Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Arabyonline.com browser redirect malware


  • This topic is locked This topic is locked
6 replies to this topic

#1 Maiwand

Maiwand

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 25 January 2014 - 04:22 AM

When ever I open Chrome, I get two tabs open: arabyonline.com

 

Info

 

Sony Vaio  VPCSB 19GG

Windows 7 SP1

Windows Firewall

Microsoft Security Essential (now using Avast)

 

Since I've been having this problem, I removed MSE and tried Avast AV but no luck.

 

I've tried:

 

Full scan with MSE

Full scan with Malwarebytes Antimalware

Full scan with Avast

Boot time scan with Avast

Remove suspicious extensions from IE / Chrome

Remove suspicious search providers in IE / Chrome

Restore Computer to earlier time

 

Nothing helped.

 

I then tried uninstall/re-install Chrome (this fixed the problem last night, but it came back this morning)

 

This problem seems to be fixed in IE but Chrome is still suffering.

 

 

 

DDS LOG:

========

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16428
Run by Maiwand at 13:12:42 on 2014-01-25
Microsoft Windows 7 Professional   6.1.7601.1.1252.44.1033.18.8108.5509 [GMT 4:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Program Files (X86)\Avast\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\BtwRSupportService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
C:\Program Files\Apoint\Apoint.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Users\Maiwand\AppData\Local\FluxSoftware\Flux\flux.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\alg.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESGfxMgr.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\igfxext.exe
C:\Program Files (x86)\Virtual Clone Drive\VCDDaemon.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Avast\AvastUI.exe
C:\Program Files\Apoint\Apvfb.exe
C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
C:\Program Files\Sony\VAIO Update\VUAgent.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Sony\VAIO Care\VCPerfService.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\Program Files\Sony\VAIO Care\VCService.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Sony\VAIO Care\VCAgent.exe
C:\Windows\System32\vds.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\PROGRA~2\Nitro\READER~1\NITROP~2.EXE
C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Sony\VAIO Care\Admload.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com
uDefault_Page_URL = hxxp://sony.msn.com
mWinlogon: Userinit = userinit.exe
BHO: Video-Saver: {0fd7b9f3-9185-4b50-9f94-462ed31d4e5e} - C:\Program Files (x86)\Video-Saver\136.dll
BHO: CtxIEInterceptorBHO Class: {2C4631FF-5CC8-4EBC-A0DF-34C92291759E} - C:\Program Files (x86)\Citrix\ICA Client\IEInterceptor.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files (X86)\Avast\aswWebRepIE.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files (X86)\Avast\aswWebRepIE.dll
uRun: [F.lux] "C:\Users\Maiwand\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
uRun: [SkyDrive] "C:\Users\Maiwand\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
uRun: [vpnuk] C:\Program Files (x86)\VPNUK\vpn_dialer.exe
uRun: [Folder Size] C:\Program Files\FolderSize\FolderSize.exe
uRun: [GoogleChromeAutoLaunch_43494D1E4A898ABF6B85E8A54CCBD39F] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
uRunOnce: [Uninstall C:\Users\Maiwand\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64] C:\Windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Maiwand\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64"
uRunOnce: [Uninstall C:\Users\Maiwand\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64] C:\Windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Maiwand\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64"
mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [VAIO Boot Manager] "C:\Program Files (x86)\Sony\VAIO Boot Manager\StartUpProcessDelayTool.exe"
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Virtual Clone Drive\VCDDaemon.exe" /s
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [AvastUI.exe] "C:\Program Files (X86)\Avast\AvastUI.exe" /nogui
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: C:\Users\Maiwand\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SENDTO~1.LNK - C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: NameServer = 172.17.137.254 94.200.200.200 91.74.74.74
TCP: Interfaces\{12A6BAAC-6520-4968-9BAE-7CD6DB8DA8BE} : DHCPNameServer = 172.17.137.254 94.200.200.200 91.74.74.74
TCP: Interfaces\{8C27CEC3-4D79-4984-85D7-71CB8665D6C1} : DHCPNameServer = 172.17.137.254 94.200.200.200 91.74.74.74
TCP: Interfaces\{8C27CEC3-4D79-4984-85D7-71CB8665D6C1}\4485240214D414 : DHCPNameServer = 94.200.200.200 91.74.74.74
TCP: Interfaces\{8C27CEC3-4D79-4984-85D7-71CB8665D6C1}\44F6F626965602548747 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{8C27CEC3-4D79-4984-85D7-71CB8665D6C1}\44F6F62696560254874756E6465627 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{8C27CEC3-4D79-4984-85D7-71CB8665D6C1}\4646D2772747 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{8C27CEC3-4D79-4984-85D7-71CB8665D6C1}\E4544574541425 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{CA41F8FB-A306-4068-9658-E9EE2EFDE853} : DHCPNameServer = 192.168.42.129
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
AppInit_DLLs= C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files (X86)\Avast\aswWebRepIE64.dll
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files (X86)\Avast\aswWebRepIE64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3 
x64-Run: [Apoint] C:\Program Files (x86)\Apoint\Apoint.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-1-24 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-1-24 205320]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2014-1-24 1032416]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2014-1-24 409832]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2012-2-14 93272]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-5-27 204288]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2014-1-24 38984]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-1-24 84328]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files (x86)\Avast\AvastSvc.exe [2014-1-24 50344]
R2 BcmBtRSupport;Bluetooth Driver Management Service;C:\Windows\System32\BtwRSupportService.exe [2013-10-28 2255064]
R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2014-1-15 151648]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-4-29 13336]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2013-4-30 2429544]
R2 NitroReaderDriverReadSpool3;NitroPDFReaderDriverCreatorReadSpool3;C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [2013-3-26 230416]
R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2013-4-30 259192]
R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-5-8 3574624]
R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2013-4-30 104960]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-4-30 2656280]
R2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2013-4-30 584080]
R2 VSNService;VSNService;C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2013-4-30 923024]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\System32\drivers\ArcSoftKsUFilter.sys [2013-4-30 19968]
R3 ATSwpWDF;AuthenTec TruePrint WBF Driver;C:\Windows\System32\drivers\ATSwpWDF.sys [2010-12-10 894240]
R3 bcbtums;Bluetooth USB LD Filter;C:\Windows\System32\drivers\bcbtums.sys [2013-10-28 170712]
R3 btwampfl;btwampfl;C:\Windows\System32\drivers\btwampfl.sys [2013-8-9 166104]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2013-4-29 39464]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-8-23 317440]
R3 intelkmd;intelkmd;C:\Windows\System32\drivers\igdpmd64.sys [2013-5-27 12312832]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-11-2 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-11-2 180736]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-4-29 425064]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2010-6-2 12032]
R3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2013-4-30 44736]
R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update\VUAgent.exe [2013-4-29 1369136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-5-20 99384]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y60x64.sys [2009-6-11 281088]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2013-5-18 31744]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-1-3 111616]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-11-3 340240]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-11 5434368]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-10-1 178824]
S3 PIONEERNAP;Pioneer USB2.0 Audio Device;C:\Windows\System32\drivers\PioneerNap.SYS [2012-8-17 192000]
S3 pwdrvio;pwdrvio;C:\Windows\System32\pwdrvio.sys [2013-4-29 19032]
S3 pwdspio;pwdspio;C:\Windows\System32\pwdspio.sys [2013-4-29 12384]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-4-30 19456]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2013-4-30 340072]
S3 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-9-10 108400]
S3 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-10-13 423280]
S3 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-9-10 67952]
S3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-9-28 303872]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-14 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-14 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-14 740864]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-5-20 203320]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-11-13 56832]
S3 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-9-28 864000]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-10-26 655088]
S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-10-26 387896]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-10-26 101152]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-4-29 1255736]
.
=============== Created Last 30 ================
.
2014-01-24 09:47:38 92544 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2014-01-24 09:47:38 84328 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-01-24 09:47:38 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-01-24 09:47:38 205320 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-01-24 09:47:38 1032416 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2014-01-24 09:47:37 43152 ----a-w- C:\Windows\avastSS.scr
2014-01-24 08:45:47 -------- d-----w- C:\Users\Maiwand\AppData\Roaming\iSafe
2014-01-24 06:24:04 -------- d-----w- C:\Users\Maiwand\AppData\Roaming\AVAST Software
2014-01-24 06:22:16 -------- d-----w- C:\Program Files (x86)\Avast
2014-01-24 06:19:30 -------- d-----w- C:\ProgramData\AVAST Software
2014-01-24 05:57:18 -------- d-----w- C:\Users\Maiwand\AppData\Roaming\Malwarebytes
2014-01-24 05:57:11 -------- d-----w- C:\ProgramData\Malwarebytes
2014-01-24 05:57:11 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-24 05:39:26 -------- d-----w- C:\Users\Maiwand\AppData\Roaming\deluge
2014-01-23 19:40:55 -------- d-----w- C:\tmp
2014-01-22 21:00:52 -------- d-----w- C:\Program Files (x86)\PIONEER CORPORATION
2014-01-22 20:57:23 -------- d-----w- C:\Users\Maiwand\AppData\Roaming\ARHome
2014-01-22 20:56:37 -------- d-----w- C:\Users\Maiwand\AppData\Roaming\DAEMON Tools Lite
2014-01-22 20:56:34 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite
2014-01-22 20:55:21 -------- d-----w- C:\ProgramData\DAEMON Tools Lite
2014-01-21 17:27:36 -------- d-----w- C:\Users\Maiwand\AppData\Roaming\FastStone
2014-01-21 17:27:36 -------- d-----w- C:\Users\Maiwand\AppData\Local\FastStone
2014-01-21 17:27:32 -------- d-----w- C:\Program Files (x86)\FastStone Photo Resizer
2014-01-20 19:12:26 -------- d-----w- C:\ProgramData\Canneverbe Limited
2014-01-20 19:12:23 -------- d-----w- C:\Users\Maiwand\AppData\Roaming\Canneverbe Limited
2014-01-20 10:23:35 -------- d-----w- C:\Program Files\FolderSize
2014-01-15 10:46:13 -------- d-----w- C:\Program Files\Common Files\EPSON
2014-01-15 10:45:53 10752 ----a-w- C:\Windows\System32\E_GCINST.DLL
2014-01-15 10:45:50 120320 ----a-w- C:\Windows\System32\E_ILMHJE.DLL
2014-01-15 10:45:49 83968 ----a-w- C:\Windows\System32\E_ID4BHJE.DLL
2014-01-15 10:45:35 -------- d-----w- C:\ProgramData\EPSON
2014-01-03 11:36:18 -------- d-----w- C:\Users\Maiwand\AppData\Roaming\gmaptool.eu
2014-01-03 11:32:51 -------- d-----w- C:\Users\Maiwand\AppData\Roaming\fltk.org
2014-01-03 11:32:41 81920 ----a-w- C:\Windows\gmt.exe
2014-01-03 11:32:39 -------- d-----w- C:\Program Files (x86)\GMapTool
2014-01-03 09:19:56 -------- d-----w- C:\Users\Maiwand\AppData\Local\GARMIN_Corp
2014-01-03 09:15:38 -------- d-----w- C:\Users\Maiwand\AppData\Local\Garmin
2014-01-03 08:01:04 202752 ----a-w- C:\Windows\System32\scrrun.dll
.
==================== Find3M  ====================
.
2014-01-19 07:33:29 270496 ----a-w- C:\Windows\System32\MpSigStub.exe
2013-12-25 07:18:07 708168 ----a-w- C:\Windows\System32\drivers\WinUSBCoInstaller.dll
2013-12-25 07:18:07 1490656 ----a-w- C:\Windows\System32\drivers\WdfCoInstaller01007.dll
2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll
2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-10-30 02:32:01 335360 ----a-w- C:\Windows\System32\msieftp.dll
2013-10-30 02:19:52 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll
2013-10-30 01:24:31 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-10-28 14:02:18 2255064 ----a-w- C:\Windows\System32\BtwRSupportService.exe
2013-10-28 14:02:16 170712 ----a-w- C:\Windows\System32\drivers\bcbtums.sys
.
============= FINISH: 13:12:54.41 ===============


BC AdBot (Login to Remove)

 


m

#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:01 AM

Posted 25 January 2014 - 08:23 PM

Hello,

 

as Chrome settings are not shown in DDS please run a FRST scan instead:

 

 

Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)

  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.



#3 Maiwand

Maiwand
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 26 January 2014 - 01:21 AM

Thanks for you reply!

 

 

FRST

#####

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-01-2014 01
Ran by Maiwand (administrator) on MAIWAND-VAIO on 26-01-2014 10:16:50
Running from C:\Users\Maiwand\Desktop\jjj
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files (x86)\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Brio) C:\Program Files\FolderSize\FolderSizeSvc.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(Flux Software LLC) C:\Users\Maiwand\AppData\Local\FluxSoftware\Flux\flux.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESGfxMgr.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Brio) C:\Program Files\FolderSize\FolderSize.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Virtual Clone Drive\VCDDaemon.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(AVAST Software) C:\Program Files (x86)\Avast\AvastUI.exe
(ALPS) C:\Program Files\Apoint\Apvfb.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Sony of America Corporation) C:\Program Files\Sony\VAIO Care\listener.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCsystray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\Admload.exe
() C:\Program Files\OpenVPN\bin\openvpn-gui.exe
(The OpenVPN Project) C:\Program Files\OpenVPN\bin\openvpn.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11490408 2010-12-03] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2179688 2010-12-03] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint\Apoint.exe [226672 2010-12-07] (Alps Electric Co., Ltd.)
HKLM-x32\...\Run: [ISBMgr.exe] - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [673168 2010-11-18] (Sony Corporation)
HKLM-x32\...\Run: [VAIO Boot Manager] - C:\Program Files (x86)\Sony\VAIO Boot Manager\StartUpProcessDelayTool.exe [734608 2010-12-08] (Sony Corporation)
HKLM-x32\...\Run: [VirtualCloneDrive] - C:\Program Files (x86)\Virtual Clone Drive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [ConnectionCenter] - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [371864 2012-04-05] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files (X86)\Avast\AvastUI.exe [3568312 2014-01-24] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [F.lux] - C:\Users\Maiwand\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-16] (Flux Software LLC)
HKCU\...\Run: [SkyDrive] - C:\Users\Maiwand\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136 2013-08-18] (Microsoft Corporation)
HKCU\...\Run: [vpnuk] - C:\Program Files (x86)\VPNUK\vpn_dialer.exe
HKCU\...\Run: [Folder Size] - C:\Program Files\FolderSize\FolderSize.exe [169472 2013-02-13] (Brio)
HKCU\...\Run: [GoogleChromeAutoLaunch_43494D1E4A898ABF6B85E8A54CCBD39F] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [866584 2014-01-11] (Google Inc.)
HKCU\...\Runonce: [Uninstall C:\Users\Maiwand\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Maiwand\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64"
HKCU\...\Runonce: [Uninstall C:\Users\Maiwand\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Maiwand\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64"
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Sara\...\Run: [Google Update] - C:\Users\Sara\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-11-17] (Google Inc.)
HKU\Sara\...\Policies\system: [LogonHoursAction] 2
HKU\Sara\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
AppInit_DLLs-x32: C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll => C:\Program Files (x86)\Citrix\ICA Client\RSHook.dll [257176 2012-04-05] (Citrix Systems, Inc.)
Startup: C:\Users\Maiwand\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sony.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://vaio-online.sony.com/
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files (X86)\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: CtxIEInterceptorBHO Class - {2C4631FF-5CC8-4EBC-A0DF-34C92291759E} - C:\Program Files (x86)\Citrix\ICA Client\IEInterceptor.dll (Citrix Systems, Inc.)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files (X86)\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files (X86)\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files (X86)\Avast\aswWebRepIE.dll (AVAST Software)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 209.222.18.222 209.222.18.218
 
Chrome: 
=======
CHR HomePage: 
CHR DefaultNewTabURL: 
CHR Extension: (Magic Actions for YouTube™) - C:\Users\Maiwand\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2014-01-24]
CHR Extension: (Google Docs) - C:\Users\Maiwand\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-04-29]
CHR Extension: (Google Drive) - C:\Users\Maiwand\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-29]
CHR Extension: (YouTube) - C:\Users\Maiwand\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-29]
CHR Extension: (Honey) - C:\Users\Maiwand\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2014-01-24]
CHR Extension: (Adblock Plus) - C:\Users\Maiwand\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-01-24]
CHR Extension: (Pushbullet) - C:\Users\Maiwand\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2014-01-24]
CHR Extension: (Google Search) - C:\Users\Maiwand\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-29]
CHR Extension: (Tampermonkey) - C:\Users\Maiwand\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2014-01-24]
CHR Extension: (Proxy SwitchySharp) - C:\Users\Maiwand\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm [2014-01-24]
CHR Extension: (avast! Online Security) - C:\Users\Maiwand\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-01-24]
CHR Extension: (LastPass) - C:\Users\Maiwand\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-01-24]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Maiwand\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2014-01-24]
CHR Extension: (Ghostery) - C:\Users\Maiwand\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2014-01-24]
CHR Extension: (feedly) - C:\Users\Maiwand\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndhinffkekpekljifjkkkkkhopnjodja [2014-01-24]
CHR Extension: (Google Wallet) - C:\Users\Maiwand\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Click&Clean App) - C:\Users\Maiwand\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2014-01-24]
CHR Extension: (Gmail) - C:\Users\Maiwand\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-29]
CHR HKCU\...\Chrome\Extension: [cflheckfmhopnialghigdlggahiomebp] - C:\Users\Maiwand\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx [2013-03-27]
CHR HKLM-x32\...\Chrome\Extension: [cflheckfmhopnialghigdlggahiomebp] - C:\Users\Maiwand\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx [2013-03-27]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files (X86)\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-01-24]
 
==================== Services (Whitelisted) =================
 
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 avast! Antivirus; C:\Program Files (X86)\Avast\AvastSvc.exe [50344 2014-01-24] (AVAST Software)
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2255064 2013-10-28] (Broadcom Corporation.)
R2 FolderSize; C:\Program Files\FolderSize\FolderSizeSvc.exe [163840 2013-02-13] (Brio)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-11-03] ()
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-03-26] (Nitro PDF Software)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [37176 2013-08-22] (The OpenVPN Project)
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [259192 2011-01-29] (Sony Corporation)
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [864000 2010-09-28] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1369136 2013-09-25] (Sony Corporation)
 
==================== Drivers (Whitelisted) ====================
 
R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-27] (ArcSoft, Inc.)
R2 aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [38984 2014-01-24] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [84328 2014-01-24] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2014-01-24] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-01-24] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1032416 2014-01-24] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [409832 2014-01-24] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65264 2014-01-24] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [205320 2014-01-24] ()
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170712 2013-10-28] (Broadcom Corporation.)
S3 PIONEERNAP; C:\Windows\System32\DRIVERS\PioneerNap.SYS [192000 2012-08-17] (C-Media Inc.)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19032 2012-08-20] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12384 2012-08-20] ()
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-01-26 10:16 - 2014-01-26 10:16 - 00000000 ____D C:\FRST
2014-01-25 17:42 - 2014-01-25 17:43 - 00000000 ____D C:\Program Files\OpenVPN
2014-01-25 17:42 - 2014-01-25 17:42 - 00000000 ____D C:\Windows\LastGood
2014-01-25 17:42 - 2014-01-25 17:42 - 00000000 ____D C:\Users\Maiwand\Desktop\openvpn
2014-01-25 17:42 - 2014-01-25 17:42 - 00000000 ____D C:\Program Files\TAP-Windows
2014-01-25 17:39 - 2014-01-25 17:39 - 00006524 _____ C:\Users\Maiwand\Desktop\openvpn.zip
2014-01-25 13:19 - 2013-11-27 05:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-25 13:19 - 2013-11-27 05:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-25 13:19 - 2013-11-27 05:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-25 13:19 - 2013-11-27 05:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-25 13:19 - 2013-11-27 05:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-25 13:19 - 2013-11-27 05:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-25 13:19 - 2013-11-27 05:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-25 13:19 - 2013-11-26 15:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-25 13:19 - 2013-11-26 14:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-25 13:13 - 2014-01-25 13:13 - 00013532 _____ C:\Users\Maiwand\Desktop\attach.txt
2014-01-25 13:13 - 2014-01-25 13:12 - 00029968 _____ C:\Users\Maiwand\Desktop\dds.txt
2014-01-25 12:05 - 2014-01-25 12:05 - 00266288 _____ C:\Windows\Minidump\012514-25303-01.dmp
2014-01-25 12:05 - 2014-01-25 12:05 - 00000000 ____D C:\Windows\Minidump
2014-01-25 11:38 - 2014-01-26 10:16 - 00000000 ____D C:\Users\Maiwand\Desktop\jjj
2014-01-24 15:07 - 2014-01-26 09:18 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-24 15:07 - 2014-01-25 15:18 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-24 15:07 - 2014-01-24 15:13 - 00003896 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-01-24 15:07 - 2014-01-24 15:13 - 00003644 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-01-24 15:07 - 2014-01-24 15:10 - 00000000 ____D C:\Program Files (x86)\Google
2014-01-24 15:02 - 2014-01-24 15:02 - 00003906 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2014-01-24 13:47 - 2014-01-24 13:48 - 00409832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-01-24 13:47 - 2014-01-24 13:47 - 01032416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-01-24 13:47 - 2014-01-24 13:47 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-01-24 13:47 - 2014-01-24 13:47 - 00205320 _____ C:\Windows\system32\Drivers\aswVmm.sys
2014-01-24 13:47 - 2014-01-24 13:47 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-01-24 13:47 - 2014-01-24 13:47 - 00084328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-01-24 13:47 - 2014-01-24 13:47 - 00065776 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2014-01-24 13:47 - 2014-01-24 13:47 - 00065264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2014-01-24 13:47 - 2014-01-24 13:47 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-01-24 13:47 - 2014-01-24 13:47 - 00038984 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2014-01-24 13:17 - 2014-01-24 13:20 - 00000000 ____D C:\Users\Maiwand\Desktop\Wedding Photos - Renamed
2014-01-24 12:45 - 2014-01-24 13:01 - 00000000 ____D C:\Users\Maiwand\AppData\Roaming\iSafe
2014-01-24 10:24 - 2014-01-24 10:24 - 00000000 ____D C:\Users\Maiwand\AppData\Roaming\AVAST Software
2014-01-24 10:23 - 2014-01-24 10:23 - 00001269 _____ C:\Users\Maiwand\AppData\Local\recently-used.xbel
2014-01-24 10:22 - 2014-01-24 13:47 - 00000000 ____D C:\Program Files (x86)\Avast
2014-01-24 10:19 - 2014-01-24 10:19 - 00000000 ____D C:\ProgramData\AVAST Software
2014-01-24 09:57 - 2014-01-24 13:01 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-24 09:57 - 2014-01-24 09:57 - 00000000 ____D C:\Users\Maiwand\AppData\Roaming\Malwarebytes
2014-01-24 09:57 - 2014-01-24 09:57 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-24 09:39 - 2014-01-24 10:23 - 00000000 ____D C:\Users\Maiwand\AppData\Roaming\deluge
2014-01-23 23:40 - 2014-01-23 23:40 - 00000000 ____D C:\tmp
2014-01-23 01:00 - 2014-01-23 01:00 - 00000000 ____D C:\Program Files (x86)\PIONEER CORPORATION
2014-01-23 00:57 - 2014-01-24 13:01 - 00000000 ____D C:\Users\Maiwand\AppData\Roaming\ARHome
2014-01-23 00:57 - 2014-01-24 12:37 - 00017948 _____ C:\Users\Maiwand\AppData\Roaming\ext.crx
2014-01-23 00:57 - 2014-01-24 12:37 - 00013722 _____ C:\Users\Maiwand\AppData\Roaming\addonVont.zip
2014-01-23 00:57 - 2014-01-24 12:37 - 00003072 _____ C:\Users\Maiwand\AppData\Roaming\chrome-extension.localstorage
2014-01-23 00:57 - 2014-01-23 00:59 - 91295744 _____ C:\Users\Maiwand\Desktop\Pioneer AV Navigator 2013.iso
2014-01-23 00:57 - 2014-01-23 00:57 - 00000000 ____D C:\Users\Public\Documents\DAEMON Tools Images
2014-01-23 00:56 - 2014-01-24 13:01 - 00000000 ____D C:\Users\Maiwand\AppData\Roaming\DAEMON Tools Lite
2014-01-23 00:56 - 2014-01-24 13:01 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
2014-01-23 00:55 - 2014-01-24 13:01 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2014-01-21 21:27 - 2014-01-24 13:01 - 00000000 ____D C:\Program Files (x86)\FastStone Photo Resizer
2014-01-21 21:27 - 2014-01-21 21:27 - 00000000 ____D C:\Users\Maiwand\AppData\Roaming\FastStone
2014-01-21 21:27 - 2014-01-21 21:27 - 00000000 ____D C:\Users\Maiwand\AppData\Local\FastStone
2014-01-21 21:17 - 2014-01-25 12:07 - 00000000 ____D C:\Users\Maiwand\Desktop\[Albums]
2014-01-20 23:12 - 2014-01-20 23:12 - 00000000 ____D C:\Users\Maiwand\AppData\Roaming\Canneverbe Limited
2014-01-20 23:12 - 2014-01-20 23:12 - 00000000 ____D C:\ProgramData\Canneverbe Limited
2014-01-20 15:39 - 2014-01-20 15:39 - 00044515 _____ C:\test.xml
2014-01-20 14:34 - 2014-01-20 14:35 - 00000000 ____D C:\Users\Maiwand\Documents\Forza
2014-01-20 14:32 - 2014-01-25 12:05 - 00001744 _____ C:\Windows\PFRO.log
2014-01-20 14:23 - 2014-01-20 14:23 - 00000000 ____D C:\Program Files\FolderSize
2014-01-19 23:00 - 2014-01-19 23:00 - 00073728 _____ C:\Users\Sara\Downloads\image (2).jpeg
2014-01-19 23:00 - 2014-01-19 23:00 - 00069632 _____ C:\Users\Sara\Downloads\image (3).jpeg
2014-01-19 22:59 - 2014-01-19 23:00 - 00073728 _____ C:\Users\Sara\Downloads\image (1).jpeg
2014-01-19 22:59 - 2014-01-19 22:59 - 00077824 _____ C:\Users\Sara\Downloads\image.jpeg
2014-01-15 14:46 - 2014-01-15 14:46 - 00000000 ____D C:\Program Files\Common Files\EPSON
2014-01-15 14:45 - 2014-01-15 14:46 - 00000000 ____D C:\ProgramData\EPSON
2014-01-15 14:45 - 2011-04-20 03:03 - 00120320 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_ILMHJE.DLL
2014-01-15 14:45 - 2011-03-15 03:03 - 00083968 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_ID4BHJE.DLL
2014-01-15 14:45 - 2007-04-10 01:06 - 00010752 _____ (SEIKO EPSON CORP.) C:\Windows\system32\E_GCINST.DLL
2014-01-13 00:22 - 2014-01-25 18:44 - 00008393 _____ C:\Windows\setupact.log
2014-01-13 00:22 - 2014-01-13 00:22 - 00000000 _____ C:\Windows\setuperr.log
2014-01-05 18:11 - 2014-01-05 18:18 - 00000000 ____D C:\Users\Sara\Desktop\all
2014-01-05 02:44 - 2014-01-05 02:45 - 00058880 ___SH C:\Users\Public\Documents\Thumbs.db
2014-01-04 20:41 - 2014-01-26 03:18 - 01750634 _____ C:\Windows\WindowsUpdate.log
2014-01-03 15:36 - 2014-01-03 15:36 - 00000000 ____D C:\Users\Maiwand\AppData\Roaming\gmaptool.eu
2014-01-03 15:32 - 2014-01-03 16:08 - 00000000 ____D C:\Program Files (x86)\GMapTool
2014-01-03 15:32 - 2014-01-03 15:32 - 00000000 ____D C:\Users\Maiwand\AppData\Roaming\fltk.org
2014-01-03 15:32 - 2013-08-17 14:22 - 00081920 _____ C:\Windows\gmt.exe
2014-01-03 13:19 - 2014-01-03 13:19 - 00000000 ____D C:\Users\Maiwand\AppData\Local\GARMIN_Corp
2014-01-03 13:15 - 2014-01-03 13:20 - 00000000 ____D C:\Users\Maiwand\AppData\Local\Garmin
2014-01-03 12:05 - 2013-11-26 15:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-01-03 12:05 - 2013-11-26 14:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-01-03 12:05 - 2013-11-26 14:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-01-03 12:05 - 2013-11-26 14:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-01-03 12:05 - 2013-11-26 13:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-01-03 12:05 - 2013-11-26 13:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-01-03 12:05 - 2013-11-26 13:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-01-03 12:05 - 2013-11-26 13:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-01-03 12:05 - 2013-11-26 13:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-01-03 12:05 - 2013-11-26 13:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-01-03 12:05 - 2013-11-26 13:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-01-03 12:05 - 2013-11-26 13:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-01-03 12:05 - 2013-11-26 13:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-01-03 12:05 - 2013-11-26 13:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-01-03 12:05 - 2013-11-26 12:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-01-03 12:05 - 2013-11-26 12:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-01-03 12:05 - 2013-11-26 12:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-01-03 12:05 - 2013-11-26 12:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-01-03 12:05 - 2013-11-26 12:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-01-03 12:05 - 2013-11-26 12:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-01-03 12:05 - 2013-11-26 12:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-01-03 12:05 - 2013-11-26 12:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-01-03 12:05 - 2013-11-26 11:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-01-03 12:05 - 2013-11-26 11:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-01-03 12:05 - 2013-11-26 11:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-01-03 12:05 - 2013-11-26 11:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-01-03 12:05 - 2013-11-26 10:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-01-03 12:05 - 2013-11-26 10:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-01-03 12:05 - 2013-11-26 10:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-01-03 12:05 - 2013-11-26 10:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-01-03 12:05 - 2013-11-26 10:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-01-03 12:05 - 2013-05-10 09:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-01-03 12:05 - 2013-05-10 09:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-01-03 12:05 - 2013-05-10 08:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-01-03 12:05 - 2013-05-10 08:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-01-03 12:01 - 2013-11-23 22:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2014-01-03 12:01 - 2013-11-23 21:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-01-03 12:01 - 2013-11-12 06:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-01-03 12:01 - 2013-11-12 06:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-01-03 12:01 - 2013-10-19 06:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-01-03 12:01 - 2013-10-19 05:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2014-01-03 12:01 - 2013-10-12 06:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-01-03 12:01 - 2013-10-12 06:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-01-03 12:01 - 2013-10-12 06:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2014-01-03 12:01 - 2013-10-12 06:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2014-01-03 12:01 - 2013-10-12 05:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2014-01-03 12:01 - 2013-10-12 05:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-01-03 12:01 - 2013-10-12 05:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2014-01-03 12:01 - 2013-10-12 05:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2014-01-03 12:01 - 2013-10-04 06:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2014-01-03 12:01 - 2013-10-04 05:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
 
==================== One Month Modified Files and Folders =======
 
2014-01-26 10:16 - 2014-01-26 10:16 - 00000000 ____D C:\FRST
2014-01-26 10:16 - 2014-01-25 11:38 - 00000000 ____D C:\Users\Maiwand\Desktop\jjj
2014-01-26 09:33 - 2013-11-17 14:18 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1481325709-3553013753-2334475017-1003UA.job
2014-01-26 09:18 - 2014-01-24 15:07 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-26 07:33 - 2013-11-17 14:18 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1481325709-3553013753-2334475017-1003Core.job
2014-01-26 03:18 - 2014-01-04 20:41 - 01750634 _____ C:\Windows\WindowsUpdate.log
2014-01-25 18:47 - 2013-09-27 15:04 - 00000000 ____D C:\Users\Maiwand\AppData\Roaming\vlc
2014-01-25 18:44 - 2014-01-13 00:22 - 00008393 _____ C:\Windows\setupact.log
2014-01-25 17:43 - 2014-01-25 17:42 - 00000000 ____D C:\Program Files\OpenVPN
2014-01-25 17:42 - 2014-01-25 17:42 - 00000000 ____D C:\Windows\LastGood
2014-01-25 17:42 - 2014-01-25 17:42 - 00000000 ____D C:\Users\Maiwand\Desktop\openvpn
2014-01-25 17:42 - 2014-01-25 17:42 - 00000000 ____D C:\Program Files\TAP-Windows
2014-01-25 17:41 - 2013-04-29 16:43 - 00000000 ____D C:\Users\Maiwand\Downloads\Software
2014-01-25 17:39 - 2014-01-25 17:39 - 00006524 _____ C:\Users\Maiwand\Desktop\openvpn.zip
2014-01-25 15:18 - 2014-01-24 15:07 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-25 14:30 - 2013-07-18 10:46 - 00542208 ___SH C:\Users\Maiwand\Desktop\Thumbs.db
2014-01-25 14:30 - 2013-04-29 16:30 - 00003950 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{3C85BE54-FE25-4BC5-B1B8-627519CA5D6F}
2014-01-25 14:24 - 2009-07-14 08:45 - 00014160 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-25 14:24 - 2009-07-14 08:45 - 00014160 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-25 14:23 - 2009-07-14 09:13 - 00786514 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-25 14:19 - 2013-09-02 19:02 - 00000374 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2014-01-25 14:19 - 2013-04-29 19:32 - 00003490 _____ C:\Windows\System32\Tasks\AutoKMS
2014-01-25 14:19 - 2009-07-14 09:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-25 14:18 - 2009-07-14 08:45 - 00464624 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-25 13:20 - 2013-07-12 22:14 - 00000000 ____D C:\Windows\system32\MRT
2014-01-25 13:19 - 2013-04-29 17:38 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-25 13:13 - 2014-01-25 13:13 - 00013532 _____ C:\Users\Maiwand\Desktop\attach.txt
2014-01-25 13:12 - 2014-01-25 13:13 - 00029968 _____ C:\Users\Maiwand\Desktop\dds.txt
2014-01-25 12:07 - 2014-01-21 21:17 - 00000000 ____D C:\Users\Maiwand\Desktop\[Albums]
2014-01-25 12:05 - 2014-01-25 12:05 - 00266288 _____ C:\Windows\Minidump\012514-25303-01.dmp
2014-01-25 12:05 - 2014-01-25 12:05 - 00000000 ____D C:\Windows\Minidump
2014-01-25 12:05 - 2014-01-20 14:32 - 00001744 _____ C:\Windows\PFRO.log
2014-01-25 11:46 - 2013-04-30 04:15 - 00001945 _____ C:\Windows\epplauncher.mif
2014-01-24 21:33 - 2009-07-14 07:20 - 00000000 ____D C:\Windows\system32\NDF
2014-01-24 16:04 - 2013-08-03 01:22 - 00000000 ____D C:\Users\Maiwand\AppData\Roaming\XBMC
2014-01-24 15:13 - 2014-01-24 15:07 - 00003896 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-01-24 15:13 - 2014-01-24 15:07 - 00003644 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-01-24 15:10 - 2014-01-24 15:07 - 00000000 ____D C:\Program Files (x86)\Google
2014-01-24 15:07 - 2013-04-29 16:30 - 00000000 ____D C:\Users\Maiwand\AppData\Local\Deployment
2014-01-24 15:06 - 2013-04-29 16:30 - 00000000 ____D C:\Users\Maiwand\AppData\Local\Google
2014-01-24 15:02 - 2014-01-24 15:02 - 00003906 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2014-01-24 13:48 - 2014-01-24 13:47 - 00409832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-01-24 13:47 - 2014-01-24 13:47 - 01032416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-01-24 13:47 - 2014-01-24 13:47 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-01-24 13:47 - 2014-01-24 13:47 - 00205320 _____ C:\Windows\system32\Drivers\aswVmm.sys
2014-01-24 13:47 - 2014-01-24 13:47 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-01-24 13:47 - 2014-01-24 13:47 - 00084328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-01-24 13:47 - 2014-01-24 13:47 - 00065776 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2014-01-24 13:47 - 2014-01-24 13:47 - 00065264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2014-01-24 13:47 - 2014-01-24 13:47 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-01-24 13:47 - 2014-01-24 13:47 - 00038984 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2014-01-24 13:47 - 2014-01-24 10:22 - 00000000 ____D C:\Program Files (x86)\Avast
2014-01-24 13:20 - 2014-01-24 13:17 - 00000000 ____D C:\Users\Maiwand\Desktop\Wedding Photos - Renamed
2014-01-24 13:02 - 2013-04-29 16:25 - 00000000 ____D C:\Users\Maiwand
2014-01-24 13:01 - 2014-01-24 12:45 - 00000000 ____D C:\Users\Maiwand\AppData\Roaming\iSafe
2014-01-24 13:01 - 2014-01-24 09:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-24 13:01 - 2014-01-23 00:57 - 00000000 ____D C:\Users\Maiwand\AppData\Roaming\ARHome
2014-01-24 13:01 - 2014-01-23 00:56 - 00000000 ____D C:\Users\Maiwand\AppData\Roaming\DAEMON Tools Lite
2014-01-24 13:01 - 2014-01-23 00:56 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
2014-01-24 13:01 - 2014-01-23 00:55 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2014-01-24 13:01 - 2014-01-21 21:27 - 00000000 ____D C:\Program Files (x86)\FastStone Photo Resizer
2014-01-24 13:01 - 2013-12-18 14:15 - 00000000 ____D C:\Program Files (x86)\Skifta
2014-01-24 13:01 - 2013-11-17 14:07 - 00000000 ____D C:\Users\Sara
2014-01-24 13:01 - 2013-09-27 15:04 - 00000000 ____D C:\Program Files\VLC
2014-01-24 13:01 - 2013-04-30 00:05 - 00000000 ____D C:\ProgramData\Sony Corporation
2014-01-24 13:01 - 2013-04-29 19:32 - 00000000 ____D C:\Windows\AutoKMS
2014-01-24 13:01 - 2013-04-29 19:29 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-01-24 13:01 - 2013-04-29 19:27 - 00000000 ____D C:\Program Files\Microsoft Office
2014-01-24 13:01 - 2013-04-29 17:35 - 00000000 ____D C:\Users\Maiwand\AppData\Roaming\qBittorrent
2014-01-24 13:01 - 2013-04-29 17:34 - 00000000 ____D C:\Program Files (x86)\qBittorrent
2014-01-24 13:01 - 2013-04-29 17:07 - 00000000 ____D C:\Program Files (x86)\Conduit
2014-01-24 13:01 - 2013-04-29 17:06 - 00000000 ____D C:\Users\Maiwand\AppData\Roaming\uTorrent
2014-01-24 13:01 - 2009-07-14 07:20 - 00000000 ____D C:\Windows\registration
2014-01-24 13:01 - 2009-07-14 07:20 - 00000000 ____D C:\Windows\AppCompat
2014-01-24 12:37 - 2014-01-23 00:57 - 00017948 _____ C:\Users\Maiwand\AppData\Roaming\ext.crx
2014-01-24 12:37 - 2014-01-23 00:57 - 00013722 _____ C:\Users\Maiwand\AppData\Roaming\addonVont.zip
2014-01-24 12:37 - 2014-01-23 00:57 - 00003072 _____ C:\Users\Maiwand\AppData\Roaming\chrome-extension.localstorage
2014-01-24 10:24 - 2014-01-24 10:24 - 00000000 ____D C:\Users\Maiwand\AppData\Roaming\AVAST Software
2014-01-24 10:23 - 2014-01-24 10:23 - 00001269 _____ C:\Users\Maiwand\AppData\Local\recently-used.xbel
2014-01-24 10:23 - 2014-01-24 09:39 - 00000000 ____D C:\Users\Maiwand\AppData\Roaming\deluge
2014-01-24 10:19 - 2014-01-24 10:19 - 00000000 ____D C:\ProgramData\AVAST Software
2014-01-24 09:57 - 2014-01-24 09:57 - 00000000 ____D C:\Users\Maiwand\AppData\Roaming\Malwarebytes
2014-01-24 09:57 - 2014-01-24 09:57 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-23 23:40 - 2014-01-23 23:40 - 00000000 ____D C:\tmp
2014-01-23 01:00 - 2014-01-23 01:00 - 00000000 ____D C:\Program Files (x86)\PIONEER CORPORATION
2014-01-23 00:59 - 2014-01-23 00:57 - 91295744 _____ C:\Users\Maiwand\Desktop\Pioneer AV Navigator 2013.iso
2014-01-23 00:57 - 2014-01-23 00:57 - 00000000 ____D C:\Users\Public\Documents\DAEMON Tools Images
2014-01-22 14:40 - 2013-04-29 16:41 - 00000000 ____D C:\Users\Maiwand\Downloads\[New Downloads]
2014-01-22 01:56 - 2013-09-01 01:37 - 00059904 ___SH C:\Users\Maiwand\Documents\Thumbs.db
2014-01-22 01:56 - 2013-05-15 11:38 - 00000000 ____D C:\Users\Maiwand\AppData\Roaming\Nitro PDF
2014-01-21 21:27 - 2014-01-21 21:27 - 00000000 ____D C:\Users\Maiwand\AppData\Roaming\FastStone
2014-01-21 21:27 - 2014-01-21 21:27 - 00000000 ____D C:\Users\Maiwand\AppData\Local\FastStone
2014-01-21 21:20 - 2013-04-29 17:12 - 00000000 ____D C:\Users\Maiwand\AppData\Local\Paint.NET
2014-01-21 00:18 - 2013-12-14 17:01 - 00000000 ____D C:\Program Files (x86)\OpenVPN
2014-01-21 00:17 - 2013-12-14 16:41 - 00000000 ____D C:\Program Files (x86)\OpenVPN Assistant
2014-01-20 23:12 - 2014-01-20 23:12 - 00000000 ____D C:\Users\Maiwand\AppData\Roaming\Canneverbe Limited
2014-01-20 23:12 - 2014-01-20 23:12 - 00000000 ____D C:\ProgramData\Canneverbe Limited
2014-01-20 15:39 - 2014-01-20 15:39 - 00044515 _____ C:\test.xml
2014-01-20 14:35 - 2014-01-20 14:34 - 00000000 ____D C:\Users\Maiwand\Documents\Forza
2014-01-20 14:35 - 2013-04-29 16:34 - 00000000 ____D C:\Users\Maiwand\Documents\Gym
2014-01-20 14:29 - 2013-04-30 04:05 - 00000000 ____D C:\Users\Maiwand\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-01-20 14:23 - 2014-01-20 14:23 - 00000000 ____D C:\Program Files\FolderSize
2014-01-19 23:00 - 2014-01-19 23:00 - 00073728 _____ C:\Users\Sara\Downloads\image (2).jpeg
2014-01-19 23:00 - 2014-01-19 23:00 - 00069632 _____ C:\Users\Sara\Downloads\image (3).jpeg
2014-01-19 23:00 - 2014-01-19 22:59 - 00073728 _____ C:\Users\Sara\Downloads\image (1).jpeg
2014-01-19 22:59 - 2014-01-19 22:59 - 00077824 _____ C:\Users\Sara\Downloads\image.jpeg
2014-01-19 11:33 - 2013-04-29 18:49 - 00270496 _____ (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-01-15 14:46 - 2014-01-15 14:46 - 00000000 ____D C:\Program Files\Common Files\EPSON
2014-01-15 14:46 - 2014-01-15 14:45 - 00000000 ____D C:\ProgramData\EPSON
2014-01-13 00:22 - 2014-01-13 00:22 - 00000000 _____ C:\Windows\setuperr.log
2014-01-09 20:35 - 2013-12-16 17:49 - 00004982 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Maiwand-VAIO-Maiwand Maiwand-VAIO
2014-01-05 18:18 - 2014-01-05 18:11 - 00000000 ____D C:\Users\Sara\Desktop\all
2014-01-05 17:22 - 2013-12-11 10:12 - 00056832 ___SH C:\Users\Sara\Desktop\Thumbs.db
2014-01-05 02:45 - 2014-01-05 02:44 - 00058880 ___SH C:\Users\Public\Documents\Thumbs.db
2014-01-04 21:24 - 2009-07-14 07:20 - 00000000 ____D C:\Windows\rescache
2014-01-04 20:40 - 2009-07-14 09:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2014-01-03 17:33 - 2013-04-30 12:29 - 00000000 ____D C:\Users\Maiwand\Downloads\Garmin
2014-01-03 17:32 - 2013-04-30 12:46 - 00000000 ____D C:\Users\Maiwand\Documents\Settings
2014-01-03 16:08 - 2014-01-03 15:32 - 00000000 ____D C:\Program Files (x86)\GMapTool
2014-01-03 16:03 - 2013-05-12 21:55 - 00000000 ____D C:\Program Files (x86)\Garmin
2014-01-03 16:00 - 2013-05-12 21:40 - 00000000 ____D C:\Users\Maiwand\AppData\Roaming\GARMIN
2014-01-03 16:00 - 2013-05-12 21:40 - 00000000 ____D C:\ProgramData\GARMIN
2014-01-03 15:36 - 2014-01-03 15:36 - 00000000 ____D C:\Users\Maiwand\AppData\Roaming\gmaptool.eu
2014-01-03 15:32 - 2014-01-03 15:32 - 00000000 ____D C:\Users\Maiwand\AppData\Roaming\fltk.org
2014-01-03 13:20 - 2014-01-03 13:15 - 00000000 ____D C:\Users\Maiwand\AppData\Local\Garmin
2014-01-03 13:19 - 2014-01-03 13:19 - 00000000 ____D C:\Users\Maiwand\AppData\Local\GARMIN_Corp
2013-12-28 12:03 - 2013-12-19 10:38 - 00000000 ____D C:\Users\Maiwand\Desktop\Torrents
 
Some content of TEMP:
====================
C:\Users\Sara\AppData\Local\Temp\install_flashplayer11x32ax_gtba_chra_dy_aaa_aih.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-01-19 00:44
 
==================== End Of Log ============================
 
 
 
 
 
 
 
 
 
 
 
 
 
Addition
#######
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-01-2014 01
Ran by Maiwand at 2014-01-26 10:17:08
Running from C:\Users\Maiwand\Desktop\jjj
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224 - Adobe Systems Incorporated)
Alps Pointing-device for VAIO (Version:  - ALPS ELECTRIC CO., LTD.)
AMD APP SDK Runtime (Version: 2.4.650.9 - Advanced Micro Devices Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.61222.0201 - ATI Technologies Inc.) Hidden
Anatronica (x32 Version:  - )
ArcSoft Magic-i Visual Effects 2 (x32 Version: 2.0.1.134 - ArcSoft)
ArcSoft WebCam Companion 4 (x32 Version: 4.0.21.369 - ArcSoft)
ATI Catalyst Install Manager (Version: 3.0.829.0 - ATI Technologies, Inc.)
avast! Free Antivirus (x32 Version: 9.0.2006 - Avast Software)
BBC iPlayer Downloads (x32 Version: 1.0.2 - BBC)
Bulk Rename Utility 2.7.1.2 (Version:  - TGRMN Software)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2011.1222.155.3300 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.1222.155.3300 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.1222.155.3300 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.1222.155.3300 - ATI) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2011.1222.155.3300 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2011.1222.0154.3300 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.1222.0154.3300 - ATI) Hidden
CCC Help Czech (x32 Version: 2011.1222.0154.3300 - ATI) Hidden
CCC Help Danish (x32 Version: 2011.1222.0154.3300 - ATI) Hidden
CCC Help Dutch (x32 Version: 2011.1222.0154.3300 - ATI) Hidden
CCC Help English (x32 Version: 2011.1222.0154.3300 - ATI) Hidden
CCC Help Finnish (x32 Version: 2011.1222.0154.3300 - ATI) Hidden
CCC Help French (x32 Version: 2011.1222.0154.3300 - ATI) Hidden
CCC Help German (x32 Version: 2011.1222.0154.3300 - ATI) Hidden
CCC Help Greek (x32 Version: 2011.1222.0154.3300 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2011.1222.0154.3300 - ATI) Hidden
CCC Help Italian (x32 Version: 2011.1222.0154.3300 - ATI) Hidden
CCC Help Japanese (x32 Version: 2011.1222.0154.3300 - ATI) Hidden
CCC Help Korean (x32 Version: 2011.1222.0154.3300 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2011.1222.0154.3300 - ATI) Hidden
CCC Help Polish (x32 Version: 2011.1222.0154.3300 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2011.1222.0154.3300 - ATI) Hidden
CCC Help Russian (x32 Version: 2011.1222.0154.3300 - ATI) Hidden
CCC Help Spanish (x32 Version: 2011.1222.0154.3300 - ATI) Hidden
CCC Help Swedish (x32 Version: 2011.1222.0154.3300 - ATI) Hidden
CCC Help Thai (x32 Version: 2011.1222.0154.3300 - ATI) Hidden
CCC Help Turkish (x32 Version: 2011.1222.0154.3300 - ATI) Hidden
ccc-utility64 (Version: 2011.1222.155.3300 - ATI) Hidden
CCleaner (Version: 4.08 - Piriform)
cGPSmapper Free 0100d (x32 Version:  - cGPSmapper)
Citrix Authentication Manager (x32 Version: 2.0.0.41479 - Citrix Systems, Inc.) Hidden
Citrix Receiver (HDX Flash Redirection) (x32 Version: 13.1.200.22 - Citrix Systems, Inc.) Hidden
Citrix Receiver (x32 Version: 13.1.200.22 - Citrix Systems, Inc.)
Citrix Receiver Inside (x32 Version: 3.2.0.5844 - Citrix Systems, Inc.) Hidden
Citrix Receiver(Aero) (x32 Version: 13.1.200.22 - Citrix Systems, Inc.) Hidden
Citrix Receiver(DV) (x32 Version: 13.1.200.22 - Citrix Systems, Inc.) Hidden
Citrix Receiver(USB) (x32 Version: 13.1.200.22 - Citrix Systems, Inc.) Hidden
CM Installer (x32 Version: 1.0.0.0 - Cyanogen Inc.)
Combined Community Codec Pack 2013-04-20 (x32 Version: 2013.04.20.0 - CCCP Project)
Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition (Version:  - Microsoft)
Dungeon Keeper 2 (x32 Version: 2.0.0.32 - GOG.com)
EPSON SX130 Series Printer Uninstall (Version:  - SEIKO EPSON Corporation)
f.lux (HKCU Version:  - )
Faster Than Light (x32 Version: 2.0.0.9 - GOG.com)
FastStone Photo Resizer 3.2 (x32 Version: 3.2 - FastStone Soft.)
Folder Size (64-bit) (Version: 2.6 - Brio)
Fotosizer 1.37 (x32 Version: 1.37 - Fotosizer.com)
Garmin City Navigator MENA NT 2013.20 Update (x32 Version: 9.20.0.0 - Garmin Ltd or its subsidiaries)
Garmin MapSource (x32 Version: 6.16.3 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (x32 Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (x32 Version: 2.5.6 - Garmin Ltd or its subsidiaries)
GMapTool 0.8.159 (x32 Version:  - AP)
GOG.com Downloader version 3.5.8 (x32 Version: 3.5.8 - GOG.com)
GOG.com Dungeon Keeper 2 (Version:  - )
GOG.com Total Annihilation (Version:  - )
Google Chrome (x32 Version: 32.0.1700.76 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Image Resizer for Windows (64 bit) (Version: 3.0.4802.35565 - Brice Lambson) Hidden
Image Resizer for Windows (x32 Version: 3.0.4802.35565 - Brice Lambson)
Intel PROSet Wireless (Version:  - ) Hidden
Intel® Display Audio Driver (x32 Version: 6.14.00.3086 - Intel Corporation)
Intel® Management Engine Components (x32 Version: 7.0.0.1144 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (Version: 14.00.0000 - Intel Corporation)
Intel® Rapid Storage Technology (x32 Version: 10.1.0.1008 - Intel Corporation)
Java Auto Updater (x32 Version: 2.0.2.4 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 22 (64-bit) (Version: 6.0.220 - Oracle)
Java™ 6 Update 22 (x32 Version: 6.0.220 - Oracle)
Junction Link Magic 2.0 (Version:  - )
LIMBO (x32 Version:  - )
Machinarium (x32 Version:  - Amanita Design)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Access MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Access Setup Metadata MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft DCF MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Excel MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Groove MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Lync MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Mouse and Keyboard Center (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (Version: 2.2.173.0 - Microsoft Corporation) Hidden
Microsoft Office 32-bit Components 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Español (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft OneNote MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Project MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Project Professional 2013 (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Project Professional 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft Visio MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Visio Professional 2013 (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visio Professional 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Word MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
MiniTool Partition Wizard Home Edition 7.6.1 (x32 Version:  - MiniTool Solution Ltd.)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0 - Microsoft Corporation)
Nitro Reader 3 (Version: 3.5.2.10 - Nitro)
Notepad++ (x32 Version: 6.4.2 - Notepad++ Team)
Online Plug-in (x32 Version: 13.1.200.22 - Citrix Systems, Inc.) Hidden
OpenAL (x32 Version:  - )
OpenRA (x32 Version:  - IJW Software (New Zealand))
OpenVPN 2.3.2-I003  (Version: 2.3.2-I003 - )
OSM generic routable (x32 Version:  - )
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Paint.NET v3.5.10 (Version: 3.60.0 - dotPDN LLC)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
qBittorrent 3.0.11 (x32 Version: 3.0.11 - The qBittorrent project)
Realtek Ethernet Controller Driver (x32 Version: 7.40.126.2011 - Realtek)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6225 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (x32 Version: 6.1.7601.92 - Realtek Semiconductor Corp.)
Recuva (Version: 1.46 - Piriform)
Remote Keyboard (x32 Version: 1.1.0.12170 - Sony Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.26.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.26.0 - Renesas Electronics Corporation) Hidden
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.4.0 - SAMSUNG Electronics Co., Ltd.)
ScummVM 1.6.0 (x32 Version:  - The ScummVM Team)
Self-service Plug-in (x32 Version: 3.2.0.24226 - Citrix Systems, Inc.) Hidden
Skifta (x32 Version: 2.6.2.0 - skifta.com)
Skype™ 6.3 (x32 Version: 6.3.105 - Skype Technologies S.A.)
Speccy (Version: 1.21 - Piriform)
Steam (x32 Version: 1.0.0.0 - Valve Corporation)
TAP-Windows 9.9.2 (Version: 9.9.2 - )
TeamViewer 8 (x32 Version: 8.0.18051 - TeamViewer)
Theme Hospital (x32 Version: 2.0.0.5 - GOG.com)
Total Annihilation - Commander Pack (x32 Version: 2.0.0.21 - GOG.com)
Update for Microsoft Access 2013 (KB2768008) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft InfoPath 2013 (KB2752078) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2817678) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2825630) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2726954) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2726996) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2738038) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760224) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760242) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760257) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760267) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760539) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760553) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760610) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2767845) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2768016) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817309) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817311) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817314) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817316) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817490) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817626) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2827225) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2827230) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2827239) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2837643) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2837649) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2837655) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2837642) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2726947) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2817625) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Project 2013 (KB2767859) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Publisher 2013 (KB2752097) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft SkyDrive Pro (KB2837652) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Visio 2013 (KB2817306) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2768338) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2817631) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2837630) 64-Bit Edition (Version:  - Microsoft)
VAIO - Remote Keyboard (x32 Version: 1.0.0.12170 - Sony Corporation)
VAIO Care (x32 Version: 6.4.2.11150 - Sony Corporation) Hidden
VAIO Control Center (x32 Version: 4.4.0.11260 - Sony Corporation)
VAIO Data Restore Tool (x32 Version: 1.5.0.10140 - Sony Corporation)
VAIO Data Restore Tool (x32 Version: 1.5.0.10140 - Sony Corporation) Hidden
VAIO Gate (x32 Version: 2.4.2.02200 - Sony Corporation)
VAIO Gate Default (x32 Version: 2.3.0.11220 - Sony Corporation)
VAIO Hardware Diagnostics (x32 Version: 4.1.0.10120 - Sony Corporation) Hidden
VAIO Manual (x32 Version: 1.2.0.11040 - Sony Corporation)
VAIO Media plus (Version: 2.1.0.23300 - Your Company Name) Hidden
VAIO Media plus (x32 Version: 2.1.0.23300 - Sony Corporation)
VAIO Media plus Opening Movie (x32 Version: 2.1.0.14080 - Sony Corporation)
VAIO Quick Web Access (x32 Version: 1.4.5.1 - Sony Corporation)
VAIO Quick Web Access (x32 Version: 1.4.5.1 - Sony Corporation) Hidden
VAIO Sample Contents (x32 Version: 1.4.1.09010 - Sony Corporation)
VAIO Smart Network (x32 Version: 3.4.0.12090 - Sony Corporation)
VAIO Transfer Support (x32 Version: 1.3.0.11250 - Sony Corporation)
VAIO Update (x32 Version: 6.3.1.10120 - Sony Corporation)
VGClientX64 (Version: 1.0.0 - Sony Corporation) Hidden
VGClientX86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VirtualCloneDrive (x32 Version:  - Elaborate Bytes)
VLC media player 2.1.0 (Version: 2.1.0 - VideoLAN)
VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden
WIDCOMM Bluetooth Software (Version: 6.3.0.6300 - Broadcom Corporation)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (Version: 04/19/2012 2.3.1.0 - Garmin)
XBMC (HKCU Version:  - Team XBMC)
ตัวควบคุม ActiveX ใน Windows Live Mesh สำหรับการเชื่อมต่อระยะไกล (ไทย) (x32 Version: 15.4.5722.2 - Microsoft Corporation)
用于远程连接的 Windows Live Mesh ActiveX 控件(简体中文) (x32 Version: 15.4.5722.2 - Microsoft Corporation)
適用遠端連線的 Windows Live Mesh ActiveX 控制項 (x32 Version: 15.4.5722.2 - Microsoft Corporation)
 
==================== Restore Points  =========================
 
25-01-2014 09:19:39 Windows Update
25-01-2014 13:42:51 Device Driver Package Install: TAP-Windows Provider V9 Network adapters
25-01-2014 17:00:00 Windows Backup
 
==================== Hosts content: ==========================
 
2009-07-14 06:34 - 2009-06-11 01:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {022F9EA1-CFE2-4F6E-9369-233AB6B5230F} - System32\Tasks\SONY\VAIO Smart Network\VSN Logon Start => C:\Program Files\Sony\VAIO Smart Network\VSNClient
Task: {03D4496B-114F-40A5-881C-0872E707EF17} - System32\Tasks\SONY\VAIO Power Management\VPM Unlock => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-12-06] (Sony Corporation)
Task: {0F946EC2-FE02-41B5-B366-D8791261A949} - System32\Tasks\SONY\SUS-BCF\Level4Month => C:\Program Files (x86)\Sony\Setting Utility Series\WBCBatteryCare.exe [2011-03-04] (Sony Corporation)
Task: {293BCB4C-915D-4B4E-88E0-DBAAE5CF668E} - System32\Tasks\SONY\SUS-BCF\Level4Daily => C:\Program Files (x86)\Sony\Setting Utility Series\WBCBatteryCare.exe [2011-03-04] (Sony Corporation)
Task: {305FF593-EBBD-4245-AD74-ED49F9D93C24} - System32\Tasks\Sony Corporation\VAIO Gate\StartExecuteProxy => C:\Program Files\Sony\VAIO Gate\ExecutionProxy.exe [2012-02-20] (Sony Corporation)
Task: {318243F6-987E-4880-A1CD-62C39D9E8D2F} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {31D8AAC0-01AB-439E-90E8-44475534C027} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {353DE1B8-38D3-46C6-AD23-8983FC6B7B69} - System32\Tasks\avast! Emergency Update => C:\Program Files (X86)\Avast\AvastEmUpdate.exe [2014-01-24] (AVAST Software)
Task: {3A1A6D9A-B071-4C64-9B68-059158F5D4EC} - System32\Tasks\SONY\VAIO Power Management\VPM Session Change => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-12-06] (Sony Corporation)
Task: {3E10A3FF-AC94-4B01-9139-476C9CBA0C91} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {581F9A9E-1D3F-40F0-8410-0A51CF0671BD} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {5CC00F1A-1994-44B1-853D-8DA6C8D523DF} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCOneClick.exe [2011-02-16] (Sony Corporation)
Task: {5D4A6AF3-37A9-4F1E-85DC-D1E8824AC495} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2013-09-27] (Sony Corporation)
Task: {5E1B23FA-B303-4421-AF8A-6C5FBE173276} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2013-09-19] (Sony Corporation)
Task: {71F1A34F-607B-4A36-A67D-6B8F7BECFD6E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-24] (Google Inc.)
Task: {7A731400-A113-4F6E-9CE7-A84D3BE3CE7F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-11-22] (Piriform Ltd)
Task: {95B8D9EF-E9D9-4E90-A70A-18B24018330E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-24] (Google Inc.)
Task: {A777CA74-A2AE-41E9-BC89-AA80ED067AA5} - System32\Tasks\Sony Corporation\VAIO Boot Manager\VAIO Boot Manager => C:\Program Files (x86)\Sony\VAIO Boot Manager\SetProcessTask.exe [2010-12-08] (Sony Corporation)
Task: {AB293BBA-517B-4DF7-8FE4-65CC409B70C6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1481325709-3553013753-2334475017-1003UA => C:\Users\Sara\AppData\Local\Google\Update\GoogleUpdate.exe [2013-11-17] (Google Inc.)
Task: {AB5C65CB-0DB3-4E7F-B30C-0DF33543A2F7} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Maiwand-VAIO-Maiwand Maiwand-VAIO => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2012-10-01] (Microsoft Corporation)
Task: {AD4C64E4-D1E8-49E6-9999-40BC820B1226} - System32\Tasks\{75809414-C6FD-4016-A13B-BA32753466E2} => Chrome.exe http://ui.skype.com/ui/0/6.7.0.102/en/abandoninstall?page=tsProgressBar
Task: {B1B24367-58DB-4BB4-A512-EB3E8E4FC6BD} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {BBAFA735-B6A3-4D86-A571-39FBAE81654B} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {BCA74894-3B74-424D-97A5-79AF85C0AE57} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2013-04-29] ()
Task: {C0D37756-626D-4534-9E04-E752A29A6FCD} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2012-02-21] (Sony Corporation)
Task: {CCB3C24C-D3A7-43FC-9DA9-8F1631E15734} - System32\Tasks\SONY\VAIO Power Management\VPM Logon Start => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-12-06] (Sony Corporation)
Task: {D1944C77-480B-494C-93A0-1AE34366EBC0} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate Restart => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2012-02-21] (Sony Corporation)
Task: {DA894494-8B31-4654-82C4-BDDB2924D238} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {E54020CD-6A59-43AC-8083-50C1A9AE0C7A} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCsystray.exe [2011-02-16] (Sony Corporation)
Task: {F331ED25-2359-458B-986A-8E7E8F9F0C51} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {F4EDA3F4-EDCC-4191-B420-F35186ED8725} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {FE01E612-DCB9-43E4-869D-BF555681FD0C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1481325709-3553013753-2334475017-1003Core => C:\Users\Sara\AppData\Local\Google\Update\GoogleUpdate.exe [2013-11-17] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1481325709-3553013753-2334475017-1003Core.job => C:\Users\Sara\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1481325709-3553013753-2334475017-1003UA.job => C:\Users\Sara\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-06-18 19:24 - 2012-06-18 19:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2011-01-14 12:20 - 2011-01-14 11:03 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-11-02 23:58 - 2010-11-02 23:58 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2011-11-09 10:55 - 2011-11-09 10:55 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-12-22 02:53 - 2011-12-22 02:53 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2013-08-22 17:25 - 2013-08-22 17:25 - 00199336 _____ () C:\Program Files\OpenVPN\bin\liblzo2-2.dll
2013-08-22 17:25 - 2013-08-22 17:25 - 00117464 _____ () C:\Program Files\OpenVPN\bin\libpkcs11-helper-1.dll
2013-07-19 12:55 - 2013-07-19 12:55 - 01421480 _____ () C:\Program Files\Microsoft Office\Office15\ADDINS\UmOutlookAddin.dll
2012-10-01 23:36 - 2012-10-01 23:36 - 00401024 _____ () C:\Program Files\Microsoft Office\Office15\msfad.dll
2014-01-26 06:21 - 2014-01-25 21:46 - 02166272 _____ () C:\Program Files (X86)\Avast\defs\14012501\algo.dll
2013-04-30 00:05 - 2010-12-24 03:24 - 00013824 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESBasePS.dll
2013-10-17 11:25 - 2013-10-17 11:25 - 08866472 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-01-24 15:10 - 2014-01-11 14:28 - 00715544 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\libglesv2.dll
2014-01-24 15:10 - 2014-01-11 14:28 - 00100120 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\libegl.dll
2014-01-24 15:10 - 2014-01-11 14:29 - 04055320 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\pdf.dll
2014-01-24 15:10 - 2014-01-11 14:29 - 00399640 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll
2014-01-24 15:10 - 2014-01-11 14:28 - 01634584 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ffmpegsumo.dll
2014-01-24 13:47 - 2014-01-24 13:47 - 19336120 _____ () C:\Program Files (x86)\Avast\libcef.dll
2013-08-15 11:35 - 2013-08-15 11:35 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\eb4812681f6ab4406053f3a1803e6da0\IsdiInterop.ni.dll
2013-04-29 23:56 - 2010-11-06 10:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
 
==================== Faulty Device Manager Devices =============
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/24/2014 01:47:13 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary aeqgpzxm.
 
System Error:
The system cannot find the file specified.
.
 
Error: (01/24/2014 00:55:24 PM) (Source: iSafeService) (User: )
Description: iSafeService error: 1063StartServiceCtrlDispatcher failed. ErrorCode=1063
 
Error: (01/24/2014 00:54:59 PM) (Source: iSafeService) (User: )
Description: iSafeService error: 1063StartServiceCtrlDispatcher failed. ErrorCode=1063
 
Error: (01/24/2014 00:54:50 PM) (Source: iSafeService) (User: )
Description: iSafeService error: 1063StartServiceCtrlDispatcher failed. ErrorCode=1063
 
Error: (01/24/2014 00:53:05 PM) (Source: iSafeService) (User: )
Description: iSafeService error: 1063StartServiceCtrlDispatcher failed. ErrorCode=1063
 
Error: (01/24/2014 10:27:39 AM) (Source: Microsoft Security Client Setup) (User: Maiwand-VAIO)
Description: HRESULT:0x8004FF80
Description:Cannot complete uninstall wizard. An error has prevented the Security Essentials Uninstall Wizard from continuing. Please restart your computer and try again. Error code:0x8004FF80.
 
Error: (01/24/2014 10:27:16 AM) (Source: MsiInstaller) (User: Maiwand-VAIO)
Description: Product: Microsoft Security Client -- Error 1921. Service 'Microsoft Antimalware Service' (MsMpSvc) could not be stopped.  Verify that you have sufficient privileges to stop system services.
 
Error: (01/24/2014 10:22:09 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary ksyiuxjo.
 
System Error:
The system cannot find the file specified.
.
 
Error: (01/23/2014 06:34:32 PM) (Source: Application Error) (User: )
Description: Faulting application name: VESMgrSub.exe, version: 5.4.0.11290, time stamp: 0x4cf31bb2
Faulting module name: msvcrt.dll, version: 7.0.7601.17744, time stamp: 0x4eeaf722
Exception code: 0xc0000005
Fault offset: 0x0000981e
Faulting process id: 0x2324
Faulting application start time: 0xVESMgrSub.exe0
Faulting application path: VESMgrSub.exe1
Faulting module path: VESMgrSub.exe2
Report Id: VESMgrSub.exe3
 
Error: (01/21/2014 09:24:33 PM) (Source: Application Hang) (User: )
Description: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: c18
 
Start Time: 01cf15cb08d86187
 
Termination Time: 15
 
Application Path: C:\Windows\Explorer.EXE
 
Report Id: e3512316-82c0-11e3-b3b3-90004e9aa261
 
 
System errors:
=============
Error: (01/25/2014 05:58:42 PM) (Source: ipnathlp) (User: )
Description: 0
 
Error: (01/25/2014 05:52:46 PM) (Source: ipnathlp) (User: )
Description: 0
 
Error: (01/25/2014 05:52:44 PM) (Source: ipnathlp) (User: )
Description: 0
 
Error: (01/25/2014 05:45:30 PM) (Source: ipnathlp) (User: )
Description: 0
 
Error: (01/25/2014 05:45:25 PM) (Source: ipnathlp) (User: )
Description: 0
 
Error: (01/25/2014 02:24:37 PM) (Source: VDS Basic Provider) (User: )
Description: Unexpected failure. Error code: 490@01010004
 
Error: (01/25/2014 02:24:37 PM) (Source: VDS Basic Provider) (User: )
Description: Unexpected failure. Error code: 490@01010004
 
Error: (01/25/2014 02:18:45 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT AUTHORITY)
Description: CBS Client initialization failed. Last error: 0x8007045b
 
Error: (01/25/2014 02:18:26 PM) (Source: ipnathlp) (User: )
Description: 0
 
Error: (01/25/2014 02:17:32 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 
 
Microsoft Office Sessions:
=========================
Error: (01/24/2014 01:47:13 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary aeqgpzxm.
 
System Error:
The system cannot find the file specified.
 
Error: (01/24/2014 00:55:24 PM) (Source: iSafeService)(User: )
Description: iSafeService error: 1063StartServiceCtrlDispatcher failed. ErrorCode=1063
 
Error: (01/24/2014 00:54:59 PM) (Source: iSafeService)(User: )
Description: iSafeService error: 1063StartServiceCtrlDispatcher failed. ErrorCode=1063
 
Error: (01/24/2014 00:54:50 PM) (Source: iSafeService)(User: )
Description: iSafeService error: 1063StartServiceCtrlDispatcher failed. ErrorCode=1063
 
Error: (01/24/2014 00:53:05 PM) (Source: iSafeService)(User: )
Description: iSafeService error: 1063StartServiceCtrlDispatcher failed. ErrorCode=1063
 
Error: (01/24/2014 10:27:39 AM) (Source: Microsoft Security Client Setup)(User: Maiwand-VAIO)
Description: HRESULT:0x8004FF80
Description:Cannot complete uninstall wizard. An error has prevented the Security Essentials Uninstall Wizard from continuing. Please restart your computer and try again. Error code:0x8004FF80.
 
Error: (01/24/2014 10:27:16 AM) (Source: MsiInstaller)(User: Maiwand-VAIO)
Description: Product: Microsoft Security Client -- Error 1921. Service 'Microsoft Antimalware Service' (MsMpSvc) could not be stopped.  Verify that you have sufficient privileges to stop system services.(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (01/24/2014 10:22:09 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary ksyiuxjo.
 
System Error:
The system cannot find the file specified.
 
Error: (01/23/2014 06:34:32 PM) (Source: Application Error)(User: )
Description: VESMgrSub.exe5.4.0.112904cf31bb2msvcrt.dll7.0.7601.177444eeaf722c00000050000981e232401cf18447c92c3dbC:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exeC:\Windows\syswow64\msvcrt.dll78ef68eb-843b-11e3-ba5a-90004e9aa261
 
Error: (01/21/2014 09:24:33 PM) (Source: Application Hang)(User: )
Description: Explorer.EXE6.1.7601.17567c1801cf15cb08d8618715C:\Windows\Explorer.EXEe3512316-82c0-11e3-b3b3-90004e9aa261
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-05-29 00:40:44.373
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Moborobo\MoboroboAssDriver64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-05-29 00:40:44.311
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Moborobo\MoboroboAssDriver64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-05-18 00:18:03.040
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Moborobo\MoboroboAssDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-05-18 00:18:02.967
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Moborobo\MoboroboAssDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 36%
Total physical RAM: 8107.82 MB
Available physical RAM: 5156.9 MB
Total Pagefile: 16213.83 MB
Available Pagefile: 12824.05 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:226.75 GB) (Free:12.01 GB) NTFS
Drive f: (M3 1TB) (Fixed) (Total:931.5 GB) (Free:550.39 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238 GB) (Disk ID: C072C294)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=227 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 932 GB) (Disk ID: 53875175)
Partition 1: (Active) - (Size=932 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:01 AM

Posted 29 January 2014 - 04:37 PM

Hello,

does resetting your Chrome settings help? https://support.google.com/chrome/answer/3296214?hl=en

#5 Maiwand

Maiwand
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 30 January 2014 - 12:22 AM

Hello,

does resetting your Chrome settings help? https://support.google.com/chrome/answer/3296214?hl=en

 

Wow.. Yes, that seems to have fixed it! I will keep an eye on it over the next few days.

 

Thank you!



#6 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:01 AM

Posted 31 January 2014 - 06:09 PM

So everything is running smoothly now?
Let's do the final check up then:
 
 
Please download the ESET Online Scanner and save it to your Desktop.

  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.
  • Note: Do not forget to re-enable your antivirus application after running the above scan!


#7 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:01 AM

Posted 04 March 2014 - 11:26 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users