Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need a fixlist for FRST64


  • Please log in to reply
7 replies to this topic

#1 Midnight703

Midnight703

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:54 AM

Posted 25 October 2013 - 01:11 PM

Mod Edit: Moved to proper forum ~~ boopme

A computer that my whole family uses has stopped booting. It will begin to boot windows, proceeds to give a BSOD and then shutsdown. After looking throught various forums and used frst64 (as it is a 64 bit system). Below please find the log from running frst64:
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-10-2013
Ran by SYSTEM on MININT-QLUKQCE on 25-10-2013 13:54:27
Running from H:\
Windows 7 Professional (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10060320 2010-03-24] (Realtek Semiconductor)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2009-11-20] (Intel Corporation)
HKLM-x32\...\Run: [SmartWiHelper] - C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe [82944 2010-01-19] (Sony Electronics Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] - C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [597792 2010-01-21] (Sony Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [Nikon Transfer Monitor] - C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe [479232 2009-02-24] (Nikon Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421736 2012-03-27] (Apple Inc.)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [554408 2013-05-15] (Lavasoft)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\Tardis\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-08-06] (Google Inc.)
HKU\Tardis\...\Run: [GarminExpressTrayApp] - C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1093464 2013-08-22] (Garmin Ltd or its subsidiaries)

==================== Services (Whitelisted) =================

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2009-09-28] (ArcSoft Inc.)
S3 COMSysApp; C:\Windows\SysWow64\dllhost.exe [7168 2009-07-13] (Microsoft Corporation)
S2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [220504 2013-08-22] (Garmin Ltd or its subsidiaries)
S3 McComponentHostServiceSony; C:\Program Files (x86)\Sony\MSS\3.0.271\McCHSvc.exe [237328 2012-03-30] (McAfee, Inc.)
S3 msiserver; C:\Windows\SysWow64\msiexec.exe [73216 2010-11-20] (Microsoft Corporation)
S3 MSSQL$DDNI; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\sqlservr.exe [43028328 2011-09-22] (Microsoft Corporation)
S2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1435928 2013-09-10] (Trusteer Ltd.)
S2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [156672 2012-08-06] ()
S4 SQLAgent$DDNI; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\SQLAGENT.EXE [370024 2011-09-22] (Microsoft Corporation)
S2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [69632 2010-04-08] (Sony Corporation)
S2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [852336 2010-03-18] (Sony Corporation)
S3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1369136 2013-09-24] (Sony Corporation)
S2 WSearch; C:\Windows\SysWow64\SearchIndexer.exe [427520 2011-05-03] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
S3 catchme; No ImagePath
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
S0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-09-08] (GFI Software)
S1 RapportCerberus_56758; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_56758.sys [589872 2013-10-10] ()
S1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [265872 2013-09-10] (Trusteer Ltd.)
S0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [295696 2013-09-10] (Trusteer Ltd.)
S1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [384432 2013-09-10] (Trusteer Ltd.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-11-12] ()
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-25 13:54 - 2013-10-25 13:54 - 00000000 ____D C:\FRST
2013-10-24 20:45 - 2013-10-24 21:05 - 00000000 ____D C:\Windows\Microsoft Antimalware
2013-10-24 15:26 - 2013-10-24 21:05 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-10-24 15:25 - 2013-10-24 21:05 - 00000000 ____D C:\Program Files (x86)\Swift Browse
2013-10-24 15:25 - 2013-10-24 21:05 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-10-24 15:25 - 2013-10-24 21:05 - 00000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar
2013-10-24 15:25 - 2013-10-24 15:25 - 00000000 ____D C:\Users\Tardis\AppData\Local\AVG SafeGuard toolbar
2013-10-24 15:25 - 2013-10-24 15:25 - 00000000 ____D C:\ProgramData\AVG SafeGuard toolbar
2013-10-24 14:10 - 2013-10-24 14:10 - 00277640 _____ C:\Windows\Minidump\102413-37689-01.dmp
2013-10-24 14:05 - 2013-10-24 14:06 - 00277584 _____ C:\Windows\Minidump\102413-38329-01.dmp
2013-10-21 11:19 - 2013-10-21 11:19 - 00277640 _____ C:\Windows\Minidump\102113-84490-01.dmp
2013-10-20 14:16 - 2013-09-04 04:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys
2013-10-20 14:16 - 2013-09-04 04:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbport.sys
2013-10-20 14:16 - 2013-09-04 04:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbccgp.sys
2013-10-20 14:16 - 2013-09-04 04:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbehci.sys
2013-10-20 14:16 - 2013-09-04 04:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbuhci.sys
2013-10-20 14:16 - 2013-09-04 04:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbohci.sys
2013-10-20 14:16 - 2013-09-04 04:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbd.sys
2013-10-20 13:41 - 2013-10-20 13:41 - 00000000 ____D C:\Program Files\Common Files\Lavasoft
2013-10-20 12:53 - 2013-10-20 12:53 - 00277640 _____ C:\Windows\Minidump\102013-36613-01.dmp
2013-10-16 15:01 - 2013-10-24 15:02 - 00000000 ____D C:\Users\Tardis\Desktop\girls weekend 2013
2013-10-14 05:59 - 2013-10-14 06:00 - 00277640 _____ C:\Windows\Minidump\101413-41714-01.dmp
2013-10-14 05:55 - 2013-10-14 05:55 - 00277640 _____ C:\Windows\Minidump\101413-42681-01.dmp
2013-10-14 05:49 - 2013-10-14 05:49 - 00277640 _____ C:\Windows\Minidump\101413-37533-01.dmp
2013-10-14 05:44 - 2013-10-14 05:44 - 00277584 _____ C:\Windows\Minidump\101413-41184-01.dmp
2013-10-10 23:19 - 2013-09-22 15:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-10 23:19 - 2013-09-22 15:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-10 23:19 - 2013-09-22 15:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-10 23:19 - 2013-09-22 15:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-10 23:19 - 2013-09-22 15:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-10 23:19 - 2013-09-22 15:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-10 23:19 - 2013-09-22 15:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-10 23:19 - 2013-09-22 15:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-10 23:19 - 2013-09-22 15:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-10 23:19 - 2013-09-22 15:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-10 23:19 - 2013-09-22 15:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-10 23:19 - 2013-09-22 15:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-10 23:19 - 2013-09-22 14:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-10-10 23:19 - 2013-09-22 14:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-10-10 23:19 - 2013-09-22 14:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-10-10 23:19 - 2013-09-22 14:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-10-10 23:19 - 2013-09-22 14:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-10-10 23:19 - 2013-09-22 14:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-10-10 23:19 - 2013-09-22 14:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-10-10 23:19 - 2013-09-22 14:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-10-10 23:19 - 2013-09-22 14:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-10-10 23:19 - 2013-09-22 14:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-10-10 23:19 - 2013-09-22 14:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-10-10 23:19 - 2013-09-22 14:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-10-10 23:19 - 2013-09-22 14:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-10-10 23:19 - 2013-09-20 19:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-10-10 23:19 - 2013-09-20 19:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-10 23:19 - 2013-09-20 18:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-10-10 23:19 - 2013-09-20 18:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-10 23:18 - 2013-09-22 15:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-10 23:18 - 2013-09-22 14:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-10-10 08:23 - 2013-09-13 17:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2013-10-10 08:23 - 2013-09-07 18:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-10-10 08:23 - 2013-09-07 18:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\System32\mswsock.dll
2013-10-10 08:23 - 2013-09-07 18:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-10 08:23 - 2013-08-27 17:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-10-10 08:23 - 2013-07-12 02:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbvideo.sys
2013-10-10 08:23 - 2013-07-12 02:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbcir.sys
2013-10-10 08:23 - 2013-07-04 04:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\System32\WebClnt.dll
2013-10-10 08:23 - 2013-07-04 04:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\System32\comctl32.dll
2013-10-10 08:23 - 2013-07-04 04:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\System32\davclnt.dll
2013-10-10 08:23 - 2013-07-04 03:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-10 08:23 - 2013-07-04 03:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-10 08:23 - 2013-07-04 03:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-10 08:23 - 2013-07-04 02:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxdav.sys
2013-10-10 08:23 - 2013-07-02 20:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbscan.sys
2013-10-10 08:23 - 2013-07-02 20:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidclass.sys
2013-10-10 08:23 - 2013-07-02 20:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidparse.sys
2013-10-10 08:23 - 2013-06-25 14:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2013-10-10 08:23 - 2013-06-05 21:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\System32\lpk.dll
2013-10-10 08:23 - 2013-06-05 21:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\System32\fontsub.dll
2013-10-10 08:23 - 2013-06-05 21:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\System32\dciman32.dll
2013-10-10 08:23 - 2013-06-05 21:47 - 00046080 _____ (Adobe Systems) C:\Windows\System32\atmlib.dll
2013-10-10 08:23 - 2013-06-05 20:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-10 08:23 - 2013-06-05 20:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-10 08:23 - 2013-06-05 20:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-10 08:23 - 2013-06-05 19:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2013-10-10 08:23 - 2013-06-05 19:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-10 08:23 - 2013-06-05 19:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-10 08:22 - 2013-08-27 17:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\System32\scavengeui.dll
2013-10-10 08:22 - 2013-08-01 04:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-10-10 08:22 - 2013-07-20 02:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 08:22 - 2013-07-20 02:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 07:57 - 2013-10-10 07:57 - 00000217 _____ C:\Users\Tardis\Desktop\USAA Secure Logon.url
2013-10-10 07:52 - 2013-10-10 07:52 - 00000000 ____D C:\ProgramData\Oracle
2013-10-10 07:51 - 2013-10-10 07:51 - 00868264 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-10-10 07:51 - 2013-10-10 07:51 - 00790440 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-10-10 07:51 - 2013-10-10 07:51 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-10 07:51 - 2013-10-10 07:51 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-10 07:51 - 2013-10-10 07:51 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-10 07:51 - 2013-10-10 07:51 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-10 07:45 - 2013-10-10 07:45 - 00000000 ____D C:\Users\Tardis\AppData\Local\Trusteer
2013-10-10 07:45 - 2013-10-10 07:45 - 00000000 ____D C:\Program Files (x86)\Trusteer
2013-10-10 07:45 - 2013-09-10 19:18 - 00295696 _____ (Trusteer Ltd.) C:\Windows\System32\Drivers\RapportKE64.sys
2013-10-10 07:43 - 2013-10-10 07:43 - 00000000 ____D C:\ProgramData\Trusteer
2013-09-26 13:40 - 2013-09-26 13:40 - 00000000 ____D C:\Users\Tardis\AppData\Local\Microsoft Corporation

==================== One Month Modified Files and Folders =======

2013-10-25 13:54 - 2013-10-25 13:54 - 00000000 ____D C:\FRST
2013-10-24 21:05 - 2013-10-24 20:45 - 00000000 ____D C:\Windows\Microsoft Antimalware
2013-10-24 21:05 - 2013-10-24 15:26 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-10-24 21:05 - 2013-10-24 15:25 - 00000000 ____D C:\Program Files (x86)\Swift Browse
2013-10-24 21:05 - 2013-10-24 15:25 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-10-24 21:05 - 2013-10-24 15:25 - 00000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar
2013-10-24 21:05 - 2011-03-08 14:02 - 00000000 ____D C:\users\Tardis
2013-10-24 21:05 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2013-10-24 15:25 - 2013-10-24 15:25 - 00000000 ____D C:\Users\Tardis\AppData\Local\AVG SafeGuard toolbar
2013-10-24 15:25 - 2013-10-24 15:25 - 00000000 ____D C:\ProgramData\AVG SafeGuard toolbar
2013-10-24 15:14 - 2010-08-19 05:29 - 01168224 _____ C:\Windows\WindowsUpdate.log
2013-10-24 15:10 - 2011-05-22 10:16 - 00000000 ____D C:\Users\Tardis\AppData\Local\CrashDumps
2013-10-24 15:10 - 2009-07-13 19:20 - 00000000 __RHD C:\users\Default
2013-10-24 15:06 - 2011-03-08 14:13 - 00003942 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{F740A67A-8F6A-4E42-97A3-599BB8BF7568}
2013-10-24 15:02 - 2013-10-16 15:01 - 00000000 ____D C:\Users\Tardis\Desktop\girls weekend 2013
2013-10-24 15:01 - 2011-03-08 14:52 - 00000000 ____D C:\Users\Tardis\AppData\Local\Adobe
2013-10-24 14:31 - 2010-08-06 18:35 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-24 14:25 - 2009-07-13 20:45 - 00014160 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-24 14:25 - 2009-07-13 20:45 - 00014160 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-24 14:17 - 2012-04-12 01:21 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-24 14:15 - 2010-08-06 18:35 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-24 14:14 - 2012-11-21 08:53 - 00025184 _____ C:\Windows\setupact.log
2013-10-24 14:14 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-24 14:10 - 2013-10-24 14:10 - 00277640 _____ C:\Windows\Minidump\102413-37689-01.dmp
2013-10-24 14:10 - 2012-12-10 18:31 - 474236786 _____ C:\Windows\MEMORY.DMP
2013-10-24 14:10 - 2012-08-12 12:59 - 00000000 ____D C:\Windows\Minidump
2013-10-24 14:06 - 2013-10-24 14:05 - 00277584 _____ C:\Windows\Minidump\102413-38329-01.dmp
2013-10-21 11:19 - 2013-10-21 11:19 - 00277640 _____ C:\Windows\Minidump\102113-84490-01.dmp
2013-10-20 14:49 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-10-20 13:43 - 2012-09-06 13:32 - 00000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus
2013-10-20 13:41 - 2013-10-20 13:41 - 00000000 ____D C:\Program Files\Common Files\Lavasoft
2013-10-20 13:40 - 2012-09-06 13:32 - 00000000 ____D C:\ProgramData\Lavasoft
2013-10-20 12:53 - 2013-10-20 12:53 - 00277640 _____ C:\Windows\Minidump\102013-36613-01.dmp
2013-10-20 12:47 - 2010-03-31 16:07 - 00000000 ____D C:\ProgramData\Sony Corporation
2013-10-20 12:44 - 2012-12-31 19:03 - 00000000 _____ C:\Windows\Model.log
2013-10-20 12:44 - 2011-03-19 05:50 - 00000021 _____ C:\Windows\Model.txt
2013-10-20 12:43 - 2011-03-19 05:50 - 00000000 ____D C:\Update
2013-10-16 13:34 - 2010-08-06 18:35 - 00002183 _____ C:\Users\Public\Desktop\Internet Browser.lnk
2013-10-16 13:21 - 2009-07-13 21:13 - 00876450 _____ C:\Windows\System32\PerfStringBackup.INI
2013-10-14 06:07 - 2013-05-02 12:54 - 00004330 _____ C:\Windows\System32\Tasks\Ad-Aware Antivirus Scheduled Scan
2013-10-14 06:00 - 2013-10-14 05:59 - 00277640 _____ C:\Windows\Minidump\101413-41714-01.dmp
2013-10-14 05:55 - 2013-10-14 05:55 - 00277640 _____ C:\Windows\Minidump\101413-42681-01.dmp
2013-10-14 05:49 - 2013-10-14 05:49 - 00277640 _____ C:\Windows\Minidump\101413-37533-01.dmp
2013-10-14 05:44 - 2013-10-14 05:44 - 00277584 _____ C:\Windows\Minidump\101413-41184-01.dmp
2013-10-11 00:26 - 2010-08-06 18:35 - 00003908 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-11 00:26 - 2010-08-06 18:35 - 00003656 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-10 23:41 - 2013-09-03 17:00 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-10 23:41 - 2013-09-03 17:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-10 23:41 - 2009-07-13 20:45 - 01624184 _____ C:\Windows\System32\FNTCACHE.DAT
2013-10-10 23:23 - 2011-03-31 13:22 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-10 23:14 - 2010-08-06 18:20 - 00872428 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-10-10 23:10 - 2013-09-03 17:50 - 00000000 ____D C:\Windows\System32\MRT
2013-10-10 23:07 - 2011-03-19 12:35 - 80541720 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-10-10 07:57 - 2013-10-10 07:57 - 00000217 _____ C:\Users\Tardis\Desktop\USAA Secure Logon.url
2013-10-10 07:52 - 2013-10-10 07:52 - 00000000 ____D C:\ProgramData\Oracle
2013-10-10 07:51 - 2013-10-10 07:51 - 00868264 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-10-10 07:51 - 2013-10-10 07:51 - 00790440 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-10-10 07:51 - 2013-10-10 07:51 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-10 07:51 - 2013-10-10 07:51 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-10 07:51 - 2013-10-10 07:51 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-10 07:51 - 2013-10-10 07:51 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-10 07:51 - 2010-08-06 18:38 - 00000000 ____D C:\Program Files (x86)\Java
2013-10-10 07:45 - 2013-10-10 07:45 - 00000000 ____D C:\Users\Tardis\AppData\Local\Trusteer
2013-10-10 07:45 - 2013-10-10 07:45 - 00000000 ____D C:\Program Files (x86)\Trusteer
2013-10-10 07:43 - 2013-10-10 07:43 - 00000000 ____D C:\ProgramData\Trusteer
2013-10-10 04:10 - 2013-01-01 09:52 - 00014474 _____ C:\Windows\PFRO.log
2013-10-08 16:17 - 2012-04-12 01:21 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-08 16:17 - 2012-04-12 01:20 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-08 16:17 - 2011-07-28 15:17 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-26 13:40 - 2013-09-26 13:40 - 00000000 ____D C:\Users\Tardis\AppData\Local\Microsoft Corporation

ZeroAccess:
C:\Windows\Installer\{df10c69e-d385-ea0e-f0fe-9d17079bf5b1}
C:\Windows\Installer\{df10c69e-d385-ea0e-f0fe-9d17079bf5b1}\L\00000004.@
C:\Windows\Installer\{df10c69e-d385-ea0e-f0fe-9d17079bf5b1}\L\201d3dde

ZeroAccess:
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{df10c69e-d385-ea0e-f0fe-9d17079bf5b1}

Files to move or delete:
====================
C:\Windows\svchost.exe
ATTENTION ====> Check for partition/boot infection.
C:\ProgramData\PKP_DLdu.DAT
C:\ProgramData\PKP_DLdw.DAT


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

TDL4: custom:26000022 <===== ATTENTION!

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

17
Restore point made on: 2013-10-13 16:50:11
Restore point made on: 2013-10-14 16:22:57
Restore point made on: 2013-10-15 16:59:20
Restore point made on: 2013-10-16 17:26:46
Restore point made on: 2013-10-17 16:41:39
Restore point made on: 2013-10-17 18:19:25
Restore point made on: 2013-10-18 18:18:03
Restore point made on: 2013-10-19 03:53:41
Restore point made on: 2013-10-19 17:16:41
Restore point made on: 2013-10-20 12:46:41
Restore point made on: 2013-10-20 13:41:12
Restore point made on: 2013-10-20 16:38:05
Restore point made on: 2013-10-21 16:25:00
Restore point made on: 2013-10-22 23:00:28
Restore point made on: 2013-10-23 16:12:09
Restore point made on: 2013-10-24 15:14:33
Restore point made on: 2013-10-24 16:42:28

==================== Memory info ===========================

Percentage of memory in use: 16%
Total physical RAM: 3758.09 MB
Available physical RAM: 3130.41 MB
Total Pagefile: 3756.23 MB
Available Pagefile: 3116.81 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:454.42 GB) (Free:359.14 GB) NTFS
Drive e: (Recovery) (Fixed) (Total:11.24 GB) (Free:0.8 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: (WD SmartWare) (CDROM) (Total:0.63 GB) (Free:0 GB) UDF
Drive h: () (Removable) (Total:0.96 GB) (Free:0.96 GB) FAT
Drive i: (External) (Fixed) (Total:930.86 GB) (Free:880.59 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
ATTENTION: Malware custom entry on BCD on drive y: detected.

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 67104AA9)
Partition 1: (Not Active) - (Size=11 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=454 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 981 MB) (Disk ID: 6F727265)
No partition Table on disk 1.

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 931 GB) (Disk ID: 0002AE3F)
Partition 1: (Not Active) - (Size=931 GB) - (Type=07 NTFS)


LastRegBack: 2013-10-21 11:49

==================== End Of Log ============================
 
can someone please create a fixlist.txt so I can get this computer up and running again.
 
Thank you!

Edited by boopme, 25 October 2013 - 01:33 PM.


BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:03:54 AM

Posted 25 October 2013 - 08:42 PM

:welcome:

 

Please download the enclosed file. [attachment=143132:fixlist.txt]

 

Save it next to FRST64.

 

Run FRST64 as you did before, except that this time around click on the Fix button and wait.

 

The tool will make a log in the flashdrive (Fixlog.txt) please post it to your reply.

 

Attempt to boot in Normal Mode. If successful, scan with FRST64 in Normal mode and post the new FRST.txt report as well as the Additional.txt.
 


Edited by JSntgRvr, 25 October 2013 - 08:43 PM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 Midnight703

Midnight703
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:54 AM

Posted 27 October 2013 - 05:59 PM

First I want to say thank you so much for your help JsntgRvr!

 

I ran the fix with FRST64 and now the computer starts normally, below please find the text first from the fixlog.txt, then from the new FRST.txt and finally from Additional.txt

 

Fixlog.txt:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-10-2013
Ran by SYSTEM at 2013-10-27 18:42:50 Run:1
Running from G:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
Start
TDL4: custom:26000022 <===== ATTENTION!
C:\Windows\svchost.exe
C:\ProgramData\PKP_DLdu.DAT
C:\ProgramData\PKP_DLdw.DAT
C:\Windows\Installer\{df10c69e-d385-ea0e-f0fe-9d17079bf5b1}
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{df10c69e-d385-ea0e-f0fe-9d17079bf5b1}
End
*****************


The operation completed successfully.
The operation completed successfully.
C:\Windows\svchost.exe => Moved successfully.
C:\ProgramData\PKP_DLdu.DAT => Moved successfully.
C:\ProgramData\PKP_DLdw.DAT => Moved successfully.
C:\Windows\Installer\{df10c69e-d385-ea0e-f0fe-9d17079bf5b1} => Moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{df10c69e-d385-ea0e-f0fe-9d17079bf5b1} => Moved successfully.

==== End of Fixlog ====

 

The new FRST.txt document:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-10-2013
Ran by Tardis (administrator) on TARDIS-VAIO on 27-10-2013 18:47:11
Running from F:\
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
(Nikon Corporation) C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe
(Sony Corporation) C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
() C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
() C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
() C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
(Digital Delivery Networks, Inc.) C:\Program Files (x86)\DDNi\Oasis\DDNiStartup.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\system32\sc.exe
(Microsoft Corporation) C:\Windows\System32\sdclt.exe
(Microsoft Corporation) C:\Windows\System32\wsqmcons.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10060320 2010-03-25] (Realtek Semiconductor)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-08-06] (Google Inc.)
HKCU\...\Run: [GarminExpressTrayApp] - C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1093464 2013-08-22] (Garmin Ltd or its subsidiaries)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2009-11-20] (Intel Corporation)
HKLM-x32\...\Run: [SmartWiHelper] - C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe [82944 2010-01-19] (Sony Electronics Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] - C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [597792 2010-01-21] (Sony Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [Nikon Transfer Monitor] - C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe [479232 2009-02-24] (Nikon Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421736 2012-03-27] (Apple Inc.)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [554408 2013-05-15] (Lavasoft)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dogpile.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://finded.co.uk/?cpc=Google+Homepage
SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://safesearchr.lavasoft.com/?source=3336ca5f&tbp=rbox&toolbarid=adawaretb&u=4FC8D962F4CC4D4176A7B3509675937D&q={searchTerms}
BHO: Partner BHO Class - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll (Google Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Partner BHO Class - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll (Google Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM {CB50428B-657F-47DF-9B32-671F82AA73F7} http://www.photodex.com/pxplay.cab
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 08 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 71.252.0.12

Chrome:
=======
CHR HomePage: hxxp://www.dogpile.com/
CHR RestoreOnStartup: "hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT"
CHR DefaultSearchURL: (blekko) - http://safesearchr.lavasoft.com/?source=3336ca5f&tbp=rbox&toolbarid=adawaretb&u=4FC8D962F4CC4D4176A7B3509675937D&q={searchTerms}
CHR DefaultSuggestURL: (blekko) -       "suggest_url": "",
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.180.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java™ Platform SE 6 U18) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Garmin Communicator Plug-In) - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (YouTube) - C:\Users\Tardis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Tardis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Tardis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Lavasoft NewTab) - C:\Users\Tardis\AppData\Local\Google\Chrome\User Data\Default\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole\0.9_0
CHR Extension: (Gmail) - C:\Users\Tardis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM-x32\...\Chrome\Extension: [oejkcgajlodefenbbjdnaiahmbnnoole] - C:\Program Files (x86)\adawaretb\chrome-newtab-search.crx

==================== Services (Whitelisted) =================

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2009-09-28] (ArcSoft Inc.)
S3 COMSysApp; C:\Windows\SysWow64\dllhost.exe [7168 2009-07-13] (Microsoft Corporation)
S2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [220504 2013-08-22] (Garmin Ltd or its subsidiaries)
S3 McComponentHostServiceSony; C:\Program Files (x86)\Sony\MSS\3.0.271\McCHSvc.exe [237328 2012-03-30] (McAfee, Inc.)
S3 msiserver; C:\Windows\SysWow64\msiexec.exe [73216 2010-11-20] (Microsoft Corporation)
S3 MSSQL$DDNI; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\sqlservr.exe [43028328 2011-09-22] (Microsoft Corporation)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1435928 2013-09-10] (Trusteer Ltd.)
S2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [156672 2012-08-06] ()
S4 SQLAgent$DDNI; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\SQLAGENT.EXE [370024 2011-09-22] (Microsoft Corporation)
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [69632 2010-04-08] (Sony Corporation)
S2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [852336 2010-03-18] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1369136 2013-09-25] (Sony Corporation)
R2 WSearch; C:\Windows\SysWow64\SearchIndexer.exe [427520 2011-05-04] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
S3 catchme; No ImagePath
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-09-08] (GFI Software)
R1 RapportCerberus_56758; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_56758.sys [589872 2013-10-10] ()
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [265872 2013-09-10] (Trusteer Ltd.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [295696 2013-09-10] (Trusteer Ltd.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [384432 2013-09-10] (Trusteer Ltd.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-11-12] ()
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-25 17:54 - 2013-10-25 17:54 - 00000000 ____D C:\FRST
2013-10-25 00:45 - 2013-10-25 01:05 - 00000000 ____D C:\Windows\Microsoft Antimalware
2013-10-24 19:26 - 2013-10-25 01:05 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-10-24 19:25 - 2013-10-25 01:05 - 00000000 ____D C:\Program Files (x86)\Swift Browse
2013-10-24 19:25 - 2013-10-25 01:05 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-10-24 19:25 - 2013-10-25 01:05 - 00000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar
2013-10-24 19:25 - 2013-10-24 19:25 - 00000000 ____D C:\Users\Tardis\AppData\Local\AVG SafeGuard toolbar
2013-10-24 19:25 - 2013-10-24 19:25 - 00000000 ____D C:\ProgramData\AVG SafeGuard toolbar
2013-10-24 18:10 - 2013-10-24 18:10 - 00277640 _____ C:\Windows\Minidump\102413-37689-01.dmp
2013-10-24 18:05 - 2013-10-24 18:06 - 00277584 _____ C:\Windows\Minidump\102413-38329-01.dmp
2013-10-21 15:19 - 2013-10-21 15:19 - 00277640 _____ C:\Windows\Minidump\102113-84490-01.dmp
2013-10-20 18:16 - 2013-09-04 08:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-20 18:16 - 2013-09-04 08:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-20 18:16 - 2013-09-04 08:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-20 18:16 - 2013-09-04 08:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-20 18:16 - 2013-09-04 08:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-20 18:16 - 2013-09-04 08:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-10-20 18:16 - 2013-09-04 08:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-20 17:41 - 2013-10-20 17:41 - 00000000 ____D C:\Program Files\Common Files\Lavasoft
2013-10-20 16:53 - 2013-10-20 16:53 - 00277640 _____ C:\Windows\Minidump\102013-36613-01.dmp
2013-10-16 19:01 - 2013-10-24 19:02 - 00000000 ____D C:\Users\Tardis\Desktop\girls weekend 2013
2013-10-14 09:59 - 2013-10-14 10:00 - 00277640 _____ C:\Windows\Minidump\101413-41714-01.dmp
2013-10-14 09:55 - 2013-10-14 09:55 - 00277640 _____ C:\Windows\Minidump\101413-42681-01.dmp
2013-10-14 09:49 - 2013-10-14 09:49 - 00277640 _____ C:\Windows\Minidump\101413-37533-01.dmp
2013-10-14 09:44 - 2013-10-14 09:44 - 00277584 _____ C:\Windows\Minidump\101413-41184-01.dmp
2013-10-11 03:19 - 2013-09-22 19:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-11 03:19 - 2013-09-22 19:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-11 03:19 - 2013-09-22 19:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-11 03:19 - 2013-09-22 19:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-11 03:19 - 2013-09-22 19:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-11 03:19 - 2013-09-22 19:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-11 03:19 - 2013-09-22 19:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-11 03:19 - 2013-09-22 19:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-11 03:19 - 2013-09-22 19:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-11 03:19 - 2013-09-22 19:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-11 03:19 - 2013-09-22 19:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-11 03:19 - 2013-09-22 19:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-11 03:19 - 2013-09-22 18:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-11 03:19 - 2013-09-22 18:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-11 03:19 - 2013-09-22 18:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-11 03:19 - 2013-09-22 18:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-11 03:19 - 2013-09-22 18:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-11 03:19 - 2013-09-22 18:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-11 03:19 - 2013-09-22 18:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-11 03:19 - 2013-09-22 18:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-11 03:19 - 2013-09-22 18:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-11 03:19 - 2013-09-22 18:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-11 03:19 - 2013-09-22 18:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-11 03:19 - 2013-09-22 18:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-11 03:19 - 2013-09-22 18:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-11 03:19 - 2013-09-20 23:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-11 03:19 - 2013-09-20 23:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-11 03:19 - 2013-09-20 22:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-11 03:19 - 2013-09-20 22:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-11 03:18 - 2013-09-22 19:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-11 03:18 - 2013-09-22 18:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-10 12:23 - 2013-09-13 21:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-10 12:23 - 2013-09-07 22:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-10 12:23 - 2013-09-07 22:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-10 12:23 - 2013-09-07 22:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-10 12:23 - 2013-08-27 21:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-10 12:23 - 2013-07-12 06:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-10 12:23 - 2013-07-12 06:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-10 12:23 - 2013-07-04 08:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-10 12:23 - 2013-07-04 08:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-10 12:23 - 2013-07-04 08:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-10 12:23 - 2013-07-04 07:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-10 12:23 - 2013-07-04 07:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-10 12:23 - 2013-07-04 07:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-10 12:23 - 2013-07-04 06:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-10 12:23 - 2013-07-03 00:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-10 12:23 - 2013-07-03 00:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-10 12:23 - 2013-07-03 00:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-10 12:23 - 2013-06-25 18:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-10 12:23 - 2013-06-06 01:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-10 12:23 - 2013-06-06 01:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-10 12:23 - 2013-06-06 01:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-10 12:23 - 2013-06-06 01:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-10 12:23 - 2013-06-06 00:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-10 12:23 - 2013-06-06 00:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-10 12:23 - 2013-06-06 00:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-10 12:23 - 2013-06-05 23:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-10 12:23 - 2013-06-05 23:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-10 12:23 - 2013-06-05 23:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-10 12:22 - 2013-08-27 21:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-10 12:22 - 2013-08-01 08:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-10 12:22 - 2013-07-20 06:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 12:22 - 2013-07-20 06:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 11:57 - 2013-10-10 11:57 - 00000217 _____ C:\Users\Tardis\Desktop\USAA Secure Logon.url
2013-10-10 11:52 - 2013-10-10 11:52 - 00000000 ____D C:\ProgramData\Oracle
2013-10-10 11:51 - 2013-10-10 11:51 - 00868264 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-10-10 11:51 - 2013-10-10 11:51 - 00790440 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-10-10 11:51 - 2013-10-10 11:51 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-10 11:51 - 2013-10-10 11:51 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-10 11:51 - 2013-10-10 11:51 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-10 11:51 - 2013-10-10 11:51 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-10 11:45 - 2013-10-10 11:45 - 00000000 ____D C:\Users\Tardis\AppData\Local\Trusteer
2013-10-10 11:45 - 2013-10-10 11:45 - 00000000 ____D C:\Program Files (x86)\Trusteer
2013-10-10 11:45 - 2013-09-10 23:18 - 00295696 _____ (Trusteer Ltd.) C:\Windows\system32\Drivers\RapportKE64.sys
2013-10-10 11:43 - 2013-10-10 11:43 - 00000000 ____D C:\ProgramData\Trusteer

==================== One Month Modified Files and Folders =======

2013-10-27 18:49 - 2011-03-08 18:13 - 00003942 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{F740A67A-8F6A-4E42-97A3-599BB8BF7568}
2013-10-27 18:48 - 2010-08-19 09:29 - 01192966 _____ C:\Windows\WindowsUpdate.log
2013-10-27 18:46 - 2012-11-21 12:53 - 00026034 _____ C:\Windows\setupact.log
2013-10-27 18:44 - 2011-03-08 18:02 - 00000000 ____D C:\Users\Tardis
2013-10-27 18:44 - 2010-08-06 22:35 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-27 18:44 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-25 17:54 - 2013-10-25 17:54 - 00000000 ____D C:\FRST
2013-10-25 01:05 - 2013-10-25 00:45 - 00000000 ____D C:\Windows\Microsoft Antimalware
2013-10-25 01:05 - 2013-10-24 19:26 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-10-25 01:05 - 2013-10-24 19:25 - 00000000 ____D C:\Program Files (x86)\Swift Browse
2013-10-25 01:05 - 2013-10-24 19:25 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-10-25 01:05 - 2013-10-24 19:25 - 00000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar
2013-10-25 01:05 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration
2013-10-24 19:25 - 2013-10-24 19:25 - 00000000 ____D C:\Users\Tardis\AppData\Local\AVG SafeGuard toolbar
2013-10-24 19:25 - 2013-10-24 19:25 - 00000000 ____D C:\ProgramData\AVG SafeGuard toolbar
2013-10-24 19:10 - 2011-05-22 14:16 - 00000000 ____D C:\Users\Tardis\AppData\Local\CrashDumps
2013-10-24 19:10 - 2009-07-13 23:20 - 00000000 __RHD C:\Users\Default
2013-10-24 19:02 - 2013-10-16 19:01 - 00000000 ____D C:\Users\Tardis\Desktop\girls weekend 2013
2013-10-24 19:01 - 2011-03-08 18:52 - 00000000 ____D C:\Users\Tardis\AppData\Local\Adobe
2013-10-24 18:31 - 2010-08-06 22:35 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-24 18:25 - 2009-07-14 00:45 - 00014160 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-24 18:25 - 2009-07-14 00:45 - 00014160 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-24 18:17 - 2012-04-12 05:21 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-24 18:10 - 2013-10-24 18:10 - 00277640 _____ C:\Windows\Minidump\102413-37689-01.dmp
2013-10-24 18:10 - 2012-12-10 22:31 - 474236786 _____ C:\Windows\MEMORY.DMP
2013-10-24 18:10 - 2012-08-12 16:59 - 00000000 ____D C:\Windows\Minidump
2013-10-24 18:06 - 2013-10-24 18:05 - 00277584 _____ C:\Windows\Minidump\102413-38329-01.dmp
2013-10-21 15:19 - 2013-10-21 15:19 - 00277640 _____ C:\Windows\Minidump\102113-84490-01.dmp
2013-10-20 18:49 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2013-10-20 17:43 - 2012-09-06 17:32 - 00000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus
2013-10-20 17:41 - 2013-10-20 17:41 - 00000000 ____D C:\Program Files\Common Files\Lavasoft
2013-10-20 17:40 - 2012-09-06 17:32 - 00000000 ____D C:\ProgramData\Lavasoft
2013-10-20 16:53 - 2013-10-20 16:53 - 00277640 _____ C:\Windows\Minidump\102013-36613-01.dmp
2013-10-20 16:47 - 2010-03-31 20:07 - 00000000 ____D C:\ProgramData\Sony Corporation
2013-10-20 16:44 - 2012-12-31 23:03 - 00000000 _____ C:\Windows\Model.log
2013-10-20 16:44 - 2011-03-19 09:50 - 00000021 _____ C:\Windows\Model.txt
2013-10-20 16:43 - 2011-03-19 09:50 - 00000000 ____D C:\Update
2013-10-16 17:34 - 2010-08-06 22:35 - 00002183 _____ C:\Users\Public\Desktop\Internet Browser.lnk
2013-10-16 17:21 - 2009-07-14 01:13 - 00876450 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-14 10:07 - 2013-05-02 16:54 - 00004330 _____ C:\Windows\System32\Tasks\Ad-Aware Antivirus Scheduled Scan
2013-10-14 10:00 - 2013-10-14 09:59 - 00277640 _____ C:\Windows\Minidump\101413-41714-01.dmp
2013-10-14 09:55 - 2013-10-14 09:55 - 00277640 _____ C:\Windows\Minidump\101413-42681-01.dmp
2013-10-14 09:49 - 2013-10-14 09:49 - 00277640 _____ C:\Windows\Minidump\101413-37533-01.dmp
2013-10-14 09:44 - 2013-10-14 09:44 - 00277584 _____ C:\Windows\Minidump\101413-41184-01.dmp
2013-10-11 04:26 - 2010-08-06 22:35 - 00003908 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-11 04:26 - 2010-08-06 22:35 - 00003656 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-11 03:41 - 2013-09-03 21:00 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-11 03:41 - 2013-09-03 21:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-11 03:41 - 2009-07-14 00:45 - 01624184 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-11 03:23 - 2011-03-31 17:22 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-11 03:14 - 2010-08-06 22:20 - 00872428 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-10-11 03:10 - 2013-09-03 21:50 - 00000000 ____D C:\Windows\system32\MRT
2013-10-11 03:07 - 2011-03-19 16:35 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-10 11:57 - 2013-10-10 11:57 - 00000217 _____ C:\Users\Tardis\Desktop\USAA Secure Logon.url
2013-10-10 11:52 - 2013-10-10 11:52 - 00000000 ____D C:\ProgramData\Oracle
2013-10-10 11:51 - 2013-10-10 11:51 - 00868264 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-10-10 11:51 - 2013-10-10 11:51 - 00790440 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-10-10 11:51 - 2013-10-10 11:51 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-10 11:51 - 2013-10-10 11:51 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-10 11:51 - 2013-10-10 11:51 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-10 11:51 - 2013-10-10 11:51 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-10 11:51 - 2010-08-06 22:38 - 00000000 ____D C:\Program Files (x86)\Java
2013-10-10 11:45 - 2013-10-10 11:45 - 00000000 ____D C:\Users\Tardis\AppData\Local\Trusteer
2013-10-10 11:45 - 2013-10-10 11:45 - 00000000 ____D C:\Program Files (x86)\Trusteer
2013-10-10 11:43 - 2013-10-10 11:43 - 00000000 ____D C:\ProgramData\Trusteer
2013-10-10 08:10 - 2013-01-01 13:52 - 00014474 _____ C:\Windows\PFRO.log
2013-10-08 20:17 - 2012-04-12 05:21 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-08 20:17 - 2012-04-12 05:20 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-08 20:17 - 2011-07-28 19:17 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-21 15:49

==================== End Of Log ============================

 

and finally the Additional.txt document:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-10-2013
Ran by Tardis at 2013-10-27 18:49:51
Running from F:\
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

AccuWeather.com Cirrus (x32 Version: 0.1.6)
Action Replay DSi Code Manager (x32)
Ad-Aware Antivirus (Version: 11.0.4555.0)
Ad-Aware Browsing Protection (x32 Version: 1.0.1.106)
Ad-Aware Security Add-on (x32 Version: 2.5.0.6)
AdAwareUpdater (Version: 11.0.4555.0)
Adobe AIR (x32 Version: 2.5.1.17730)
Adobe Flash Player 10 Plugin (x32 Version: 10.0.32.18)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Reader X (10.1.8) (x32 Version: 10.1.8)
Apple Application Support (x32 Version: 2.3)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (x32 Version: 2.1.3.127)
Application Manager for VAIO (x32)
Bing Bar (x32 Version: 7.0.609.0)
Bing Maps 3D (Version: 4.0.903.16005)
Bonjour (Version: 3.0.0.10)
CCleaner (Version: 3.24)
Click to Disc MergeModules x64 (Version: 1.0.14230)
Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000)
CyberLink YouPaint (x32 Version: 1.2.0.1518)
D3DX10 (x32 Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Elevated Installer (x32 Version: 2.2.21)
Evernote (x32 Version: 3.5.2.1525)
File Uploader (x32 Version: 1.2.1)
Garmin City Navigator Europe NT 2012.10 Update (x32 Version: 15.10.0.0)
Garmin Communicator Plugin (x32 Version: 2.9.3)
Garmin Express (x32 Version: 2.2.21)
Garmin Express Tray (x32 Version: 2.2.21)
Garmin Update Service (x32 Version: 2.2.21)
Garmin USB Drivers (x32 Version: 2.3.1.0)
Garmin WebUpdater (x32 Version: 2.5.1)
Google Chrome (x32 Version: 30.0.1599.101)
Google Earth Plug-in (x32 Version: 7.1.1.1888)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4601.54)
Google Update Helper (x32 Version: 1.3.21.165)
Intel® Control Center (x32 Version: 1.2.1.1007)
Intel® Graphics Media Accelerator Driver (x32 Version: 8.15.10.2182)
Intel® Management Engine Components (x32 Version: 6.0.0.1179)
Intel® Rapid Storage Technology (x32 Version: 9.5.4.1001)
iTunes (Version: 10.6.1.7)
Java 7 Update 40 (x32 Version: 7.0.400)
Java Auto Updater (x32 Version: 2.1.9.8)
Java™ 6 Update 18 (64-bit) (Version: 6.0.180)
Java™ 6 Update 18 (x32 Version: 6.0.180)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Lavasoft Registry Tuner (x32 Version: 1.0.35)
Media Gallery (x32 Version: 1.2.0.15040)
Media Gallery MergeModules x64 (Version: 1.0.14250)
Mesh Runtime (x32 Version: 15.4.5722.2)
Messenger Companion (x32 Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Home and Student 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft SQL Server 2008 (x32)
Microsoft SQL Server 2008 Browser (x32 Version: 10.3.5500.0)
Microsoft SQL Server 2008 Common Files (x32 Version: 10.3.5500.0)
Microsoft SQL Server 2008 Database Engine Services (x32 Version: 10.3.5500.0)
Microsoft SQL Server 2008 Database Engine Shared (x32 Version: 10.3.5500.0)
Microsoft SQL Server 2008 Native Client (Version: 10.3.5500.0)
Microsoft SQL Server 2008 RsFx Driver (x32 Version: 10.3.5500.0)
Microsoft SQL Server 2008 Setup Support Files  (x32 Version: 10.3.5500.0)
Microsoft SQL Server Compact 3.5 SP2 ENU (x32 Version: 3.5.8080.0)
Microsoft SQL Server VSS Writer (Version: 10.3.5500.0)
Microsoft Touch Pack for Windows 7 (x32 Version: 1.0.40517.00)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft XNA Framework Redistributable 3.0 (x32 Version: 3.0.11010.0)
MSI_SPF_x64 (Version: 1.0.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (x32 Version: 4.20.9818.0)
Nikon Message Center (x32 Version: 0.92.000)
Nikon Transfer (x32 Version: 1.5.0)
NVIDIA Drivers (Version: 1.10.57.35)
Oasis2Service (x32 Version: 1.0.4)
Photodex Presenter (x32)
Picture Control Utility (x32 Version: 1.1.6)
PlayReady PC Runtime amd64 (Version: 1.3.0)
PMB (x32 Version: 5.1.02.03310)
PMB VAIO Edition Guide (x32 Version: 1.1.00.14080)
PMB VAIO Edition plug-in (Click to Disc) (x32 Version: 3.1.00.15080)
PMB VAIO Edition plug-in (VAIO Image Optimizer) (x32 Version: 1.1.00.15040)
PMB VAIO Edition plug-in (VAIO Movie Story) (x32 Version: 2.1.00.15080)
PVSonyDll (Version: 1.00.0001)
QuickTime (x32 Version: 7.73.80.64)
Rapport (x32 Version: 3.5.1302.61)
Remote Keyboard (x32 Version: 1.1.1.07060)
Service Pack 3 for SQL Server 2008 (KB2546951) (x32 Version: 10.3.5500.0)
Setting Utility Series (x32 Version: 5.2.0.14250)
Sony Home Network Library (x32 Version: 2.1.0.14240)
Sql Server Customer Experience Improvement Program (x32 Version: 10.3.5500.0)
The Print Shop 2.0 Professional (x32 Version: 2.00.0000)
Trusteer Endpoint Protection (x32 Version: 3.5.1302.61)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2494150) (x32)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32)
Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition (x32)
VAIO - Remote Keyboard (x32 Version: 1.1.0.07060)
VAIO Care (Version: 8.1.0.10120)
VAIO Content Monitoring Settings (x32 Version: 2.5.0.13220)
VAIO Control Center (x32 Version: 4.2.0.15020)
VAIO Data Restore Tool (x32 Version: 1.3.0.13150)
VAIO Entertainment Platform (x32 Version: 3.7.0.16080)
VAIO Event Service (x32 Version: 5.2.0.15020)
VAIO Gate (x32 Version: 2.4.1.09230)
VAIO Gate Default (x32 Version: 2.0.0.04160)
VAIO Hardware Diagnostics (x32 Version: 3.9.1)
VAIO Media plus (x32 Version: 2.1.0.15040)
VAIO Media plus Opening Movie (x32 Version: 2.1.0.14080)
VAIO Messenger (x32 Version: 2.0.550.0)
VAIO Movie Story MergeModules x64 (Version: 1.0.14240)
VAIO Movie Story Template Data (x32 Version: 2.1.00.14040)
VAIO Original Function Settings (x32 Version: 2.1.0.13120)
VAIO Power Management (x32 Version: 5.1.0.13200)
VAIO Sample Contents (x32 Version: 1.2.0.16080)
VAIO Transfer Support (x32 Version: 1.1.1.13070)
VAIO Update (x32 Version: 6.3.1.10120)
VAIO Wallpaper Contents (x32 Version: 2.1.0.14090)
VAIO Window Organizer (x32 Version: 2.1.0.13200)
ViewNX (x32 Version: 1.4.0)
VMp MergeModule x64 (Version: 1.0.0)
VU5x64 (Version: 1.1.0)
VU5x86 (x32 Version: 1.0.0)
VU5x86 (x32 Version: 1.1.0)
Windows 7 Upgrade Advisor (x32 Version: 2.0.5000.0)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (Version: 04/19/2012 2.3.1.0)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Family Safety (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3502.0922)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3502.0922)
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live Sync (x32 Version: 14.0.8089.726)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
WinISD beta (x32)
WinZip 15.5 (x32 Version: 15.5.9468)

==================== Restore Points  =========================

14-10-2013 00:49:49 Windows Update
15-10-2013 00:22:33 Windows Update
16-10-2013 00:58:56 Windows Update
17-10-2013 01:26:22 Windows Update
18-10-2013 00:41:13 Windows Update
18-10-2013 02:18:57 Windows Update
19-10-2013 02:17:38 Windows Update
19-10-2013 11:53:18 Windows Update
20-10-2013 01:16:17 Windows Update
20-10-2013 20:46:09 Installed VAIO Update
20-10-2013 21:40:46 AA11
21-10-2013 00:37:52 Windows Update
22-10-2013 00:24:39 Windows Update
23-10-2013 07:00:12 Windows Update
24-10-2013 00:11:53 Windows Update
24-10-2013 23:14:12 Windows Update
25-10-2013 00:42:01 Windows Update

==================== Hosts content: ==========================

2009-07-13 22:34 - 2012-09-04 17:31 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {055BC238-C5E5-4192-8334-83A6DDA6850C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-08-06] (Google Inc.)
Task: {084FD79A-EDBA-43B4-AE0A-183AA21ACD7F} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-13] (Microsoft Corporation)
Task: {1717DC53-0944-4D14-9A40-E9A9B75239B1} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2013-09-27] (Sony Corporation)
Task: {26A760EE-B590-47BC-97CB-C0EFADF0EC44} - System32\Tasks\DDNi Startup => C:\Program Files (x86)\DDNi\Oasis\DDNiStartup.exe [2013-07-03] (Digital Delivery Networks, Inc.)
Task: {2C742372-89A2-42DB-A902-C8148DDA6CA6} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate Restart => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2011-09-23] (Sony Corporation)
Task: {3D5FEBFB-995A-4CF8-BF2B-6851269C76D3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-10-24] (Piriform Ltd)
Task: {413B76A9-9EEF-45C8-8996-2EB387A06968} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-10-12] (Sony Corporation)
Task: {46493A99-B40E-46C0-8AB6-4ADB61EFD3C0} - System32\Tasks\Sony Corporation\VAIO Care\CRMReminder => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-10-12] (Sony Corporation)
Task: {590A085D-D73E-43D9-A78A-368405895776} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {5C021454-2D8C-4285-906D-0D8078392DAB} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2013-09-19] (Sony Corporation)
Task: {671EE228-E80B-4737-A207-777D74C100F3} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-10-12] (Sony Corporation)
Task: {6738DBDE-157E-41DE-AA2B-F01458E1D35B} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-10-12] (Sony Corporation)
Task: {6B42C385-DB96-44E1-8918-8803E1A6D207} - System32\Tasks\Sony Corporation\VAIO Gate\StartExecuteProxy => C:\Program Files\Sony\VAIO Gate\ExecutionProxy.exe [2011-09-23] (Sony Corporation)
Task: {6B4E7CCE-F7BB-4101-AB2C-3D66EFACCC08} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2011-09-23] (Sony Corporation)
Task: {7564D729-EEA2-4FB9-85AF-2FE914F8993F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {84238FC0-E489-4953-96BE-35CBF8D8014E} - System32\Tasks\Sony Corporation\VAIO Care\VCSelfHeal => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-10-12] (Sony Corporation)
Task: {9047EBFC-F4A5-402C-9037-845ECA436EAA} - System32\Tasks\Sony\Java Update => C:\Program Files\Java\jre6\bin\jusched.exe
Task: {9872908C-F617-4878-91EC-98ABB506096A} - System32\Tasks\Sony Corporation\VAIO Update\Launch Application => C:\Program Files\SONY\VAIO Update\ShellExeProxy.exe [2013-08-30] (Sony Corporation)
Task: {A4CA449C-4B09-4CE8-A1CF-8F97FAC9853F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-08] (Adobe Systems Incorporated)
Task: {E177E650-02CB-4B7A-927C-182BDA42AAE4} - System32\Tasks\Sony\VAIO Survey => C:\Program Files (x86)\Sony\VAIO Survey\VAIO Sat Survey.exe [2009-10-26] ()
Task: {E6A02153-BCB1-4988-9030-B82F93F1E56A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-08-06] (Google Inc.)
Task: {E80F3C33-C0C5-4E7B-A621-7B9D8EF5522A} - System32\Tasks\VAIO® Messenger (Tardis) => C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe [2013-07-03] (Digital Delivery Networks, Inc.)
Task: {E81BC2CD-BBD1-4C75-A65C-BFBE8EFC959D} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~2\AD-AWA~1\AdAwareLauncher.exe
Task: {E895FB7A-A220-4080-960D-0B8A440596E5} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-10-12] (Sony Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-03-12 16:32 - 2011-03-12 16:32 - 00006144 _____ () C:\Users\Tardis\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.3[1].gadget\CoreTempReader.dll
2011-03-12 16:32 - 2011-03-12 16:32 - 00008704 _____ () C:\Users\Tardis\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.3[1].gadget\GetCoreTempInfoNET.dll
2011-03-12 16:32 - 2011-03-12 16:32 - 00007680 _____ () C:\Users\Tardis\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.3[1].gadget\SystemInfo.dll
2013-08-22 14:00 - 2013-08-22 14:00 - 00009728 _____ () C:\Program Files (x86)\Garmin\Express Tray\Garmin.Cartography.MapUpdate.Device.DataTypes.dll
2013-10-10 11:45 - 2013-10-10 11:45 - 00991984 _____ () C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
2012-06-27 15:09 - 2012-06-27 15:09 - 00557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
2011-06-24 22:56 - 2011-06-24 22:56 - 00087328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-06-24 22:56 - 2011-06-24 22:56 - 01241888 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-08-06 23:24 - 2010-03-02 19:22 - 00013824 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESBasePS.dll
2010-08-06 23:24 - 2010-03-02 19:22 - 00013312 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSubPS.dll
2010-08-06 22:45 - 2010-01-19 23:58 - 00125440 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\SonyCommonLib.dll
2010-08-06 22:45 - 2010-01-19 23:58 - 00007680 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\DebugMsg.dll
2010-08-06 22:45 - 2010-01-19 23:58 - 00009728 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\Resources.dll
2010-08-06 22:45 - 2010-01-19 23:58 - 00015360 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\SharedInterfaces.dll
2010-08-06 22:45 - 2010-01-19 23:58 - 00018944 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\DictionaryLookup.dll
2010-08-06 22:45 - 2010-01-19 23:58 - 00011264 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\MessageXML.dll
2010-08-06 22:45 - 2010-01-19 23:58 - 00005120 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.ThirdPartyApp.dll
2010-08-06 22:45 - 2010-01-19 23:58 - 00023040 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.Generic.dll
2010-08-06 22:45 - 2010-01-19 23:58 - 00027648 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.BtPower.dll
2010-08-06 22:45 - 2010-01-19 23:58 - 00005120 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.Generic.dll
2010-08-06 22:45 - 2010-01-19 23:58 - 00015360 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.NativeWifiThirdPartyApp.dll
2010-08-06 22:45 - 2010-01-19 23:58 - 00009728 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.TosBtThirdPartyApp.dll
2010-08-06 22:45 - 2010-01-19 23:58 - 00006656 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.WlanPower.dll
2010-08-06 22:45 - 2010-01-19 23:58 - 00004608 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.Power.dll
2010-08-06 22:45 - 2010-01-21 22:40 - 00109568 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\DevicePanel.dll
2010-03-31 15:57 - 2009-11-20 18:19 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2013-07-02 23:06 - 2013-07-02 23:06 - 00039936 _____ () C:\Program Files (x86)\DDNi\Oasis2Service\OasisCloudModel.dll
2013-07-02 23:06 - 2013-07-02 23:06 - 00011264 _____ () C:\Program Files (x86)\DDNi\Oasis2Service\OasisCloudClient.dll
2013-09-04 03:19 - 2013-07-03 02:08 - 00061864 _____ () C:\Program Files (x86)\DDNi\Oasis\OasisCloudModel.dll
2013-09-04 03:19 - 2013-07-03 02:08 - 00018856 _____ () C:\Program Files (x86)\DDNi\Oasis\OasisCloudClient.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\Tardis\Documents\#7.doc:Roxio EMC Stream
AlternateDataStreams: C:\Users\Tardis\Documents\3,4 of english.doc:Roxio EMC Stream
AlternateDataStreams: C:\Users\Tardis\Documents\3,4.doc:Roxio EMC Stream
AlternateDataStreams: C:\Users\Tardis\Documents\5 and 6 for english progect.doc:Roxio EMC Stream
AlternateDataStreams: C:\Users\Tardis\Documents\5,6,7.doc:Roxio EMC Stream
AlternateDataStreams: C:\Users\Tardis\Documents\5,6.doc:Roxio EMC Stream
AlternateDataStreams: C:\Users\Tardis\Documents\A Biofuels Bonanza in our Backyards.doc:Roxio EMC Stream
AlternateDataStreams: C:\Users\Tardis\Documents\Book talk.doc:Roxio EMC Stream
AlternateDataStreams: C:\Users\Tardis\Documents\Character.doc:Roxio EMC Stream
AlternateDataStreams: C:\Users\Tardis\Documents\Conclusion.doc:Roxio EMC Stream
AlternateDataStreams: C:\Users\Tardis\Documents\content focus #6 science.doc:Roxio EMC Stream
AlternateDataStreams: C:\Users\Tardis\Documents\Current event summery in biology 1-2 quarter.doc:Roxio EMC Stream
AlternateDataStreams: C:\Users\Tardis\Documents\current events notes.doc:Roxio EMC Stream
AlternateDataStreams: C:\Users\Tardis\Documents\Derricks scince.doc:Roxio EMC Stream
AlternateDataStreams: C:\Users\Tardis\Documents\Doc1.doc:Roxio EMC Stream
AlternateDataStreams: C:\Users\Tardis\Documents\Doc2.doc:Roxio EMC Stream
AlternateDataStreams: C:\Users\Tardis\Documents\english #2.doc:Roxio EMC Stream
AlternateDataStreams: C:\Users\Tardis\Documents\english 9 essay.doc:Roxio EMC Stream
AlternateDataStreams: C:\Users\Tardis\Documents\english advice letter.doc:Roxio EMC Stream
AlternateDataStreams: C:\Users\Tardis\Documents\english paper.doc:Roxio EMC Stream
AlternateDataStreams: C:\Users\Tardis\Documents\english report #2 (#1).doc:Roxio EMC Stream
AlternateDataStreams: C:\Users\Tardis\Documents\english report 1,2,.doc:Roxio EMC Stream
AlternateDataStreams: C:\Users\Tardis\Documents\english short story typed copy.doc:Roxio EMC Stream
AlternateDataStreams: C:\Users\Tardis\Documents\Ferret.ppt:Roxio EMC Stream
AlternateDataStreams: C:\Users\Tardis\Documents\Galileo.doc:Roxio EMC Stream
AlternateDataStreams: C:\Users\Tardis\Documents\Gnomes.doc:Roxio EMC Stream
AlternateDataStreams: C:\Users\Tardis\Documents\Haiku.doc:Roxio EMC Stream
AlternateDataStreams: C:\Users\Tardis\Documents\Henry Hudson.doc:Roxio EMC Stream
AlternateDataStreams: C:\Users\Tardis\Documents\House Rules and Schedules.doc:Roxio EMC Stream
AlternateDataStreams: C:\Users\Tardis\Documents\Ian Neylan1.doc:Roxio EMC Stream
AlternateDataStreams: C:\Users\Tardis\Documents\Ian neyland.doc:Roxio EMC Stream
AlternateDataStreams: C:\Users\Tardis\Documents\ians.......i would be sent because.doc:Roxio EMC Stream
AlternateDataStreams: C:\Users\Tardis\Documents\Leopard and Baboon.doc:Roxio EMC Stream
AlternateDataStreams: C:\Users\Tardis\Documents\Limericks.doc:Roxio EMC Stream
AlternateDataStreams: C:\Users\Tardis\Documents\Mantas Gift.doc:Roxio EMC Stream
AlternateDataStreams: C:\Users\Tardis\Documents\My machine-claire.doc:Roxio EMC Stream
AlternateDataStreams: C:\Users\Tardis\Documents\Outside reading project.doc:Roxio EMC Stream
AlternateDataStreams: C:\Users\Tardis\Documents\science stuff-ians.doc:Roxio EMC Stream
AlternateDataStreams: C:\Users\Tardis\Documents\science.doc:Roxio EMC Stream
AlternateDataStreams: C:\Users\Tardis\Documents\t-shirt fun.doc:Roxio EMC Stream
AlternateDataStreams: C:\Users\Tardis\Documents\the worm.doc:Roxio EMC Stream
AlternateDataStreams: C:\Users\Tardis\Documents\Theme.doc:Roxio EMC Stream
AlternateDataStreams: C:\Users\Tardis\Documents\throwing project for gym.ppt:Roxio EMC Stream
AlternateDataStreams: C:\Users\Tardis\Documents\weasel.ppt:Roxio EMC Stream
AlternateDataStreams: C:\Users\Tardis\Documents\Why I want to be a shadow for a day.doc:Roxio EMC Stream
AlternateDataStreams: C:\Users\Tardis\Documents\WIRELESS.txt:Roxio EMC Stream

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: SBRE
Description: SBRE
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SBRE
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/17/2013 10:12:37 PM) (Source: Application Error) (User: )
Description: Faulting application name: adawarebp.exe, version: 1.0.1.106, time stamp: 0x5190eea6
Faulting module name: ole32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96f
Exception code: 0xc0000005
Fault offset: 0x00039342
Faulting process id: 0xb1c
Faulting application start time: 0xadawarebp.exe0
Faulting application path: adawarebp.exe1
Faulting module path: adawarebp.exe2
Report Id: adawarebp.exe3

Error: (10/16/2013 05:16:27 PM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16720, time stamp: 0x523cf127
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc00000fd
Fault offset: 0x74e9e294
Faulting process id: 0x1964
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (10/16/2013 05:16:26 PM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16720, time stamp: 0x523cf127
Faulting module name: adawarebp.dll_unloaded, version: 0.0.0.0, time stamp: 0x5190ef1a
Exception code: 0xc0000005
Fault offset: 0x031658fd
Faulting process id: 0x195c
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (10/16/2013 05:16:05 PM) (Source: Application Error) (User: )
Description: Faulting application name: adawarebp.exe, version: 1.0.1.106, time stamp: 0x5190eea6
Faulting module name: winhttp.dll_unloaded, version: 0.0.0.0, time stamp: 0x4ce7ba3e
Exception code: 0xc0000005
Fault offset: 0x72732505
Faulting process id: 0xbec
Faulting application start time: 0xadawarebp.exe0
Faulting application path: adawarebp.exe1
Faulting module path: adawarebp.exe2
Report Id: adawarebp.exe3

Error: (10/15/2013 07:37:01 PM) (Source: Application Error) (User: )
Description: Faulting application name: adawarebp.exe, version: 1.0.1.106, time stamp: 0x5190eea6
Faulting module name: ole32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96f
Exception code: 0xc0000005
Fault offset: 0x00039342
Faulting process id: 0xaf4
Faulting application start time: 0xadawarebp.exe0
Faulting application path: adawarebp.exe1
Faulting module path: adawarebp.exe2
Report Id: adawarebp.exe3

Error: (10/14/2013 10:10:15 AM) (Source: Application Hang) (User: )
Description: The program IEXPLORE.EXE version 10.0.9200.16720 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 19b0

Start Time: 01cec8e6c961ee3d

Termination Time: 17

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (10/11/2013 06:53:10 PM) (Source: Application Error) (User: )
Description: Faulting application name: adawarebp.exe, version: 1.0.1.106, time stamp: 0x5190eea6
Faulting module name: ole32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96f
Exception code: 0xc0000005
Fault offset: 0x00039342
Faulting process id: 0xaf0
Faulting application start time: 0xadawarebp.exe0
Faulting application path: adawarebp.exe1
Faulting module path: adawarebp.exe2
Report Id: adawarebp.exe3

Error: (10/08/2013 11:21:46 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7285

Error: (10/08/2013 11:21:46 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7285

Error: (10/08/2013 11:21:46 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (10/27/2013 06:45:29 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SBRE

Error: (10/27/2013 06:45:02 PM) (Source: Service Control Manager) (User: )
Description: The Garmin Core Update Service service failed to start due to the following error:
%%1053

Error: (10/27/2013 06:45:02 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Core Update Service service to connect.

Error: (10/24/2013 08:42:34 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2872339).

Error: (10/24/2013 08:42:33 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 7 for x64-based Systems (KB2882822).

Error: (10/24/2013 08:31:07 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR5.

Error: (10/24/2013 08:31:06 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR5.

Error: (10/24/2013 08:31:06 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR5.

Error: (10/24/2013 08:31:05 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR5.

Error: (10/24/2013 08:15:09 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.


Microsoft Office Sessions:
=========================
Error: (10/17/2013 10:12:37 PM) (Source: Application Error)(User: )
Description: adawarebp.exe1.0.1.1065190eea6ole32.dll6.1.7601.175144ce7b96fc000000500039342b1c01cecba72a992cbbC:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exeC:\Windows\syswow64\ole32.dllc1e9219c-379a-11e3-b2bd-5442497005f2

Error: (10/16/2013 05:16:27 PM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE10.0.9200.16720523cf127unknown0.0.0.000000000c00000fd74e9e294196401cecab4ee9b5c62C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEunknown37588237-36a8-11e3-bb75-5442497005f2

Error: (10/16/2013 05:16:26 PM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE10.0.9200.16720523cf127adawarebp.dll_unloaded0.0.0.05190ef1ac0000005031658fd195c01cecab4ee9b5c62C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEadawarebp.dll36c58ee0-36a8-11e3-bb75-5442497005f2

Error: (10/16/2013 05:16:05 PM) (Source: Application Error)(User: )
Description: adawarebp.exe1.0.1.1065190eea6winhttp.dll_unloaded0.0.0.04ce7ba3ec000000572732505bec01cecab49583759bC:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exewinhttp.dll2a26cc23-36a8-11e3-bb75-5442497005f2

Error: (10/15/2013 07:37:01 PM) (Source: Application Error)(User: )
Description: adawarebp.exe1.0.1.1065190eea6ole32.dll6.1.7601.175144ce7b96fc000000500039342af401cec9eae176a1a6C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exeC:\Windows\syswow64\ole32.dllb0263457-35f2-11e3-843e-5442497005f2

Error: (10/14/2013 10:10:15 AM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE10.0.9200.1672019b001cec8e6c961ee3d17C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (10/11/2013 06:53:10 PM) (Source: Application Error)(User: )
Description: adawarebp.exe1.0.1.1065190eea6ole32.dll6.1.7601.175144ce7b96fc000000500039342af001cec6d451a64903C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exeC:\Windows\syswow64\ole32.dlle677c414-32c7-11e3-8994-5442497005f2

Error: (10/08/2013 11:21:46 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7285

Error: (10/08/2013 11:21:46 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7285

Error: (10/08/2013 11:21:46 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second


CodeIntegrity Errors:
===================================
  Date: 2012-09-04 17:27:14.571
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-09-04 17:27:14.493
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-09-04 17:27:14.415
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-09-04 17:27:14.337
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-09-04 12:22:46.018
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-09-04 12:22:45.956
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-09-04 12:22:45.878
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-09-04 12:22:45.815
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-09-03 17:13:05.623
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-09-03 17:13:05.561
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 59%
Total physical RAM: 3758.09 MB
Available physical RAM: 1539.14 MB
Total Pagefile: 7514.36 MB
Available Pagefile: 4687.76 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:454.42 GB) (Free:359.5 GB) NTFS
Drive d: (WD SmartWare) (CDROM) (Total:0.63 GB) (Free:0 GB) UDF
Drive f: () (Removable) (Total:0.96 GB) (Free:0.95 GB) FAT
Drive g: (External) (Fixed) (Total:930.86 GB) (Free:880.59 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 67104AA9)
Partition 1: (Not Active) - (Size=11 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=454 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 981 MB) (Disk ID: 6F727265)
No partition Table on disk 1.

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 931 GB) (Disk ID: 0002AE3F)
Partition 1: (Not Active) - (Size=931 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

 

 

 

Thank you again for your help!



#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:03:54 AM

Posted 27 October 2013 - 09:43 PM

There is a device driver that seems related to either Counter Spy or any Sunbelt software that no longer is in the computer. I will remove the driver then will scan for malware.

 

Download the enclosed file. [attachment=143201:fixlist.txt]

 

Save it next to FRST64, overwriting the existing one.

 

Run FRST64 as you did before (in Normal Mode), except that his time around click on the Fix button and wait.

 

The tool will make a log next to FRST64 (Fixlog.txt). Please post it to your reply.

 

Lets scan:

 

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

 

Download : ADWCleaner to your desktop.

NOTE: If using Internet Explorer and get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close  all programs and click on the AdwCleaner icon.

scan-results.jpg

Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder. as AdwCleaner[S0].txt
 

bf_new.gif Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

 

 

Let me also know the progress of the computer after these scans.
 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 Midnight703

Midnight703
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:54 AM

Posted 28 October 2013 - 07:21 PM

Below please find the text from the Junkware Removal Tool:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Windows 7 Professional x64
Ran by Tardis on Mon 10/28/2013 at 20:07:28.06
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-259566508-1977204953-2024372535-1005\Software\Microsoft\Internet Explorer\Main\\Start Page
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\kt_bho_dll.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\adawarebp
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\kt_bho.kettlebho
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\kt_bho.kettlebho.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\adawarebp_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\adawarebp_rasmancs
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\blekko toolbars"
Successfully deleted: [Folder] "C:\ProgramData\partner"
Successfully deleted: [Folder] "C:\Users\Tardis\AppData\Roaming\opencandy"
Successfully deleted: [Folder] "C:\Users\Tardis\appdata\local\adawarebp"
Successfully deleted: [Folder] "C:\Users\Tardis\appdata\local\opencandy"
Successfully deleted: [Folder] "C:\Users\Tardis\appdata\locallow\adawaretb"
Successfully deleted: [Folder] "C:\Program Files (x86)\adawaretb"
Successfully deleted: [Folder] "C:\Program Files (x86)\mypc backup"
Successfully deleted: [Empty Folder] C:\Users\Tardis\appdata\local\{341DE5EA-474F-4F41-8490-5B224D543FA6}
Successfully deleted: [Empty Folder] C:\Users\Tardis\appdata\local\{5594D404-ADE1-4FDB-84A1-0241C270BDE4}
Successfully deleted: [Empty Folder] C:\Users\Tardis\appdata\local\{6C01258A-51C2-4F91-BEE8-5BCD457C68C9}
Successfully deleted: [Empty Folder] C:\Users\Tardis\appdata\local\{7C5C3FAA-399B-44D5-B552-D8ABC27D56F9}
Successfully deleted: [Empty Folder] C:\Users\Tardis\appdata\local\{86DE1A15-82A3-45D9-9C6A-3CCEA6549392}
 
 
 
~~~ Chrome
 
Successfully deleted: [Folder] C:\Users\Tardis\appdata\local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 10/28/2013 at 20:17:27.92
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
I will be posting the next report as soon as I have completed the scan and then subsequently I will post the Malware Bytes report.


#6 Midnight703

Midnight703
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:54 AM

Posted 28 October 2013 - 07:39 PM

Here is the AdwCleaner [S0]:

 

# AdwCleaner v3.010 - Report created 28/10/2013 at 20:30:29
# Updated 20/10/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Tardis - TARDIS-VAIO
# Running from : C:\Users\Tardis\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
[#] Service Deleted : Partner Service
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Program Files (x86)\Swift Browse
Folder Deleted : C:\Program Files (x86)\Toolbar Cleaner
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
 
***** [ Shortcuts ] *****
 
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Messenger\View Inbox.lnk
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{28A88B70-D874-4F73-BBBA-9B2B222FB7D6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{86676E13-D6D8-4652-9FCF-F2047F1FB000}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKLM\Software\adawaretb
Key Deleted : HKLM\Software\Toolbar Cleaner
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adawaretb
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16720
 
 
-\\ Google Chrome v30.0.1599.101
 
[ File : C:\Users\Tardis\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted : keyword
 
*************************
 
AdwCleaner[R0].txt - [2369 octets] - [28/10/2013 20:22:31]
AdwCleaner[S0].txt - [2313 octets] - [28/10/2013 20:30:29]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2373 octets] ##########
 
 
and here is the AdwCleaner [R0]:
 
# AdwCleaner v3.010 - Report created 28/10/2013 at 20:22:31
# Updated 20/10/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Tardis - TARDIS-VAIO
# Running from : C:\Users\Tardis\Downloads\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
Service Found : Partner Service
 
***** [ Files / Folders ] *****
 
Folder Found C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found C:\Program Files (x86)\Swift Browse
Folder Found C:\Program Files (x86)\Toolbar Cleaner
 
***** [ Shortcuts ] *****
 
Shortcut Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Messenger\View Inbox.lnk ( DDNi.Caravan,Inbox )
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Found : HKLM\Software\adawaretb
Key Found : HKLM\SOFTWARE\Classes\AppID\{28A88B70-D874-4F73-BBBA-9B2B222FB7D6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{86676E13-D6D8-4652-9FCF-F2047F1FB000}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adawaretb
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
Key Found : HKLM\Software\Toolbar Cleaner
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16720
 
 
-\\ Google Chrome v30.0.1599.101
 
[ File : C:\Users\Tardis\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Found : keyword
 
*************************
 
AdwCleaner[R0].txt - [2221 octets] - [28/10/2013 20:22:31]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2281 octets] ##########
 


#7 Midnight703

Midnight703
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:54 AM

Posted 28 October 2013 - 08:01 PM

Here is the report from Malware Bytes:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.10.28.11
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
Tardis :: TARDIS-VAIO [administrator]
 
10/28/2013 8:44:44 PM
mbam-log-2013-10-28 (20-44-44).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 229183
Time elapsed: 6 minute(s), 12 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 1
C:\Users\Tardis\Downloads\winzip155.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
 
(end)
 
 
 
 
The computer seems to be functioning fine now! Please let me know if further action is required!
 
Also, I typically use Microsoft Security Essentials on my personal computers and have never had a problem, any recommendations on protection?


#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:03:54 AM

Posted 28 October 2013 - 11:02 PM

Congratulations.
 
I would recommend AVAST as an antivirus and Malwarebytes as an anti-malware application.
 
Since the tools we used to scan the computer, as well as tools to delete files and folders, are no longer needed, they should be removed, as well as the folders created by these tools.

Remove the C:\FRST folder.

Run AdwCleaner and uninstall.

Manually remove any tool left.

Here are some suggestions.
  • Always keep your JAVA updated. Older versions will make your computer vulnerable.
  • Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Miekiemoes.

Best wishes! :hello:

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users