Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Am I infected?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Am I infected?

Unread postby ChrisMasterSky » May 19th, 2014, 8:02 pm

Hi! I think I need your help.

I updated my software and when my computer finished booting up, a warning kept popping up. It said: Do you want to download, CE_UMBRELLA. I said no about fifty times before it stopped. After that, I oppened Google Chrome and Bing was the search program when i had never set it up that way. I changed it back but I'm not sure it got rid of the problem.

Here are my FRST scans:

FRST:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-05-2014
Ran by Christian (administrator) on PCDECHRISTIAN on 19-05-2014 19:48:55
Running from C:\Users\Christian\Downloads
Platform: Windows 8 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\BCMWLTRY.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\n360.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Deals Interactive Media, LLC) C:\ProgramData\Radsteroids\up\2.6.80\RadsteroidsService.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
() C:\Program Files\003\xmkysecqun64.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\SUSSoundProxy.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESGfxMgr.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\n360.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient.exe
(Deals Interactive Media, LLC) C:\ProgramData\Radsteroids\up\2.6.80\Radsteroids.exe
(Deals Interactive Media, LLC) C:\ProgramData\Radsteroids\up\2.6.80\Radsteroids64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(PC Utilities Pro) C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe
(PC Utilities Pro) C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe
(ContentExplorer) C:\Users\Christian\AppData\Roaming\ContentExplorer\ContentExplorer.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\Bluetooth Headset Helper.exe
(Software Updater) C:\Program Files (x86)\Software Updater\SoftwareUpdater.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(AVM Software Inc.) C:\Program Files (x86)\Paltalk Messenger\paltalk.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.207\deploy\LoLLauncher.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.88\deploy\LolClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
() C:\Program Files\Sony\VAIO Care\VCPerfService.exe
() C:\Program Files\Sony\VAIO Care\listener.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCWebServer.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe [10592256 2013-10-08] (Broadcom Corporation)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1307720 2013-05-06] (Realtek Semiconductor)
HKLM\...\Run: [Bluetooth] => C:\Program Files\WIDCOMM\Bluetooth Software\bttray.exe [526704 2012-12-14] (Broadcom Corporation.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3933496 2012-09-20] (Logitech, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [740376 2013-02-06] (Sony Corporation)
HKLM-x32\...\Run: [Adobe ARM] => c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Runonce: [SpUninstallCleanUp] - REG delete HKEY_LOCAL_MACHINE\Software\SearchProtect /f [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2709282161-3102555306-2552918505-1002\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [135672 2013-09-29] (PC Utilities Pro)
HKU\S-1-5-21-2709282161-3102555306-2552918505-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20728480 2014-01-14] (Skype Technologies S.A.)
HKU\S-1-5-21-2709282161-3102555306-2552918505-1002\...\Run: [GoogleChromeAutoLaunch_F95133299531DA24C7CB703BC8432DCE] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [866632 2014-02-01] (Google Inc.)
HKU\S-1-5-21-2709282161-3102555306-2552918505-1002\...\Run: [ContentExplorer] => C:\Users\Christian\AppData\Roaming\ContentExplorer\ContentExplorer.exe [1062128 2014-05-07] (ContentExplorer)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [245872 2013-05-02] (NVIDIA Corporation)
AppInit_DLLs: c:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL => C:\Program Files (x86)\Optimizer Pro\OptProCrash_x64.dll [4433736 2013-10-18] ()
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [201576 2013-05-02] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftwareUpdater.lnk
ShortcutTarget: SoftwareUpdater.lnk -> C:\Program Files (x86)\Software Updater\SoftwareUpdater.exe (Software Updater)
Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PalTalk.lnk
ShortcutTarget: PalTalk.lnk -> C:\Program Files (x86)\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?gd=&ctid=CT3 ... E52A&SSPV=
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sony13.msn.com
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {238DB35D-C64F-4782-A92D-DE556679F6EA} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASAJS
SearchScopes: HKCU - {238DB35D-C64F-4782-A92D-DE556679F6EA} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASAJS
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\21.2.0.38\coIEPlg.dll (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: DioSecouuntLocAutor - {8D8C4348-9977-D1E0-3A86-6D9BD825C349} - C:\ProgramData\DioSecouuntLocAutor\zerTq3e0w.x64.dll ()
BHO: easytoshhop - {93977B55-19DA-6A2B-4DE5-D2864481AAEB} - C:\ProgramData\easytoshhop\v.x64.dll ()
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: savoinshOp - {CAFCDE7D-3B6F-B5F7-638F-FBB3E2AFB248} - C:\ProgramData\savoinshOp\kje4o.x64.dll ()
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: WinMonitor - {3679AB80-ECDF-4FDF-B425-31A8EC23AB43} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: DioSecouuntLocAutor - {8D8C4348-9977-D1E0-3A86-6D9BD825C349} - C:\ProgramData\DioSecouuntLocAutor\zerTq3e0w.dll ()
BHO-x32: easytoshhop - {93977B55-19DA-6A2B-4DE5-D2864481AAEB} - C:\ProgramData\easytoshhop\v.dll ()
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: savoinshOp - {CAFCDE7D-3B6F-B5F7-638F-FBB3E2AFB248} - C:\ProgramData\savoinshOp\kje4o.dll ()
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.2.0.38\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\zz4pbiut.default
FF Homepage: hxxp://search.conduit.com/?gd=&ctid=CT3 ... E52A&SSPV=
FF SelectedSearchEngine: Trovi search
FF NewTab: about:newtab
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @java.com/DTPlugin,version=10.13.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.13.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.13.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.13.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @sony.com/ReaderDesktop - C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - c:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Christian\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\zz4pbiut.default\searchplugins\bingp.xml
FF SearchPlugin: C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\zz4pbiut.default\searchplugins\conduit-search.xml
FF SearchPlugin: C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\zz4pbiut.default\searchplugins\trovi-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-france.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\cnrtl-tlfi-fr.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-france.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-france.xml
FF Extension: savoinshOp - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\zz4pbiut.default\Extensions\e8962@yaa-dkas.edu [2014-02-13]
FF Extension: easytoshhop - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\zz4pbiut.default\Extensions\ua4b@xqcmaiixbf.co.uk [2014-01-05]
FF Extension: DioSecouuntLocAutor - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\zz4pbiut.default\Extensions\ui7mbgknk@cirwvvya.net [2014-01-05]
FF Extension: TXTfiilesConvert - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\zz4pbiut.default\Extensions\zyck@sahaws.com [2014-01-31]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-04-11]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ []
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2013-12-05]

Chrome:
=======
CHR HomePage:
CHR StartupUrls: "hxxp://www.google.ca/"
CHR Extension: (Documents Google) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-17]
CHR Extension: (Google Drive) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-17]
CHR Extension: (YouTube) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-17]
CHR Extension: (Recherche Google) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-17]
CHR Extension: (Skype Click to Call) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-03-09]
CHR Extension: (Norton Identity Safe for Google Chrome™) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-02-17]
CHR Extension: (Google Wallet) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-17]
CHR Extension: (Gmail) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-17]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\Exts\Chrome.crx [2014-03-20]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

S2 70e6ca8c; C:\Program Files (x86)\Optimizer Pro\OptProCrashSvc.dll [191640 2013-10-18] ()
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2227992 2013-01-23] (Broadcom Corporation.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2211000 2014-03-30] (Microsoft Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129824 2013-01-23] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166688 2013-01-23] (Intel Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-15] (McAfee, Inc.)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\N360.exe [265040 2014-03-12] (Symantec Corporation)
S3 NetworkSupport; C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe [639584 2013-02-05] (Sony Corporation)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [483864 2013-02-06] (Sony Corporation)
R2 Radsteroids; C:\ProgramData\Radsteroids\up\2.6.80\Radsteroids.exe [42872 2014-05-07] (Deals Interactive Media, LLC)
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [156672 2012-08-06] ()
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [972000 2013-01-06] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1369136 2013-09-25] (Sony Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe [6099968 2013-10-08] (Broadcom Corporation)
R2 xmkysecqun64; C:\Program Files\003\xmkysecqun64.exe [706560 2014-04-24] ()

==================== Drivers (Whitelisted) ====================

R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [169240 2013-01-23] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [6957744 2013-10-08] (Broadcom Corporation)
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140409.001\BHDrvx64.sys [1525976 2014-03-18] (Symantec Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1502000.026\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-27] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-27] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140519.001\IDSvia64.sys [525016 2014-03-26] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140519.003\ENG64.SYS [126040 2014-05-11] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140519.003\EX64.SYS [2099288 2014-05-11] (Symantec Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-03-14] (Synaptics Incorporated)
R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1502000.026\SRTSP64.SYS [875736 2014-02-12] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1502000.026\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1502000.026\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1502000.026\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\N360x64\1502000.026\SymELAM.sys [23568 2013-09-09] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-27] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1502000.026\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1502000.026\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-19 19:48 - 2014-05-19 19:49 - 00026685 _____ () C:\Users\Christian\Downloads\FRST.txt
2014-05-19 19:48 - 2014-05-19 19:48 - 02067456 _____ (Farbar) C:\Users\Christian\Downloads\FRST64.exe
2014-05-19 19:48 - 2014-05-19 19:48 - 00000000 ____D () C:\FRST
2014-05-19 19:44 - 2014-05-19 19:44 - 00030520 _____ () C:\Users\Christian\Desktop\dds.txt
2014-05-19 19:44 - 2014-05-19 19:44 - 00003734 _____ () C:\Users\Christian\Desktop\attach.txt
2014-05-19 19:43 - 2014-05-19 19:43 - 00688992 ____R (Swearware) C:\Users\Christian\Downloads\dds.scr
2014-05-19 19:20 - 2014-05-19 19:20 - 00000000 ____D () C:\Program Files (x86)\TXTfiilesConvert
2014-05-19 19:14 - 2014-05-19 19:14 - 00005108 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for PCDECHRISTIAN-Christian PCdeChristian
2014-05-15 17:33 - 2014-05-15 17:33 - 00236944 _____ () C:\Users\Christian\Downloads\FreeZipSetup-NdXQizqNh.exe
2014-05-14 21:45 - 2014-04-12 05:27 - 00172888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 21:45 - 2014-04-12 05:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 21:45 - 2014-04-12 05:09 - 01043968 _____ (Microsoft Corporation) C:\Windows\system32\usercpl.dll
2014-05-14 21:45 - 2014-04-12 05:09 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-05-14 21:45 - 2014-04-12 05:09 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 21:45 - 2014-04-12 05:09 - 00094720 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 21:45 - 2014-04-12 05:08 - 01281536 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 21:45 - 2014-04-12 05:08 - 00827904 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 21:45 - 2014-04-12 05:08 - 00439808 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2014-05-14 21:45 - 2014-04-12 05:08 - 00318464 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 21:45 - 2014-04-12 05:07 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 21:45 - 2014-04-12 03:23 - 00961536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usercpl.dll
2014-05-14 21:45 - 2014-04-12 03:23 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-05-14 21:45 - 2014-04-12 03:23 - 00273920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-14 21:45 - 2014-04-12 03:23 - 00178688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-14 21:45 - 2014-04-12 03:23 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-14 21:45 - 2014-04-12 03:22 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-14 21:45 - 2014-04-12 03:22 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 21:45 - 2014-04-12 02:58 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\workerdd.dll
2014-05-14 21:45 - 2014-03-10 23:32 - 06987096 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 21:45 - 2014-03-10 23:25 - 00100184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 21:45 - 2014-03-10 20:41 - 00559104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-14 21:45 - 2014-03-10 20:41 - 00323072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-14 21:45 - 2014-03-10 20:41 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-14 21:45 - 2014-03-10 20:39 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 21:45 - 2014-03-10 20:38 - 00982016 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 21:45 - 2014-03-10 20:38 - 00684032 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 21:45 - 2014-03-10 20:38 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 21:45 - 2014-03-10 20:38 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2014-05-14 21:45 - 2014-03-10 20:38 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 21:45 - 2014-03-10 20:38 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 21:45 - 2014-03-10 20:38 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 21:45 - 2014-03-09 23:05 - 00668160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-14 21:45 - 2014-03-09 21:27 - 00099840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-14 21:45 - 2014-03-03 19:07 - 00570216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-05-14 21:40 - 2014-03-28 04:23 - 19759104 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 21:40 - 2014-03-28 02:18 - 17562112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-14 21:39 - 2014-03-28 15:19 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-05-14 21:39 - 2014-03-23 18:11 - 00269592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-05-14 21:36 - 2014-05-06 01:14 - 19274752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-14 21:36 - 2014-05-06 01:14 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 21:36 - 2014-03-28 04:23 - 01287168 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2014-05-14 21:35 - 2014-05-05 23:48 - 14367232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-14 21:35 - 2014-05-05 23:48 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-14 21:35 - 2014-05-05 23:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-14 21:35 - 2014-05-05 23:26 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-14 21:30 - 2014-03-01 05:47 - 01258496 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-05-14 21:30 - 2014-03-01 05:47 - 01120768 _____ (Microsoft Corporation) C:\Windows\system32\gpedit.dll
2014-05-14 21:30 - 2014-03-01 04:07 - 01075200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpedit.dll
2014-05-14 21:30 - 2014-03-01 02:59 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-05-14 21:30 - 2014-02-26 19:18 - 00621568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2014-05-14 21:30 - 2014-02-26 19:18 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2014-05-14 21:30 - 2014-02-26 19:18 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2014-05-14 21:30 - 2014-02-26 19:18 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2014-05-14 21:30 - 2014-02-15 00:15 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\IPMIDrv.sys
2014-05-07 17:50 - 2014-05-19 19:47 - 00000000 ____D () C:\Users\Christian\AppData\Local\Radsteroids
2014-05-07 17:43 - 2014-05-07 17:43 - 01356664 _____ () C:\Windows\system32\Radsteroids.33AABCF1AD13.2.6.80.dll
2014-05-07 17:38 - 2014-05-07 17:38 - 01161080 _____ () C:\Windows\SysWOW64\Radsteroids.33AABCF1AD13.2.6.80.dll
2014-05-07 17:33 - 2014-05-07 17:44 - 00000000 ____D () C:\ProgramData\Radsteroids
2014-05-07 17:16 - 2014-05-07 17:16 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\winmonitorIE
2014-05-07 17:16 - 2014-05-07 17:16 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\Paltalk
2014-05-07 17:16 - 2014-05-07 17:16 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Paltalk Messenger
2014-05-07 17:16 - 2014-05-07 17:16 - 00000000 ____D () C:\Program Files (x86)\Paltalk Messenger
2014-05-07 17:15 - 2014-05-07 17:15 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\ContentExplorer
2014-05-07 17:15 - 2014-05-07 17:15 - 00000000 _____ () C:\Users\Christian\Downloads\Number of results
2014-05-07 17:14 - 2014-05-19 18:42 - 00000000 ____D () C:\Program Files (x86)\SuperFastPC
2014-05-07 17:14 - 2014-05-07 17:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Software Updater
2014-05-07 17:14 - 2014-05-07 17:14 - 00000000 ____D () C:\Program Files (x86)\Software Updater
2014-05-07 17:13 - 2014-05-07 17:13 - 00808072 _____ () C:\Users\Christian\Downloads\flashplayerpro-setup.exe
2014-05-07 17:13 - 2014-05-07 17:13 - 00773032 _____ (AirInstaller ) C:\Users\Christian\Downloads\updater.exe
2014-05-07 17:13 - 2014-05-07 17:13 - 00000000 _____ () C:\END
2014-04-25 16:20 - 2014-04-19 05:39 - 00628024 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2014-04-25 16:20 - 2014-04-19 04:45 - 00693760 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-04-25 16:20 - 2014-04-19 04:45 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-25 16:20 - 2014-04-19 02:57 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-04-25 16:20 - 2014-04-19 02:57 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-24 20:40 - 2014-04-24 20:40 - 00000000 ____D () C:\Windows\SysWOW64\N360_BACKUP
2014-04-24 19:33 - 2014-05-15 19:42 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-04-24 19:33 - 2014-04-24 19:33 - 01141680 _____ () C:\Users\Christian\Downloads\SteamSetup.exe
2014-04-24 19:33 - 2014-04-24 19:33 - 00000967 _____ () C:\Users\Public\Desktop\Steam.lnk
2014-04-24 19:33 - 2014-04-24 19:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2014-04-24 19:31 - 2014-05-17 15:01 - 00000312 _____ () C:\Windows\Tasks\RegClean Pro_DEFAULT.job
2014-04-24 19:31 - 2014-05-07 19:31 - 00000320 _____ () C:\Windows\Tasks\RegClean Pro_UPDATES.job
2014-04-24 19:31 - 2014-04-24 19:31 - 00003346 _____ () C:\Windows\System32\Tasks\Advanced System Protector
2014-04-24 19:31 - 2014-04-24 19:31 - 00003060 _____ () C:\Windows\System32\Tasks\RegClean Pro_UPDATES
2014-04-24 19:31 - 2014-04-24 19:31 - 00002904 _____ () C:\Windows\System32\Tasks\RegClean Pro_DEFAULT
2014-04-24 19:31 - 2014-04-24 19:31 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\Advanced System Protector
2014-04-24 19:30 - 2014-04-24 19:30 - 00003108 _____ () C:\Windows\System32\Tasks\RegClean Pro
2014-04-24 19:29 - 2014-04-24 19:29 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\Systweak
2014-04-24 19:29 - 2014-04-24 19:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
2014-04-24 19:29 - 2013-08-22 18:36 - 00020312 _____ (Systweak Inc., (http://www.systweak.com)) C:\Windows\system32\roboot64.exe
2014-04-24 19:28 - 2014-05-07 17:26 - 00000000 ____D () C:\Users\Christian\AppData\Local\Genesis
2014-04-24 19:27 - 2014-04-24 19:31 - 00000000 ____D () C:\Program Files\003
2014-04-24 19:27 - 2014-04-24 19:27 - 00512728 _____ (apinstaller) C:\Users\Christian\Downloads\Steam (3).exe
2014-04-24 19:27 - 2014-04-24 19:27 - 00512728 _____ (apinstaller) C:\Users\Christian\Downloads\Steam (2).exe
2014-04-24 19:26 - 2014-04-24 19:26 - 00512728 _____ (apinstaller) C:\Users\Christian\Downloads\Steam.exe
2014-04-24 19:26 - 2014-04-24 19:26 - 00512728 _____ (apinstaller) C:\Users\Christian\Downloads\Steam (1).exe
2014-04-21 20:28 - 2014-02-03 19:56 - 00332632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-21 20:28 - 2014-02-03 19:56 - 00278872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-21 20:28 - 2014-01-30 20:48 - 00485888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2014-04-21 20:28 - 2014-01-30 20:48 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2014-04-21 20:28 - 2014-01-30 20:06 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2014-04-21 20:28 - 2014-01-26 23:42 - 02232664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-04-21 20:28 - 2014-01-26 23:39 - 01939288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-21 20:28 - 2014-01-26 19:17 - 00386722 _____ () C:\Windows\system32\ApnDatabase.xml
2014-04-21 20:28 - 2014-01-15 19:42 - 00118784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2014-04-21 20:28 - 2014-01-11 02:48 - 05979648 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-04-21 20:28 - 2014-01-11 01:06 - 05092352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-04-21 20:28 - 2014-01-02 19:35 - 00365568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2014-04-21 20:28 - 2014-01-02 19:32 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-04-21 20:18 - 2014-03-06 20:48 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-21 20:18 - 2014-03-06 20:48 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-21 20:18 - 2014-03-06 20:47 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-21 20:18 - 2014-03-06 20:47 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-21 20:18 - 2014-03-06 20:47 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-21 20:18 - 2014-03-06 20:08 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-21 20:18 - 2014-03-06 20:08 - 02240000 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-21 20:18 - 2014-03-06 20:08 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-21 20:18 - 2014-03-06 20:08 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-04-21 20:18 - 2014-03-06 20:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-21 20:18 - 2014-03-06 20:08 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-21 20:18 - 2014-03-06 20:08 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-21 20:18 - 2013-05-15 18:37 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-04-21 20:18 - 2013-05-15 18:35 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-04-21 20:18 - 2013-02-21 06:29 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-04-21 20:18 - 2013-02-21 06:29 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-21 20:18 - 2013-02-21 06:29 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-21 20:18 - 2013-02-21 06:29 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-21 20:18 - 2013-02-21 06:14 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-04-21 20:18 - 2013-02-21 06:14 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-21 20:18 - 2013-02-19 05:53 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-04-21 20:18 - 2012-11-08 00:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-21 20:18 - 2012-11-08 00:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-21 20:18 - 2012-07-25 23:06 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-21 20:17 - 2014-03-06 20:47 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-21 20:17 - 2014-03-06 20:47 - 02049536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-21 20:17 - 2014-03-06 20:47 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-04-21 20:17 - 2014-03-06 20:08 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-21 20:17 - 2014-03-06 20:08 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

==================== One Month Modified Files and Folders =======

2014-05-19 19:49 - 2014-05-19 19:48 - 00026685 _____ () C:\Users\Christian\Downloads\FRST.txt
2014-05-19 19:48 - 2014-05-19 19:48 - 02067456 _____ (Farbar) C:\Users\Christian\Downloads\FRST64.exe
2014-05-19 19:48 - 2014-05-19 19:48 - 00000000 ____D () C:\FRST
2014-05-19 19:47 - 2014-05-07 17:50 - 00000000 ____D () C:\Users\Christian\AppData\Local\Radsteroids
2014-05-19 19:46 - 2014-02-05 20:20 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\Skype
2014-05-19 19:44 - 2014-05-19 19:44 - 00030520 _____ () C:\Users\Christian\Desktop\dds.txt
2014-05-19 19:44 - 2014-05-19 19:44 - 00003734 _____ () C:\Users\Christian\Desktop\attach.txt
2014-05-19 19:43 - 2014-05-19 19:43 - 00688992 ____R (Swearware) C:\Users\Christian\Downloads\dds.scr
2014-05-19 19:22 - 2014-02-17 20:17 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-19 19:22 - 2014-02-17 20:17 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-19 19:20 - 2014-05-19 19:20 - 00000000 ____D () C:\Program Files (x86)\TXTfiilesConvert
2014-05-19 19:20 - 2014-01-31 17:40 - 00000000 ____D () C:\ProgramData\TXTfiilesConvert
2014-05-19 19:20 - 2014-01-05 18:48 - 00000000 ____D () C:\ProgramData\ded9dbee99d5f4e0
2014-05-19 19:16 - 2013-09-24 16:31 - 00000000 ____D () C:\Users\Christian\AppData\Local\PMB Files
2014-05-19 19:14 - 2014-05-19 19:14 - 00005108 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for PCDECHRISTIAN-Christian PCdeChristian
2014-05-19 19:00 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\system32\sru
2014-05-19 18:51 - 2013-10-24 18:02 - 00799196 _____ () C:\Windows\system32\perfh00C.dat
2014-05-19 18:51 - 2013-10-24 18:02 - 00155218 _____ () C:\Windows\system32\perfc00C.dat
2014-05-19 18:51 - 2013-07-30 22:16 - 01459783 _____ () C:\Windows\WindowsUpdate.log
2014-05-19 18:51 - 2012-07-26 03:28 - 01793362 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-19 18:45 - 2013-09-23 20:34 - 00000000 ___RD () C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-19 18:45 - 2013-09-23 20:34 - 00000000 ___RD () C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-19 18:44 - 2012-07-26 03:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-19 18:44 - 2012-07-26 01:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-05-19 18:42 - 2014-05-07 17:14 - 00000000 ____D () C:\Program Files (x86)\SuperFastPC
2014-05-19 18:42 - 2012-08-02 22:22 - 00102370 _____ () C:\Windows\PFRO.log
2014-05-19 18:42 - 2012-07-26 01:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-05-19 18:41 - 2012-07-26 04:12 - 00000000 ___RD () C:\Windows\ToastData
2014-05-19 18:41 - 2012-07-26 04:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-19 18:41 - 2012-07-26 04:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-19 18:41 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\system32\SecureBootUpdates
2014-05-19 18:41 - 2012-07-26 04:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-05-19 18:41 - 2012-07-26 04:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-05-17 15:01 - 2014-04-24 19:31 - 00000312 _____ () C:\Windows\Tasks\RegClean Pro_DEFAULT.job
2014-05-15 23:11 - 2013-09-25 20:37 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 23:11 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-05-15 23:08 - 2013-09-25 20:37 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-15 23:05 - 2013-10-24 19:07 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2709282161-3102555306-2552918505-1002
2014-05-15 19:42 - 2014-04-24 19:33 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-05-15 18:11 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-15 17:33 - 2014-05-15 17:33 - 00236944 _____ () C:\Users\Christian\Downloads\FreeZipSetup-NdXQizqNh.exe
2014-05-15 17:23 - 2013-12-05 23:45 - 00000000 ____D () C:\Users\Christian\AppData\Local\CrashDumps
2014-05-15 16:12 - 2013-09-24 16:31 - 00000000 ____D () C:\ProgramData\PMB Files
2014-05-07 19:31 - 2014-04-24 19:31 - 00000320 _____ () C:\Windows\Tasks\RegClean Pro_UPDATES.job
2014-05-07 17:44 - 2014-05-07 17:33 - 00000000 ____D () C:\ProgramData\Radsteroids
2014-05-07 17:43 - 2014-05-07 17:43 - 01356664 _____ () C:\Windows\system32\Radsteroids.33AABCF1AD13.2.6.80.dll
2014-05-07 17:38 - 2014-05-07 17:38 - 01161080 _____ () C:\Windows\SysWOW64\Radsteroids.33AABCF1AD13.2.6.80.dll
2014-05-07 17:26 - 2014-04-24 19:28 - 00000000 ____D () C:\Users\Christian\AppData\Local\Genesis
2014-05-07 17:16 - 2014-05-07 17:16 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\winmonitorIE
2014-05-07 17:16 - 2014-05-07 17:16 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\Paltalk
2014-05-07 17:16 - 2014-05-07 17:16 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Paltalk Messenger
2014-05-07 17:16 - 2014-05-07 17:16 - 00000000 ____D () C:\Program Files (x86)\Paltalk Messenger
2014-05-07 17:15 - 2014-05-07 17:15 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\ContentExplorer
2014-05-07 17:15 - 2014-05-07 17:15 - 00000000 _____ () C:\Users\Christian\Downloads\Number of results
2014-05-07 17:14 - 2014-05-07 17:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Software Updater
2014-05-07 17:14 - 2014-05-07 17:14 - 00000000 ____D () C:\Program Files (x86)\Software Updater
2014-05-07 17:14 - 2012-07-26 04:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp
2014-05-07 17:13 - 2014-05-07 17:13 - 00808072 _____ () C:\Users\Christian\Downloads\flashplayerpro-setup.exe
2014-05-07 17:13 - 2014-05-07 17:13 - 00773032 _____ (AirInstaller ) C:\Users\Christian\Downloads\updater.exe
2014-05-07 17:13 - 2014-05-07 17:13 - 00000000 _____ () C:\END
2014-05-07 17:13 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\Resources
2014-05-06 01:14 - 2014-05-14 21:36 - 19274752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 01:14 - 2014-05-14 21:36 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-05 23:48 - 2014-05-14 21:35 - 14367232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-05 23:48 - 2014-05-14 21:35 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-05 23:37 - 2014-05-14 21:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-05 23:26 - 2014-05-14 21:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-04 15:18 - 2014-02-05 20:20 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-05-01 16:37 - 2012-07-26 04:14 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-01 16:37 - 2012-07-26 04:14 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-26 00:05 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\rescache
2014-04-25 20:11 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\WinStore
2014-04-24 20:40 - 2014-04-24 20:40 - 00000000 ____D () C:\Windows\SysWOW64\N360_BACKUP
2014-04-24 19:45 - 2014-02-13 21:44 - 00000000 ____D () C:\Program Files (x86)\osu!
2014-04-24 19:33 - 2014-04-24 19:33 - 01141680 _____ () C:\Users\Christian\Downloads\SteamSetup.exe
2014-04-24 19:33 - 2014-04-24 19:33 - 00000967 _____ () C:\Users\Public\Desktop\Steam.lnk
2014-04-24 19:33 - 2014-04-24 19:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2014-04-24 19:31 - 2014-04-24 19:31 - 00003346 _____ () C:\Windows\System32\Tasks\Advanced System Protector
2014-04-24 19:31 - 2014-04-24 19:31 - 00003060 _____ () C:\Windows\System32\Tasks\RegClean Pro_UPDATES
2014-04-24 19:31 - 2014-04-24 19:31 - 00002904 _____ () C:\Windows\System32\Tasks\RegClean Pro_DEFAULT
2014-04-24 19:31 - 2014-04-24 19:31 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\Advanced System Protector
2014-04-24 19:31 - 2014-04-24 19:27 - 00000000 ____D () C:\Program Files\003
2014-04-24 19:30 - 2014-04-24 19:30 - 00003108 _____ () C:\Windows\System32\Tasks\RegClean Pro
2014-04-24 19:29 - 2014-04-24 19:29 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\Systweak
2014-04-24 19:29 - 2014-04-24 19:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
2014-04-24 19:27 - 2014-04-24 19:27 - 00512728 _____ (apinstaller) C:\Users\Christian\Downloads\Steam (3).exe
2014-04-24 19:27 - 2014-04-24 19:27 - 00512728 _____ (apinstaller) C:\Users\Christian\Downloads\Steam (2).exe
2014-04-24 19:26 - 2014-04-24 19:26 - 00512728 _____ (apinstaller) C:\Users\Christian\Downloads\Steam.exe
2014-04-24 19:26 - 2014-04-24 19:26 - 00512728 _____ (apinstaller) C:\Users\Christian\Downloads\Steam (1).exe
2014-04-19 05:39 - 2014-04-25 16:20 - 00628024 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2014-04-19 04:45 - 2014-04-25 16:20 - 00693760 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-04-19 04:45 - 2014-04-25 16:20 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-19 02:57 - 2014-04-25 16:20 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-04-19 02:57 - 2014-04-25 16:20 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll

Some content of TEMP:
====================
C:\Users\Christian\AppData\Local\Temp\nso5B2E.exe
C:\Users\Christian\AppData\Local\Temp\SPSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe
[2014-05-14 21:45] - [2014-04-12 05:10] - 0578048 ____A (Microsoft Corporation) 75DD70A14145499C9F7D903CF9A8C91B

C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-17 18:29

==================== End Of Log ============================


ADDITION:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-05-2014
Ran by Christian at 2014-05-19 19:49:41
Running from C:\Users\Christian\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton 360 (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton 360 (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

ACID Music Studio 9.0 (HKLM-x32\...\{78EB80B0-18A0-11E2-9761-F04DA23A5C58}) (Version: 9.0.35 - Sony)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.9.900.117 - Adobe Systems Incorporated)
Adobe Reader XI MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Wireless Utility (HKLM\...\{4CDA59B9-7AD3-4283-9F5C-BC469FF975B6}) (Version: 6.30.59.132 - Broadcom Corporation)
ContentExplorer (HKLM-x32\...\ContentExplorer) (Version: 7.1 - ContentExplorer.net)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.2529 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.0.2529 - CyberLink Corp.) Hidden
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.6201.52 - CyberLink Corp.)
CyberLink PowerDVD (x32 Version: 9.0.6201.52 - CyberLink Corp.) Hidden
DioSecouuntLocAutor (HKLM-x32\...\{194FED75-9C74-BDB7-53F8-8CFFEF1AFEC9}) (Version: - DDisccountLocaator)
DVD Architect Studio 5.0 (HKLM-x32\...\{42C509F1-C451-11E1-AEC9-F04DA23A5C58}) (Version: 5.0.161 - Sony)
easytoshhop (HKLM-x32\...\{532970A2-464B-73CB-BBC4-F209EAD3EEBE}) (Version: - easyytOshOp)
ESDL (x32 Version: 1.0.0 - Sony Corporation) Hidden
FDUx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
glindorus 1.0.0 (HKLM\...\glindorus) (Version: 1.0.0 - glindorus) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 32.0.1700.107 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.165 - Google Inc.) Hidden
Graphmatica (HKLM-x32\...\{8774B666-ED0F-4B2A-94B3-4245675F929E}) (Version: 2.2.5.1 - kSoft)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2963 - Intel Corporation)
Intel(R) PROSet/Wireless NFC Software (HKLM\...\Intel(R) PROSet/Wireless NFC Software) (Version: 1.0.1.003 - Intel Corporation)
Intel(R) PROSet/Wireless NFC Software (Version: 1.0.1.003 - Intel Corporation) Hidden
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.738.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 13 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417013FF}) (Version: 7.0.130 - Oracle)
Java 7 Update 13 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217013FF}) (Version: 7.0.130 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.)
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Office 365 - fr-fr (HKLM\...\O365HomePremRetail - fr-fr) (Version: 15.0.4605.1003 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Movie Studio Platinum 12.0 (64-bit) (HKLM\...\{1C8AC59F-6464-11E2-A0C0-F04DA23A5C58}) (Version: 12.0.756 - Sony)
Mozilla Firefox 27.0.1 (x86 fr) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 fr)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
Norton 360 (HKLM-x32\...\N360) (Version: 21.2.0.38 - Symantec Corporation)
NVIDIA Control Panel 311.46 (Version: 311.46 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 311.46 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.46 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.109.706 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.11.3 (Version: 1.11.3 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4605.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4605.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4605.1003 - Microsoft Corporation) Hidden
Optimizer Pro v3.2 (HKLM-x32\...\Optimizer Pro_is1) (Version: - PC Utilities Software Limited) <==== ATTENTION
osu! (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284C}) (Version: 0.0.0.0 - peppy)
Paltalk Messenger 11.4 (HKLM-x32\...\Paltalk Messenger) (Version: 11.4.559.15882 - AVM Software Inc.)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
PlayMemories Home (HKLM-x32\...\{1E5C7043-09C5-4974-A69F-A5271FD82BBC}) (Version: 7.0.02.14060 - Sony Corporation)
Radsteroids (HKLM-x32\...\Radsteroids) (Version: 2.6.78 - Deals Interactive Media, LLC)
Reader for PC (HKLM-x32\...\{25340F94-F74E-4CCF-ABDF-ECBCF03911BE}) (Version: 2.0.00.07121 - Sony Corporation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.10.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6895 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{0D61A55C-3ADC-409F-BF5B-A1766D1F5944}) (Version: 6.2.9200.28135 - Realtek Semiconductor Corp.)
RegClean Pro (HKLM-x32\...\RegClean Pro_is1) (Version: 6.21 - Systweak Inc) <==== ATTENTION
Restore (x32 Version: 1.0.0 - Sony Corporation) Hidden
savoinshOp (HKLM-x32\...\{70BD2558-27DA-8B02-02D0-D8704ECD2EDF}) (Version: - Siavinshop)
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)
Skype™ 6.13 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.13.104 - Skype Technologies S.A.)
Software Updater version 1.8.4 (HKLM-x32\...\Software Updater_is1) (Version: 1.8.4 - Air Software) <==== ATTENTION
Sound Forge Audio Studio 10.0 (HKLM-x32\...\{7A263871-BEEC-11E1-AC53-F04DA23A5C58}) (Version: 10.0.178 - Sony)
SSLx64 (Version: 1.0.0 - Sony Corporation ) Hidden
SSLx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
SuperFast PC (HKLM\...\SuperFast PC) (Version: 1.0 - 383 Media, Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.4.0.1 - Synaptics Incorporated)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
VAIO - Xperia Link (HKLM-x32\...\{D91558BF-D1F3-411F-AEFE-8774CB406512}) (Version: 1.2.0.02040 - Sony Corporation)
VAIO BIOS Data Transfer Utility (x32 Version: 1.0.0.02050 - Sony Corporation) Hidden
VAIO Care (HKLM\...\{EC635BC0-0D7C-4CA2-9B87-2A330C298CB2}) (Version: 8.2.0.15030 - Sony Corporation)
VAIO Care Hardware Diagnostics Plugin (HKLM-x32\...\{EC153498-00E1-4C9C-89BE-81527C6750BE}) (Version: 4.8.0.13250 - Sony Corporation)
VAIO Control Center (HKLM-x32\...\{8E797841-A110-41FD-B17A-3ABC0641187A}) (Version: 6.2.0.03070 - Sony Corporation)
VAIO CPU Fan Diagnostic (HKLM-x32\...\{BCE6E3D7-B565-4E1B-AC77-F780666A35FB}) (Version: 1.2.0.03050 - Sony Corporation)
VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.11.0.13250 - Sony Corporation)
VAIO Easy Connect (x32 Version: 8.2.0.14170 - Sony Corporation) Hidden
VAIO Gesture Control (HKLM-x32\...\{692955F2-DE9F-4078-8FAA-858D6F3A1776}) (Version: 2.2.0.01230 - Sony Corporation)
VAIO Gesture Control (x32 Version: 2.2.0.01230 - Sony Corporation) Hidden
VAIO Image Optimizer (HKLM-x32\...\InstallShield_{5597C927-029A-46A7-A0C0-8DABD9891A50}) (Version: 3.1.00.14260 - Sony Corporation)
VAIO Image Optimizer (x32 Version: 3.1.00.14260 - Sony Corporation) Hidden
VAIO Improvement (HKLM-x32\...\{3A26D9BD-0F73-432D-B522-2BA18138F7EF}) (Version: 2.2.0.01240 - Sony Corporation)
VAIO Media Server Settings (HKLM\...\{62A172B2-550E-499D-9A82-5190D18390AA}) (Version: 1.1.0.02220 - Sony Corporation)
VAIO Movie Creator (HKLM-x32\...\InstallShield_{C2CC5822-32E6-4D21-88EA-DE8CED09EE2F}) (Version: 4.1.01.15140 - Sony Corporation)
VAIO Movie Creator (x32 Version: 4.1.01.15140 - Sony Corporation) Hidden
VAIO Sample Music (HKLM-x32\...\{FBEE3D44-0933-4B84-BB6A-49957F89187F}) (Version: 1.0.0.03051 - Sony Corporation)
VAIO Transfer Support (HKLM-x32\...\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}) (Version: 1.9.0.11060 - Sony Corporation)
VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 6.3.1.10120 - Sony Corporation)
VCCx64 (Version: 1.0.0 - Sony Corporation) Hidden
VCCx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VHD (x32 Version: 1.0.0 - Sony Corporation) Hidden
VIx64 (Version: 1.0.0 - Sony Corporation) Hidden
VIx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VPMx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSSTx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden
VUx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VUx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VWSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.4900 - Broadcom Corporation)
WinMonitor (HKLM-x32\...\{BEB6DD45-C41C-402C-8100-9122AE52900B}) (Version: 1.2.0 - WinMonitor)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
XperiaLinkx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden

==================== Restore Points =========================

02-05-2014 03:05:22 Windows Update
12-05-2014 01:07:55 Scheduled Checkpoint
16-05-2014 03:05:41 Windows Update

==================== Hosts content: ==========================

2012-07-26 01:26 - 2012-07-26 01:26 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {02D2F1EC-D59C-4C6E-AC85-0A191E60FE5B} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-03-14] (Synaptics Incorporated)
Task: {0A0D22A2-434C-4876-A04B-7770DF0F55F8} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2013-02-26] (Sony Corporation)
Task: {0A803FBF-FEAF-42D4-9706-E526413DE704} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\viuploader.exe [2013-01-24] (Sony Corporation)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {1CE649E6-C148-4FFA-9D89-1B6F78CBF807} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2013-02-26] (Sony Corporation)
Task: {1DA1C866-59A7-457E-9AB3-6BBCC1E27617} - System32\Tasks\Sony Corporation\VAIO Control Center\NetworkSetting\NetworkSetting Logon Start => C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient
Task: {20555F5D-9593-4074-B4F5-5B7AA1F71C43} - System32\Tasks\Sony Corporation\VAIO Gesture Control\VCGULogonTask => C:\Program Files (x86)\Sony\VAIO Camera Gesture Utility\VCGU.exe [2013-01-23] (Sony Corporation)
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2B1CF63C-CA4F-4C7D-B1F4-39D9DF7FA553} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2013-02-26] (Sony Corporation)
Task: {3117465B-B1DA-4330-91F5-D996EF41F8FF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-17] (Google Inc.)
Task: {33187398-A313-471F-9E07-0A778F12D4FE} - System32\Tasks\Sony Corporation\Xperia Link\Xperia Link Logon Start => C:\Program Files (x86)\Sony\Xperia Link\Xperia Link.exe [2013-02-04] (Sony Corporation)
Task: {39ACDE22-6869-4165-A23A-12CB6927122A} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-04-08] (Microsoft Corporation)
Task: {3CC87AE4-B2A0-40F9-9203-014704387330} - System32\Tasks\Sony Corporation\VAIO Care\GetPOTInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2013-02-26] (Sony Corporation)
Task: {3E134AD2-8736-4151-9A9A-6E1AF0783BBA} - System32\Tasks\Sony Corporation\VAIO Care\CRMReminder => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2013-02-26] (Sony Corporation)
Task: {40E1FB10-86E9-467D-86BF-C9190A208C31} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-07-24] (CyberLink Corp.)
Task: {42EFC6B5-DAE3-49E0-9D88-30162E5FA5C7} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2013-09-19] (Sony Corporation)
Task: {49C7D3D1-61CB-4F70-B49E-B547C13428A7} - System32\Tasks\Sony Corporation\VAIO Care\VCSelfHeal => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2013-02-26] (Sony Corporation)
Task: {4EEEF220-949D-40E1-8954-6D4D9B83090D} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {5227AB4D-A91C-414B-AC38-7DA392229399} - System32\Tasks\Advanced System Protector => C:\Program Files (x86)\RegClean Pro\SystweakASP.exe <==== ATTENTION
Task: {55F72119-32C7-4DAB-9932-0E5380D4EBD7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {61F5C831-A4B0-41C4-A4D4-F10048DEA1B7} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {6BF8EB5F-3E02-4B8B-A032-561B4089C633} - System32\Tasks\Sony Corporation\VAIO Care\UploadPOT => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2013-02-26] (Sony Corporation)
Task: {749010D7-FCE3-4860-853A-EF093A746438} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\WSCStub.exe [2014-03-11] (Symantec Corporation)
Task: {79266C3F-0654-4B33-AAC1-552AF9151448} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-03-30] (Microsoft Corporation)
Task: {7C155C29-CF54-4C02-8F3D-B83E4329DCE9} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)
Task: {80FA6245-FF22-4C78-9456-9DB23DB89F31} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Daily => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2013-02-02] (Sony Corporation)
Task: {813F2A88-CE88-4BCD-B45D-0FB45618666E} - System32\Tasks\Sony Corporation\VAIO Care\VCRLog => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2013-02-26] (Sony Corporation)
Task: {825227A1-D76D-488B-A52B-3FC7DF8AFE3B} - System32\Tasks\Sony Corporation\VAIO Control Center\VAIOControlCenterSystem => C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe [2013-03-08] (Sony Corporation)
Task: {8747F87F-FAAA-4CD9-919A-DEBC0D476EAF} - System32\Tasks\Sony Corporation\VAIO Control Center\VAIOControlCenterUser => C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe [2013-03-08] (Sony Corporation)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {AF9D5B3A-DA98-4399-AB03-FC4822833243} - System32\Tasks\Microsoft Office 15 Sync Maintenance for PCDECHRISTIAN-Christian PCdeChristian => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-04-08] (Microsoft Corporation)
Task: {B149FEE5-57D5-4F79-80E6-509F8038F623} - System32\Tasks\RegClean Pro => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {BC492077-C321-4878-8B96-FC6AAD9F49FA} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2013-02-26] (Sony Corporation)
Task: {C126EFF5-8B61-4D2C-8B16-D9ECDEB86727} - System32\Tasks\RegClean Pro_DEFAULT => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {C2A4F0D9-F157-4FFB-B44D-E1B3AE1937D1} - System32\Tasks\RegClean Pro_UPDATES => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {C38BCE56-49AE-4D22-8600-3DAD099D830A} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Month => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2013-02-02] (Sony Corporation)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {CA90A014-9BC7-4E64-AD29-DB926BC6CD47} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2013-09-27] (Sony Corporation)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {ED26DD30-AA0D-4A83-AD0F-DC8A4D1EB849} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-17] (Google Inc.)
Task: {FC428F69-DE90-462A-9DA7-7FEBFFC166AF} - System32\Tasks\Sony Corporation\VAIO Care\CheckSystemInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2013-02-26] (Sony Corporation)
Task: {FE6DB0FA-9575-41A5-9FB7-175B1FD5969B} - System32\Tasks\Sony Corporation\VAIO Hardware Diagnostics\VHDInformationCheck => C:\Program Files (x86)\Sony\VAIO Recovery\plugins\InformationCheck.exe [2013-01-25] (Sony Corporation)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\RegClean Pro_DEFAULT.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: C:\Windows\Tasks\RegClean Pro_UPDATES.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2012-12-14 14:27 - 2012-12-14 14:27 - 00049520 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btwleapi.dll
2014-03-18 20:47 - 2013-10-31 18:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-10-24 18:43 - 2014-03-25 13:21 - 00629928 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2014-04-24 19:31 - 2014-04-24 19:31 - 00706560 _____ () C:\Program Files\003\xmkysecqun64.exe
2014-05-07 17:43 - 2014-05-07 17:43 - 01356664 _____ () C:\Windows\SYSTEM32\Radsteroids.33AABCF1AD13.2.6.80.dll
2014-05-15 23:11 - 2014-05-15 23:11 - 00176048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2013-03-14 15:21 - 2013-03-13 23:31 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-05-07 10:26 - 2013-05-07 10:26 - 01302080 _____ () C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
2013-09-24 16:32 - 2014-05-09 13:32 - 05424120 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.207\deploy\LoLLauncher.exe
2013-10-09 18:56 - 2013-10-09 18:56 - 00074752 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.88\deploy\LolClient.exe
2012-08-06 13:27 - 2012-08-06 13:27 - 00156672 _____ () C:\Program Files\Sony\VAIO Care\VCPerfService.exe
2012-08-06 13:27 - 2012-08-06 13:27 - 00062464 _____ () C:\Program Files\Sony\VAIO Care\listener.exe
2013-09-13 20:51 - 2013-09-13 20:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 20:51 - 2013-09-13 20:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-02-20 18:11 - 2014-02-20 18:11 - 38713856 _____ () C:\Program Files (x86)\Paltalk Messenger\libcef.dll
2014-04-15 15:10 - 2014-04-15 15:10 - 00042064 _____ () C:\Program Files (x86)\Paltalk Messenger\ctrlkey.dll
2014-04-15 15:10 - 2014-04-15 15:10 - 02225744 _____ () C:\Program Files (x86)\Paltalk Messenger\Images.dll
2013-09-24 16:32 - 2014-05-09 13:32 - 01531384 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.207\deploy\RiotLauncher.dll
2013-07-30 22:54 - 2013-05-02 22:43 - 00004096 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2013-10-08 21:23 - 2013-09-24 16:43 - 04774248 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.88\deploy\Adobe AIR\Versions\1.0\Resources\WebKit.dll
2013-07-30 22:46 - 2013-01-23 05:26 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-02-17 20:17 - 2014-02-01 19:41 - 00715592 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\libglesv2.dll
2014-02-17 20:17 - 2014-02-01 19:41 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\libegl.dll
2014-02-17 20:17 - 2014-02-01 19:42 - 04055368 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll
2014-02-17 20:17 - 2014-02-01 19:42 - 00399688 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll
2014-02-17 20:17 - 2014-02-01 19:41 - 01634632 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ffmpegsumo.dll
2014-02-17 20:17 - 2014-02-01 19:42 - 13616456 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:373E1720

==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/19/2014 06:46:19 PM) (Source: ESENT) (EventID: 454) (User: )
Description: taskhost (1880) {B6A88764-6903-493D-862A-760AA8B42F67}: La récupération/restauration de la base de données a échoué avec l'erreur inattendue -509.

Error: (05/19/2014 06:39:51 PM) (Source: ESENT) (EventID: 454) (User: )
Description: taskhost (1692) {29DFC1BE-B2FF-495C-A987-C73FD488B884}: La récupération/restauration de la base de données a échoué avec l'erreur inattendue -509.

Error: (05/19/2014 06:39:51 PM) (Source: ESENT) (EventID: 454) (User: )
Description: taskhost (1692) {A692F4EC-04EA-4E48-94D4-64C888BCC975}: La récupération/restauration de la base de données a échoué avec l'erreur inattendue -509.

Error: (05/19/2014 06:39:51 PM) (Source: ESENT) (EventID: 454) (User: )
Description: taskhost (1692) {31DD3930-9366-46C1-86E4-9596C5856FF1}: La récupération/restauration de la base de données a échoué avec l'erreur inattendue -509.

Error: (05/19/2014 06:38:01 PM) (Source: ESENT) (EventID: 454) (User: )
Description: SettingSyncHost (6692) {EF3B2BA4-1F05-4B25-A7AA-478425C2CDF6}: La récupération/restauration de la base de données a échoué avec l'erreur inattendue -509.

Error: (05/19/2014 06:38:01 PM) (Source: ESENT) (EventID: 454) (User: )
Description: SettingSyncHost (6692) {F03615A4-1835-47A7-BA6B-83C37BBB5F57}: La récupération/restauration de la base de données a échoué avec l'erreur inattendue -509.

Error: (05/19/2014 06:38:01 PM) (Source: ESENT) (EventID: 454) (User: )
Description: SettingSyncHost (6692) {2B6298B9-66AA-42FB-897A-CCA4DD200B30}: La récupération/restauration de la base de données a échoué avec l'erreur inattendue -509.

Error: (05/19/2014 06:38:01 PM) (Source: ESENT) (EventID: 454) (User: )
Description: SettingSyncHost (6692) {DEC30F8A-F5B8-4B55-B81C-5C3CA03CA003}: La récupération/restauration de la base de données a échoué avec l'erreur inattendue -509.

Error: (05/19/2014 06:38:01 PM) (Source: ESENT) (EventID: 454) (User: )
Description: SettingSyncHost (6692) {00C23285-76FC-42DA-AE55-0E3B1150D547}: La récupération/restauration de la base de données a échoué avec l'erreur inattendue -509.

Error: (05/19/2014 06:38:01 PM) (Source: ESENT) (EventID: 454) (User: )
Description: SettingSyncHost (6692) {B9A8A7E7-9C96-4AB6-8DCF-55E8F1496617}: La récupération/restauration de la base de données a échoué avec l'erreur inattendue -509.


System errors:
=============
Error: (05/18/2014 00:13:59 AM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: Une défaillance a été détectée dans la structure du système de fichiers sur le volume ??.

The exact nature of the corruption is unknown. The file system structures need to be scanned online.

Error: (05/18/2014 00:13:58 AM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: Une défaillance a été détectée dans la structure du système de fichiers sur le volume ??.

The exact nature of the corruption is unknown. The file system structures need to be scanned online.

Error: (05/14/2014 04:37:06 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: Une défaillance a été détectée dans la structure du système de fichiers sur le volume ??.

The exact nature of the corruption is unknown. The file system structures need to be scanned online.

Error: (05/14/2014 04:36:40 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: Une défaillance a été détectée dans la structure du système de fichiers sur le volume ??.

The exact nature of the corruption is unknown. The file system structures need to be scanned online.

Error: (05/11/2014 09:07:44 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: Une défaillance a été détectée dans la structure du système de fichiers sur le volume ??.

The exact nature of the corruption is unknown. The file system structures need to be scanned online.

Error: (05/11/2014 09:07:43 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: Une défaillance a été détectée dans la structure du système de fichiers sur le volume ??.

The exact nature of the corruption is unknown. The file system structures need to be scanned online.

Error: (05/11/2014 09:07:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Le service Norton 360 s’est terminé de manière inattendue. Ceci s’est produit 1 fois. L’action corrective suivante va être effectuée dans 120000 millisecondes : Restart the service.

Error: (05/11/2014 08:44:41 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Le nom "WORKGROUP :1d" n’a pas pu être enregistré sur l’interface avec l’adresse IP 192.168.2.37.
L’ordinateur avec l’adresse IP 192.168.2.22 n’a pas permis que le nom soit réclamé par
cet ordinateur.

Error: (05/10/2014 00:39:53 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Le maître explorateur a reçu une annonce de serveur de l’ordinateur NATHALIE
qui pense qu’il est le maître explorateur sur le domaine pour le transport NetBT_Tcpip_{D68DB318-2CB4-4C8D-9DB4-A5ADF658F692}.
Le maître explorateur s’arrête ou une élection est provoquée.

Error: (05/07/2014 05:38:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Le service Radsteroids s’est terminé de façon inattendue pour la 1ème fois.


Microsoft Office Sessions:
=========================
Error: (05/19/2014 06:46:19 PM) (Source: ESENT) (EventID: 454) (User: )
Description: taskhost1880{B6A88764-6903-493D-862A-760AA8B42F67}: -509

Error: (05/19/2014 06:39:51 PM) (Source: ESENT) (EventID: 454) (User: )
Description: taskhost1692{29DFC1BE-B2FF-495C-A987-C73FD488B884}: -509

Error: (05/19/2014 06:39:51 PM) (Source: ESENT) (EventID: 454) (User: )
Description: taskhost1692{A692F4EC-04EA-4E48-94D4-64C888BCC975}: -509

Error: (05/19/2014 06:39:51 PM) (Source: ESENT) (EventID: 454) (User: )
Description: taskhost1692{31DD3930-9366-46C1-86E4-9596C5856FF1}: -509

Error: (05/19/2014 06:38:01 PM) (Source: ESENT) (EventID: 454) (User: )
Description: SettingSyncHost6692{EF3B2BA4-1F05-4B25-A7AA-478425C2CDF6}: -509

Error: (05/19/2014 06:38:01 PM) (Source: ESENT) (EventID: 454) (User: )
Description: SettingSyncHost6692{F03615A4-1835-47A7-BA6B-83C37BBB5F57}: -509

Error: (05/19/2014 06:38:01 PM) (Source: ESENT) (EventID: 454) (User: )
Description: SettingSyncHost6692{2B6298B9-66AA-42FB-897A-CCA4DD200B30}: -509

Error: (05/19/2014 06:38:01 PM) (Source: ESENT) (EventID: 454) (User: )
Description: SettingSyncHost6692{DEC30F8A-F5B8-4B55-B81C-5C3CA03CA003}: -509

Error: (05/19/2014 06:38:01 PM) (Source: ESENT) (EventID: 454) (User: )
Description: SettingSyncHost6692{00C23285-76FC-42DA-AE55-0E3B1150D547}: -509

Error: (05/19/2014 06:38:01 PM) (Source: ESENT) (EventID: 454) (User: )
Description: SettingSyncHost6692{B9A8A7E7-9C96-4AB6-8DCF-55E8F1496617}: -509


==================== Memory info ===========================

Percentage of memory in use: 36%
Total physical RAM: 8070.8 MB
Available physical RAM: 5089.68 MB
Total Pagefile: 9286.8 MB
Available Pagefile: 5965.61 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:898.22 GB) (Free:812.52 GB) NTFS
Drive d: (HP7_DEATHLY_HALLOWS_PART_2) (CDROM) (Total:6.56 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 3638D2A3)

Partition: GPT Partition Type.

==================== End Of Log ============================



Thank you!
ChrisMasterSky
Active Member
 
Posts: 8
Joined: May 19th, 2014, 7:30 pm
Advertisement
Register to Remove

Re: Am I infected?

Unread postby MWR 3 day Mod » May 28th, 2014, 11:47 pm

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: Am I infected?

Unread postby nunped » May 29th, 2014, 3:45 pm

Hello ChrisMasterSky, and welcome to the forum.

My name is nunped and I'll be helping you with any malware problems.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Here are some guidelines for the cleaning process to run as easy as possible.

  1. Please read this topic: ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
  2. The instructions being given are for YOUR computer and system only! Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  3. You must have Administrator rights permissions for this computer.
  4. DO NOT run any other fix or removal tools unless instructed to do so!
  5. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  6. Only post your problem at one help site. Applying fixes from multiple help sites can cause problems.
  7. Only reply to this thread. Do not start another thread.
  8. The absence of symptoms does not imply the absence of malware. Please continue responding until I give you the "All Clean".
  9. No Reply Within 3 Days will result in your topic being closed!


Read through these instructions with your full attention.
Please ask first if you have any doubts.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Am I infected?

Unread postby nunped » May 29th, 2014, 4:20 pm

Hi ChrisMasterSky,

We have a lot to remove...
Let's start:

Step 1 - Backup the Registry:

As an added safety precaution, before we start removing anything, I'd like you to make a backup of your Registry, which we can restore to if necessary.

  • Please download the installer for Registry Backup from Here or Here and save to your desktop.
  • Right-click on tweaking.com_registry_backup_setup.exe and select Run as Administrator >> Follow the prompts for a default installation
  • Ensure the option Open "Tweaking.com - Registry Backup" When Install Completes is selected >> Next > >> Finish
  • Once the GUI(graphical user interface) has appeared/loaded:-
Image

  • Click on Backup Now >> once the process is complete the below will be displayed in the GUI:-
Image

  • Close Tweaking.com - Registry Backup
Note: There will now be a folder at the root of the Hard-Drive named C:\RegBackup, do not delete this as it is the actual backup just created.

A tutorial for Registry Backup explaining the various features can be viewed Here.

Step 2 - Uninstall Programs
  • Click on Start
  • Copy and paste the value below, into the Start Search entry box:
    appwiz.cpl
      Depending on your current view setting ...
    • Double click on Programs and Features.
    • Under Programs, click on Uninstall a program.
  • Locate the following programs:
    DioSecouuntLocAutor
    easytoshhop
    glindorus 1.0.0
    Java 7 Update 13
    Optimizer Pro v3.2
    Radsteroids
    RegClean Pro
    savoinshOp
    Software Updater version 1.8.4

  • Select the program and click on Uninstall to uninstall it.
  • Repeat steps 3 - 4 for each program in the list.
  • Reboot your computer after this.
    If you can't uninstall any of this program, please proceed to the next one.

Step 3 - AdwCleaner - Scan Only
Please download AdwCleaner by Xplode, save it to your desktop.
  1. Close ALL open programs, including your Internet browsers.
  2. Right click on adwcleaner.exe and select "Run as administrator" to run it.
  3. Click on Scan.
    When the scan finishes, you'll see a message on the product window: "Pending. Please uncheck elements you don't want to remove."
  4. Press the Report button to produce the scan report.
  5. A logfile C:\AdwCleaner[Rn].txt will automatically open. ([Rn] n = number of run)
  6. Please post the content of the C:\AdwCleaner[Rn].txt logfile in your next reply.

Step 4 - Fix with FRST


  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy and Paste the following script into Notepad, Do not include the words Code: select all
    • (Click the select all button next to code to select the entire script).
    Code: Select all
    (Deals Interactive Media, LLC) C:\ProgramData\Radsteroids\up\2.6.80\RadsteroidsService.exe
    () C:\Program Files\003\xmkysecqun64.exe
    (Deals Interactive Media, LLC) C:\ProgramData\Radsteroids\up\2.6.80\Radsteroids.exe
    (Deals Interactive Media, LLC) C:\ProgramData\Radsteroids\up\2.6.80\Radsteroids64.exe
    (ContentExplorer) C:\Users\Christian\AppData\Roaming\ContentExplorer\ContentExplorer.exe
    HKLM-x32\...\Runonce: [SpUninstallCleanUp] - REG delete HKEY_LOCAL_MACHINE\Software\SearchProtect /f [X]
    HKU\S-1-5-21-2709282161-3102555306-2552918505-1002\...\Run: [ContentExplorer] => C:\Users\Christian\AppData\Roaming\ContentExplorer\ContentExplorer.exe [1062128 2014-05-07] (ContentExplorer)
    ShortcutTarget: SoftwareUpdater.lnk -> C:\Program Files (x86)\Software Updater\SoftwareUpdater.exe (Software Updater)
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?gd=&ctid=CT3 ... E52A&SSPV=
    SearchScopes: HKLM - DefaultScope value is missing.
    SearchScopes: HKLM-x32 - DefaultScope value is missing.
    SearchScopes: HKCU - DefaultScope {238DB35D-C64F-4782-A92D-DE556679F6EA} URL = http://www.bing.com/search?q= {searchTerms}&form=IE10TR&src=IE10TR&pc=MASAJS
    SearchScopes: HKCU - {238DB35D-C64F-4782-A92D-DE556679F6EA} URL = http://www.bing.com/search?q= {searchTerms}&form=IE10TR&src=IE10TR&pc=MASAJS
    BHO: DioSecouuntLocAutor - {8D8C4348-9977-D1E0-3A86-6D9BD825C349} - C:\ProgramData\DioSecouuntLocAutor\zerTq3e0w.x64.dll ()
    BHO: easytoshhop - {93977B55-19DA-6A2B-4DE5-D2864481AAEB} - C:\ProgramData\easytoshhop\v.x64.dll ()
    BHO: savoinshOp - {CAFCDE7D-3B6F-B5F7-638F-FBB3E2AFB248} - C:\ProgramData\savoinshOp\kje4o.x64.dll ()
    BHO-x32: DioSecouuntLocAutor - {8D8C4348-9977-D1E0-3A86-6D9BD825C349} - C:\ProgramData\DioSecouuntLocAutor\zerTq3e0w.dll ()
    BHO-x32: easytoshhop - {93977B55-19DA-6A2B-4DE5-D2864481AAEB} - C:\ProgramData\easytoshhop\v.dll ()
    BHO-x32: savoinshOp - {CAFCDE7D-3B6F-B5F7-638F-FBB3E2AFB248} - C:\ProgramData\savoinshOp\kje4o.dll ()
    FF Homepage: hxxp://search.conduit.com/?gd=&ctid=CT3 ... E52A&SSPV=
    FF SelectedSearchEngine: Trovi search
    FF SearchPlugin: C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\zz4pbiut.default\searchplugins\bingp.xml
    FF SearchPlugin: C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\zz4pbiut.default\searchplugins\conduit-search.xml
    FF SearchPlugin: C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\zz4pbiut.default\searchplugins\trovi-search.xml
    FF Extension: savoinshOp - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\zz4pbiut.default\Extensions\e8962@yaa-dkas.edu [2014-02-13]
    FF Extension: easytoshhop - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\zz4pbiut.default\Extensions\ua4b@xqcmaiixbf.co.uk [2014-01-05]
    FF Extension: DioSecouuntLocAutor - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\zz4pbiut.default\Extensions\ui7mbgknk@cirwvvya.net [2014-01-05]
    S2 70e6ca8c; C:\Program Files (x86)\Optimizer Pro\OptProCrashSvc.dll [191640 2013-10-18] ()
    R2 xmkysecqun64; C:\Program Files\003\xmkysecqun64.exe [706560 2014-04-24] ()
    R2 Radsteroids; C:\ProgramData\Radsteroids\up\2.6.80\Radsteroids.exe [42872 2014-05-07] (Deals Interactive Media, LLC)
    (PC Utilities Pro) C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe
    (PC Utilities Pro) C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe
    C:\Users\Christian\AppData\Local\Temp\nso5B2E.exe
    C:\Users\Christian\AppData\Local\Temp\SPSetup.exe
    Task: {B149FEE5-57D5-4F79-80E6-509F8038F623} - System32\Tasks\RegClean Pro => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
    Task: {C126EFF5-8B61-4D2C-8B16-D9ECDEB86727} - System32\Tasks\RegClean Pro_DEFAULT => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
    Task: {C2A4F0D9-F157-4FFB-B44D-E1B3AE1937D1} - System32\Tasks\RegClean Pro_UPDATES => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
    Task: C:\Windows\Tasks\RegClean Pro_DEFAULT.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
    Task: C:\Windows\Tasks\RegClean Pro_UPDATES.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
    2014-04-24 19:31 - 2014-04-24 19:31 - 00706560 _____ () C:\Program Files\003\xmkysecqun64.exe
    AlternateDataStreams: C:\ProgramData\Temp:373E1720
    
  • Save it to your Desktop as filename fixlist.txt.
  • Right-click FRST.exe and select " Run as administrator " to run it.
  • Press the Fix button just once. Then wait.
  • When finished, it will create a Fixlog.txt log on your Desktop.
  • Please post the content of the Fixlog.txt in your next reply.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Am I infected?

Unread postby ChrisMasterSky » May 30th, 2014, 11:53 pm

Hi. Thank you for helping me get through this problem.

First here is the AdwCleaner report you told me to post if some of my apps wouldn't uninstall (java updater 7 13, java updater 7 13 (64) and RegClean Pro wich says it has already been uninstalled but is still in the programs's list):

# AdwCleaner v3.211 - Report created 30/05/2014 at 23:31:03
# Updated 26/05/2014 by Xplode
# Operating System : Windows 8 (64 bits)
# Username : Christian - PCDECHRISTIAN
# Running from : C:\Users\Christian\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : 70e6ca8c

***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\zz4pbiut.default\invalidprefs.js
File Found : C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\zz4pbiut.default\searchplugins\bingp.xml
File Found : C:\Windows\System32\Tasks\Advanced System Protector
File Found : C:\Windows\System32\Tasks\RegClean Pro
Folder Found : C:\Program Files (x86)\TXTfiilesConvert
Folder Found : C:\Program Files\003
Folder Found : C:\ProgramData\DioSecouuntLocAutor
Folder Found : C:\ProgramData\TXTfiilesConvert
Folder Found : C:\Users\Christian\AppData\Local\Genesis
Folder Found : C:\Users\Christian\AppData\Roaming\Advanced System Protector
Folder Found : C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\zz4pbiut.default\Extensions\ui7mbgknk@cirwvvya.net
Folder Found : C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\zz4pbiut.default\Extensions\zyck@sahaws.com
Folder Found : C:\Users\Christian\AppData\Roaming\Systweak
Folder Found : C:\Users\Christian\Documents\Optimizer Pro

***** [ Shortcuts ] *****


***** [ Registry ] *****

Data Found : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\Software
Key Found : HKCU\Software\AppDataLow\Software\DynConIE
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{70B65263-7A19-7AB3-F931-8878225BB515}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{70B65263-7A19-7AB3-F931-8878225BB515}
Key Found : HKCU\Software\SoftwareUpdater
Key Found : HKCU\Software\systweak
Key Found : [x64] HKCU\Software\SoftwareUpdater
Key Found : [x64] HKCU\Software\systweak
Key Found : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{70B65263-7A19-7AB3-F931-8878225BB515}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : HKLM\SOFTWARE\Classes\speedupmypc
Key Found : HKLM\SOFTWARE\Classes\TXTffilesCoonvert.TXTffilesCoonvert
Key Found : HKLM\SOFTWARE\Classes\TXTffilesCoonvert.TXTffilesCoonvert.3.1
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{70B65263-7A19-7AB3-F931-8878225BB515}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E7AAE895-0690-E160-BAF2-2646BA3DE9F6}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is1
Key Found : HKLM\Software\systweak
Key Found : HKLM\Software\Uniblue
Key Found : HKLM\Software\Uniblue\DriverScanner
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : [x64] HKLM\SOFTWARE\LevelQualityWatcher

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16537


-\\ Mozilla Firefox v27.0.1 (fr)

[ File : C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\zz4pbiut.default\prefs.js ]

Line Found : user_pref("extensions.LZQSpZdmPFE.scode", "(function(){try{var url=window.self.location.href;if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\"sumorobo\")>-1||url[...]
Line Found : user_pref("extensions.W9E.scode", "(function(){try{var url=window.self.location.href;if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\"sumorobo\")>-1||url.indexOf[...]
Line Found : user_pref("extensions.oqXQsVCPuK.scode", "(function(){try{var url=window.self.location.href;if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\"sumorobo\")>-1||url.[...]
Line Found : user_pref("extensions.wRGFvCq.scode", "(function(){try{var url=window.self.location.href;if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\"sumorobo\")>-1||url.ind[...]

-\\ Google Chrome v32.0.1700.107

[ File : C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Found [Extension] : flpcjncodpafbgdpnkljologafpionhb

*************************

AdwCleaner[R0].txt - [5051 octets] - [30/05/2014 23:31:03]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [5111 octets] ##########


Next here is the Fixlog.txt like you aksed for:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-05-2014
Ran by Christian at 2014-05-30 23:49:56 Run:1
Running from C:\Users\Christian\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
(Deals Interactive Media, LLC) C:\ProgramData\Radsteroids\up\2.6.80\RadsteroidsService.exe
() C:\Program Files\003\xmkysecqun64.exe
(Deals Interactive Media, LLC) C:\ProgramData\Radsteroids\up\2.6.80\Radsteroids.exe
(Deals Interactive Media, LLC) C:\ProgramData\Radsteroids\up\2.6.80\Radsteroids64.exe
(ContentExplorer) C:\Users\Christian\AppData\Roaming\ContentExplorer\ContentExplorer.exe
HKLM-x32\...\Runonce: [SpUninstallCleanUp] - REG delete HKEY_LOCAL_MACHINE\Software\SearchProtect /f [X]
HKU\S-1-5-21-2709282161-3102555306-2552918505-1002\...\Run: [ContentExplorer] => C:\Users\Christian\AppData\Roaming\ContentExplorer\ContentExplorer.exe [1062128 2014-05-07] (ContentExplorer)
ShortcutTarget: SoftwareUpdater.lnk -> C:\Program Files (x86)\Software Updater\SoftwareUpdater.exe (Software Updater)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?gd=&ctid=CT3 ... E52A&SSPV=
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {238DB35D-C64F-4782-A92D-DE556679F6EA} URL = http://www.bing.com/search?q= {searchTerms}&form=IE10TR&src=IE10TR&pc=MASAJS
SearchScopes: HKCU - {238DB35D-C64F-4782-A92D-DE556679F6EA} URL = http://www.bing.com/search?q= {searchTerms}&form=IE10TR&src=IE10TR&pc=MASAJS
BHO: DioSecouuntLocAutor - {8D8C4348-9977-D1E0-3A86-6D9BD825C349} - C:\ProgramData\DioSecouuntLocAutor\zerTq3e0w.x64.dll ()
BHO: easytoshhop - {93977B55-19DA-6A2B-4DE5-D2864481AAEB} - C:\ProgramData\easytoshhop\v.x64.dll ()
BHO: savoinshOp - {CAFCDE7D-3B6F-B5F7-638F-FBB3E2AFB248} - C:\ProgramData\savoinshOp\kje4o.x64.dll ()
BHO-x32: DioSecouuntLocAutor - {8D8C4348-9977-D1E0-3A86-6D9BD825C349} - C:\ProgramData\DioSecouuntLocAutor\zerTq3e0w.dll ()
BHO-x32: easytoshhop - {93977B55-19DA-6A2B-4DE5-D2864481AAEB} - C:\ProgramData\easytoshhop\v.dll ()
BHO-x32: savoinshOp - {CAFCDE7D-3B6F-B5F7-638F-FBB3E2AFB248} - C:\ProgramData\savoinshOp\kje4o.dll ()
FF Homepage: hxxp://search.conduit.com/?gd=&ctid=CT3 ... E52A&SSPV=
FF SelectedSearchEngine: Trovi search
FF SearchPlugin: C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\zz4pbiut.default\searchplugins\bingp.xml
FF SearchPlugin: C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\zz4pbiut.default\searchplugins\conduit-search.xml
FF SearchPlugin: C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\zz4pbiut.default\searchplugins\trovi-search.xml
FF Extension: savoinshOp - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\zz4pbiut.default\Extensions\e8962@yaa-dkas.edu [2014-02-13]
FF Extension: easytoshhop - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\zz4pbiut.default\Extensions\ua4b@xqcmaiixbf.co.uk [2014-01-05]
FF Extension: DioSecouuntLocAutor - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\zz4pbiut.default\Extensions\ui7mbgknk@cirwvvya.net [2014-01-05]
S2 70e6ca8c; C:\Program Files (x86)\Optimizer Pro\OptProCrashSvc.dll [191640 2013-10-18] ()
R2 xmkysecqun64; C:\Program Files\003\xmkysecqun64.exe [706560 2014-04-24] ()
R2 Radsteroids; C:\ProgramData\Radsteroids\up\2.6.80\Radsteroids.exe [42872 2014-05-07] (Deals Interactive Media, LLC)
(PC Utilities Pro) C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe
(PC Utilities Pro) C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe
C:\Users\Christian\AppData\Local\Temp\nso5B2E.exe
C:\Users\Christian\AppData\Local\Temp\SPSetup.exe
Task: {B149FEE5-57D5-4F79-80E6-509F8038F623} - System32\Tasks\RegClean Pro => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {C126EFF5-8B61-4D2C-8B16-D9ECDEB86727} - System32\Tasks\RegClean Pro_DEFAULT => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {C2A4F0D9-F157-4FFB-B44D-E1B3AE1937D1} - System32\Tasks\RegClean Pro_UPDATES => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: C:\Windows\Tasks\RegClean Pro_DEFAULT.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: C:\Windows\Tasks\RegClean Pro_UPDATES.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
2014-04-24 19:31 - 2014-04-24 19:31 - 00706560 _____ () C:\Program Files\003\xmkysecqun64.exe
AlternateDataStreams: C:\ProgramData\Temp:373E1720
*****************

C:\ProgramData\Radsteroids\up\2.6.80\RadsteroidsService.exe => No running process found
C:\Program Files\003\xmkysecqun64.exe => No running process found
C:\ProgramData\Radsteroids\up\2.6.80\Radsteroids.exe => No running process found
C:\ProgramData\Radsteroids\up\2.6.80\Radsteroids64.exe => No running process found
C:\Users\Christian\AppData\Roaming\ContentExplorer\ContentExplorer.exe => No running process found
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallCleanUp => Value not found.
HKU\S-1-5-21-2709282161-3102555306-2552918505-1002\Software\Microsoft\Windows\CurrentVersion\Run\\ContentExplorer => Value not found.
C:\Program Files (x86)\Software Updater\SoftwareUpdater.exe not found.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{238DB35D-C64F-4782-A92D-DE556679F6EA} => Key deleted successfully.
HKCR\CLSID\{238DB35D-C64F-4782-A92D-DE556679F6EA} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8D8C4348-9977-D1E0-3A86-6D9BD825C349} => Key not found.
HKCR\CLSID\{8D8C4348-9977-D1E0-3A86-6D9BD825C349} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{93977B55-19DA-6A2B-4DE5-D2864481AAEB} => Key not found.
HKCR\CLSID\{93977B55-19DA-6A2B-4DE5-D2864481AAEB} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CAFCDE7D-3B6F-B5F7-638F-FBB3E2AFB248} => Key not found.
HKCR\CLSID\{CAFCDE7D-3B6F-B5F7-638F-FBB3E2AFB248} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8D8C4348-9977-D1E0-3A86-6D9BD825C349} => Key not found.
HKCR\Wow6432Node\CLSID\{8D8C4348-9977-D1E0-3A86-6D9BD825C349} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{93977B55-19DA-6A2B-4DE5-D2864481AAEB} => Key not found.
HKCR\Wow6432Node\CLSID\{93977B55-19DA-6A2B-4DE5-D2864481AAEB} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CAFCDE7D-3B6F-B5F7-638F-FBB3E2AFB248} => Key not found.
HKCR\Wow6432Node\CLSID\{CAFCDE7D-3B6F-B5F7-638F-FBB3E2AFB248} => Key not found.
Firefox homepage deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\zz4pbiut.default\searchplugins\bingp.xml => Moved successfully.
"C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\zz4pbiut.default\searchplugins\conduit-search.xml" => not found.
"C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\zz4pbiut.default\searchplugins\trovi-search.xml" => not found.
C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\zz4pbiut.default\Extensions\e8962@yaa-dkas.edu => Moved successfully.
C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\zz4pbiut.default\Extensions\ua4b@xqcmaiixbf.co.uk => Moved successfully.
C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\zz4pbiut.default\Extensions\ui7mbgknk@cirwvvya.net => Moved successfully.
70e6ca8c => Service deleted successfully.
xmkysecqun64 => Service not found.
Radsteroids => Service not found.
C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe => No running process found
C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe => No running process found
"C:\Users\Christian\AppData\Local\Temp\nso5B2E.exe" => File/Directory not found.
"C:\Users\Christian\AppData\Local\Temp\SPSetup.exe" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B149FEE5-57D5-4F79-80E6-509F8038F623} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B149FEE5-57D5-4F79-80E6-509F8038F623} => Key deleted successfully.
C:\Windows\System32\Tasks\RegClean Pro => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClean Pro => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C126EFF5-8B61-4D2C-8B16-D9ECDEB86727} => Key not found.
C:\Windows\System32\Tasks\RegClean Pro_DEFAULT not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClean Pro_DEFAULT => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C2A4F0D9-F157-4FFB-B44D-E1B3AE1937D1} => Key not found.
C:\Windows\System32\Tasks\RegClean Pro_UPDATES not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClean Pro_UPDATES => Key not found.
C:\Windows\Tasks\RegClean Pro_DEFAULT.job not found.
C:\Windows\Tasks\RegClean Pro_UPDATES.job not found.
"C:\Program Files\003\xmkysecqun64.exe" => File/Directory not found.
C:\ProgramData\Temp => ":373E1720" ADS removed successfully.

==== End of Fixlog ====


Thank you again for helping me with this problem.

Hope to receive a reply soon.

ChrisMasterSky
ChrisMasterSky
Active Member
 
Posts: 8
Joined: May 19th, 2014, 7:30 pm

Re: Am I infected?

Unread postby nunped » May 31st, 2014, 5:16 am

Hi ChrisMasterSky,

There's still some work to do... Please, give me an update on your computer performance.
Step 1 - AdwCleaner - Scan/Clean
You should still have AdwCleaner on your desktop.
  1. Close ALL open programs, including your Internet browsers.
  2. Right click on adwcleaner.exe and select "Run as administrator" to run it.
  3. Click on Scan. When the scan finishes...the Clean button will become active.
  4. Click on Clean.
  5. Select OK at each prompt... to reboot the computer.
  6. A logfile C:\AdwCleaner[Sn].txt will open after you log back on the computer. ([Sn] n = number of run)
  7. Please post the content of the C:\AdwCleaner[Sn].txt logfile in your next reply.

Step 2 - SystemLook
Please download SystemLook from the link below and save it to your Desktop.

For 64 bit Systems
  • Right-click SystemLook.exe and select "Run as Administrator" to run it.
  • Copy and paste the content of the following codebox into the main textfield: Do not include the words Code: select all
  • (Click the select all button next to code to select the entire script).

    Code: Select all
    :filefind
    *Fun4IM*
    *Bandoo*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    *regclean*
    *DioSecouuntLocAutor*
    *TXTfiilesConvert*
    *systweak*
    *optimizer*
    
    :folderfind
    *Fun4IM*
    *Bandoo*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    *regclean*
    *DioSecouuntLocAutor*
    *TXTfiilesConvert*
    *systweak*
    *optimizer*
    
    :Regfind
    Fun4IM
    Bandoo
    Searchqu
    iLivid
    whitesmoke
    datamngr
    kelkoopartners
    trolltech
    regclean
    DioSecouuntLocAutor
    TXTfiilesConvert
    systweak
    optimizer
    
  • Click the Look button to start the scan.
    The scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Am I infected?

Unread postby ChrisMasterSky » May 31st, 2014, 3:58 pm

Hi nunped. Thank you for the fast reply.

Here is the AdwCleaner Logfile you told me to post:

# AdwCleaner v3.211 - Report created 31/05/2014 at 15:35:09
# Updated 26/05/2014 by Xplode
# Operating System : Windows 8 (64 bits)
# Username : Christian - PCDECHRISTIAN
# Running from : C:\Users\Christian\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : 70e6ca8c

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\DioSecouuntLocAutor
Folder Deleted : C:\ProgramData\TXTfiilesConvert
Folder Deleted : C:\Program Files (x86)\TXTfiilesConvert
Folder Deleted : C:\Program Files\003
Folder Deleted : C:\Users\Christian\AppData\Local\Genesis
Folder Deleted : C:\Users\Christian\AppData\Roaming\Advanced System Protector
Folder Deleted : C:\Users\Christian\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Christian\Documents\Optimizer Pro
Folder Deleted : C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\zz4pbiut.default\Extensions\zyck@sahaws.com
File Deleted : C:\END
File Deleted : C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\zz4pbiut.default\invalidprefs.js
File Deleted : C:\Windows\System32\Tasks\Advanced System Protector

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Key Deleted : HKLM\SOFTWARE\Classes\TXTffilesCoonvert.TXTffilesCoonvert
Key Deleted : HKLM\SOFTWARE\Classes\TXTffilesCoonvert.TXTffilesCoonvert.3.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{70B65263-7A19-7AB3-F931-8878225BB515}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{70B65263-7A19-7AB3-F931-8878225BB515}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{70B65263-7A19-7AB3-F931-8878225BB515}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{70B65263-7A19-7AB3-F931-8878225BB515}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKCU\Software\SoftwareUpdater
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E7AAE895-0690-E160-BAF2-2646BA3DE9F6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is1
Key Deleted : [x64] HKLM\SOFTWARE\LevelQualityWatcher
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16537


-\\ Mozilla Firefox v27.0.1 (fr)

[ File : C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\zz4pbiut.default\prefs.js ]

Line Deleted : user_pref("extensions.LZQSpZdmPFE.scode", "(function(){try{var url=window.self.location.href;if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\"sumorobo\")>-1||url[...]
Line Deleted : user_pref("extensions.W9E.scode", "(function(){try{var url=window.self.location.href;if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\"sumorobo\")>-1||url.indexOf[...]
Line Deleted : user_pref("extensions.oqXQsVCPuK.scode", "(function(){try{var url=window.self.location.href;if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\"sumorobo\")>-1||url.[...]
Line Deleted : user_pref("extensions.wRGFvCq.scode", "(function(){try{var url=window.self.location.href;if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\"sumorobo\")>-1||url.ind[...]

-\\ Google Chrome v32.0.1700.107

[ File : C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb

*************************

AdwCleaner[R0].txt - [5219 octets] - [30/05/2014 23:31:03]
AdwCleaner[R1].txt - [4984 octets] - [31/05/2014 15:34:15]
AdwCleaner[S0].txt - [4785 octets] - [31/05/2014 15:35:09]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4845 octets] ##########



Finally, here is the SystemLook Log you told me to post in my reply:

SystemLook 04.09.10 by jpshortstuff
Log created at 15:44 on 31/05/2014 by Christian
Administrator - Elevation successful

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Searchqu*"
No files found.

Searching for "*iLivid*"
No files found.

Searching for "*whitesmoke*"
No files found.

Searching for "*datamngr*"
No files found.

Searching for "*trolltech*"
No files found.

Searching for "*regclean*"
C:\FRST\Quarantine\C\Windows\System32\Tasks\RegClean Pro.xBAD --a---- 3108 bytes [23:30 24/04/2014] [23:30 24/04/2014] D8113471914AF22112C7EF7C7837A406
C:\Program Files\Sony\VAIO Care\langregion\AP\en-US\Config\RegCleanerSetting.config --a---- 177 bytes [20:44 21/05/2012] [20:44 21/05/2012] 7717685604E5E9D0C524CB4EB332C93A
C:\Program Files\Sony\VAIO Care\langregion\AP\fr-FR\Config\RegCleanerSetting.config --a---- 177 bytes [20:44 21/05/2012] [20:44 21/05/2012] 7717685604E5E9D0C524CB4EB332C93A
C:\Program Files\Sony\VAIO Care\langregion\AP\ko-KR\Config\RegCleanerSetting.config --a---- 177 bytes [20:44 21/05/2012] [20:44 21/05/2012] 7717685604E5E9D0C524CB4EB332C93A
C:\Program Files\Sony\VAIO Care\langregion\AP\th-TH\Config\RegCleanerSetting.config --a---- 177 bytes [20:44 21/05/2012] [20:44 21/05/2012] 7717685604E5E9D0C524CB4EB332C93A
C:\Program Files\Sony\VAIO Care\langregion\AP\tr-TR\Config\RegCleanerSetting.config --a---- 177 bytes [20:21 07/12/2012] [20:21 07/12/2012] 7717685604E5E9D0C524CB4EB332C93A
C:\Program Files\Sony\VAIO Care\langregion\AP\zh-CN\Config\RegCleanerSetting.config --a---- 177 bytes [20:44 21/05/2012] [20:44 21/05/2012] 7717685604E5E9D0C524CB4EB332C93A
C:\Program Files\Sony\VAIO Care\langregion\AP\zh-TW\Config\RegCleanerSetting.config --a---- 177 bytes [20:44 21/05/2012] [20:44 21/05/2012] 7717685604E5E9D0C524CB4EB332C93A
C:\Program Files\Sony\VAIO Care\langregion\CN\zh-CN\Config\RegCleanerSetting.config --a---- 177 bytes [20:44 21/05/2012] [20:44 21/05/2012] 7717685604E5E9D0C524CB4EB332C93A
C:\Program Files\Sony\VAIO Care\langregion\EU\bg-BG\Config\RegCleanerSetting.config --a---- 177 bytes [20:44 21/05/2012] [20:44 21/05/2012] 7717685604E5E9D0C524CB4EB332C93A
C:\Program Files\Sony\VAIO Care\langregion\EU\cs-CZ\Config\RegCleanerSetting.config --a---- 177 bytes [20:44 21/05/2012] [20:44 21/05/2012] 7717685604E5E9D0C524CB4EB332C93A
C:\Program Files\Sony\VAIO Care\langregion\EU\de-DE\Config\RegCleanerSetting.config --a---- 177 bytes [20:44 21/05/2012] [20:44 21/05/2012] 7717685604E5E9D0C524CB4EB332C93A
C:\Program Files\Sony\VAIO Care\langregion\EU\el-GR\Config\RegCleanerSetting.config --a---- 177 bytes [20:44 21/05/2012] [20:44 21/05/2012] 7717685604E5E9D0C524CB4EB332C93A
C:\Program Files\Sony\VAIO Care\langregion\EU\en-GB\Config\RegCleanerSetting.config --a---- 177 bytes [20:44 21/05/2012] [20:44 21/05/2012] 7717685604E5E9D0C524CB4EB332C93A
C:\Program Files\Sony\VAIO Care\langregion\EU\es-ES\Config\RegCleanerSetting.config --a---- 177 bytes [20:44 21/05/2012] [20:44 21/05/2012] 7717685604E5E9D0C524CB4EB332C93A
C:\Program Files\Sony\VAIO Care\langregion\EU\fr-FR\Config\RegCleanerSetting.config --a---- 177 bytes [20:44 21/05/2012] [20:44 21/05/2012] 7717685604E5E9D0C524CB4EB332C93A
C:\Program Files\Sony\VAIO Care\langregion\EU\hu-HU\Config\RegCleanerSetting.config --a---- 177 bytes [20:44 21/05/2012] [20:44 21/05/2012] 7717685604E5E9D0C524CB4EB332C93A
C:\Program Files\Sony\VAIO Care\langregion\EU\it-IT\Config\RegCleanerSetting.config --a---- 177 bytes [20:44 21/05/2012] [20:44 21/05/2012] 7717685604E5E9D0C524CB4EB332C93A
C:\Program Files\Sony\VAIO Care\langregion\EU\nl-NL\Config\RegCleanerSetting.config --a---- 177 bytes [20:44 21/05/2012] [20:44 21/05/2012] 7717685604E5E9D0C524CB4EB332C93A
C:\Program Files\Sony\VAIO Care\langregion\EU\pl-PL\Config\RegCleanerSetting.config --a---- 177 bytes [20:44 21/05/2012] [20:44 21/05/2012] 7717685604E5E9D0C524CB4EB332C93A
C:\Program Files\Sony\VAIO Care\langregion\EU\ro-RO\Config\RegCleanerSetting.config --a---- 177 bytes [20:44 21/05/2012] [20:44 21/05/2012] 7717685604E5E9D0C524CB4EB332C93A
C:\Program Files\Sony\VAIO Care\langregion\EU\ru-RU\Config\RegCleanerSetting.config --a---- 177 bytes [20:44 21/05/2012] [20:44 21/05/2012] 7717685604E5E9D0C524CB4EB332C93A
C:\Program Files\Sony\VAIO Care\langregion\EU\sk-SK\Config\RegCleanerSetting.config --a---- 177 bytes [20:44 21/05/2012] [20:44 21/05/2012] 7717685604E5E9D0C524CB4EB332C93A
C:\Program Files\Sony\VAIO Care\langregion\EU\tr-TR\Config\RegCleanerSetting.config --a---- 177 bytes [20:44 21/05/2012] [20:44 21/05/2012] 7717685604E5E9D0C524CB4EB332C93A
C:\Program Files\Sony\VAIO Care\langregion\JP\ja-JP\Config\RegCleanerSetting.config --a---- 177 bytes [20:44 21/05/2012] [20:44 21/05/2012] 7717685604E5E9D0C524CB4EB332C93A
C:\Program Files\Sony\VAIO Care\langregion\US\en-CA\Config\RegCleanerSetting.config --a---- 177 bytes [20:44 21/05/2012] [20:44 21/05/2012] 7717685604E5E9D0C524CB4EB332C93A
C:\Program Files\Sony\VAIO Care\langregion\US\en-US\Config\RegCleanerSetting.config --a---- 177 bytes [20:44 21/05/2012] [20:44 21/05/2012] 7717685604E5E9D0C524CB4EB332C93A
C:\Program Files\Sony\VAIO Care\langregion\US\es-MX\Config\RegCleanerSetting.config --a---- 177 bytes [20:44 21/05/2012] [20:44 21/05/2012] 7717685604E5E9D0C524CB4EB332C93A
C:\Program Files\Sony\VAIO Care\langregion\US\fr-CA\Config\RegCleanerSetting.config --a---- 177 bytes [20:44 21/05/2012] [20:44 21/05/2012] 7717685604E5E9D0C524CB4EB332C93A
C:\Program Files\Sony\VAIO Care\langregion\US\pt-BR\Config\RegCleanerSetting.config --a---- 177 bytes [20:44 21/05/2012] [20:44 21/05/2012] 7717685604E5E9D0C524CB4EB332C93A

Searching for "*DioSecouuntLocAutor*"
C:\Users\Christian\AppData\LocalLow\{8D8C4348-9977-D1E0-3A86-6D9BD825C349}\DioSecouuntLocAutor.2.7.dat --a---- 80751 bytes [23:58 24/01/2014] [22:49 03/02/2014] 28D3623A03D6B4B4E533D0868FBCCC2E
C:\Windows\System32\config\systemprofile\AppData\Local\Packages\windows_ie_ac_001\AC\{8D8C4348-9977-D1E0-3A86-6D9BD825C349}\DioSecouuntLocAutor.2.7.dat --a---- 144 bytes [22:48 05/01/2014] [22:48 05/01/2014] 23C308104C1D6D78C20D4A3FB3F183E8
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\{8D8C4348-9977-D1E0-3A86-6D9BD825C349}\DioSecouuntLocAutor.2.7.dat --a---- 148 bytes [22:48 05/01/2014] [22:48 05/01/2014] 868C21B68A279F35B601E60E9CB7B84E

Searching for "*TXTfiilesConvert*"
C:\Users\Christian\AppData\LocalLow\{70B65263-7A19-7AB3-F931-8878225BB515}\TXTfiilesConvert.2.7.dat --a---- 59379 bytes [22:49 03/02/2014] [22:49 03/02/2014] A34337A19936A25678DB0049E03C25BE
C:\Windows\System32\config\systemprofile\AppData\Local\Packages\windows_ie_ac_001\AC\{70B65263-7A19-7AB3-F931-8878225BB515}\TXTfiilesConvert.2.7.dat --a---- 144 bytes [21:40 31/01/2014] [21:40 31/01/2014] 23C308104C1D6D78C20D4A3FB3F183E8
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\{70B65263-7A19-7AB3-F931-8878225BB515}\TXTfiilesConvert.2.7.dat --a---- 148 bytes [21:40 31/01/2014] [21:40 31/01/2014] 868C21B68A279F35B601E60E9CB7B84E

Searching for "*systweak*"
No files found.

Searching for "*optimizer*"
C:\Program Files (x86)\Sony\VAIO Creations\VAIO Image Optimizer\VIOptimizer.exe --a---- 981648 bytes [19:30 06/03/2013] [19:30 06/03/2013] 6E46E7660D4E71E909ACA147DCCAEA65
C:\ProgramData\Sony Corporation\PMB\RelationXML\VIOptimizer_UI1_1.xml --a---- 1483 bytes [19:30 06/03/2013] [19:30 06/03/2013] 536DD76C5C4ADEFF3AD732DF53DE3B7A
C:\ProgramData\Sony Corporation\PMB\RelationXML\VIOptimizer_UI1_2.xml --a---- 1893 bytes [19:30 06/03/2013] [19:30 06/03/2013] 096C5AC9B983A11C8705EED51435C9AB
C:\ProgramData\Sony Corporation\PMB\RelationXML\VIOptimizer_UI1_3.xml --a---- 1559 bytes [19:30 06/03/2013] [19:30 06/03/2013] 607196D1564D628DAEDF082B2128EBA2
C:\ProgramData\Sony Corporation\PMB\RelationXML\VIOptimizer_UI1_4.xml --a---- 1821 bytes [19:30 06/03/2013] [19:30 06/03/2013] 7506ABEA7B9021FCCFC0DB6572334F78
C:\Users\All Users\Sony Corporation\PMB\RelationXML\VIOptimizer_UI1_1.xml --a---- 1483 bytes [19:30 06/03/2013] [19:30 06/03/2013] 536DD76C5C4ADEFF3AD732DF53DE3B7A
C:\Users\All Users\Sony Corporation\PMB\RelationXML\VIOptimizer_UI1_2.xml --a---- 1893 bytes [19:30 06/03/2013] [19:30 06/03/2013] 096C5AC9B983A11C8705EED51435C9AB
C:\Users\All Users\Sony Corporation\PMB\RelationXML\VIOptimizer_UI1_3.xml --a---- 1559 bytes [19:30 06/03/2013] [19:30 06/03/2013] 607196D1564D628DAEDF082B2128EBA2
C:\Users\All Users\Sony Corporation\PMB\RelationXML\VIOptimizer_UI1_4.xml --a---- 1821 bytes [19:30 06/03/2013] [19:30 06/03/2013] 7506ABEA7B9021FCCFC0DB6572334F78

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Searchqu*"
No folders found.

Searching for "*iLivid*"
No folders found.

Searching for "*whitesmoke*"
No folders found.

Searching for "*datamngr*"
No folders found.

Searching for "*trolltech*"
No folders found.

Searching for "*regclean*"
No folders found.

Searching for "*DioSecouuntLocAutor*"
C:\AdwCleaner\Quarantine\C\ProgramData\DioSecouuntLocAutor d------ [19:35 31/05/2014]

Searching for "*TXTfiilesConvert*"
No folders found.

Searching for "*systweak*"
No folders found.

Searching for "*optimizer*"
C:\AdwCleaner\Quarantine\C\Users\Christian\Documents\Optimizer Pro d------ [19:35 31/05/2014]
C:\Program Files (x86)\Sony\VAIO Creations\VAIO Image Optimizer d------ [03:24 31/07/2013]

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
No data found.

Searching for "Searchqu"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{DF4516C8-BD7C-533B-8859-236CAC8D028A}]
"ActivatableClassId"="AppEx.Sports.Services.TypeDefs.Request.AppSearchQuery"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\Microsoft.BingSports_1.8.0.51_x64__8wekyb3d8bbwe\ActivatableClassId\AppEx.Sports.Services.TypeDefs.Request.AppSearchQuery]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_USERS\S-1-5-21-2709282161-3102555306-2552918505-1002\Software\Classes\ActivatableClasses\CLSID\{DF4516C8-BD7C-533B-8859-236CAC8D028A}]
"ActivatableClassId"="AppEx.Sports.Services.TypeDefs.Request.AppSearchQuery"
[HKEY_USERS\S-1-5-21-2709282161-3102555306-2552918505-1002\Software\Classes\ActivatableClasses\Package\Microsoft.BingSports_1.8.0.51_x64__8wekyb3d8bbwe\ActivatableClassId\AppEx.Sports.Services.TypeDefs.Request.AppSearchQuery]
[HKEY_USERS\S-1-5-21-2709282161-3102555306-2552918505-1002_Classes\ActivatableClasses\CLSID\{DF4516C8-BD7C-533B-8859-236CAC8D028A}]
"ActivatableClassId"="AppEx.Sports.Services.TypeDefs.Request.AppSearchQuery"
[HKEY_USERS\S-1-5-21-2709282161-3102555306-2552918505-1002_Classes\ActivatableClasses\Package\Microsoft.BingSports_1.8.0.51_x64__8wekyb3d8bbwe\ActivatableClassId\AppEx.Sports.Services.TypeDefs.Request.AppSearchQuery]

Searching for "iLivid"
No data found.

Searching for "whitesmoke"
No data found.

Searching for "datamngr"
No data found.

Searching for "kelkoopartners"
No data found.

Searching for "trolltech"
[HKEY_CURRENT_USER\Software\Trolltech]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-2709282161-3102555306-2552918505-1002\Software\Trolltech]
[HKEY_USERS\S-1-5-21-2709282161-3102555306-2552918505-1002\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]

Searching for "regclean"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9D8E5931-AF9E-4A20-8B90-2C82860B13F8}]
@="IRegCleaner"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9D8E5931-AF9E-4A20-8B90-2C82860B13F8}]
@="IRegCleaner"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{9D8E5931-AF9E-4A20-8B90-2C82860B13F8}]
@="IRegCleaner"

Searching for "DioSecouuntLocAutor"
No data found.

Searching for "TXTfiilesConvert"
No data found.

Searching for "systweak"
No data found.

Searching for "optimizer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{62079164-233b-41f8-a80f-f01705f514a8}]
@="EVR Graph Optimizer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\729C7955A9207A640A0CD8BA9D98A105]
"VAIOImageOptimizer"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\729C7955A9207A640A0CD8BA9D98A105]
"ProductName"="VAIO Image Optimizer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\729C7955A9207A640A0CD8BA9D98A105\SourceList]
"PackageName"="VAIO Image Optimizer.msi"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{30146000-87BF-11D1-BE74-C94E44925F69}\InprocServer32]
@="C:\Program Files (x86)\Sony\VAIO Creations\VAIO Image Optimizer\SMVD.ax"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{30146000-87BF-11D1-BE74-C94E44925F69}\InprocServer32]
"InprocServer32"="[nASC^C0e=nw`.`K5EhAVAIOImageOptimizer>rS8-Vj0GO9PUs{,z2l5L"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{62079164-233b-41f8-a80f-f01705f514a8}]
@="EVR Graph Optimizer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{97952D20-B180-11CF-8410-00A024EC9DA6}\InprocServer32]
@="C:\Program Files (x86)\Sony\VAIO Creations\VAIO Image Optimizer\SMVD.ax"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{97952D20-B180-11CF-8410-00A024EC9DA6}\InprocServer32]
"InprocServer32"="[nASC^C0e=nw`.`K5EhAVAIOImageOptimizer>rS8-Vj0GO9PUs{,z2l5L"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F2300E20-11C9-11D2-AE38-0000F49503A9}\InprocServer32]
@="C:\Program Files (x86)\Sony\VAIO Creations\VAIO Image Optimizer\SMVD.ax"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F2300E20-11C9-11D2-AE38-0000F49503A9}\InprocServer32]
"InprocServer32"="[nASC^C0e=nw`.`K5EhAVAIOImageOptimizer>rS8-Vj0GO9PUs{,z2l5L"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Sony\VAIO Creations\VAIO Image Optimizer\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0B0C3CD447431F043B3288159EC9B3FD]
"729C7955A9207A640A0CD8BA9D98A105"="C:\Program Files (x86)\Sony\VAIO Creations\VAIO Image Optimizer\KstJapan.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1D66BDFE3E0754E4E97EE1AC7E07CC07]
"729C7955A9207A640A0CD8BA9D98A105"="C:\Program Files (x86)\Sony\VAIO Creations\VAIO Image Optimizer\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E966155B62194D4FB39A2CAB5E41BEE]
"729C7955A9207A640A0CD8BA9D98A105"="C:\Program Files (x86)\Sony\VAIO Creations\VAIO Image Optimizer\KstItaly.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1FF2D52DC86419C4A8E389C648D99B3C]
"729C7955A9207A640A0CD8BA9D98A105"="C:\Program Files (x86)\Sony\VAIO Creations\VAIO Image Optimizer\GpuClbCheck.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\25BEEEF7F32503E43A08D8E4FBB9A88C]
"729C7955A9207A640A0CD8BA9D98A105"="C:\Program Files (x86)\Sony\VAIO Creations\VAIO Image Optimizer\KstCommon.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\39B32C2D7658F2040AE7E4459ABFC996]
"729C7955A9207A640A0CD8BA9D98A105"="C:\Program Files (x86)\Sony\VAIO Creations\VAIO Image Optimizer\KSTVideoCore.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3F6212AA07249A340AE22EDD786A962B]
"729C7955A9207A640A0CD8BA9D98A105"="C:\Program Files (x86)\Sony\VAIO Creations\VAIO Image Optimizer\KstGerman.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\410DF7F84C7C7C246B9490F138E59A07]
"729C7955A9207A640A0CD8BA9D98A105"="C:\Program Files (x86)\Sony\VAIO Creations\VAIO Image Optimizer\SMVD.ax"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5B4F21EF0F23AD04FA2E5E96EDD49E04]
"729C7955A9207A640A0CD8BA9D98A105"="C:\Program Files (x86)\Sony\VAIO Creations\VAIO Image Optimizer\rcpehdr.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6034AF3848063EF4C9EF34967F944AB8]
"729C7955A9207A640A0CD8BA9D98A105"="C:\Program Files (x86)\Sony\VAIO Creations\VAIO Image Optimizer\KSTEngine.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\63363A125B82DB24BAC0A3FAF5AAC5E2]
"729C7955A9207A640A0CD8BA9D98A105"="C:\Program Files (x86)\Sony\VAIO Creations\VAIO Image Optimizer\sgpuclb.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\64FEC0246323B54479D35EDFD14EB12B]
"729C7955A9207A640A0CD8BA9D98A105"="C:\Program Files (x86)\Sony\VAIO Creations\VAIO Image Optimizer\VIOTask.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6A990725D65286049AB36D3681B18866]
"729C7955A9207A640A0CD8BA9D98A105"="C:\ProgramData\Sony Corporation\PMB\RelationXML\VIOptimizer_UI1_4.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\72B675A043AAADB4C9CABFDF2F6F5484]
"729C7955A9207A640A0CD8BA9D98A105"="C:\Program Files (x86)\Sony\VAIO Creations\VAIO Image Optimizer\coreHDR.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\76D1AA19F06A7084F8061826649760BE]
"729C7955A9207A640A0CD8BA9D98A105"="C:\Program Files (x86)\Sony\VAIO Creations\VAIO Image Optimizer\coreSNR.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\793CD693F5B0F6640981EC4EE91537CE]
"729C7955A9207A640A0CD8BA9D98A105"="C:\Program Files (x86)\Sony\VAIO Creations\VAIO Image Optimizer\libiomp5md.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8501396E31648284F8FDDC13588A5902]
"729C7955A9207A640A0CD8BA9D98A105"="C:\Program Files (x86)\Sony\VAIO Creations\VAIO Image Optimizer\KstRussian.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8AB1621AC99D1DB47B6C6BEF6E46BC5C]
"729C7955A9207A640A0CD8BA9D98A105"="C:\Program Files (x86)\Sony\VAIO Creations\VAIO Image Optimizer\KstTChinese.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8B8EC2F6058A7B741BA7192EEB2DA41E]
"729C7955A9207A640A0CD8BA9D98A105"="C:\Program Files (x86)\Sony\VAIO Creations\VAIO Image Optimizer\KSTCommonCore.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\90567FC451B64A94F94AC309BB784D80]
"729C7955A9207A640A0CD8BA9D98A105"="C:\Program Files (x86)\Sony\VAIO Creations\VAIO Image Optimizer\KSTImageCore.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\91E23BD58938BA941BDB7184FC689DDE]
"729C7955A9207A640A0CD8BA9D98A105"="C:\Program Files (x86)\Sony\VAIO Creations\VAIO Image Optimizer\KstFrench.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\92394C453CBE6324799ACBDA8B20A673]
"729C7955A9207A640A0CD8BA9D98A105"="C:\Program Files (x86)\Sony\VAIO Creations\VAIO Image Optimizer\sgcuupc.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A0E7996EEA436AF4CB465FCDAAEACAB3]
"729C7955A9207A640A0CD8BA9D98A105"="C:\Program Files (x86)\Sony\VAIO Creations\VAIO Image Optimizer\rcpdblripp_t.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A79F4E6342116204C9123C499B02C195]
"729C7955A9207A640A0CD8BA9D98A105"="C:\Program Files (x86)\Sony\VAIO Creations\VAIO Image Optimizer\libmmd.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A85499A01C06D794D8580AAD6078614B]
"729C7955A9207A640A0CD8BA9D98A105"="C:\Program Files (x86)\Sony\VAIO Creations\VAIO Image Optimizer\KstNetherlands.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ABE42DD67678E714C9C7386D39DC5707]
"729C7955A9207A640A0CD8BA9D98A105"="C:\Program Files (x86)\Sony\VAIO Creations\VAIO Image Optimizer\diva.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AE7BFA712DE95E34A8348ACC192DF707]
"729C7955A9207A640A0CD8BA9D98A105"="C:\Program Files (x86)\Sony\VAIO Creations\VAIO Image Optimizer\VAIOUpdate.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B052DFB670C44CF4998B7E20C957C990]
"729C7955A9207A640A0CD8BA9D98A105"="C:\Program Files (x86)\Sony\VAIO Creations\VAIO Image Optimizer\KstPoland.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCC4C5EC173A6B145B88FDB57537C78E]
"729C7955A9207A640A0CD8BA9D98A105"="C:\Program Files (x86)\Sony\VAIO Creations\VAIO Image Optimizer\rcpdblr.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEC41F180B1E0654DBEA138E3E2D5FD4]
"729C7955A9207A640A0CD8BA9D98A105"="C:\Program Files (x86)\Sony\VAIO Creations\VAIO Image Optimizer\KstSpain.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C198E27659E49DB40BDF62D52156B5E0]
"729C7955A9207A640A0CD8BA9D98A105"="C:\Program Files (x86)\Sony\VAIO Creations\VAIO Image Optimizer\KstBrazil.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C4101422D437BAB4DBE04C487C744D1E]
"729C7955A9207A640A0CD8BA9D98A105"="C:\Program Files (x86)\Sony\VAIO Creations\VAIO Image Optimizer\rcpesnr.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C9684F8E26BAAF240931A9A1B842B8EE]
"729C7955A9207A640A0CD8BA9D98A105"="C:\Program Files (x86)\Sony\VAIO Creations\VAIO Image Optimizer\KstEnglish.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DE0472CAEF174284B96534208D465589]
"729C7955A9207A640A0CD8BA9D98A105"="C:\Program Files (x86)\Sony\VAIO Creations\VAIO Image Optimizer\KstKorea.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4945482228567E459C6EB46D664515A]
"729C7955A9207A640A0CD8BA9D98A105"="C:\Program Files (x86)\Sony\VAIO Creations\VAIO Image Optimizer\VIOptimizer.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4945482228567E459C6EB46D664515A\729C7955A9207A640A0CD8BA9D98A105]
"File"="vioptimizer.exe.2768A63E_677B_4B90_A271_C0957076E79C"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E7486F161C215874F91AA4B19485DEDE]
"729C7955A9207A640A0CD8BA9D98A105"="C:\Program Files (x86)\Sony\VAIO Creations\VAIO Image Optimizer\KstSChinese.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E8CC907373FF895488DCAE7F493E9624]
"729C7955A9207A640A0CD8BA9D98A105"="C:\Program Files (x86)\Sony\VAIO Creations\VAIO Image Optimizer\sgcudme.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F392FC56A03976A4699A992475BED454]
"729C7955A9207A640A0CD8BA9D98A105"="C:\Program Files (x86)\Sony\VAIO Creations\VAIO Image Optimizer\VSSUProcess.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F484DA94D5569CC41BFB5EC5A4DA2C12]
"729C7955A9207A640A0CD8BA9D98A105"="C:\?Program Files (x86)\Sony\VAIO Creations\VAIO Image Optimizer\VIOUtility.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\729C7955A9207A640A0CD8BA9D98A105\Features]
"VAIOImageOptimizer"="7y)eW8l7_eO9MkbIdFwUpR^pXI`Quoe8MkbIdFwUk8E_9W*CLl*9MkbIdFwUk8E_9W*CLlu8MkbIdFwU7y)eW8l7_e?9MkbIdFwUpR^pXI`Quou8MkbIdFwUpR^pXI`Quo*9MkbIdFwU53^pXAtQuou8MkbIdFwUj&^pX@{Quou8MkbIdFwUr$^pX.}Quou8MkbIdFwUv!^pXW}Quou8MkbIdFwU53^pXAtQuo*9MkbIdFwU^)^pX$zQuou8MkbIdFwUb(^pXMzQuou8MkbIdFwUv!^pXW}Quo*9MkbIdFwUn%^pXe{Quou8MkbIdFwUf'^pXrzQuou8MkbIdFwUr$^pX.}Quo*9MkbIdFwUn%^pXe{Quo*9MkbIdFwUj&^pX@{Quo*9MkbIdFwU8_IsYU6Oi(u8MkbIdFwUOy!sY(Vti(u8MkbIdFwUf'^pXrzQuo*9MkbIdFwUpQn_9%AlKlu8MkbIdFwUVOAsYKAXi(u8MkbIdFwUb(^pXMzQuo*9MkbIdFwU1-,sY3Oki(u8MkbIdFwU^)^pX$zQuo*9MkbIdFwUg6,sYGKki(u8MkbIdFwU8_IsYU6Oi(*9MkbIdFwUIcb_9gKzKlu8MkbIdFwUVOAsYKAXi(*9MkbIdFwU1-,sY3Oki(*9MkbIdFwU-'v_9xpcKlu8MkbIdFwUOy!sY(Vti(*9MkbIdFwU{3^rY&wBj(u8MkbIdFwUJG'`9U{UKlu8MkbIdFwUg6,sYGKki(*9MkbIdFwUYZc_9hlwKlu8MkbIdFwU{3^rY&wBj(*9MkbIdFwUpQn_9%AlKl*9MkbIdFwU6O&`90kVKlu8MkbIdFwUHBe_989vKlu8MkbIdFw
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\729C7955A9207A640A0CD8BA9D98A105\InstallProperties]
"InstallLocation"="C:\Program Files (x86)\Sony\VAIO Creations\VAIO Image Optimizer\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\729C7955A9207A640A0CD8BA9D98A105\InstallProperties]
"DisplayName"="VAIO Image Optimizer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Sony Corporation\Installed Software\Modules\VAIO Image Optimizer 198273]
[HKEY_LOCAL_MACHINE\SOFTWARE\Sony Corporation\Installed Software\Modules\VAIO Image Optimizer 198273]
"VersionPath"="%ProgramFiles(x86)%\Sony\VAIO Creations\VAIO Image Optimizer\Version.txt"
[HKEY_LOCAL_MACHINE\SOFTWARE\Sony Corporation\Shared Info\VersionPath\VAIO Image Optimizer Common Merge Module]
[HKEY_LOCAL_MACHINE\SOFTWARE\Sony Corporation\Shared Info\VersionPath\VAIO Image Optimizer Common Merge Module]
"Version"="C:\Program Files (x86)\Sony\VAIO Creations\VAIO Image Optimizer\VersionVIOCommon.txt"
[HKEY_LOCAL_MACHINE\SOFTWARE\Sony Corporation\Shared Info\VersionPath\VAIO Image Optimizer Engine Base Merge Module]
[HKEY_LOCAL_MACHINE\SOFTWARE\Sony Corporation\Shared Info\VersionPath\VAIO Image Optimizer Engine Base Merge Module]
"Version"="C:\Program Files (x86)\Sony\VAIO Creations\VAIO Image Optimizer\VersionVIOEngineBase.txt"
[HKEY_LOCAL_MACHINE\SOFTWARE\Sony Corporation\Shared Info\VersionPath\VAIO Image Optimizer Engine Merge Module]
[HKEY_LOCAL_MACHINE\SOFTWARE\Sony Corporation\Shared Info\VersionPath\VAIO Image Optimizer Engine Merge Module]
"Version"="C:\Program Files (x86)\Sony\VAIO Creations\VAIO Image Optimizer\VersionVIOEngine.txt"
[HKEY_LOCAL_MACHINE\SOFTWARE\Sony Corporation\Shared Info\VersionPath\VAIO Image Optimizer Localizatoin Merge Module]
[HKEY_LOCAL_MACHINE\SOFTWARE\Sony Corporation\Shared Info\VersionPath\VAIO Image Optimizer Localizatoin Merge Module]
"Version"="C:\Program Files (x86)\Sony\VAIO Creations\VAIO Image Optimizer\VersionVIOLocalization.txt"
[HKEY_LOCAL_MACHINE\SOFTWARE\Sony Corporation\Shared Info\VersionPath\VAIO Image Optimizer Main App Merge Module]
[HKEY_LOCAL_MACHINE\SOFTWARE\Sony Corporation\Shared Info\VersionPath\VAIO Image Optimizer Main App Merge Module]
"Version"="C:\Program Files (x86)\Sony\VAIO Creations\VAIO Image Optimizer\VersionVIOMainApp.txt"
[HKEY_LOCAL_MACHINE\SOFTWARE\Sony Corporation\Shared Info\VersionPath\VAIO Image Optimizer Relation XML Merge Module]
[HKEY_LOCAL_MACHINE\SOFTWARE\Sony Corporation\Shared Info\VersionPath\VAIO Image Optimizer Relation XML Merge Module]
"Version"="C:\Program Files (x86)\Sony\VAIO Creations\VAIO Image Optimizer\VersionVIORelationXML.txt"
[HKEY_LOCAL_MACHINE\SOFTWARE\Sony Corporation\Shared Info\VersionPath\VAIO Image Optimizer SDKDLL Merge Module]
[HKEY_LOCAL_MACHINE\SOFTWARE\Sony Corporation\Shared Info\VersionPath\VAIO Image Optimizer SDKDLL Merge Module]
"Version"="C:\Program Files (x86)\Sony\VAIO Creations\VAIO Image Optimizer\VersionVIOSDKDLL.txt"
[HKEY_LOCAL_MACHINE\SOFTWARE\Sony Corporation\Shared Info\VersionPath\VAIO Image Optimizer Task Merge Module]
[HKEY_LOCAL_MACHINE\SOFTWARE\Sony Corporation\Shared Info\VersionPath\VAIO Image Optimizer Task Merge Module]
"Version"="C:\Program Files (x86)\Sony\VAIO Creations\VAIO Image Optimizer\VersionVIOTask.txt"
[HKEY_LOCAL_MACHINE\SOFTWARE\Sony Corporation\Shared Info\VersionPath\VAIO Image Optimizer VCHelp]
[HKEY_LOCAL_MACHINE\SOFTWARE\Sony Corporation\Shared Info\VersionPath\VAIO Image Optimizer VSSU Merge Module]
[HKEY_LOCAL_MACHINE\SOFTWARE\Sony Corporation\Shared Info\VersionPath\VAIO Image Optimizer VSSU Merge Module]
"Version"="C:\Program Files (x86)\Sony\VAIO Creations\VAIO Image Optimizer\VersionVIOVSSU.txt"
[HKEY_LOCAL_MACHINE\SOFTWARE\Sony Corporation\Shared Info\VersionPath\VAIO Image Optimizer/VAIO Movie Creator CMMN_Stereo3DCheck Merge Module]
[HKEY_LOCAL_MACHINE\SOFTWARE\Sony Corporation\Shared Info\VersionPath\VAIO Image Optimizer/VAIO Movie Creator Common Merge Module]
[HKEY_LOCAL_MACHINE\SOFTWARE\Sony Corporation\Shared Info\VersionPath\VAIO Image Optimizer/VAIO Movie Creator Drp Common Merge Module]
[HKEY_LOCAL_MACHINE\SOFTWARE\Sony Corporation\Shared Info\VersionPath\VAIO Image Optimizer/VAIO Movie Creator DrpLicense Merge Module]
[HKEY_LOCAL_MACHINE\SOFTWARE\Sony Corporation\Shared Info\VersionPath\VAIO Image Optimizer/VAIO Movie Creator ReferenceVI Merge Module]
[HKEY_LOCAL_MACHINE\SOFTWARE\Sony Corporation\Shared Info\VersionPath\VAIO Image Optimizer/VAIO Movie Creator Sample Merge Module]
[HKEY_LOCAL_MACHINE\SOFTWARE\Sony Corporation\Shared Info\VersionPath\VAIO Image Optimizer/VAIO Movie Creator SGPUCLB Common Merge Module]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{5597C927-029A-46A7-A0C0-8DABD9891A50}]
"DisplayName"="VAIO Image Optimizer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{5597C927-029A-46A7-A0C0-8DABD9891A50}]
"InstallLocation"="C:\Program Files (x86)\Sony\VAIO Creations\VAIO Image Optimizer\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5597C927-029A-46A7-A0C0-8DABD9891A50}]
"InstallLocation"="C:\Program Files (x86)\Sony\VAIO Creations\VAIO Image Optimizer\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5597C927-029A-46A7-A0C0-8DABD9891A50}]
"DisplayName"="VAIO Image Optimizer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Sony Corporation\Shared Info\AppDB\VAIO Image Optimizer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Sony Corporation\Shared Info\AppDB\VAIO Image Optimizer]
"appname"="VAIO Image Optimizer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Sony Corporation\VAIO Image Optimizer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Sony Corporation\VAIO Image Optimizer\1.0]
"ApplicationName"="VAIO Image Optimizer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Sony Corporation\VAIO Image Optimizer\1.0]
"InstalledPath"="C:\Program Files (x86)\Sony\VAIO Creations\VAIO Image Optimizer\VIOptimizer.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Sony Corporation\VAIO Image Optimizer\1.0\App]
"EnginePath"="C:\Program Files (x86)\Sony\VAIO Creations\VAIO Image Optimizer\KSTEngine.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Sony Corporation\VAIO Image Optimizer\1.0\App]
"ApplicationDir"="C:\Program Files (x86)\Sony\VAIO Creations\VAIO Image Optimizer\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Sony Corporation\VAIO Image Optimizer\1.0\PMB]
"InstalledLocation"="C:\Program Files (x86)\Sony\VAIO Creations\VAIO Image Optimizer\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Sony Corporation\VAIO Image Optimizer\1.0\PMB]
"ExeName"="VIOptimizer.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{30146000-87BF-11D1-BE74-C94E44925F69}\InprocServer32]
@="C:\Program Files (x86)\Sony\VAIO Creations\VAIO Image Optimizer\SMVD.ax"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{30146000-87BF-11D1-BE74-C94E44925F69}\InprocServer32]
"InprocServer32"="[nASC^C0e=nw`.`K5EhAVAIOImageOptimizer>rS8-Vj0GO9PUs{,z2l5L"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{62079164-233b-41f8-a80f-f01705f514a8}]
@="EVR Graph Optimizer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{97952D20-B180-11CF-8410-00A024EC9DA6}\InprocServer32]
@="C:\Program Files (x86)\Sony\VAIO Creations\VAIO Image Optimizer\SMVD.ax"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{97952D20-B180-11CF-8410-00A024EC9DA6}\InprocServer32]
"InprocServer32"="[nASC^C0e=nw`.`K5EhAVAIOImageOptimizer>rS8-Vj0GO9PUs{,z2l5L"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{F2300E20-11C9-11D2-AE38-0000F49503A9}\InprocServer32]
@="C:\Program Files (x86)\Sony\VAIO Creations\VAIO Image Optimizer\SMVD.ax"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{F2300E20-11C9-11D2-AE38-0000F49503A9}\InprocServer32]
"InprocServer32"="[nASC^C0e=nw`.`K5EhAVAIOImageOptimizer>rS8-Vj0GO9PUs{,z2l5L"

-= EOF =-


Again, thank you for the fast reply.

Hoping to hear from you soon.

ChrisMasterSky
ChrisMasterSky
Active Member
 
Posts: 8
Joined: May 19th, 2014, 7:30 pm

Re: Am I infected?

Unread postby nunped » May 31st, 2014, 6:58 pm

Hi ChrisMasterSky,

You are very welcome :)

Can you give me an update on your computer performance?
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Am I infected?

Unread postby ChrisMasterSky » May 31st, 2014, 9:47 pm

Hi nunped, my computer is running a lot smoother. It boots up faster. I have less trouble with my computer overall. It is faster now that it is mostly clean.

ChrisMasterSky
ChrisMasterSky
Active Member
 
Posts: 8
Joined: May 19th, 2014, 7:30 pm

Re: Am I infected?

Unread postby nunped » June 2nd, 2014, 3:14 pm

Hi ChrisMastersSky,

Good news!

Let's continue:
Step 1 - Fix with FRST
  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy and Paste the following script into Notepad, Do not include the words Code: select all
    • (Click the select all button next to code to select the entire script).
    Code: Select all
    C:\Users\Christian\AppData\LocalLow\{8D8C4348-9977-D1E0-3A86-6D9BD825C349}\DioSecouuntLocAutor.2.7.dat
    C:\Windows\System32\config\systemprofile\AppData\Local\Packages\windows_ie_ac_001\AC\{8D8C4348-9977-D1E0-3A86-6D9BD825C349}\DioSecouuntLocAutor.2.7.dat
    C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\{8D8C4348-9977-D1E0-3A86-6D9BD825C349}\DioSecouuntLocAutor.2.7.dat
    C:\Users\Christian\AppData\LocalLow\{70B65263-7A19-7AB3-F931-8878225BB515}\TXTfiilesConvert.2.7.dat
    C:\Windows\System32\config\systemprofile\AppData\Local\Packages\windows_ie_ac_001\AC\{70B65263-7A19-7AB3-F931-8878225BB515}\TXTfiilesConvert.2.7.dat
    C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\{70B65263-7A19-7AB3-F931-8878225BB515}\TXTfiilesConvert.2.7.dat
    :reg reg.exe delete "HKEY_CURRENT_USER\Software\Trolltech"
    :reg reg.exe delete "HKEY_USERS\S-1-5-21-2709282161-3102555306-2552918505-1002\Software\Trolltech"
    
  • Save it to your Desktop as filename fixlist.txt.
  • Right-click FRST.exe and select " Run as administrator " to run it.
  • Press the Fix button just once. Then wait.
  • When finished, it will create a Fixlog.txt log on your Desktop.
  • Please post the content of the Fixlog.txt in your next reply.

After that, please run a new scan with FRST:
  • Right-click FRST.exe and select " Run as administrator " to run it.
  • When the tool opens click Yes to the disclaimer.
  • Press Scan button. ... When finished a log will be created, FRST.txt.
  • Please post the content of the FRST.txt in your next reply.
  • Please post the content of the Addition.txt in your next reply.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Am I infected?

Unread postby NonSuch » June 6th, 2014, 1:53 am

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27300
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 14 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware