppData\Local\fastcleanpro => Moved successfully.
EmptyTemp: => Removed 1009.3 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
 
Next step?
Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.