Well, all scans are done and no more threats were found. After that, I went into my bank accounts and changed both account user IDs and passwords. That will keep PayPal out of the one account that is linked to them. After that, I tried getting into PayPal again and got the trojan popup from Avast again. I ran a quick scan with Avast again and I'm still clean. Looks like I won't be using PayPal for a while.
It appears that Bankfraud-BBE[Trj] leaves its mark on Temporary Internet Files, and the Temp folder:
c:\users\*\AppData\Local\Temp\... and c:\users\*\AppData\Local\Microsoft\Windows\Temporary Internet Files\...
You may want to use Temp File Cleaner (TFC)
It is a small utility created by OldTimer, that cleans out all folders on your computer housing temporary files. The temp folders that TFC cleans are the Java, Windows Temp Folder, and the Internet Explorer, Opera, Chrome, and Safari caches. This tool cleans the folders for all accounts on the computer, including the Administrator, NetworkService, and LocalService accounts.
If you wish, please do the following:
TFC Download
1. Download TFC from the link above
2. Save the file on your Desktop.
3. Close ALL running applications as TFC terminates them before attempting to clean up the temporary files.
4. Double-click on the TFC icon to run the program.
5. At the program console, click: Start
6. TFC terminates the Explorer process and all running applications. It then begins the process of cleaning out all of your temp folders.
7. The program reports the items it cleans.
8. When done, press OK to reboot the computer and finish the cleanup.
9. Exit the program.
Notes:
1: Depending on how much data is currently stored in the Temp folders, this process can take a while to remove all of the files, so please be patient.
2: This program does not delete your Cookies or Browser History.
When done when TFC, you may also want to run RogueKiller (Post #4) to look at the Hosts file, and any malware related DNS changes.
I use Glary Utilities weekly to clean out all my temporary files so I never have very many to remove at any one time. although I had run it last night, I ran it again just now just in case...
I got the same thing yesterday. I even tried a test address that someone listed to be sure that it was a true PayPal address and not a fake one.
I got to thinking that since initially using IE10, I would go back and try the website using CHROME. Brought up https//www.paypal.com and let it sit for a couple minutes, and didn't receive any indication from Avast. Might be a fluke on IE's part. Maybe something Chrome isn't catching right away. Important to always check that you are dealing with the secure HTTPS address.
Now my next concern is how I received the virus, because yesterday it came up after a normal scan. I only use PayPal when making purchases thru Ebay, except for another purchase a few months ago to I don't remember where. I hardly ever call the website up directly. Has anybody notified PayPal folks, or are we all to afraid to because of the Virus?
@cottonball
Thanks a lot for your reply.
The alert that I get from Avast is exactly the one that you posted.
Here is the log from Roguekiller. I will write the logs from FRST in separate posts becaus the forum does not accepos long posts.
---------------- Roguekiller ----------------
RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : RogueKiller - Geeks to Go Forums
Website : Download RogueKiller (Official website)
Blog : tigzy-RK
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Giampiero [Admin rights]
Mode : Scan -- Date : 28/04/2013 09:39:15
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ST31500341AS +++++
--- User ---
[MBR] 2bc624f82689a2bd3862318749ce7443
[BSP] b08ad540e7390a1811c2de3b2c81ea5a : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 149 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 307200 | Size: 12542 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 25993216 | Size: 1418106 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1]_S_28042013_093915.txt >>
RKreport[1]_S_28042013_093915.txt
----------- FRST.txt part 1-----------
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-04-2013 07
Ran by Giampiero (administrator) on 28-04-2013 09:42:12
Running from C:\Users\Giampiero\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
() C:\Windows\SysWOW64\srvany.exe
() C:\Windows\KMService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Thought Communications, Inc.) C:\Program Files (x86)\FaxTalk\FTmsgsvc.exe
(Thought Communications, Inc.) C:\Program Files (x86)\FaxTalk\FAPIEXE.EXE
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Symantec) C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files (x86)\MailBell\mailbell.exe
(VoipStunt) C:\Program Files (x86)\VoipStunt.com\VoipStunt\voipstunt.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Alcor Micro Corp.) C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
(Advanced Micro Devices Inc.) c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(ACD Systems) C:\Program Files (x86)\ACD Systems\ACDSee Pro\6.0\ACDSeePro6InTouch2.exe
(Thought Communications, Inc.) C:\Program Files (x86)\FaxTalk\FTclctrl.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_11_7_700_169_ActiveX.exe
(Farbar) C:\Users\Giampiero\Desktop\FRST64.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10920552 2010-06-23] (Realtek Semiconductor)
HKLM\...\Run: [RunDLLEntry_THXCfg] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64 [17920 2009-10-15] (Creative Technology Ltd.)
HKLM\...\Run: [RunDLLEntry_EptMon] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64 [21504 2009-10-15] (Creative Technology Ltd.)
HKLM\...\Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup [483424 2012-02-01] ()
HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [112512 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [165184 2011-08-01] (Softthinks)
HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1475584 2010-11-20] (Microsoft Corporation)
HKCU\...\Run: [Mailbell] "C:\Program Files (x86)\MailBell\mailbell.exe" [1385912 2010-05-19] ()
HKCU\...\Run: [VoipStunt] "C:\Program Files (x86)\VoipStunt.com\VoipStunt\voipstunt.exe" -nosplash -minimized [19257152 2013-03-19] (VoipStunt)
HKCU\...\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [248208 2013-03-22] (TomTom)
HKLM-x32\...\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [165184 2011-08-01] (Softthinks)
HKLM-x32\...\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-01-13] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2010-03-10] (Alcor Micro Corp.)
HKLM-x32\...\Run: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r [963584 2009-12-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [240112 2010-09-04] (Sonic Solutions)
HKLM-x32\...\Run: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup [968048 2012-02-01] ()
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [821144 2010-10-25] (Adobe Systems Inc.)
HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4767304 2013-03-07] (AVAST Software)
HKLM-x32\...\Run: [ACPW06EN] "C:\Program Files (x86)\ACD Systems\ACDSee Pro\6.0\ACDSeePro6InTouch2.exe" /pid ACPW06EN [1133176 2012-08-31] (ACD Systems)
HKLM-x32\...\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150016 2008-08-20] (Hewlett-Packard)
HKLM-x32\...\Run: [FaxTalk FaxCenter Pro 8] "C:\Program Files (x86)\FaxTalk\FTClCtrl.exe" [120152 2011-01-31] (Thought Communications, Inc.)
HKLM-x32\...\Run: [Norton Ghost 15.0] "C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe" [2598760 2010-03-03] (Symantec Corporation)
HKLM-x32\...\Run: [beid] "C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe" /startup [x]
HKLM-x32\...\Run: [Reader Application Helper] C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe [898952 2012-11-08] (Sony Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Bienvenue
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN België: Hotmail, Skype, nieuws, entertainment, lifestyle en meer!
HKCU SearchScopes: DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL =
SearchScopes: HKCU - {49606DC7-976D-4030-A74E-9FB5C842FA68} URL =
BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File
Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - No File
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
Handler-x32: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - No File
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Handler-x32: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
Handler-x32: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [6723984 2010-01-21] (Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [4222864 2010-01-21] (Microsoft Corporation)
Winsock: Catalog5-x64 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
Winsock: Catalog5-x64 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Giampiero\AppData\Roaming\Mozilla\Firefox\Profiles\vcixyyc6.default
FF Homepage: hxxp://www.umile.net/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll ()
FF Plugin: @java.com/DTPlugin,version=1.6.0_39 - C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @sony.com/ReaderDesktop - C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Extension: No Name - C:\Users\Giampiero\AppData\Roaming\Mozilla\Firefox\Profiles\vcixyyc6.default\Extensions\foxmarks@kei .com
----------- FRST.txt part 2 -----------
==================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [45248 2013-03-07] (AVAST Software)
R2 FaxTalk FaxCenter Pro 8; C:\Program Files (x86)\FaxTalk\FTmsgsvc.exe [32600 2011-01-31] (Thought Communications, Inc.)
S3 GenericMount Helper Service; C:\Program Files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelperx64.exe [2227216 2010-02-12] (Symantec)
R2 KMService; C:\Windows\SysWow64\srvany.exe [8192 2013-02-06] ()
S3 LiveUpdate; C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE [2999664 2007-09-12] (Symantec Corporation)
R2 Norton Ghost; C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe [4590432 2010-03-03] (Symantec Corporation)
S3 Symantec SymSnap VSS Provider; C:\Windows\system32\dllhost.exe [9728 2009-07-14] (Microsoft Corporation)
R3 SymSnapService; C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe [2963960 2010-02-11] (Symantec)
==================== Drivers (Whitelisted) ====================
S3 A38CCID; C:\Windows\System32\DRIVERS\a38ccid.sys [46720 2013-01-30] (Advanced Card Systems Ltd.)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-03-07] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-03-07] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [70992 2013-03-07] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-03-07] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1025808 2013-03-07] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [377920 2013-03-07] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [68920 2013-03-07] (AVAST Software)
S3 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [178624 2013-03-07] ()
R3 GenericMount; C:\Windows\System32\DRIVERS\GenericMount.sys [66608 2010-02-12] (Symantec Corporation)
R0 symsnap; C:\Windows\System32\DRIVERS\symsnap.sys [170032 2010-02-11] (StorageCraft)
S3 VProEventMonitor; C:\Windows\System32\DRIVERS\vproeventmonitor.sys [20528 2009-09-21] (Symantec Corporation)
R3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
U2 V2iMount;
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-04-28 09:42 - 2013-04-28 09:42 - 00000000 ____D C:\FRST
2013-04-28 09:41 - 2013-04-28 09:41 - 01709762 ____A (Farbar) C:\Users\Giampiero\Desktop\FRST64.exe
2013-04-28 09:39 - 2013-04-28 09:39 - 00001438 ____A C:\Users\Giampiero\Desktop\RKreport[1]_S_28042013_093915.txt
2013-04-24 09:31 - 2013-04-12 16:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-04-22 10:42 - 2013-04-22 10:43 - 00000000 ____D C:\Users\Giampiero\AppData\Roaming\beid-cache
2013-04-21 10:02 - 2013-04-21 10:02 - 00003915 ____A C:\Windows\SysWOW64\jupdate-1.7.0_21-b11.log
2013-04-18 16:57 - 2013-04-18 17:02 - 00000000 ____D C:\Users\Giampiero\AppData\Roaming\Skype
2013-04-15 16:51 - 2013-04-15 16:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-04-10 11:35 - 2013-04-10 11:35 - 00000000 ____D C:\Users\Giampiero\AppData\Local\Sony
2013-04-10 11:25 - 2013-04-10 11:25 - 00176426 ____A C:\Windows\DPINST.LOG
2013-04-10 11:04 - 2013-04-10 11:04 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-04-10 09:24 - 2013-02-21 12:30 - 01766912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-04-10 09:24 - 2013-02-21 12:30 - 01129984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-04-10 09:24 - 2013-02-21 12:29 - 13761024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-04-10 09:24 - 2013-02-21 12:29 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-04-10 09:24 - 2013-02-21 12:29 - 02046464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-04-10 09:24 - 2013-02-21 12:29 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-04-10 09:24 - 2013-02-21 12:29 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-04-10 09:24 - 2013-02-21 12:29 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-04-10 09:24 - 2013-02-21 12:29 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-04-10 09:24 - 2013-02-21 12:29 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-04-10 09:24 - 2013-02-21 12:29 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-04-10 09:24 - 2013-02-21 12:29 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-04-10 09:24 - 2013-02-21 12:15 - 02240512 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-04-10 09:24 - 2013-02-21 12:15 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-04-10 09:24 - 2013-02-21 12:14 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-04-10 09:24 - 2013-02-21 12:14 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-04-10 09:24 - 2013-02-21 12:14 - 02647040 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-04-10 09:24 - 2013-02-21 12:14 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-04-10 09:24 - 2013-02-21 12:14 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-04-10 09:24 - 2013-02-21 12:14 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-04-10 09:24 - 2013-02-21 12:14 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-04-10 09:24 - 2013-02-21 12:14 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-04-10 09:24 - 2013-02-21 12:14 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-04-10 09:24 - 2013-02-21 12:14 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-04-10 09:24 - 2013-02-21 12:14 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-04-10 09:24 - 2013-02-19 14:01 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-04-10 09:24 - 2013-02-19 13:42 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-04-10 09:24 - 2013-02-19 13:10 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-04-10 09:24 - 2013-02-19 12:51 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-04-10 09:23 - 2013-03-19 08:04 - 05550424 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-04-10 09:23 - 2013-03-19 07:46 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2013-04-10 09:23 - 2013-03-19 07:04 - 03968856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-04-10 09:23 - 2013-03-19 07:04 - 03913560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-04-10 09:23 - 2013-03-19 06:47 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-04-10 09:23 - 2013-03-19 05:06 - 00112640 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe
2013-04-10 09:23 - 2013-03-01 05:36 - 03153408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-04-10 09:23 - 2013-02-21 12:29 - 14323200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-04-10 09:23 - 2013-02-21 12:14 - 19230208 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-04-10 09:23 - 2013-02-15 08:08 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2013-04-10 09:23 - 2013-02-15 08:06 - 03717632 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2013-04-10 09:23 - 2013-02-15 08:02 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
2013-04-10 09:23 - 2013-02-15 06:37 - 03217408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-04-10 09:23 - 2013-02-15 06:34 - 00131584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-04-10 09:23 - 2013-02-15 05:25 - 00036864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-04-10 09:23 - 2013-01-24 08:01 - 00223752 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys
2013-04-03 19:26 - 2013-04-04 08:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-04-02 21:37 - 2013-04-27 21:23 - 00004096 __ASH C:\VSNAP.IDX
2013-04-02 17:46 - 2013-04-02 17:46 - 00000000 ____D C:\Users\Giampiero\AppData\Roaming\ACD Systems
2013-04-02 07:58 - 2013-04-02 09:47 - 00000000 ____D C:\Users\Giampiero\AppData\Roaming\Thunderbird
2013-03-29 18:27 - 2013-03-25 08:25 - 00001341 ____A C:\Users\Giampiero\Desktop\servermet.txt
==================== One Month Modified Files and Folders =======
2013-04-28 09:42 - 2013-04-28 09:42 - 00000000 ____D C:\FRST
2013-04-28 09:41 - 2013-04-28 09:41 - 01709762 ____A (Farbar) C:\Users\Giampiero\Desktop\FRST64.exe
2013-04-28 09:39 - 2013-04-28 09:39 - 00001438 ____A C:\Users\Giampiero\Desktop\RKreport[1]_S_28042013_093915.txt
2013-04-28 09:22 - 2009-07-14 06:45 - 00014224 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-04-28 09:22 - 2009-07-14 06:45 - 00014224 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-04-28 09:18 - 2009-07-14 07:10 - 01727389 ____A C:\Windows\WindowsUpdate.log
2013-04-28 09:14 - 2011-01-24 15:27 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2013-04-28 09:14 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-04-28 09:14 - 2009-07-14 06:51 - 00035264 ____A C:\Windows\setupact.log
2013-04-27 21:23 - 2013-04-02 21:37 - 00004096 __ASH C:\VSNAP.IDX
2013-04-27 21:07 - 2013-02-07 20:19 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-04-27 19:33 - 2013-02-07 13:32 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-04-27 09:28 - 2011-01-24 15:51 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2013-04-27 09:28 - 2011-01-24 15:51 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2013-04-26 12:05 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Registration
2013-04-26 11:08 - 2009-07-14 07:13 - 00726316 ____A C:\Windows\System32\PerfStringBackup.INI
2013-04-22 10:43 - 2013-04-22 10:42 - 00000000 ____D C:\Users\Giampiero\AppData\Roaming\beid-cache
2013-04-21 10:02 - 2013-04-21 10:02 - 00003915 ____A C:\Windows\SysWOW64\jupdate-1.7.0_21-b11.log
2013-04-21 10:02 - 2013-03-18 11:56 - 00000000 ____D C:\Program Files (x86)\Java
2013-04-18 17:08 - 2011-01-24 15:28 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-04-18 17:02 - 2013-04-18 16:57 - 00000000 ____D C:\Users\Giampiero\AppData\Roaming\Skype
2013-04-17 10:01 - 2013-02-06 16:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-04-15 16:51 - 2013-04-15 16:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-04-12 16:45 - 2013-04-24 09:31 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-04-12 11:48 - 2013-02-07 20:19 - 00691592 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-04-12 11:48 - 2013-02-07 20:19 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-04-10 12:20 - 2013-02-06 17:39 - 00000000 ____D C:\Users\Giampiero\AppData\Roaming\vlc
2013-04-10 11:50 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\NDF
2013-04-10 11:35 - 2013-04-10 11:35 - 00000000 ____D C:\Users\Giampiero\AppData\Local\Sony
2013-04-10 11:25 - 2013-04-10 11:25 - 00176426 ____A C:\Windows\DPINST.LOG
2013-04-10 11:25 - 2013-02-06 16:15 - 00000000 ____D C:\Users\Giampiero\Desktop\unused dektop icons
2013-04-10 11:24 - 2013-02-16 13:13 - 00000000 ____D C:\Program Files (x86)\Sony
2013-04-10 11:24 - 2013-02-06 16:14 - 00000000 ____D C:\Users\Giampiero\Desktop\h
2013-04-10 11:24 - 2011-01-24 15:23 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-04-10 11:04 - 2013-04-10 11:04 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-04-10 09:27 - 2009-07-14 06:45 - 00466096 ____A C:\Windows\System32\FNTCACHE.DAT
2013-04-10 09:24 - 2013-02-06 14:51 - 72702784 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-04-07 13:14 - 2013-02-24 18:42 - 00000000 ____D C:\Users\Giampiero\AppData\Local\CrashDumps
2013-04-05 07:33 - 2011-01-25 00:15 - 00024050 ____A C:\Windows\PFRO.log
2013-04-04 14:50 - 2013-02-07 13:32 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-04-04 08:00 - 2013-04-03 19:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-04-04 05:35 - 2013-03-18 11:56 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-04-04 05:30 - 2013-03-18 11:56 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-04-04 05:29 - 2013-03-18 11:56 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-04-02 17:46 - 2013-04-02 17:46 - 00000000 ____D C:\Users\Giampiero\AppData\Roaming\ACD Systems
2013-04-02 17:46 - 2013-02-06 17:37 - 00000000 ____D C:\Users\Giampiero\AppData\Local\ACD Systems
2013-04-02 15:37 - 2013-02-16 12:53 - 00000000 ____D C:\Program Files (x86)\TomTom HOME 2
2013-04-02 15:37 - 2013-02-06 17:25 - 00000000 ____D C:\Users\Giampiero\AppData\Local\Downloaded Installations
2013-04-02 13:09 - 2009-07-14 07:08 - 00032644 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-04-02 09:47 - 2013-04-02 07:58 - 00000000 ____D C:\Users\Giampiero\AppData\Roaming\Thunderbird
2013-04-02 09:36 - 2013-02-06 14:16 - 00000000 ____D C:\users\Giampiero
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
Last Boot: 2013-04-24 09:54
==================== End Of Log ============================
----------- Addition.txt part 1--------------
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-04-2013 07
Ran by Giampiero at 2013-04-28 09:42:28 Run:
Running from C:\Users\Giampiero\Desktop
Boot Mode: Normal
==========================================================
==================== Installed Programs =======================
µTorrent (Version: 3.3.0.29038)
ACDSee Pro 6 (Version: 6.0.169)
Adobe Acrobat X Pro - English, Français, Deutsch (Version: 10.0.0)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.169)
Adobe Flash Player 11 Plugin (Version: 11.7.700.169)
ATI Catalyst Control Center (Version: 2.010.0113.2207)
avast! Free Antivirus (Version: 8.0.1483.0)
Belgium e-ID middleware 4.0.4 (build 7251) (Version: 4.0.7251)
BufferChm (Version: 130.0.331.000)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2010.0113.2208.39662)
Catalyst Control Center Graphics Full Existing (Version: 2010.0113.2208.39662)
Catalyst Control Center Graphics Full New (Version: 2010.0113.2208.39662)
Catalyst Control Center Graphics Light (Version: 2010.0113.2208.39662)
Catalyst Control Center Graphics Previews Common (Version: 2010.0113.2208.39662)
Catalyst Control Center Graphics Previews Vista (Version: 2010.0113.2208.39662)
Catalyst Control Center InstallProxy (Version: 2010.0113.2208.39662)
Catalyst Control Center Localization All (Version: 2010.0113.2208.39662)
CCC Help Chinese Standard (Version: 2010.0113.2207.39662)
CCC Help Chinese Traditional (Version: 2010.0113.2207.39662)
CCC Help Czech (Version: 2010.0113.2207.39662)
CCC Help Danish (Version: 2010.0113.2207.39662)
CCC Help Dutch (Version: 2010.0113.2207.39662)
CCC Help English (Version: 2010.0113.2207.39662)
CCC Help Finnish (Version: 2010.0113.2207.39662)
CCC Help French (Version: 2010.0113.2207.39662)
CCC Help German (Version: 2010.0113.2207.39662)
CCC Help Greek (Version: 2010.0113.2207.39662)
CCC Help Hungarian (Version: 2010.0113.2207.39662)
CCC Help Italian (Version: 2010.0113.2207.39662)
CCC Help Japanese (Version: 2010.0113.2207.39662)
CCC Help Korean (Version: 2010.0113.2207.39662)
CCC Help Norwegian (Version: 2010.0113.2207.39662)
CCC Help Polish (Version: 2010.0113.2207.39662)
CCC Help Portuguese (Version: 2010.0113.2207.39662)
CCC Help Russian (Version: 2010.0113.2207.39662)
CCC Help Spanish (Version: 2010.0113.2207.39662)
CCC Help Swedish (Version: 2010.0113.2207.39662)
CCC Help Thai (Version: 2010.0113.2207.39662)
CCC Help Turkish (Version: 2010.0113.2207.39662)
ccc-core-static (Version: 2010.0113.2208.39662)
ccc-utility64 (Version: 2010.0113.2208.39662)
Corel PaintShop Pro X4 (Version: 14.0.0.332)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
Dell DataSafe Local Backup - Support Software (Version: 9.4.60)
Dell DataSafe Local Backup (Version: 9.4.60)
Dell Edoc Viewer (Version: 1.0.0)
Dell Getting Started Guide (Version: 1.00.0000)
Dell MusicStage (Version: 1.3.31.0)
Dell PhotoStage (Version: 1.5.0.19)
Dell Stage (Version: 1.7.209.0)
Dell Support Center (Version: 3.2.6032.125)
Dell VideoStage (Version: 1.1.0.1011)
Destinations (Version: 130.0.0.0)
DirectX 9 Runtime (Version: 1.00.0000)
DivX Setup (Version: 1.0.1.4)
DocProc (Version: 13.0.0.0)
eBay (Version: 1.4.0)
eMule
FaxTalk FaxCenter Pro 8 (Version: 8.00.2000)
GPBaseService2 (Version: 130.0.371.000)
HP Imaging Device Functions 13.0 (Version: 13.0)
HP Photosmart Essential 3.5 (Version: 3.5)
HP Scanjet G3110 (Version: 13.0)
HP Solution Center 13.0 (Version: 13.0)
HP Update (Version: 4.000.011.006)
hpg3110 (Version: 13.0.0.0)
HPPhotosmartEssential (Version: 2.04.0000)
HPProductAssistant (Version: 130.0.371.000)
ICA (Version: 14.0.0.332)
Intel(R) Rapid Storage Technology (Version: 10.0.0.1046)
IPM_PSP_COM (Version: 14.0.0.332)
Java 7 Update 21 (Version: 7.0.210)
Java Auto Updater (Version: 2.1.9.5)
Java(TM) 6 Update 39 (64-bit) (Version: 6.0.390)
Junk Mail filter update (Version: 15.4.3502.0922)
LiveUpdate 3.2 (Symantec Corporation) (Version: 3.2.0.68)
LSI USB 2.0 Soft Modem (Version: 2.2.102)
MailBell (Version: 2.27)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Mesh Runtime (Version: 15.4.5722.2)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.4734.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared 32-bit MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 20.0.1 (x86 en-US) (Version: 20.0.1)
Mozilla Maintenance Service (Version: 20.0.1)
Mozilla Thunderbird 17.0.5 (x86 en-GB) (Version: 17.0.5)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Multimedia Card Reader (Version: 1.7.915.93)
Nero
Norton Ghost (Version: 15.0.1.36526)
OCR Software by I.R.I.S. 13.0 (Version: 13.0)
PhotoShowExpress (Version: 2.0.028)
PSPPContent (Version: 14.0.0.332)
PSPPHelp (Version: 14.0.0.332)
PSPPro64 (Version: 14.0.0.332)
RBVirtualFolder64Inst (Version: 1.00.0000)
Reader for PC (Version: 2.0.01.11080)
Realtek High Definition Audio Driver (Version: 6.0.1.6141)
Roxio Activation Module (Version: 1.0)
Roxio BackOnTrack (Version: 1.3.3)
Roxio Burn (Version: 1.6)
Roxio Creator Starter (Version: 1.0.311)
Roxio Creator Starter (Version: 12.1.40.0)
Roxio Creator Starter (Version: 5.0.0)
Roxio Express Labeler 3 (Version: 3.2.2)
Roxio File Backup (Version: 1.3.2)
Scan (Version: 13.0.0.0)
Setup (Version: 14.0.0.332)
Skins (Version: 2010.0113.2208.39662)
Skype™ 6.3 (Version: 6.3.105)
SolutionCenter (Version: 130.0.373.000)
Sonic CinePlayer Decoder Pack (Version: 4.3.0)
Sony PC Companion 2.10.136 (Version: 2.10.136)
THX TruStudio PC (Version: 1.0)
TomTom HOME (Version: 2.9.5)
TomTom HOME Visual Studio Merge Modules (Version: 1.0.2)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
VLC media player 2.0.5 (Version: 2.0.5)
VobSub v2.23 (Remove Only)
VoipBusterMate (Version: )
VoipStunt (Version: 4.12 build 689)
WebReg (Version: 130.0.132.017)
Win7codecs (Version: 3.9.9)
Winamp (Version: 5.63 )
Winamp Detector Plug-in (Version: 1.0.0.1)
Windows Driver Package - Fedict SmartCard (10/04/2011 4.0.0.5) (Version: 10/04/2011 4.0.0.5)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3508.1109)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WinRAR 4.20 (64-bit) (Version: 4.20.0)
WinZip 17.0 (Version: 17.0.10283)
Xmarks for IE (Version: 127.0.160)
---------- Addition.txt part 2 ---------------
==================== Restore Points =========================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (04/27/2013 10:45:35 AM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070422).
Error: (04/27/2013 10:39:54 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "SMC,processorArchitecture="x86",type="win32",version="8.2.0.0"1".Error in manifest or policy file "SMC,processorArchitecture="x86",type="win32",version="8.2.0.0"2" on line SMC,processorArchitecture="x86",type="win32",version="8.2.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is SMC,processorArchitecture="x86",type="win32",version="8.2.0.0".
Definition is SMC,processorArchitecture="x86",type="win32",version="12.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
Error: (04/27/2013 10:38:41 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
The manifest file root element must be assembly.
Error: (04/26/2013 09:16:40 AM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070422).
Error: (04/26/2013 08:26:40 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "SMC,processorArchitecture="x86",type="win32",version="8.2.0.0"1".Error in manifest or policy file "SMC,processorArchitecture="x86",type="win32",version="8.2.0.0"2" on line SMC,processorArchitecture="x86",type="win32",version="8.2.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is SMC,processorArchitecture="x86",type="win32",version="8.2.0.0".
Definition is SMC,processorArchitecture="x86",type="win32",version="12.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
Error: (04/26/2013 08:25:25 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
The manifest file root element must be assembly.
Error: (04/26/2013 08:07:02 AM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x80070422).
Error: (04/25/2013 07:52:22 AM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070422).
Error: (04/25/2013 07:46:47 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "SMC,processorArchitecture="x86",type="win32",version="8.2.0.0"1".Error in manifest or policy file "SMC,processorArchitecture="x86",type="win32",version="8.2.0.0"2" on line SMC,processorArchitecture="x86",type="win32",version="8.2.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is SMC,processorArchitecture="x86",type="win32",version="8.2.0.0".
Definition is SMC,processorArchitecture="x86",type="win32",version="12.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
Error: (04/25/2013 07:45:28 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
The manifest file root element must be assembly.
System errors:
=============
Error: (04/27/2013 09:29:12 AM) (Source: DCOM) (User: )
Description: {7D1933CB-86F6-4A98-8628-01BE94C9A575}
Error: (04/24/2013 10:23:59 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
Error: (04/24/2013 10:23:29 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
Error: (04/24/2013 10:21:51 AM) (Source: SCardSvr) (User: )
Description: The device has been removed.ACS CCID USB Reader 0GET_STATEXX XX XX XX
Error: (04/24/2013 10:21:51 AM) (Source: SCardSvr) (User: )
Description: The device has been removed.ACS CCID USB Reader 0GET_STATEXX XX XX XX
Error: (04/24/2013 10:21:15 AM) (Source: SCardSvr) (User: )
Description: The device has been removed.ACS CCID USB Reader 0GET_STATEXX XX XX XX
Error: (04/24/2013 10:21:13 AM) (Source: SCardSvr) (User: )
Description: The device has been removed.ACS CCID USB Reader 0GET_STATEXX XX XX XX
Error: (04/23/2013 08:55:34 PM) (Source: SCardSvr) (User: )
Description: The device has been removed.ACS CCID USB Reader 0GET_STATEXX XX XX XX
Error: (04/22/2013 06:49:23 PM) (Source: SCardSvr) (User: )
Description: The device has been removed.ACS CCID USB Reader 0GET_STATEXX XX XX XX
Error: (04/22/2013 11:03:53 AM) (Source: SCardSvr) (User: )
Description: The device has been removed.ACS CCID USB Reader 0GET_STATEXX XX XX XX
Microsoft Office Sessions:
=========================
Error: (04/27/2013 10:45:35 AM) (Source: System Restore)(User: )
Description: C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationScheduled Checkpoint0x80070422
Error: (04/27/2013 10:39:54 AM) (Source: SideBySide)(User: )
Description: SMC,processorArchitecture="x86",type="win32",version="8.2.0.0"SMC,processorArchitecture="x86",type=" win32",version="12.0.0.0"c:\program files (x86)\Nero\Nero 12\nero burning rom\NeroCmd.exe.Manifestc:\program files (x86)\Nero\Nero 12\nero burning rom\SMC\SMC.MANIFEST3
Error: (04/27/2013 10:38:41 AM) (Source: SideBySide)(User: )
Description: C:\Program Files (x86)\WinZip\adxloader.dll.ManifestC:\Program Files (x86)\WinZip\adxloader.dll.Manifest2
Error: (04/26/2013 09:16:40 AM) (Source: System Restore)(User: )
Description: C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationScheduled Checkpoint0x80070422
Error: (04/26/2013 08:26:40 AM) (Source: SideBySide)(User: )
Description: SMC,processorArchitecture="x86",type="win32",version="8.2.0.0"SMC,processorArchitecture="x86",type=" win32",version="12.0.0.0"c:\program files (x86)\Nero\Nero 12\nero burning rom\NeroCmd.exe.Manifestc:\program files (x86)\Nero\Nero 12\nero burning rom\SMC\SMC.MANIFEST3
Error: (04/26/2013 08:25:25 AM) (Source: SideBySide)(User: )
Description: C:\Program Files (x86)\WinZip\adxloader.dll.ManifestC:\Program Files (x86)\WinZip\adxloader.dll.Manifest2
Error: (04/26/2013 08:07:02 AM) (Source: System Restore)(User: )
Description: C:\Windows\system32\svchost.exe -k netsvcsWindows Update0x80070422
Error: (04/25/2013 07:52:22 AM) (Source: System Restore)(User: )
Description: C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationScheduled Checkpoint0x80070422
Error: (04/25/2013 07:46:47 AM) (Source: SideBySide)(User: )
Description: SMC,processorArchitecture="x86",type="win32",version="8.2.0.0"SMC,processorArchitecture="x86",type=" win32",version="12.0.0.0"c:\program files (x86)\Nero\Nero 12\nero burning rom\NeroCmd.exe.Manifestc:\program files (x86)\Nero\Nero 12\nero burning rom\SMC\SMC.MANIFEST3
Error: (04/25/2013 07:45:28 AM) (Source: SideBySide)(User: )
Description: C:\Program Files (x86)\WinZip\adxloader.dll.ManifestC:\Program Files (x86)\WinZip\adxloader.dll.Manifest2
==================== Memory info ===========================
Percentage of memory in use: 25%
Total physical RAM: 8174.45 MB
Available physical RAM: 6055.91 MB
Total Pagefile: 16347.07 MB
Available Pagefile: 13818.45 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:1384.87 GB) (Free:1317.61 GB) NTFS (Disk=0 Partition=3)
Drive x: (RECOVERY) (Fixed) (Total:12.25 GB) (Free:5.35 GB) NTFS (Disk=0 Partition=2)
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 1397 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Partitions of Disk 0:
===============
Disk ID: 1C5D4668
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 149 MB 31 KB
Partition 2 Primary 12 GB 150 MB
Partition 3 Primary 1384 GB 12 GB
==================================================================================
Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No
There is no volume associated with this partition.
=========================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 RECOVERY NTFS Partition 12 GB Healthy System (partition with boot components)
=========================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 1384 GB Healthy Boot
=========================================================
============================== MBR & Partition Table ==================
====================================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397 GB) (Disk ID: 1C5D4668)
Partition 1: (Not Active) - (Size=149 MB) - (Type=DE)
Partition 2: (Active) - (Size=12 GB) - (Type=07) (NTFS)
Partition 3: (Not Active) - (Size=-712031338496 byte) - (Type=07) (NTFS)
Quote