TechSpot

Bad Image error upon boot and opening programs

By Alzm10
Oct 27, 2014
  1. Hi
    I'm having an issue with a friends Sony vaio laptop. Its had error dialogue boxes popping up, usually when I open a program, and during start up.

    It usually says on boot:

    [program].exe - Bad Image
    c:\program~1\BEARAH~1\MediaBar\ Datamngr\x64\datamngr.dll is either not designed to run on windows or it contains an error.Try installing the program again using the original install media or contact sys admin.
    Or:
    c:\program~1\BEARAH~1\MediaBar\ Datamngr\x64\IEBHO.dll is either not designed to run on windows or it contains an error.Try installing the program again using the original install media or contact sys admin.

    It all started after a Malwarebytes scan and reboot.
    It's a sony Vaio VPCEE25FX
    Windows 7 SP1

    Thanks in advance for the help!
     
  2. Alzm10

    Alzm10 TS Rookie Topic Starter Posts: 24

    DDS scan
     

    Attached Files:

  3. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.[/B][/COLOR]
     
  4. Alzm10

    Alzm10 TS Rookie Topic Starter Posts: 24

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 11.0.9600.17344
    Run by Estevan at 17:54:22 on 2014-10-27
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.2059 [GMT -5:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
    SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    C:\PROGRA~2\CONSER~2\bar\1.bin\4nbarsvc.exe
    C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
    C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe
    C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    C:\PROGRA~2\RADIOP~2\bar\1.bin\4ebarsvc.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
    C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
    C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
    C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
    C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
    C:\Windows\SysWOW64\DllHost.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe
    c:\Program Files\Microsoft Security Client\NisSrv.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
    C:\Windows\system32\atieclxx.exe
    C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
    C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    C:\Program Files\Sony\VAIO Care\VCPerfService.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\sqlservr.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Sony\VAIO Care\listener.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Sony\VAIO Care\ESRV\esrv.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Apoint\ApMsgFwd.exe
    C:\Program Files\Apoint\Apvfb.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
    C:\Program Files\Sony\VAIO Update\vuagent.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
    C:\Program Files\Sony\VAIO Care\VCService.exe
    C:\Program Files\Sony\VAIO Care\VCAdmin.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Program Files\Sony\VAIO Care\VCAgent.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\PROGRA~1\Sony\VAIOCA~1\Iolo\IOLOTO~1.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\SysWOW64\DllHost.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://search.bearshare.com
    uSearch Bar = Preserve
    uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
    uURLSearchHooks: <No Name>: {8bc67b0f-a721-45e0-a0b6-db0121b0aade} - C:\Program Files (x86)\RadioPI_4e\bar\1.bin\4eSrcAs.dll
    uURLSearchHooks: <No Name>: {752929fc-c897-4620-9fa8-0303247277e2} - C:\Program Files (x86)\ConservativeTalkNow_4n\bar\1.bin\4nSrcAs.dll
    mWinlogon: Userinit = userinit.exe
    BHO: Toolbar BHO: {35fd2bab-ab2b-494f-b5bf-8755ec043784} - C:\Program Files (x86)\RadioPI_4e\bar\1.bin\4ebar.dll
    BHO: Search Assistant BHO: {4adc9c1b-9c50-4c2d-a471-5c06d8de7e80} - C:\Program Files (x86)\RadioPI_4e\bar\1.bin\4eSrcAs.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
    BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Search Assistant BHO: {af77c74d-a46e-4671-afa0-1a09b1d4be39} - C:\Program Files (x86)\ConservativeTalkNow_4n\bar\1.bin\4nSrcAs.dll
    BHO: DataMngr: {B939CF93-F2CB-443d-956C-DC523D85C9DB} - C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\BrowserConnection.dll
    BHO: Wincore Mediabar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: Toolbar BHO: {e5af9d32-01d7-47b8-9eb6-87d9afce744f} - C:\Program Files (x86)\ConservativeTalkNow_4n\bar\1.bin\4nbar.dll
    TB: ConservativeTalkNow: {533329C9-CA91-42A2-8792-7F91C7B4172A} - C:\Program Files (x86)\ConservativeTalkNow_4n\bar\1.bin\4nbar.dll
    TB: RadioPI: {92926B63-5116-4C6F-A33E-378767B8D15F} - C:\Program Files (x86)\RadioPI_4e\bar\1.bin\4ebar.dll
    TB: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
    TB: ConservativeTalkNow: {533329c9-ca91-42a2-8792-7f91c7b4172a} - C:\Program Files (x86)\ConservativeTalkNow_4n\bar\1.bin\4nbar.dll
    TB: RadioPI: {92926b63-5116-4c6f-a33e-378767b8d15f} - C:\Program Files (x86)\RadioPI_4e\bar\1.bin\4ebar.dll
    TB: Wincore Mediabar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll
    mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableLUA = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll
    DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} - hxxps://webiq005.webiqonline.com/WebIQ/DataServer/DataServer.dll?Handler=GetEngineDistribution&EDID={896A23A1-5821-4609-A6C6-6D5536C585C9}
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{30625CBE-05E0-49E4-8016-F1FA70204A25} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{30625CBE-05E0-49E4-8016-F1FA70204A25}\05255434943594F4E4255405149425F5E4564777F627B6 : DHCPNameServer = 10.0.0.1
    TCP: Interfaces\{30625CBE-05E0-49E4-8016-F1FA70204A25}\14364796F6E6475636 : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{30625CBE-05E0-49E4-8016-F1FA70204A25}\65562796A7F6E602D496649623230303022373548302355636572756 : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{30625CBE-05E0-49E4-8016-F1FA70204A25}\E4544574541425 : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{C95AAEC7-CC43-41C3-BA80-5AA2B163F007} : DHCPNameServer = 192.168.1.1
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    AppInit_DLLs= C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\datamngr.dll C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: DataMngr: {B939CF93-F2CB-443d-956C-DC523D85C9DB} - C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\x64\BrowserConnection.dll
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    x64-Run: [Apoint] C:\Program Files (x86)\Apoint\Apoint.exe
    x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2010-5-14 73856]
    R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2010-5-14 28800]
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-7-17 269008]
    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-2-5 55280]
    R2 6077757b;6077757b;C:\Windows\System32\drivers\regi.sys [2010-2-5 14112]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-4-7 202752]
    R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-4-29 361984]
    R2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
    R2 ConservativeTalkNow_4nService;ConservativeTalkNowService;C:\PROGRA~2\CONSER~2\bar\1.bin\4nbarsvc.exe [2011-8-4 42504]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
    R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2012-9-9 168448]
    R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2012-9-9 131072]
    R2 ESRV_SVC;Energy Server Service;C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [2013-11-1 377768]
    R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-9-27 125584]
    R2 Oasis2Service;Oasis2Service;C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [2010-6-24 46080]
    R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]
    R2 RadioPI_4eService;RadioPI Service;C:\PROGRA~2\RADIOP~2\bar\1.bin\4ebarsvc.exe [2011-9-3 34864]
    R2 SampleCollector;Intel(R) System Behavior Tracker Collector Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2013-11-1 266168]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
    R2 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-2-5 108400]
    R2 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-2-5 422768]
    R2 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-2-5 67952]
    R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-6-9 5024576]
    R2 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-3-18 852336]
    R2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-2-19 529776]
    R2 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-2-19 386416]
    R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2014-10-8 46136]
    R3 MSSQL$DDNI;SQL Server (DDNI);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\sqlservr.exe [2009-3-30 43010392]
    R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-8-22 368624]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-2-5 242720]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-4-7 346144]
    R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2010-4-8 12032]
    R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
    R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
    R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
    R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
    R3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe [2010-2-8 302448]
    R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-2-5 38456]
    R3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2014-7-2 59240]
    R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update\VUAgent.exe [2014-6-5 1642544]
    R3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
    S2 regi;regi;C:\Windows\System32\drivers\regi.sys [2010-2-5 14112]
    S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-7-24 48488]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-10-18 111616]
    S3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-10-26 129752]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-10-10 19456]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-10-10 56832]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-2-18 51712]
    S3 USER_ESRV_SVC;User Energy Server Service;C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [2013-11-1 377768]
    S3 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2010-2-5 574320]
    S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-2-19 115568]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-8-2 1255736]
    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-3-30 47128]
    S4 SQLAgent$DDNI;SQL Server Agent (DDNI);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 366936]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2014-10-27 22:44:48 11627712 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{365091BC-6B97-4C01-90BB-6254B2A68458}\mpengine.dll
    2014-10-27 03:44:04 -------- d-----w- C:\Users\Estevan\AppData\Local\Deployment
    2014-10-26 18:11:10 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
    2014-10-26 18:10:43 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
    2014-10-26 18:10:43 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
    2014-10-26 18:10:43 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2014-10-26 18:10:43 -------- d-----w- C:\ProgramData\Malwarebytes
    2014-10-26 18:10:43 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-10-26 18:10:12 -------- d-----w- C:\Users\Estevan\AppData\Local\Programs
    2014-10-26 14:07:58 11627712 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2014-10-18 15:19:29 3241472 ----a-w- C:\Windows\System32\msi.dll
    2014-10-18 15:19:28 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
    2014-10-18 15:19:03 3179520 ----a-w- C:\Windows\System32\rdpcorets.dll
    2014-10-18 15:17:46 6584320 ----a-w- C:\Windows\System32\mstscax.dll
    2014-10-18 15:17:43 5703168 ----a-w- C:\Windows\SysWow64\mstscax.dll
    2014-10-18 15:17:39 77312 ----a-w- C:\Windows\System32\packager.dll
    2014-10-18 15:17:39 67072 ----a-w- C:\Windows\SysWow64\packager.dll
    2014-10-18 15:13:20 -------- d-----w- C:\Users\Estevan\AppData\Local\MOVband
    2014-10-11 03:33:07 16384 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
    2014-10-11 00:26:44 19456 ----a-w- C:\Windows\System32\drivers\rdpvideominiport.sys
    2014-10-11 00:26:35 192000 ----a-w- C:\Windows\SysWow64\rdpendp_winip.dll
    2014-10-11 00:26:34 243200 ----a-w- C:\Windows\System32\rdpudd.dll
    2014-10-11 00:26:34 228864 ----a-w- C:\Windows\System32\rdpendp_winip.dll
    2014-10-10 23:48:19 1188440 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7AB38678-8E71-4C10-A0B1-217A7AA77CC6}\gapaengine.dll
    2014-10-10 23:41:21 2777088 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
    2014-10-10 23:41:21 2285056 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
    2014-10-10 23:39:36 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
    2014-10-10 23:39:23 -------- dc----w- C:\Program Files\Microsoft Security Client
    2014-10-10 23:19:30 99480 ----a-w- C:\Windows\SysWow64\infocardapi.dll
    2014-10-10 23:19:30 619672 ----a-w- C:\Windows\SysWow64\icardagt.exe
    2014-10-10 23:19:30 171160 ----a-w- C:\Windows\System32\infocardapi.dll
    2014-10-10 23:19:30 1389208 ----a-w- C:\Windows\System32\icardagt.exe
    2014-10-10 23:19:26 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
    2014-10-10 23:19:26 8856 ----a-w- C:\Windows\System32\icardres.dll
    2014-10-10 23:18:50 35480 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe
    2014-10-10 23:18:50 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe
    2014-10-10 12:41:58 1719296 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
    2014-10-10 12:41:58 1380864 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
    2014-10-10 12:41:58 1354240 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
    2014-10-10 12:41:57 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
    2014-10-10 12:41:57 1389568 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
    2014-10-10 12:41:53 793600 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
    2014-10-10 12:41:53 1031168 ----a-w- C:\Windows\System32\TSWorkspace.dll
    2014-10-10 12:41:24 504320 ----a-w- C:\Windows\System32\msihnd.dll
    2014-10-10 12:41:24 337408 ----a-w- C:\Windows\SysWow64\msihnd.dll
    2014-10-10 12:41:24 1941504 ----a-w- C:\Windows\System32\authui.dll
    2014-10-10 12:41:24 1805824 ----a-w- C:\Windows\SysWow64\authui.dll
    2014-10-10 12:41:24 112064 ----a-w- C:\Windows\System32\consent.exe
    2014-10-10 12:40:23 340992 ----a-w- C:\Windows\System32\schannel.dll
    2014-10-10 12:40:23 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
    2014-10-10 12:40:22 314880 ----a-w- C:\Windows\System32\msv1_0.dll
    2014-10-10 12:40:22 307200 ----a-w- C:\Windows\System32\ncrypt.dll
    2014-10-10 12:40:22 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
    2014-10-10 12:40:22 210944 ----a-w- C:\Windows\System32\wdigest.dll
    2014-10-10 12:40:21 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2014-10-10 12:40:21 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
    2014-10-10 12:33:44 728064 ----a-w- C:\Windows\System32\kerberos.dll
    2014-10-10 12:33:44 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
    2014-10-10 12:33:44 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
    2014-10-10 12:33:43 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    2014-10-10 12:33:43 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2014-10-10 12:32:31 404480 ----a-w- C:\Windows\System32\gdi32.dll
    2014-10-10 12:32:31 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
    2014-10-10 12:32:23 11578928 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{633406E7-4DAA-43AF-AC44-273199A9C9CF}\mpengine.dll
    2014-10-09 02:08:41 -------- d-----w- C:\Users\Estevan\AppData\Local\AMD
    2014-10-09 02:04:20 -------- d-----w- C:\Program Files (x86)\AMD AVT
    2014-10-09 02:04:15 -------- d-----w- C:\Program Files (x86)\AMD APP
    2014-10-09 02:04:08 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
    2014-10-09 02:04:08 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
    2014-10-09 02:02:54 -------- d-----w- C:\ProgramData\AMD
    2014-10-09 02:02:52 46136 ----a-w- C:\Windows\System32\drivers\amdiox64.sys
    2014-10-09 02:02:48 -------- d-----w- C:\Program Files (x86)\ATI Technologies
    2014-10-09 01:59:35 -------- dc----w- C:\Program Files\ATI Technologies
    2014-10-09 01:58:10 -------- dc----w- C:\AMD
    2014-10-08 22:54:43 2002432 ----a-w- C:\Windows\System32\msxml6.dll
    2014-10-08 22:54:43 1882112 ----a-w- C:\Windows\System32\msxml3.dll
    2014-10-08 22:54:42 2048 ----a-w- C:\Windows\SysWow64\msxml6r.dll
    2014-10-08 22:54:42 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
    2014-10-08 22:54:42 2048 ----a-w- C:\Windows\System32\msxml6r.dll
    2014-10-08 22:54:42 2048 ----a-w- C:\Windows\System32\msxml3r.dll
    2014-10-08 22:54:42 1389056 ----a-w- C:\Windows\SysWow64\msxml6.dll
    2014-10-08 22:54:42 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2014-10-08 22:54:40 801280 ----a-w- C:\Windows\System32\usp10.dll
    2014-10-08 22:54:40 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
    2014-10-08 22:54:39 288192 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
    2014-10-08 22:54:39 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2014-10-08 22:47:58 2620928 ----a-w- C:\Windows\System32\wucltux.dll
    2014-10-08 22:47:21 97792 ----a-w- C:\Windows\System32\wudriver.dll
    2014-10-08 22:47:21 92672 ----a-w- C:\Windows\SysWow64\wudriver.dll
    2014-10-08 22:46:59 36864 ----a-w- C:\Windows\System32\wuapp.exe
    2014-10-08 22:46:59 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
    2014-10-08 22:46:59 198600 ----a-w- C:\Windows\System32\wuwebv.dll
    2014-10-08 22:46:59 179656 ----a-w- C:\Windows\SysWow64\wuwebv.dll
    .
    ==================== Find3M ====================
    .
    2014-10-26 14:28:01 952 --sha-w- C:\ProgramData\KGyGaAvL.sys
    2014-10-10 02:05:59 276480 ----a-w- C:\Windows\System32\generaltel.dll
    2014-10-10 02:05:42 507392 ----a-w- C:\Windows\System32\aepdu.dll
    2014-10-10 02:00:38 424448 ----a-w- C:\Windows\System32\aeinv.dll
    2014-10-08 23:28:25 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-10-08 23:28:25 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2014-10-08 22:54:00 13792 ----a-w- C:\Windows\System32\drivers\semav6thermal64ro.sys
    2014-09-29 00:58:48 3198976 ----a-w- C:\Windows\System32\win32k.sys
    2014-09-25 22:32:04 2017280 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2014-09-25 22:31:02 2108416 ----a-w- C:\Windows\System32\inetcpl.cpl
    2014-09-25 02:08:38 371712 ----a-w- C:\Windows\System32\qdvd.dll
    2014-09-25 01:40:50 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
    2014-09-22 06:42:39 278152 ------w- C:\Windows\System32\MpSigStub.exe
    2014-09-19 01:56:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
    2014-09-19 01:55:49 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
    2014-09-19 01:40:43 66048 ----a-w- C:\Windows\System32\iesetup.dll
    2014-09-19 01:40:03 547328 ----a-w- C:\Windows\System32\vbscript.dll
    2014-09-19 01:39:58 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
    2014-09-19 01:38:27 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
    2014-09-19 01:36:57 5829632 ----a-w- C:\Windows\System32\jscript9.dll
    2014-09-19 01:26:00 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
    2014-09-19 01:25:49 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
    2014-09-19 01:25:12 4201472 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2014-09-19 01:25:09 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
    2014-09-19 01:18:02 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
    2014-09-19 01:14:57 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2014-09-19 01:06:47 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
    2014-09-19 01:02:07 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2014-09-19 01:01:47 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2014-09-19 01:01:03 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
    2014-09-19 00:59:40 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
    2014-09-19 00:50:16 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2014-09-19 00:49:31 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
    2014-09-19 00:40:12 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
    2014-09-19 00:36:23 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
    2014-09-19 00:33:18 2309632 ----a-w- C:\Windows\System32\wininet.dll
    2014-09-19 00:18:55 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
    2014-09-18 23:59:11 1810944 ----a-w- C:\Windows\SysWow64\wininet.dll
    2014-09-09 22:11:04 2048 ----a-w- C:\Windows\System32\tzres.dll
    2014-09-09 21:47:10 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2014-09-04 05:23:20 424448 ----a-w- C:\Windows\System32\rastls.dll
    2014-09-04 05:04:15 372736 ----a-w- C:\Windows\SysWow64\rastls.dll
    .
    ============= FINISH: 17:55:08.56 ===============
     
  5. Alzm10

    Alzm10 TS Rookie Topic Starter Posts: 24

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 7/31/2010 12:43:30 AM
    System Uptime: 10/27/2014 5:32:44 PM (0 hours ago)
    .
    Motherboard: Sony Corporation | | VAIO
    Processor: AMD Athlon(tm) II P320 Dual-Core Processor | N/A | 2100/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 288 GiB total, 229.675 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: regi
    Device ID: ROOT\LEGACY_REGI\0000
    Manufacturer:
    Name: regi
    PNP Device ID: ROOT\LEGACY_REGI\0000
    Service: regi
    .
    ==== System Restore Points ===================
    .
    RP389: 10/8/2014 5:44:38 PM - Windows Update
    RP390: 10/8/2014 5:45:21 PM - Windows Update
    RP391: 10/8/2014 9:51:20 PM - Removed Joint Operations: Typhoon Rising
    RP392: 10/8/2014 10:29:37 PM - Windows Update
    RP393: 10/10/2014 3:01:09 AM - Windows Update
    RP394: 10/10/2014 6:17:33 PM - Windows Update
    RP395: 10/11/2014 3:00:16 AM - Windows Update
    RP396: 10/18/2014 10:04:40 AM - Windows Update
    RP397: 10/19/2014 3:00:15 AM - Windows Update
    RP398: 10/26/2014 8:54:22 AM - Removed MOVband SYNC
    RP399: 10/26/2014 9:06:17 AM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    64 Bit HP CIO Components Installer
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 Plugin
    Adobe Flash Player 15 ActiveX
    Adobe Reader X (10.1.8)
    Alps Pointing-device for VAIO
    AMD Accelerated Video Transcoding
    AMD APP SDK Runtime
    AMD Catalyst Install Manager
    AMD Drag and Drop Transcoding
    AMD Fuel
    AMD Media Foundation Decoders
    AMD USB Filter Driver
    AMD VISION Engine Control Center
    Application Manager for VAIO
    ArcSoft WebCam Companion 3
    Bonjour
    Canon IJ Network Scan Utility
    Canon IJ Network Tool
    Canon MP Navigator EX 2.0
    Canon MP620 series MP Drivers
    Canon MP620 series User Registration
    Canon Utilities Easy-PhotoPrint EX
    Canon Utilities My Printer
    Canon Utilities Solution Menu
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-core-static
    ccc-utility64
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Click to Call with Skype
    Click to Disc MergeModules x64
    ConservativeTalkNow
    Corel WinDVD
    D3DX10
    DJ_AIO_06_F2400_SW_Min
    EasyBits GO
    EPSON NX330 Series Printer Uninstall
    Evernote
    Feedback Tool
    Google Chrome
    Google Update Helper
    Hamster Free Video Converter
    HP Deskjet 1000 J110 series Help
    HP Deskjet F2400 All-in-One Driver 14.0 Rel. 6
    Inkjet Printer/Scanner Extended Survey Program
    InterActual Player
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 18
    Java(TM) 6 Update 18 (64-bit)
    Junk Mail filter update
    Malwarebytes Anti-Malware version 2.0.3.1025
    Media Gallery
    Media Gallery MergeModules x64
    Mesh Runtime
    Messenger Companion
    Microsoft .NET Framework 4.5.1
    Microsoft Application Error Reporting
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office 2010
    Microsoft Office Click-to-Run 2010
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Home and Student 2007
    Microsoft Office Office 64-bit Components 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Shared 64-bit MUI (English) 2007
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Starter 2010 - English
    Microsoft Office Word MUI (English) 2007
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server 2008
    Microsoft SQL Server 2008 Browser
    Microsoft SQL Server 2008 Common Files
    Microsoft SQL Server 2008 Database Engine Services
    Microsoft SQL Server 2008 Database Engine Shared
    Microsoft SQL Server 2008 Native Client
    Microsoft SQL Server 2008 RsFx Driver
    Microsoft SQL Server 2008 Setup Support Files
    Microsoft SQL Server VSS Writer
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    MSI_SPF_x64
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    Oasis2Service 1.0
    Onefog DesktopShooter
    OOBE
    PlayReady PC Runtime amd64
    PMB
    PMB VAIO Edition Guide
    PMB VAIO Edition plug-in (Click to Disc)
    PMB VAIO Edition plug-in (VAIO Image Optimizer)
    PMB VAIO Edition plug-in (VAIO Movie Story)
    QuickTime
    RadioPI
    Realtek HDMI Audio Driver for ATI
    Realtek High Definition Audio Driver
    Realtek USB 2.0 Card Reader
    Safari
    Scan
    Search Toolbar
    Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2878233) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2883031) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office OneNote 2007 (KB2596857) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2883032) 32-Bit Edition
    Service Pack 1 for SQL Server 2008 (KB968369)
    Setting Utility Series
    Sid Meier's Civil War Collection
    SmartWi Connection Utility
    Sony Home Network Library
    Sql Server Customer Experience Improvement Program
    TeamViewer 9
    Toolbox
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    VAIO Care
    VAIO Care Recovery
    VAIO Content Monitoring Settings
    VAIO Control Center
    VAIO Data Restore Tool
    VAIO DVD Menu Data
    VAIO Entertainment Platform
    VAIO Event Service
    VAIO Gate
    VAIO Gate Default
    VAIO Hardware Diagnostics
    VAIO Health Report
    VAIO Help and Support
    VAIO Help and Support Update
    VAIO Manual
    VAIO Media plus
    VAIO Media plus Opening Movie
    VAIO Messenger
    VAIO Movie Story MergeModules x64
    VAIO Movie Story Template Data
    VAIO Original Function Settings
    VAIO Power Management
    VAIO Sample Contents
    VAIO Survey
    VAIO Transfer Support
    VAIO Update
    VAIO Wallpaper Contents
    VGClientX64
    VGClientX86
    VMp MergeModule x64
    VoiceOver Kit
    VU5x64
    VU5x86
    WebIQ Technology Engine
    WIDCOMM Bluetooth Software
    Wincore MediaBar
    Windows Driver Package - Broadcom Bluetooth (09/09/2009 6.2.0.9405)
    Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Media Player Firefox Plugin
    Xvid 1.2.1 final uninstall
    .
    ==== Event Viewer Messages From Past Week ========
    .
    10/27/2014 5:34:29 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    10/27/2014 5:34:28 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    10/27/2014 5:33:28 PM, Error: Service Control Manager [7000] - The regi service failed to start due to the following error: The system cannot find the file specified.
    10/26/2014 10:00:37 AM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
    .
    ==== End Of File ===========================
     
  6. Alzm10

    Alzm10 TS Rookie Topic Starter Posts: 24

    I'm waiting on Malwarebytes to finish and ill post the log as soon as its done. For some reason it won't show the log from the scan yesterday.
     
  7. Broni

    Broni Malware Annihilator Posts: 52,904   +344

  8. Alzm10

    Alzm10 TS Rookie Topic Starter Posts: 24

    Malwarebytes finished and said it found around 800 threat and quarantined everything. I let it go through a restart and after it boot I followed the instruction to get the log but after it exported this is all that is shows in the .txt file:

    Malwarebytes Anti-Malware
    www.malwarebytes.org
     
  9. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Use second option to get a log...

    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the scan log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.
    If it lists 800 or so items attach it instead of pasting it in (as an exception).
     
  10. Alzm10

    Alzm10 TS Rookie Topic Starter Posts: 24

    I've tried that and there isn't anything in the log. I'll try and paste a screen shot to show.
     
  11. Alzm10

    Alzm10 TS Rookie Topic Starter Posts: 24

  12. Alzm10

    Alzm10 TS Rookie Topic Starter Posts: 24

  13. Alzm10

    Alzm10 TS Rookie Topic Starter Posts: 24

    Quarantine list
    upload_2014-10-27_20-35-18.png
     
  14. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Ok, let's leave it.

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download [​IMG] Malwarebytes Anti-Rootkit to your desktop.
    • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
    • Double click on downloaded file. OK self extracting prompt.
    • MBAR will start. Click "Next" to continue.
    • Click in the following screen "Update" to obtain the latest malware definitions.
    • Once the update is complete select "Next" and click "Scan".
    • When the scan is finished and no malware has been found select "Exit".
    • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
    • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
      • "mbar-log-{date} (xx-xx-xx).txt"
      • "system-log.txt"
     
  15. Alzm10

    Alzm10 TS Rookie Topic Starter Posts: 24

    RogueKiller V10.0.3.0 [Oct 22 2014] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Estevan [Administrator]
    Mode : Delete -- Date : 10/27/2014 21:03:40

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 8 ¤¤¤
    [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3067653732-3291335556-3345723209-1004\Software\Microsoft\Internet Explorer\Main | Start Page : http://search.bearshare.com -> Not selected
    [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3067653732-3291335556-3345723209-1004\Software\Microsoft\Internet Explorer\Main | Start Page : http://search.bearshare.com -> Not selected
    [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Not selected
    [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Not selected
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: SAMSUNG HM321HI SATA Disk Device +++++
    --- User ---
    [MBR] cd1671021dc7131398d2ce3ff7ec64de
    [BSP] bb9040e268d6342def6e3ad1684b6fa6 : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 9815 MB
    1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 20105216 | Size: 100 MB
    2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 20310016 | Size: 295327 MB
    User = LL1 ... OK
    User = LL2 ... OK


    ============================================
    RKreport_SCN_10272014_204803.log
     
  16. Alzm10

    Alzm10 TS Rookie Topic Starter Posts: 24

    Malwarebytes Anti-Rootkit BETA 1.07.0.1012
    www.malwarebytes.org

    Database version: v2014.10.27.09

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 11.0.9600.17358
    Estevan :: PRECISIONREPAIR [administrator]

    10/27/2014 9:10:24 PM
    mbar-log-2014-10-27 (21-10-24).txt

    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Objects scanned: 368280
    Time elapsed: 16 minute(s), 58 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    Physical Sectors Detected: 0
    (No malicious items detected)

    (end)




    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.07.0.1012

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    Account is Administrative

    Internet Explorer version: 11.0.9600.17358

    Java version: 1.6.0_18

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
    CPU speed: 2.094000 GHz
    Memory total: 4021182464, free: 1659330560

    Downloaded database version: v2014.10.27.09
    Downloaded database version: v2014.10.22.01
    =======================================
    Initializing...
    Done!
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    Done!
    Drive 0
    This is a System drive
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 361D9106

    Partition information:

    Partition 0 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048 Numsec = 20101120

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 20105216 Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 20310016 Numsec = 604830384

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 320072933376 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)...
    Done!
    Scan finished
    =======================================


    Removal queue found; removal started
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-20105216-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
    Removal finished
     
  17. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  18. Alzm10

    Alzm10 TS Rookie Topic Starter Posts: 24

    ComboFix 14-10-27.01 - Estevan 10/27/2014 21:45:27.1.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.1770 [GMT -5:00]
    Running from: c:\users\Estevan\Downloads\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
    SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\RadioPI_4eEI
    c:\program files (x86)\Search Toolbar
    c:\program files (x86)\Search Toolbar\icon.ico
    c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe
    c:\program files (x86)\Search Toolbar\SearchToolbarUpdater.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2014-09-28 to 2014-10-28 )))))))))))))))))))))))))))))))
    .
    .
    2014-10-28 02:54 . 2014-10-28 02:54 -------- d-----w- c:\users\Home\AppData\Local\temp
    2014-10-28 02:54 . 2014-10-28 02:54 -------- d-----w- c:\users\Default\AppData\Local\temp
    2014-10-28 02:10 . 2014-10-28 02:30 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
    2014-10-28 01:41 . 2014-10-28 01:41 34808 ----a-w- c:\windows\system32\drivers\TrueSight.sys
    2014-10-28 01:41 . 2014-10-28 01:41 -------- d-----w- c:\programdata\RogueKiller
    2014-10-28 01:37 . 2014-10-28 01:37 75888 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{365091BC-6B97-4C01-90BB-6254B2A68458}\offreg.dll
    2014-10-27 22:44 . 2014-10-14 19:59 11627712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{365091BC-6B97-4C01-90BB-6254B2A68458}\mpengine.dll
    2014-10-27 03:44 . 2014-10-27 03:44 -------- d-----w- c:\users\Estevan\AppData\Local\Deployment
    2014-10-26 18:11 . 2014-10-28 01:30 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-10-26 18:10 . 2014-10-28 02:09 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-10-26 18:10 . 2014-10-28 00:07 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
    2014-10-26 18:10 . 2014-10-26 18:10 -------- d-----w- c:\programdata\Malwarebytes
    2014-10-26 18:10 . 2014-10-01 16:11 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
    2014-10-26 18:10 . 2014-10-01 16:11 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
    2014-10-26 18:10 . 2014-10-26 18:10 -------- d-----w- c:\users\Estevan\AppData\Local\Programs
    2014-10-26 14:07 . 2014-10-14 19:59 11627712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2014-10-18 15:19 . 2014-09-18 02:00 3241472 ----a-w- c:\windows\system32\msi.dll
    2014-10-18 15:19 . 2014-09-18 01:32 2363904 ----a-w- c:\windows\SysWow64\msi.dll
    2014-10-18 15:19 . 2014-08-29 02:07 3179520 ----a-w- c:\windows\system32\rdpcorets.dll
    2014-10-18 15:17 . 2014-09-05 02:11 6584320 ----a-w- c:\windows\system32\mstscax.dll
    2014-10-18 15:17 . 2014-09-05 01:52 5703168 ----a-w- c:\windows\SysWow64\mstscax.dll
    2014-10-18 15:17 . 2014-09-13 01:58 77312 ----a-w- c:\windows\system32\packager.dll
    2014-10-18 15:17 . 2014-09-13 01:40 67072 ----a-w- c:\windows\SysWow64\packager.dll
    2014-10-18 15:13 . 2014-10-18 15:13 -------- d-----w- c:\users\Estevan\AppData\Local\MOVband
    2014-10-11 03:33 . 2014-05-08 09:32 16384 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
    2014-10-11 00:26 . 2012-08-23 14:10 19456 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
    2014-10-11 00:26 . 2012-08-23 11:12 192000 ----a-w- c:\windows\SysWow64\rdpendp_winip.dll
    2014-10-11 00:26 . 2012-08-23 14:13 243200 ----a-w- c:\windows\system32\rdpudd.dll
    2014-10-11 00:26 . 2012-08-23 10:51 228864 ----a-w- c:\windows\system32\rdpendp_winip.dll
    2014-10-10 23:48 . 2014-09-10 21:30 1188440 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7AB38678-8E71-4C10-A0B1-217A7AA77CC6}\gapaengine.dll
    2014-10-10 23:41 . 2014-06-27 02:08 2777088 ----a-w- c:\windows\system32\msmpeg2vdec.dll
    2014-10-10 23:41 . 2014-06-27 01:45 2285056 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
    2014-10-10 23:39 . 2014-10-11 02:49 -------- d-----w- c:\program files (x86)\Microsoft Security Client
    2014-10-10 23:39 . 2014-10-11 02:49 -------- dc----w- c:\program files\Microsoft Security Client
    2014-10-10 23:19 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
    2014-10-10 23:19 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
    2014-10-10 23:19 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
    2014-10-10 23:19 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
    2014-10-10 23:19 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
    2014-10-10 23:19 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
    2014-10-10 23:18 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
    2014-10-10 23:18 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
    2014-10-10 12:41 . 2014-06-03 10:02 1719296 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
    2014-10-10 12:41 . 2014-06-03 10:02 1380864 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
    2014-10-10 12:41 . 2014-06-03 10:02 1354240 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
    2014-10-10 12:41 . 2014-06-03 10:02 1389568 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
    2014-10-10 12:41 . 2014-06-03 09:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
    2014-10-10 12:41 . 2014-08-01 11:53 1031168 ----a-w- c:\windows\system32\TSWorkspace.dll
    2014-10-10 12:41 . 2014-08-01 11:35 793600 ----a-w- c:\windows\SysWow64\TSWorkspace.dll
    2014-10-10 12:41 . 2014-06-03 10:02 112064 ----a-w- c:\windows\system32\consent.exe
    2014-10-10 12:41 . 2014-06-03 10:02 504320 ----a-w- c:\windows\system32\msihnd.dll
    2014-10-10 12:41 . 2014-06-03 10:02 1941504 ----a-w- c:\windows\system32\authui.dll
    2014-10-10 12:41 . 2014-06-03 09:29 337408 ----a-w- c:\windows\SysWow64\msihnd.dll
    2014-10-10 12:41 . 2014-06-03 09:29 1805824 ----a-w- c:\windows\SysWow64\authui.dll
    2014-10-10 12:40 . 2014-05-30 08:08 340992 ----a-w- c:\windows\system32\schannel.dll
    2014-10-10 12:40 . 2014-05-30 07:52 247808 ----a-w- c:\windows\SysWow64\schannel.dll
    2014-10-10 12:40 . 2014-05-30 08:08 210944 ----a-w- c:\windows\system32\wdigest.dll
    2014-10-10 12:40 . 2014-05-30 08:08 314880 ----a-w- c:\windows\system32\msv1_0.dll
    2014-10-10 12:40 . 2014-05-30 08:08 307200 ----a-w- c:\windows\system32\ncrypt.dll
    2014-10-10 12:40 . 2014-05-30 07:52 259584 ----a-w- c:\windows\SysWow64\msv1_0.dll
    2014-10-10 12:40 . 2014-05-30 07:52 172032 ----a-w- c:\windows\SysWow64\wdigest.dll
    2014-10-10 12:40 . 2014-05-30 07:52 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
    2014-10-10 12:33 . 2014-07-07 02:06 728064 ----a-w- c:\windows\system32\kerberos.dll
    2014-10-10 12:33 . 2014-07-07 02:06 1460736 ----a-w- c:\windows\system32\lsasrv.dll
    2014-10-10 12:33 . 2014-07-07 01:40 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
    2014-10-10 12:33 . 2014-07-07 01:40 22016 ----a-w- c:\windows\SysWow64\secur32.dll
    2014-10-10 12:33 . 2014-07-07 01:39 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
    2014-10-10 12:32 . 2014-08-23 02:07 404480 ----a-w- c:\windows\system32\gdi32.dll
    2014-10-10 12:32 . 2014-08-23 01:45 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
    2014-10-10 12:32 . 2014-09-15 07:08 11578928 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{633406E7-4DAA-43AF-AC44-273199A9C9CF}\mpengine.dll
    2014-10-09 02:08 . 2014-10-09 02:08 -------- d-----w- c:\users\Estevan\AppData\Local\AMD
    2014-10-09 02:08 . 2014-10-09 02:08 -------- d-----w- c:\programdata\ATI
    2014-10-09 02:04 . 2014-10-09 02:04 -------- d-----w- c:\program files (x86)\AMD AVT
    2014-10-09 02:04 . 2014-10-09 02:04 -------- d-----w- c:\program files (x86)\AMD APP
    2014-10-09 02:04 . 2014-10-09 02:04 -------- d-----w- c:\program files\Common Files\ATI Technologies
    2014-10-09 02:04 . 2014-10-09 02:04 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
    2014-10-09 02:02 . 2014-10-09 02:04 -------- d-----w- c:\programdata\AMD
    2014-10-09 02:02 . 2010-02-18 14:18 46136 ----a-w- c:\windows\system32\drivers\amdiox64.sys
    2014-10-09 02:02 . 2014-10-09 03:26 -------- d-----w- c:\program files (x86)\ATI Technologies
    2014-10-09 01:59 . 2014-10-09 02:03 -------- dc----w- c:\program files\ATI Technologies
    2014-10-09 01:58 . 2014-10-09 01:58 -------- dc----w- C:\AMD
    2014-10-08 22:54 . 2014-03-26 14:44 2002432 ----a-w- c:\windows\system32\msxml6.dll
    2014-10-08 22:54 . 2014-03-26 14:44 1882112 ----a-w- c:\windows\system32\msxml3.dll
    2014-10-08 22:54 . 2014-03-26 14:41 2048 ----a-w- c:\windows\system32\msxml6r.dll
    2014-10-08 22:54 . 2014-03-26 14:41 2048 ----a-w- c:\windows\system32\msxml3r.dll
    2014-10-08 22:54 . 2014-03-26 14:27 1389056 ----a-w- c:\windows\SysWow64\msxml6.dll
    2014-10-08 22:54 . 2014-03-26 14:27 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll
    2014-10-08 22:54 . 2014-03-26 14:25 2048 ----a-w- c:\windows\SysWow64\msxml6r.dll
    2014-10-08 22:54 . 2014-03-26 14:25 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
    2014-10-08 22:54 . 2014-04-25 02:34 801280 ----a-w- c:\windows\system32\usp10.dll
    2014-10-08 22:54 . 2014-04-25 02:06 626688 ----a-w- c:\windows\SysWow64\usp10.dll
    2014-10-08 22:54 . 2014-04-05 02:47 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2014-10-08 22:54 . 2014-04-05 02:47 288192 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
    2014-10-08 22:47 . 2014-05-14 16:23 44512 ----a-w- c:\windows\system32\wups2.dll
    2014-10-08 22:47 . 2014-05-14 16:23 58336 ----a-w- c:\windows\system32\wuauclt.exe
    2014-10-08 22:47 . 2014-05-14 16:23 2477536 ----a-w- c:\windows\system32\wuaueng.dll
    2014-10-08 22:47 . 2014-05-14 16:21 2620928 ----a-w- c:\windows\system32\wucltux.dll
    2014-10-08 22:47 . 2014-05-14 16:23 38880 ----a-w- c:\windows\system32\wups.dll
    2014-10-08 22:47 . 2014-05-14 16:23 36320 ----a-w- c:\windows\SysWow64\wups.dll
    2014-10-08 22:47 . 2014-05-14 16:23 700384 ----a-w- c:\windows\system32\wuapi.dll
    2014-10-08 22:47 . 2014-05-14 16:23 581600 ----a-w- c:\windows\SysWow64\wuapi.dll
    2014-10-08 22:47 . 2014-05-14 16:20 97792 ----a-w- c:\windows\system32\wudriver.dll
    2014-10-08 22:47 . 2014-05-14 16:17 92672 ----a-w- c:\windows\SysWow64\wudriver.dll
    2014-10-08 22:46 . 2014-05-14 14:23 198600 ----a-w- c:\windows\system32\wuwebv.dll
    2014-10-08 22:46 . 2014-05-14 14:23 179656 ----a-w- c:\windows\SysWow64\wuwebv.dll
    2014-10-08 22:46 . 2014-05-14 14:20 36864 ----a-w- c:\windows\system32\wuapp.exe
    2014-10-08 22:46 . 2014-05-14 14:17 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-10-26 14:28 . 2010-07-31 19:53 952 --sha-w- c:\programdata\KGyGaAvL.sys
    2014-10-19 08:00 . 2010-08-02 23:03 103265616 ----a-w- c:\windows\system32\MRT.exe
    2014-10-08 23:28 . 2012-09-19 09:36 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2014-10-08 23:28 . 2011-10-14 06:42 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-10-08 22:54 . 2014-06-10 00:56 13792 ----a-w- c:\windows\system32\drivers\semav6thermal64ro.sys
    2014-10-08 22:42 . 2012-07-24 15:40 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2014-09-22 06:42 . 2010-07-31 17:59 278152 ------w- c:\windows\system32\MpSigStub.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{35fd2bab-ab2b-494f-b5bf-8755ec043784}]
    2011-09-04 02:25 706512 ----a-w- c:\progra~2\RADIOP~2\bar\1.bin\4ebar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{4adc9c1b-9c50-4c2d-a471-5c06d8de7e80}]
    2011-09-04 02:25 59344 ----a-w- c:\program files (x86)\RadioPI_4e\bar\1.bin\4eSrcAs.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{92926b63-5116-4c6f-a33e-378767b8d15f}"= "c:\program files (x86)\RadioPI_4e\bar\1.bin\4ebar.dll" [2011-09-04 706512]
    .
    [HKEY_CLASSES_ROOT\clsid\{92926b63-5116-4c6f-a33e-378767b8d15f}]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 regi;regi;c:\windows\system32\drivers\regi.sys;c:\windows\SYSNATIVE\drivers\regi.sys [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
    R3 USER_ESRV_SVC;User Energy Server Service;c:\program files\Sony\VAIO Care\ESRV\esrv_svc.exe;c:\program files\Sony\VAIO Care\ESRV\esrv_svc.exe [x]
    R3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe;c:\program files\Sony\VAIO Power Management\SPMService.exe [x]
    R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
    R4 SQLAgent$DDNI;SQL Server Agent (DDNI);c:\program files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\SQLAGENT.EXE;c:\program files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\SQLAGENT.EXE [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
    S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
    S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
    S2 6077757b;6077757b;c:\windows\system32\drivers\regi.sys;c:\windows\SYSNATIVE\drivers\regi.sys [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
    S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
    S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
    S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [x]
    S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [x]
    S2 ESRV_SVC;Energy Server Service;c:\program files\Sony\VAIO Care\ESRV\esrv_svc.exe --AUTO_START --start --address 127.0.0.1;c:\program files\Sony\VAIO Care\ESRV\esrv_svc.exe --AUTO_START --start --address 127.0.0.1 [x]
    S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
    S2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe;c:\program files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [x]
    S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [x]
    S2 RadioPI_4eService;RadioPI Service;c:\progra~2\RADIOP~2\bar\1.bin\4ebarsvc.exe;c:\progra~2\RADIOP~2\bar\1.bin\4ebarsvc.exe [x]
    S2 SampleCollector;Intel(R) System Behavior Tracker Collector Service;c:\program files\Sony\VAIO Care\VCPerfService.exe;c:\program files\Sony\VAIO Care\VCPerfService.exe [x]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
    S2 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [x]
    S2 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [x]
    S2 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [x]
    S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
    S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [x]
    S2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [x]
    S2 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [x]
    S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
    S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
    S3 MSSQL$DDNI;SQL Server (DDNI);c:\program files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\sqlservr.exe;c:\program files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\sqlservr.exe [x]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
    S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys;c:\windows\SYSNATIVE\drivers\SFEP.sys [x]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
    S3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe [x]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
    S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe;c:\program files\Sony\VAIO Care\VCService.exe [x]
    S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update\vuagent.exe;c:\program files\Sony\VAIO Update\vuagent.exe [x]
    S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys;c:\windows\SYSNATIVE\drivers\WSDScan.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - MBAMSWISSARMY
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2014-10-27 03:46 1089352 ----a-w- c:\program files (x86)\Google\Chrome\Application\38.0.2125.104\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-10-28 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-19 23:28]
    .
    2014-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-27 03:44]
    .
    2014-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-27 03:44]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 1331288]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://search.bearshare.com
    mLocal Page = c:\windows\system32\blank.htm
    uInternet Settings,ProxyOverride = *.local
    TCP: DhcpNameServer = 192.168.1.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-10 - (no file)
    Toolbar-Locked - (no file)
    HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
    Toolbar-10 - (no file)
    HKLM-Run-Apoint - c:\program files (x86)\Apoint\Apoint.exe
    AddRemove-Search Toolbar - c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\SampleCollector]
    "ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=10000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\%C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-3067653732-3291335556-3345723209-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.Email.1"
    .
    [HKEY_USERS\S-1-5-21-3067653732-3291335556-3345723209-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.VCard.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.15"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2014-10-27 22:00:06
    ComboFix-quarantined-files.txt 2014-10-28 03:00
    .
    Pre-Run: 248,204,361,728 bytes free
    Post-Run: 249,327,706,112 bytes free
    .
    - - End Of File - - 61DD295D3660442BF504FFF7411AAF9D
    A36C5E4F47E84449FF07ED3517B43A31
     
  19. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Looks good.

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.



    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.



    [​IMG] Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
     
  20. Alzm10

    Alzm10 TS Rookie Topic Starter Posts: 24

    # AdwCleaner v4.002 - Report created 27/10/2014 at 22:12:24
    # DB v2014-10-26.6
    # Updated 27/10/2014 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : Estevan - PRECISIONREPAIR
    # Running from : C:\Users\Estevan\Desktop\adwcleaner_4.002.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\Program Files (x86)\BearShare Applications
    Folder Deleted : C:\Users\Estevan\AppData\Local\PackageAware
    Folder Deleted : C:\ProgramData\Partner
    Folder Deleted : C:\Users\Estevan\AppData\LocalLow\wincorebsband
    Folder Deleted : C:\Users\Estevan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
    Folder Deleted : C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl

    ***** [ Scheduled Tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{10E9E863-3913-40D0-903D-D46DEB18C982}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0F9AF7E3-3853-473F-A49B-E470A3A41501}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10E9E863-3913-40D0-903D-D46DEB18C982}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DADF82FD-0783-4CA9-98AA-615F657A2A9E}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0F9AF7E3-3853-473F-A49B-E470A3A41501}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DADF82FD-0783-4CA9-98AA-615F657A2A9E}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
    Key Deleted : HKLM\SOFTWARE\bearsharemediabartb
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17344

    Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

    -\\ Google Chrome v38.0.2125.104


    *************************

    AdwCleaner[R0].txt - [2807 octets] - [27/10/2014 22:08:52]
    AdwCleaner[S0].txt - [2728 octets] - [27/10/2014 22:12:24]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2788 octets] ##########
     
  21. Alzm10

    Alzm10 TS Rookie Topic Starter Posts: 24

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.3.3 (10.21.2014:1)
    OS: Windows 7 Home Premium x64
    Ran by Estevan on Mon 10/27/2014 at 22:20:16.28
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RadioPI_4e.DynamicBarButton
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RadioPI_4e.DynamicBarButton.1
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RadioPI_4e.FeedManager
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RadioPI_4e.FeedManager.1
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RadioPI_4e.HTMLMenu
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RadioPI_4e.HTMLMenu.1
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RadioPI_4e.HTMLPanel
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RadioPI_4e.HTMLPanel.1
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RadioPI_4e.MultipleButton
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RadioPI_4e.MultipleButton.1
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RadioPI_4e.PseudoTransparentPlugin
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RadioPI_4e.PseudoTransparentPlugin.1
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RadioPI_4e.Radio
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RadioPI_4e.Radio.1
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RadioPI_4e.RadioSettings
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RadioPI_4e.RadioSettings.1
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RadioPI_4e.ScriptButton
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RadioPI_4e.ScriptButton.1
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RadioPI_4e.SettingsPlugin
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RadioPI_4e.SettingsPlugin.1
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RadioPI_4e.ThirdPartyInstaller
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RadioPI_4e.ThirdPartyInstaller.1
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RadioPI_4e.UrlAlertButton
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RadioPI_4e.UrlAlertButton.1
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RadioPI_4e.XMLSessionPlugin
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RadioPI_4e.XMLSessionPlugin.1
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35fd2bab-ab2b-494f-b5bf-8755ec043784}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{35fd2bab-ab2b-494f-b5bf-8755ec043784}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4adc9c1b-9c50-4c2d-a471-5c06d8de7e80}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4adc9c1b-9c50-4c2d-a471-5c06d8de7e80}
    Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35fd2bab-ab2b-494f-b5bf-8755ec043784}
    Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{35fd2bab-ab2b-494f-b5bf-8755ec043784}
    Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4adc9c1b-9c50-4c2d-a471-5c06d8de7e80}
    Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{4adc9c1b-9c50-4c2d-a471-5c06d8de7e80}
    Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35fd2bab-ab2b-494f-b5bf-8755ec043784}
    Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{35fd2bab-ab2b-494f-b5bf-8755ec043784}
    Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4adc9c1b-9c50-4c2d-a471-5c06d8de7e80}
    Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{4adc9c1b-9c50-4c2d-a471-5c06d8de7e80}



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Empty Folder] C:\Users\Estevan\appdata\local\{041EBD89-385C-41C0-8F7C-6139B6FD950D}
    Successfully deleted: [Empty Folder] C:\Users\Estevan\appdata\local\{0814B9A4-782B-4092-8F6A-E9239231D423}
    Successfully deleted: [Empty Folder] C:\Users\Estevan\appdata\local\{0CAFC385-F041-4395-9C73-C6EF8F352230}
    Successfully deleted: [Empty Folder] C:\Users\Estevan\appdata\local\{0E5ED2A9-C046-46AF-9156-931E73E4FB0D}
    Successfully deleted: [Empty Folder] C:\Users\Estevan\appdata\local\{0FC45620-FB4E-47ED-8A7A-BDF5AB56D058}
    Successfully deleted: [Empty Folder] C:\Users\Estevan\appdata\local\{1570D64E-4E8B-438B-93C1-0AB2C89BDC58}
    Successfully deleted: [Empty Folder] C:\Users\Estevan\appdata\local\{17632130-25BE-4184-9239-BD83E6BFC9BA}
    Successfully deleted: [Empty Folder] C:\Users\Estevan\appdata\local\{17B29395-5536-4057-8250-AA01A878B19F}
    Successfully deleted: [Empty Folder] C:\Users\Estevan\appdata\local\{17DAAAEC-8A0B-4318-A499-1714C1BB6C7A}
    Successfully deleted: [Empty Folder] C:\Users\Estevan\appdata\local\{1E53A7C4-34E8-442B-B3FE-9066479C2F1F}
    Successfully deleted: [Empty Folder] C:\Users\Estevan\appdata\local\{25BA9936-6EA4-4D83-B5DC-4C9EE1E83730}
    Successfully deleted: [Empty Folder] C:\Users\Estevan\appdata\local\{308EEB17-BD52-452E-A3FF-C9382B0DB56D}
    Successfully deleted: [Empty Folder] C:\Users\Estevan\appdata\local\{3629DF38-2987-451D-AE7A-544C4A9832EC}
    Successfully deleted: [Empty Folder] C:\Users\Estevan\appdata\local\{378456FC-80D3-49FC-8A7D-42BDE8C0054C}
    Successfully deleted: [Empty Folder] C:\Users\Estevan\appdata\local\{391234DE-474C-413F-B0CE-D88623F82EB2}
    Successfully deleted: [Empty Folder] C:\Users\Estevan\appdata\local\{52366AEA-664C-4643-84EE-3FD6191E218C}
    Successfully deleted: [Empty Folder] C:\Users\Estevan\appdata\local\{549FDBA3-B1AE-4E86-B53B-9490B28493A3}
    Successfully deleted: [Empty Folder] C:\Users\Estevan\appdata\local\{5DA758D1-73D6-4657-B153-6CEC2BD90A22}
    Successfully deleted: [Empty Folder] C:\Users\Estevan\appdata\local\{62ED3346-21FE-4C86-BC45-2D1EA8FA8E9F}
    Successfully deleted: [Empty Folder] C:\Users\Estevan\appdata\local\{6499844A-0CA2-45A2-B3B0-AE05E70C64D7}
    Successfully deleted: [Empty Folder] C:\Users\Estevan\appdata\local\{6BED8082-ECB1-4558-A694-0D0302AAE8CF}
    Successfully deleted: [Empty Folder] C:\Users\Estevan\appdata\local\{6FE12FBE-B764-4921-8E3F-6974CA0947DC}
    Successfully deleted: [Empty Folder] C:\Users\Estevan\appdata\local\{73D06ED9-A839-49EE-BCC8-74B4750F18B1}
    Successfully deleted: [Empty Folder] C:\Users\Estevan\appdata\local\{73D64998-C185-40BD-8A80-0FC0C42FB69D}
    Successfully deleted: [Empty Folder] C:\Users\Estevan\appdata\local\{7572AEAC-8062-43F1-9B9C-6FDD88B9935B}
    Successfully deleted: [Empty Folder] C:\Users\Estevan\appdata\local\{78575F55-C03C-45E3-8631-781F265B7FDC}
    Successfully deleted: [Empty Folder] C:\Users\Estevan\appdata\local\{A00AAA8B-7B36-4F57-836F-C6E0FDA3A6E9}
    Successfully deleted: [Empty Folder] C:\Users\Estevan\appdata\local\{A583C455-B19A-4C0F-94DF-C9E72EF3FA4D}
    Successfully deleted: [Empty Folder] C:\Users\Estevan\appdata\local\{BA7C38FB-63B8-4340-83A3-FAABF7618015}
    Successfully deleted: [Empty Folder] C:\Users\Estevan\appdata\local\{BC8EC263-6995-4E0E-874B-1462DE5C51EA}
    Successfully deleted: [Empty Folder] C:\Users\Estevan\appdata\local\{BCCCED6F-9439-48A1-A1CD-032F7B7A73EA}
    Successfully deleted: [Empty Folder] C:\Users\Estevan\appdata\local\{BCFF3245-027E-48ED-B2CF-75AEA3EF38CE}
    Successfully deleted: [Empty Folder] C:\Users\Estevan\appdata\local\{BD124E33-3F46-4018-829F-50CC8D5E9D18}
    Successfully deleted: [Empty Folder] C:\Users\Estevan\appdata\local\{C5CB6EC1-408F-45A2-979E-0C0217F71BFE}
    Successfully deleted: [Empty Folder] C:\Users\Estevan\appdata\local\{C6583972-46D9-4DC8-AE30-3116344AB4F4}
    Successfully deleted: [Empty Folder] C:\Users\Estevan\appdata\local\{CE834E3D-5036-4D48-8202-E61C5F31AAAA}
    Successfully deleted: [Empty Folder] C:\Users\Estevan\appdata\local\{D53D9443-1D78-4685-A09D-6C45C1A4FBE7}
    Successfully deleted: [Empty Folder] C:\Users\Estevan\appdata\local\{DBB3B124-5EBA-4637-9D9D-BCB4F12A804A}
    Successfully deleted: [Empty Folder] C:\Users\Estevan\appdata\local\{DEE0E0CD-DF0B-49BB-A375-B423B36960FE}
    Successfully deleted: [Empty Folder] C:\Users\Estevan\appdata\local\{DFA4384B-A4D4-47BA-9885-785AD5BB54B6}
    Successfully deleted: [Empty Folder] C:\Users\Estevan\appdata\local\{E094F9A6-84B2-484B-B65B-936609700DE9}
    Successfully deleted: [Empty Folder] C:\Users\Estevan\appdata\local\{E2E350FB-4B51-43E3-A1CC-F828EF1B6894}
    Successfully deleted: [Empty Folder] C:\Users\Estevan\appdata\local\{E323B993-5D54-4A99-A719-9751B1C15CF1}
    Successfully deleted: [Empty Folder] C:\Users\Estevan\appdata\local\{E3629FD7-AE10-4D89-82FF-EC18A2B79423}
    Successfully deleted: [Empty Folder] C:\Users\Estevan\appdata\local\{E78C925E-CD66-4DA3-8447-C9C7829C0E5B}
    Successfully deleted: [Empty Folder] C:\Users\Estevan\appdata\local\{F1794938-3A67-4220-AD49-A15CCA910F66}
    Successfully deleted: [Empty Folder] C:\Users\Estevan\appdata\local\{FCB895B7-58B5-4BE4-9003-5A02F33C7A9D}



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Mon 10/27/2014 at 22:26:05.22
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  22. Alzm10

    Alzm10 TS Rookie Topic Starter Posts: 24

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-10-2014 01
    Ran by Estevan (administrator) on PRECISIONREPAIR on 27-10-2014 22:29:34
    Running from C:\Users\Estevan\Desktop
    Loaded Profile: Estevan (Available profiles: Estevan)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (AMD) C:\Windows\System32\atiesrxx.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    (Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
    (Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
    (ALPS) C:\Program Files\Apoint\Apvfb.exe
    (Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
    (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    () C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
    (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    (Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
    (Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
    (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
    (Sony Corporation) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
    (Sony Corporation) C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
    (Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
    (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
    (Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
    (Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv.exe
    (Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
    (Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
    (Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
    (Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
    (InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    (Intel Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
    () C:\Program Files\Sony\VAIO Care\listener.exe
    (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\sqlservr.exe
    (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
    (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [226160 2010-07-30] (Alps Electric Co., Ltd.)
    HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
    HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages =
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
    SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7SNNT
    SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?source...&oe={outputEncoding}&rlz=1I7SNNT_enUS390US391
    SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
    BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    Toolbar: HKLM-x32 - RadioPI - {92926b63-5116-4c6f-a33e-378767b8d15f} - C:\Program Files (x86)\RadioPI_4e\bar\1.bin\4ebar.dll (RadioPI)
    DPF: HKLM-x32 {315B0BFB-2BD4-481B-80A3-A9B80727C61B} https://webiq005.webiqonline.com/We...n&EDID={896A23A1-5821-4609-A6C6-6D5536C585C9}
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
    Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

    FireFox:
    ========
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @RadioPI_4e.com/Plugin -> C:\Program Files (x86)\RadioPI_4e\bar\1.bin\NP4eStub.dll (RadioPI)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF HKLM-x32\...\Firefox\Extensions: [4effxtbr@RadioPI_4e.com] - C:\Program Files (x86)\RadioPI_4e\bar\1.bin
    FF Extension: RadioPI - C:\Program Files (x86)\RadioPI_4e\bar\1.bin [2011-09-03]

    Chrome:
    =======
    CHR Profile: C:\Users\Estevan\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\Estevan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-26]
    CHR Extension: (Google Docs) - C:\Users\Estevan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-26]
    CHR Extension: (Google Drive) - C:\Users\Estevan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-26]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Estevan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-26]
    CHR Extension: (YouTube) - C:\Users\Estevan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-26]
    CHR Extension: (Google Search) - C:\Users\Estevan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-26]
    CHR Extension: (Google Sheets) - C:\Users\Estevan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-26]
    CHR Extension: (Google Wallet) - C:\Users\Estevan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-26]
    CHR Extension: (Gmail) - C:\Users\Estevan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-26]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2009-09-28] (ArcSoft Inc.)
    R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-04-29] (Advanced Micro Devices, Inc.) [File not signed]
    R2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)
    S3 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [103808 2008-01-22] ()
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
    R3 MSSQL$DDNI; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\sqlservr.exe [43010392 2009-03-30] (Microsoft Corporation)
    R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
    R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
    R2 Oasis2Service; C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [46080 2010-06-24] () [File not signed]
    R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
    S2 RadioPI_4eService; C:\Program Files (x86)\RadioPI_4e\bar\1.bin\4ebarsvc.exe [34864 2011-09-03] (RadioPI)
    R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [266168 2013-11-01] (Intel Corporation)
    S4 SQLAgent$DDNI; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\SQLAGENT.EXE [366936 2009-03-30] (Microsoft Corporation)
    S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)
    S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [69632 2010-04-08] (Sony Corporation) [File not signed]
    R2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [852336 2010-03-18] (Sony Corporation)
    R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-27] (Sony Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 6077757b; C:\Windows\system32\drivers\regi.sys [14112 2007-04-17] (InterVideo)
    R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
    U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-27] (Malwarebytes Corporation)
    R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
    R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
    S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-10-27] ()
    S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [51712 2011-02-18] (Apple, Inc.) [File not signed]
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    U2 IAStorDataMgrSvc; No ImagePath

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
     
  23. Alzm10

    Alzm10 TS Rookie Topic Starter Posts: 24

    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-10-27 22:29 - 2014-10-27 22:30 - 00015336 _____ () C:\Users\Estevan\Desktop\FRST.txt
    2014-10-27 22:29 - 2014-10-27 22:29 - 00000000 ___DC () C:\FRST
    2014-10-27 22:26 - 2014-10-27 22:26 - 00009579 _____ () C:\Users\Estevan\Desktop\JRT.txt
    2014-10-27 22:20 - 2014-10-27 22:20 - 00000000 ____D () C:\Windows\ERUNT
    2014-10-27 22:08 - 2014-10-27 22:12 - 00000000 ___DC () C:\AdwCleaner
    2014-10-27 22:07 - 2014-10-27 22:07 - 02113024 _____ (Farbar) C:\Users\Estevan\Desktop\FRST64.exe
    2014-10-27 22:07 - 2014-10-27 22:07 - 01998336 _____ () C:\Users\Estevan\Desktop\adwcleaner_4.002.exe
    2014-10-27 22:07 - 2014-10-27 22:07 - 01706144 _____ (Thisisu) C:\Users\Estevan\Downloads\JRT.exe
    2014-10-27 22:00 - 2014-10-27 22:00 - 00030140 ____C () C:\ComboFix.txt
    2014-10-27 21:42 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
    2014-10-27 21:42 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
    2014-10-27 21:42 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2014-10-27 21:42 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2014-10-27 21:42 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2014-10-27 21:42 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
    2014-10-27 21:42 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
    2014-10-27 21:42 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
    2014-10-27 21:40 - 2014-10-27 22:00 - 00000000 ___DC () C:\Qoobox
    2014-10-27 21:39 - 2014-10-27 22:14 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
    2014-10-27 21:39 - 2014-10-27 21:56 - 00000000 ____D () C:\Windows\erdnt
    2014-10-27 21:35 - 2014-10-27 21:36 - 05591695 ____R (Swearware) C:\Users\Estevan\Downloads\ComboFix.exe
    2014-10-27 21:10 - 2014-10-27 21:30 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2014-10-27 21:08 - 2014-10-27 21:30 - 00000000 ____D () C:\Users\Estevan\Desktop\mbar
    2014-10-27 20:41 - 2014-10-27 20:41 - 00034808 _____ () C:\Windows\system32\Drivers\TrueSight.sys
    2014-10-27 20:41 - 2014-10-27 20:41 - 00000000 ____D () C:\ProgramData\RogueKiller
    2014-10-27 20:38 - 2014-10-27 20:38 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Estevan\Desktop\mbar-1.07.0.1012.exe
    2014-10-27 20:37 - 2014-10-27 20:37 - 16281688 _____ () C:\Users\Estevan\Desktop\RogueKiller.exe
    2014-10-27 19:54 - 2014-10-27 19:54 - 00000058 _____ () C:\Users\Estevan\Desktop\123.txt
    2014-10-27 19:47 - 2014-10-27 19:47 - 00000049 _____ () C:\Users\Estevan\Desktop\MWB 10-27-2014 scan.txt
    2014-10-27 19:39 - 2014-10-27 19:39 - 00000049 _____ () C:\Users\Estevan\Desktop\malware scan1938.txt
    2014-10-27 19:07 - 2014-10-27 19:07 - 00001116 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-10-27 19:07 - 2014-10-27 19:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-10-27 17:55 - 2014-10-27 17:55 - 00029244 _____ () C:\Users\Estevan\Desktop\dds.txt
    2014-10-27 17:55 - 2014-10-27 17:55 - 00012656 _____ () C:\Users\Estevan\Desktop\attach.txt
    2014-10-27 17:52 - 2014-10-27 17:52 - 00688992 ____R (Swearware) C:\Users\Estevan\Desktop\dds.com
    2014-10-27 17:51 - 2014-10-27 17:51 - 05591695 _____ (Swearware) C:\Users\Estevan\Desktop\ComboFix.exe
    2014-10-26 22:46 - 2014-10-26 22:46 - 00002269 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2014-10-26 22:46 - 2014-10-26 22:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    2014-10-26 22:44 - 2014-10-27 22:14 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-10-26 22:44 - 2014-10-27 21:49 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-10-26 22:44 - 2014-10-26 22:44 - 00003896 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2014-10-26 22:44 - 2014-10-26 22:44 - 00003644 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2014-10-26 22:44 - 2014-10-26 22:44 - 00000000 ____D () C:\Users\Estevan\AppData\Local\Deployment
    2014-10-26 13:11 - 2014-10-27 22:17 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-10-26 13:10 - 2014-10-27 21:09 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-10-26 13:10 - 2014-10-27 19:07 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-10-26 13:10 - 2014-10-26 13:10 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-10-26 13:10 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2014-10-26 13:10 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2014-10-26 13:09 - 2014-10-26 13:10 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Estevan\Downloads\mbam-setup-2.0.3.1025.exe
    2014-10-26 09:25 - 2014-10-26 09:25 - 00347816 _____ (Microsoft Corporation) C:\Users\Estevan\Downloads\MicrosoftFixit.dvd.RNP.1337764312178882.1.1.Run.exe
    2014-10-18 10:20 - 2014-10-09 21:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-10-18 10:20 - 2014-10-09 21:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2014-10-18 10:20 - 2014-10-09 21:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2014-10-18 10:20 - 2014-10-06 21:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2014-10-18 10:20 - 2014-10-06 21:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2014-10-18 10:20 - 2014-09-28 19:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2014-10-18 10:20 - 2014-09-25 17:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-10-18 10:20 - 2014-09-25 17:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2014-10-18 10:20 - 2014-09-25 17:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2014-10-18 10:20 - 2014-09-25 17:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2014-10-18 10:20 - 2014-09-25 17:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2014-10-18 10:20 - 2014-09-25 17:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2014-10-18 10:20 - 2014-09-25 17:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-10-18 10:20 - 2014-09-18 21:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-10-18 10:20 - 2014-09-18 20:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-10-18 10:20 - 2014-09-18 20:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2014-10-18 10:20 - 2014-09-18 20:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-10-18 10:20 - 2014-09-18 20:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-10-18 10:20 - 2014-09-18 20:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2014-10-18 10:20 - 2014-09-18 20:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-10-18 10:20 - 2014-09-18 20:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2014-10-18 10:20 - 2014-09-18 20:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2014-10-18 10:20 - 2014-09-18 20:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-10-18 10:20 - 2014-09-18 20:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-10-18 10:20 - 2014-09-18 20:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-10-18 10:20 - 2014-09-18 20:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-10-18 10:20 - 2014-09-18 20:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-10-18 10:20 - 2014-09-18 20:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2014-10-18 10:20 - 2014-09-18 20:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2014-10-18 10:20 - 2014-09-18 20:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2014-10-18 10:20 - 2014-09-18 20:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2014-10-18 10:20 - 2014-09-18 20:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-10-18 10:20 - 2014-09-18 20:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2014-10-18 10:20 - 2014-09-18 20:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2014-10-18 10:20 - 2014-09-18 20:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2014-10-18 10:20 - 2014-09-18 20:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2014-10-18 10:20 - 2014-09-18 20:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2014-10-18 10:20 - 2014-09-18 20:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2014-10-18 10:20 - 2014-09-18 20:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-10-18 10:20 - 2014-09-18 19:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2014-10-18 10:20 - 2014-09-18 19:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2014-10-18 10:20 - 2014-09-18 19:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2014-10-18 10:20 - 2014-09-18 19:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2014-10-18 10:20 - 2014-09-18 19:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2014-10-18 10:20 - 2014-09-18 19:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2014-10-18 10:20 - 2014-09-18 19:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2014-10-18 10:20 - 2014-09-18 19:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2014-10-18 10:20 - 2014-09-18 19:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-10-18 10:20 - 2014-09-18 19:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2014-10-18 10:20 - 2014-09-18 19:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2014-10-18 10:20 - 2014-09-18 19:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2014-10-18 10:20 - 2014-09-18 19:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-10-18 10:20 - 2014-09-18 19:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2014-10-18 10:20 - 2014-09-18 19:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2014-10-18 10:20 - 2014-09-18 19:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2014-10-18 10:20 - 2014-09-18 19:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-10-18 10:20 - 2014-09-18 18:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2014-10-18 10:20 - 2014-09-18 18:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2014-10-18 10:20 - 2014-09-18 18:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2014-10-18 10:20 - 2014-09-18 18:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2014-10-18 10:20 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
    2014-10-18 10:20 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
    2014-10-18 10:20 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
    2014-10-18 10:20 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
    2014-10-18 10:20 - 2014-07-08 21:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
    2014-10-18 10:20 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
    2014-10-18 10:20 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
    2014-10-18 10:20 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
    2014-10-18 10:20 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
    2014-10-18 10:20 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
    2014-10-18 10:20 - 2014-07-08 17:38 - 00419992 _____ () C:\Windows\system32\locale.nls
    2014-10-18 10:20 - 2014-07-08 17:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
    2014-10-18 10:20 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
    2014-10-18 10:20 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
    2014-10-18 10:20 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
    2014-10-18 10:20 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
    2014-10-18 10:20 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
    2014-10-18 10:20 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
    2014-10-18 10:19 - 2014-09-17 21:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
    2014-10-18 10:19 - 2014-09-17 20:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2014-10-18 10:19 - 2014-08-28 21:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
    2014-10-18 10:18 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
    2014-10-18 10:18 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
    2014-10-18 10:18 - 2014-07-16 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
    2014-10-18 10:18 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
    2014-10-18 10:18 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
    2014-10-18 10:18 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
    2014-10-18 10:18 - 2014-07-16 21:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2014-10-18 10:18 - 2014-07-16 21:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2014-10-18 10:18 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
    2014-10-18 10:18 - 2014-07-16 20:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2014-10-18 10:18 - 2014-07-16 20:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2014-10-18 10:18 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
    2014-10-18 10:18 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
    2014-10-18 10:17 - 2014-09-12 20:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
    2014-10-18 10:17 - 2014-09-12 20:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
    2014-10-18 10:17 - 2014-09-04 21:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
    2014-10-18 10:17 - 2014-09-04 20:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
    2014-10-18 10:13 - 2014-10-18 10:13 - 00000000 ____D () C:\Users\Estevan\AppData\Local\MOVband
    2014-10-18 10:11 - 2014-10-18 10:11 - 00501536 _____ () C:\Users\Estevan\Downloads\setup (1).exe
    2014-10-10 22:33 - 2014-05-08 04:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
    2014-10-10 20:04 - 2013-10-01 21:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
    2014-10-10 20:04 - 2013-10-01 21:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
    2014-10-10 20:04 - 2013-10-01 21:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
    2014-10-10 20:04 - 2013-10-01 20:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
    2014-10-10 20:04 - 2013-10-01 20:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
    2014-10-10 20:04 - 2013-10-01 20:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
    2014-10-10 20:04 - 2013-10-01 20:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
    2014-10-10 20:04 - 2013-10-01 19:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
    2014-10-10 20:04 - 2013-10-01 19:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
    2014-10-10 20:04 - 2013-10-01 19:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
    2014-10-10 20:04 - 2013-10-01 19:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
    2014-10-10 20:04 - 2013-10-01 19:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
    2014-10-10 20:04 - 2013-10-01 18:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
    2014-10-10 20:04 - 2013-10-01 18:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
    2014-10-10 20:04 - 2013-10-01 18:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
    2014-10-10 20:04 - 2013-10-01 17:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
    2014-10-10 19:26 - 2012-08-23 09:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
    2014-10-10 19:26 - 2012-08-23 09:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
    2014-10-10 19:26 - 2012-08-23 06:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
    2014-10-10 19:26 - 2012-08-23 05:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
    2014-10-10 18:41 - 2014-06-26 21:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
    2014-10-10 18:41 - 2014-06-26 20:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
    2014-10-10 18:40 - 2014-10-10 21:52 - 00001945 _____ () C:\Windows\epplauncher.mif
    2014-10-10 18:39 - 2014-10-10 21:49 - 00002127 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    2014-10-10 18:39 - 2014-10-10 21:49 - 00000000 ___DC () C:\Program Files\Microsoft Security Client
    2014-10-10 18:39 - 2014-10-10 21:49 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
    2014-10-10 18:19 - 2014-06-30 17:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
    2014-10-10 18:19 - 2014-06-30 17:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
    2014-10-10 18:19 - 2014-03-09 16:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
    2014-10-10 18:19 - 2014-03-09 16:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
    2014-10-10 18:19 - 2014-03-09 16:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
    2014-10-10 18:19 - 2014-03-09 16:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
    2014-10-10 18:18 - 2014-06-06 01:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
    2014-10-10 18:18 - 2014-06-06 01:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
    2014-10-10 07:41 - 2014-08-01 06:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
    2014-10-10 07:41 - 2014-08-01 06:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
    2014-10-10 07:41 - 2014-06-03 05:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
    2014-10-10 07:41 - 2014-06-03 05:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
    2014-10-10 07:41 - 2014-06-03 05:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
    2014-10-10 07:41 - 2014-06-03 04:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
    2014-10-10 07:41 - 2014-06-03 04:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
    2014-10-10 07:40 - 2014-05-30 03:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2014-10-10 07:40 - 2014-05-30 03:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2014-10-10 07:40 - 2014-05-30 03:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2014-10-10 07:40 - 2014-05-30 03:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2014-10-10 07:40 - 2014-05-30 02:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2014-10-10 07:40 - 2014-05-30 02:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2014-10-10 07:40 - 2014-05-30 02:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2014-10-10 07:40 - 2014-05-30 02:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2014-10-10 07:39 - 2014-09-24 21:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
    2014-10-10 07:39 - 2014-09-24 20:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
    2014-10-10 07:39 - 2014-09-09 17:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2014-10-10 07:39 - 2014-09-09 16:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2014-10-10 07:39 - 2014-07-13 21:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2014-10-10 07:39 - 2014-07-13 20:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
    2014-10-10 07:39 - 2014-06-24 21:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2014-10-10 07:39 - 2014-06-24 20:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2014-10-10 07:39 - 2014-06-23 22:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
    2014-10-10 07:39 - 2014-06-23 21:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
    2014-10-10 07:39 - 2014-06-17 21:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
    2014-10-10 07:39 - 2014-06-17 20:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
    2014-10-10 07:39 - 2014-06-15 21:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
    2014-10-10 07:39 - 2014-06-06 05:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
    2014-10-10 07:39 - 2014-06-06 04:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
    2014-10-10 07:39 - 2014-05-30 01:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
    2014-10-10 07:33 - 2014-07-06 21:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2014-10-10 07:33 - 2014-07-06 21:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2014-10-10 07:33 - 2014-07-06 20:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2014-10-10 07:33 - 2014-07-06 20:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2014-10-10 07:33 - 2014-07-06 20:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2014-10-10 07:32 - 2014-08-22 21:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
    2014-10-10 07:32 - 2014-08-22 20:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
    2014-10-09 19:57 - 2014-10-09 19:57 - 00966008 _____ () C:\Users\Estevan\Downloads\A2DOTH-00238620-1042 (3).EXE
    2014-10-08 22:26 - 2014-10-08 22:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
    2014-10-08 22:12 - 2014-10-08 22:14 - 132408680 _____ () C:\Users\Estevan\Downloads\Unconfirmed 469004.crdownload
    2014-10-08 22:08 - 2014-10-08 22:15 - 132408680 _____ () C:\Users\Estevan\Downloads\ATDVID-00223561-0042.EXE
    2014-10-08 21:47 - 2014-10-08 21:47 - 15859048 _____ () C:\Users\Estevan\Downloads\REDAUD-00221101-0042.EXE
    2014-10-08 21:47 - 2014-10-08 21:47 - 00966008 _____ () C:\Users\Estevan\Downloads\A2DOTH-00238620-1042 (2).EXE
    2014-10-08 21:41 - 2014-10-08 21:41 - 00966008 _____ () C:\Users\Estevan\Downloads\A2DOTH-00238620-1042 (1).EXE
    2014-10-08 21:37 - 2014-10-08 21:37 - 00966008 _____ () C:\Users\Estevan\Downloads\A2DOTH-00238620-1042.EXE
    2014-10-08 21:08 - 2014-10-08 21:08 - 00000000 ____D () C:\Users\Estevan\AppData\Local\AMD
    2014-10-08 21:08 - 2014-10-08 21:08 - 00000000 ____D () C:\ProgramData\ATI
    2014-10-08 21:04 - 2014-10-08 21:04 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies
    2014-10-08 21:04 - 2014-10-08 21:04 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
    2014-10-08 21:04 - 2014-10-08 21:04 - 00000000 ____D () C:\Program Files (x86)\AMD APP
    2014-10-08 21:03 - 2014-10-08 21:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
    2014-10-08 21:02 - 2014-10-08 22:26 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
    2014-10-08 21:02 - 2014-10-08 21:04 - 00000000 ____D () C:\ProgramData\AMD
    2014-10-08 21:02 - 2010-02-18 09:18 - 00046136 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdiox64.sys
    2014-10-08 21:01 - 2014-10-08 21:01 - 00016840 _____ () C:\Windows\SysWOW64\CCCInstall_201410082101537927.log
    2014-10-08 20:59 - 2014-10-08 21:03 - 00000000 ___DC () C:\Program Files\ATI Technologies
    2014-10-08 20:58 - 2014-10-08 20:58 - 00000000 ___DC () C:\AMD
    2014-10-08 20:56 - 2014-10-08 20:56 - 00891224 _____ (AMD) C:\Users\Estevan\Downloads\amddriverdownloader.exe
    2014-10-08 20:53 - 2014-10-08 20:53 - 02938144 _____ (LionSea Software co., ltd ) C:\Users\Estevan\Downloads\setup.exe
    2014-10-08 18:53 - 2014-10-08 18:53 - 04958328 _____ () C:\Users\Estevan\Downloads\ISBSYS-00267862-1040 (1).EXE
    2014-10-08 17:56 - 2014-10-08 17:56 - 00003148 _____ () C:\Windows\System32\Tasks\USER_ESRV_SVC
    2014-10-08 17:56 - 2014-10-08 17:56 - 00002037 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care.lnk
    2014-10-08 17:56 - 2014-10-08 17:56 - 00000000 __RHD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care
    2014-10-08 17:54 - 2014-04-24 21:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
    2014-10-08 17:54 - 2014-04-24 21:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
    2014-10-08 17:54 - 2014-04-04 21:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
    2014-10-08 17:54 - 2014-04-04 21:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
    2014-10-08 17:54 - 2014-03-26 09:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
    2014-10-08 17:54 - 2014-03-26 09:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
    2014-10-08 17:54 - 2014-03-26 09:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
    2014-10-08 17:54 - 2014-03-26 09:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
    2014-10-08 17:54 - 2014-03-26 09:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2014-10-08 17:54 - 2014-03-26 09:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2014-10-08 17:54 - 2014-03-26 09:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
    2014-10-08 17:54 - 2014-03-26 09:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
    2014-10-08 17:47 - 2014-05-14 11:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
    2014-10-08 17:47 - 2014-05-14 11:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
    2014-10-08 17:47 - 2014-05-14 11:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
    2014-10-08 17:47 - 2014-05-14 11:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
    2014-10-08 17:47 - 2014-05-14 11:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
    2014-10-08 17:47 - 2014-05-14 11:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
    2014-10-08 17:47 - 2014-05-14 11:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
    2014-10-08 17:47 - 2014-05-14 11:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
    2014-10-08 17:47 - 2014-05-14 11:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
    2014-10-08 17:47 - 2014-05-14 11:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
    2014-10-08 17:46 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
    2014-10-08 17:46 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
    2014-10-08 17:46 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
    2014-10-08 17:46 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-10-27 22:28 - 2012-09-19 04:36 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-10-27 22:23 - 2009-07-13 23:45 - 00022976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-10-27 22:23 - 2009-07-13 23:45 - 00022976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-10-27 22:22 - 2010-05-25 05:22 - 01154841 _____ () C:\Windows\WindowsUpdate.log
    2014-10-27 22:19 - 2009-07-14 00:13 - 00892192 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-10-27 22:14 - 2014-06-05 18:40 - 00005470 _____ () C:\Windows\setupact.log
    2014-10-27 22:14 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-10-27 22:13 - 2014-06-05 18:40 - 00365302 _____ () C:\Windows\PFRO.log
    2014-10-27 22:00 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default
    2014-10-27 21:55 - 2009-07-13 21:34 - 00000215 ____C () C:\Windows\system.ini
    2014-10-27 20:29 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\tracing
    2014-10-27 19:41 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\L2Schemas
    2014-10-27 19:11 - 2010-07-31 00:51 - 00003962 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{48F012EB-8DE1-4C18-AB67-E74E50F65D0F}
    2014-10-26 22:46 - 2010-07-31 00:50 - 00000000 ____D () C:\Users\Estevan\AppData\Local\Google
    2014-10-26 22:46 - 2010-02-05 21:18 - 00000000 ____D () C:\Program Files (x86)\Google
    2014-10-26 22:44 - 2010-10-01 23:16 - 00000000 ____D () C:\Users\Estevan\AppData\Local\Apps\2.0
    2014-10-26 09:28 - 2010-07-31 14:53 - 00000952 ___SH () C:\ProgramData\KGyGaAvL.sys
    2014-10-19 04:23 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
    2014-10-19 03:31 - 2009-07-13 23:45 - 00333456 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-10-19 03:29 - 2014-06-09 19:12 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2014-10-19 03:09 - 2010-08-10 06:07 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2014-10-19 03:05 - 2013-10-19 15:53 - 00000000 ____D () C:\Windows\system32\MRT
    2014-10-19 03:00 - 2010-08-02 18:03 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2014-10-10 22:12 - 2009-07-13 22:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
    2014-10-10 22:10 - 2013-10-19 16:18 - 00000000 ___DC () C:\Program Files\Microsoft Silverlight
    2014-10-10 22:10 - 2013-10-19 16:18 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
    2014-10-10 22:06 - 2010-04-13 13:09 - 00000000 ____D () C:\Program Files\Windows Journal
    2014-10-10 22:06 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
    2014-10-10 22:06 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism
    2014-10-10 22:05 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
    2014-10-10 19:20 - 2010-02-05 20:52 - 00884742 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
    2014-10-10 19:09 - 2013-10-19 16:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2014-10-09 19:58 - 2014-06-09 19:52 - 00026550 _____ () C:\Windows\DPINST.LOG
    2014-10-09 19:57 - 2014-06-05 18:18 - 00000000 _____ () C:\Windows\Model.log
    2014-10-09 19:57 - 2010-08-11 20:01 - 00000021 _____ () C:\Windows\Model.txt
    2014-10-08 21:50 - 2012-08-07 17:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameSpy Arcade
    2014-10-08 21:50 - 2012-08-07 17:54 - 00000000 ____D () C:\Program Files (x86)\GameSpy Arcade
    2014-10-08 19:03 - 2014-06-09 19:56 - 00000000 ____D () C:\ProgramData\iolo
    2014-10-08 19:00 - 2010-09-01 14:52 - 00000000 ____D () C:\Users\Estevan\AppData\Local\Sony Corporation
    2014-10-08 18:59 - 2010-08-11 19:57 - 00000000 ____D () C:\Update
    2014-10-08 18:28 - 2012-09-19 04:36 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2014-10-08 18:28 - 2012-09-19 04:36 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2014-10-08 18:28 - 2011-10-14 01:42 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-10-08 17:56 - 2011-10-05 07:25 - 00000000 ____D () C:\Windows\System32\Tasks\Sony Corporation
    2014-10-08 17:54 - 2014-06-09 19:56 - 00013792 _____ () C:\Windows\system32\Drivers\semav6thermal64ro.sys
    2014-10-08 17:53 - 2010-02-05 21:12 - 00000000 ____D () C:\Program Files\Sony

    Some content of TEMP:
    ====================
    C:\Users\Estevan\AppData\Local\Temp\Quarantine.exe
    C:\Users\Estevan\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2014-10-26 08:44

    ==================== End Of Log ============================
     
  24. Alzm10

    Alzm10 TS Rookie Topic Starter Posts: 24

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-10-2014 01
    Ran by Estevan at 2014-10-27 22:31:05
    Running from C:\Users\Estevan\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
    AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
    Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
    Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.0.2.12610 - Adobe Systems Inc.)
    Adobe Flash Player 10 Plugin (HKLM-x32\...\{0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1}) (Version: 10.0.32.18 - Adobe Systems, Inc.)
    Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
    Adobe Reader X (10.1.8) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.8 - Adobe Systems Incorporated)
    Alps Pointing-device for VAIO (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: - ALPS ELECTRIC CO., LTD.)
    AMD Accelerated Video Transcoding (Version: 12.5.100.30429 - Advanced Micro Devices, Inc.) Hidden
    AMD APP SDK Runtime (Version: 10.0.937.2 - Advanced Micro Devices Inc.) Hidden
    AMD Catalyst Install Manager (HKLM\...\{37FCE154-7F59-74F0-3A35-BF503CEB230B}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
    AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
    AMD Media Foundation Decoders (Version: 1.0.80430.0002 - Advanced Micro Devices, Inc.) Hidden
    AMD USB Filter Driver (HKLM-x32\...\{987B04C4-B5AC-4AD6-A7E9-8D681085B850}) (Version: 1.0.15.94 - Advanced Micro Devices, Inc.)
    AMD VISION Engine Control Center (x32 Version: 2013.0429.2313.39747 - Advanced Micro Devices, Inc.) Hidden
    Application Manager for VAIO (HKLM-x32\...\Application Manager for VAIO) (Version: - )
    ArcSoft WebCam Companion 3 (HKLM-x32\...\{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}) (Version: 3.0.21.278 - ArcSoft)
    Bonjour (HKLM\...\{0E543634-7E25-4B8F-8D5B-97880E5E5088}) (Version: 2.0.5.0 - Apple Inc.)
    Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version: - )
    Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: - )
    Canon MP Navigator EX 2.0 (HKLM-x32\...\MP Navigator EX 2.0) (Version: - )
    Canon MP620 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP620_series) (Version: - )
    Canon MP620 series User Registration (HKLM-x32\...\Canon MP620 series User Registration) (Version: - )
    Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - )
    Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )
    Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version: - )
    ccc-core-static (x32 Version: 2010.0302.2233.40412 - ATI) Hidden
    Click to Call with Skype (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.6.8153 - Skype Technologies S.A.)
    Click to Disc MergeModules x64 (Version: 1.0.14230 - Sony Corporation) Hidden
    Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.5.538 - Corel Inc.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    DJ_AIO_06_F2400_SW_Min (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
    EasyBits GO (HKCU\...\Game Organizer) (Version: - EasyBits Media)
    EPSON NX330 Series Printer Uninstall (HKLM\...\EPSON NX330 Series) (Version: - SEIKO EPSON Corporation)
    Evernote (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 3.5.2.1525 - Evernote Corp.)
    Feedback Tool (HKLM-x32\...\{90024193-9F13-4877-89D5-A1CDF0CBBF28}) (Version: 1.1.0 - Microsoft Corporation)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
    Hamster Free Video Converter (HKLM-x32\...\{7E350663-86D3-466A-AB79-28156A9ABF6E}_is1) (Version: 2.0.1.26 - Hamster Soft)
    HP Deskjet 1000 J110 series Help (HKLM-x32\...\{DDDFCC77-7F9C-45E9-B38E-721BA599BA0C}) (Version: 140.0.65.65 - Hewlett Packard)
    HP Deskjet F2400 All-in-One Driver 14.0 Rel. 6 (HKLM\...\{819CA3BC-2FF8-4811-B42F-421F7BFD3559}) (Version: 14.0 - HP)
    Inkjet Printer/Scanner Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: - )
    InterActual Player (HKLM-x32\...\InterActual Player) (Version: - )
    iTunes (HKLM\...\{18155797-EF2E-4699-9A16-FE787C4C10DB}) (Version: 10.2.2.14 - Apple Inc.)
    Java Auto Updater (x32 Version: 2.0.2.1 - Sun Microsystems, Inc.) Hidden
    Java(TM) 6 Update 18 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416018FF}) (Version: 6.0.180 - Sun Microsystems, Inc.)
    Java(TM) 6 Update 18 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216018FF}) (Version: 6.0.180 - Sun Microsystems, Inc.)
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
    Media Gallery (x32 Version: 1.2.0.15040 - Sony Corporation) Hidden
    Media Gallery MergeModules x64 (Version: 1.0.14250 - Sony Corporation) Hidden
    Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
    Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft SQL Server 2008 (HKLM-x32\...\Microsoft SQL Server 10 Release) (Version: - Microsoft Corporation)
    Microsoft SQL Server 2008 Browser (HKLM-x32\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.1.2531.0 - Microsoft Corporation)
    Microsoft SQL Server 2008 Native Client (HKLM\...\{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}) (Version: 10.1.2531.0 - Microsoft Corporation)
    Microsoft SQL Server 2008 Setup Support Files (HKLM-x32\...\{BA4DA261-CB60-4690-B202-44998DFC6986}) (Version: 10.1.2531.0 - Microsoft Corporation)
    Microsoft SQL Server VSS Writer (HKLM\...\{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.1.2531.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
    MSI_SPF_x64 (Version: 1.0.0 - Sony Corporation) Hidden
    MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
    MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
    Oasis2Service 1.0 (HKLM-x32\...\{E50FC5DB-7CBD-407D-A46E-0C13E45BC386}) (Version: 1.0.0 - DDNi)
    Onefog DesktopShooter (HKLM-x32\...\Onefog DesktopShooter_is1) (Version: - Onefog Games)
    OOBE (x32 Version: 3.00.0215 - Sony Corporation) Hidden
    PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
    PMB (x32 Version: 5.1.02.03310 - Sony Corporation) Hidden
    PMB VAIO Edition Guide (x32 Version: 1.1.00.14080 - Sony Corporation) Hidden
    PMB VAIO Edition plug-in (Click to Disc) (x32 Version: 3.1.00.15080 - Sony Corporation) Hidden
    PMB VAIO Edition plug-in (VAIO Image Optimizer) (x32 Version: 1.1.00.15040 - Sony Corporation) Hidden
    PMB VAIO Edition plug-in (VAIO Movie Story) (x32 Version: 2.1.00.15080 - Sony Corporation) Hidden
    QuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
    RadioPI (HKLM-x32\...\RadioPI_4ebar Uninstall) (Version: - RadioPI)
    Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6034 - Realtek Semiconductor Corp.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6069 - Realtek Semiconductor Corp.)
    Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30116 - Realtek Semiconductor Corp.)
    Safari (HKLM-x32\...\{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}) (Version: 5.33.21.1 - Apple Inc.)
    Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
    Search Toolbar (HKLM-x32\...\Search Toolbar) (Version: 1.2 - Zugo Ltd) <==== ATTENTION
    Service Pack 1 for SQL Server 2008 (KB968369) (HKLM-x32\...\KB968369) (Version: 10.1.2531.0 - Microsoft Corporation)
    Setting Utility Series (x32 Version: 5.2.0.15250 - Sony Corporation) Hidden
    Sid Meier's Civil War Collection (HKLM-x32\...\Sid Meier's Civil War Collection) (Version: - )
    SmartWi Connection Utility (HKLM-x32\...\{9B5F85CA-90D4-4AFC-BB37-32477FD0D2B9}) (Version: 4.10.4.20100121.2442 - Sony Corporation)
    Sony Home Network Library (x32 Version: 2.1.0.14240 - Sony Corporation) Hidden
    Sql Server Customer Experience Improvement Program (x32 Version: 10.1.2531.0 - Microsoft Corporation) Hidden
    TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.28223 - TeamViewer)
    Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    VAIO Care (HKLM\...\{55A60C1D-BEBF-4249-BFB2-F4E5C2E77988}) (Version: 8.4.1.07021 - Sony Corporation)
    VAIO Care Recovery (HKLM\...\{6ED1750E-F44F-4635-8F0D-B76B9262B7FB}) (Version: 1.1.1.13230 - Sony Corporation)
    VAIO Content Monitoring Settings (x32 Version: 2.5.0.13220 - Sony Corporation) Hidden
    VAIO Control Center (x32 Version: 4.2.0.15020 - Sony Corporation) Hidden
    VAIO Data Restore Tool (x32 Version: 1.3.0.13150 - Sony Corporation) Hidden
    VAIO DVD Menu Data (x32 Version: 2.1.00.13210 - Sony Corporation) Hidden
    VAIO Entertainment Platform (x32 Version: 3.7.0.16080 - Sony Corporation) Hidden
    VAIO Event Service (x32 Version: 5.2.0.15020 - Sony Corporation) Hidden
    VAIO Gate (x32 Version: 2.4.2.02200 - Sony Corporation) Hidden
    VAIO Gate Default (x32 Version: 2.0.0.04160 - Sony Corporation) Hidden
    VAIO Hardware Diagnostics (x32 Version: 3.9.1 - Sony Corporation) Hidden
    VAIO Health Report (HKLM-x32\...\VAIO Health Report1.0) (Version: 1.0 - Sony Electronics)
    VAIO Help and Support (HKLM-x32\...\{07182027-A63E-4E86-B96F-452EB9D61360}) (Version: 11.00.0225 - Sony Corporation)
    VAIO Help and Support Update (HKLM-x32\...\{8BFCA5E2-BF46-4CC3-8444-D3CA686D3F94}) (Version: 1.00.0309 - Sony Corporation)
    VAIO Manual (x32 Version: 1.0.0.03290 - Sony Corporation) Hidden
    VAIO Media plus (x32 Version: 2.1.0.15040 - Sony Corporation) Hidden
    VAIO Media plus Opening Movie (x32 Version: 2.1.0.14080 - Sony Corporation) Hidden
    VAIO Messenger (HKLM-x32\...\VAIO Messenger) (Version: 2.0.213.0 - DDNi)
    VAIO Messenger (x32 Version: 2.0.213.0 - DDNi) Hidden
    VAIO Movie Story MergeModules x64 (Version: 1.0.14240 - Sony Corporation) Hidden
    VAIO Movie Story Template Data (x32 Version: 2.1.00.14040 - Sony Corporation) Hidden
    VAIO Original Function Settings (x32 Version: 2.1.0.13120 - Sony Corporation) Hidden
    VAIO Power Management (x32 Version: 5.1.0.15250 - Sony Corporation) Hidden
    VAIO Sample Contents (x32 Version: 1.2.0.16080 - Sony Corporation) Hidden
    VAIO Survey (x32 Version: 6.00.1028 - Sony Corporation) Hidden
    VAIO Transfer Support (x32 Version: 1.1.2.06030 - Sony Corporation) Hidden
    VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 7.0.0.14270 - Sony Corporation)
    VAIO Wallpaper Contents (x32 Version: 2.1.0.14090 - Sony Corporation) Hidden
    VGClientX64 (Version: 1.0.0 - Sony Corporation) Hidden
    VGClientX86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
    VMp MergeModule x64 (Version: 1.0.0 - Default Company Name) Hidden
    VoiceOver Kit (HKLM-x32\...\{7C5B4583-7CBF-4289-B195-03B553959DEA}) (Version: 1.40.128.0 - Apple Inc.)
    VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden
    VU5x86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
    VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden
    WebIQ Technology Engine (HKLM-x32\...\{0F2F77E4-4053-4108-B153-81F0B42EDCF4}) (Version: 1.5.7100 - Usability Sciences Corporation)
    WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.500 - Broadcom Corporation)
    Windows Driver Package - Broadcom Bluetooth (09/09/2009 6.2.0.9405) (HKLM\...\930E4792BDAEAFB62A9514EE7578775658A5D07C) (Version: 09/09/2009 6.2.0.9405 - Broadcom)
    Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
    Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
    Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
    Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
    Xvid 1.2.1 final uninstall (HKLM-x32\...\Xvid_is1) (Version: 1.2 - Xvid team (Koepi))

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


    ==================== Restore Points =========================

    10-10-2014 08:01:09 Windows Update
    10-10-2014 23:17:33 Windows Update
    11-10-2014 08:00:16 Windows Update
    18-10-2014 15:04:40 Windows Update
    19-10-2014 08:00:15 Windows Update
    26-10-2014 13:54:22 Removed MOVband SYNC
    26-10-2014 14:06:17 Windows Update
    28-10-2014 01:39:22 trojan hunt

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 21:34 - 2014-10-27 21:55 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {080A942B-E202-498A-A5DD-5E92445DE56A} - System32\Tasks\Sony Corporation\VAIO Care\ActiveStatusCollect => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-07-02] (Sony Corporation)
    Task: {10320390-F75F-4A5C-A86F-44E403EB2EFA} - System32\Tasks\Sony Corporation\VAIO Care\GetPOTInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-07-02] (Sony Corporation)
    Task: {16F0A2C4-729F-44F9-BF78-2DA580AE35EE} - System32\Tasks\Sony\VAIO Survey => C:\Program Files (x86)\Sony\VAIO Survey\VAIO Sat Survey.exe [2009-10-26] ()
    Task: {1755F1AF-59B6-4D22-A27A-9795FFF2C089} - System32\Tasks\{480FF431-A3C2-4107-BA3F-C65AABD796FA} => C:\Program Files (x86)\Skype\Phone\Skype.exe
    Task: {1AC6CFD6-AEA2-4F11-A295-2EBC8FACF22F} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2012-02-20] (Sony Corporation)
    Task: {21B2C25A-2C5B-4EA9-97AF-5563A29EDEA9} - System32\Tasks\Sony Corporation\VAIO Care\VCSelfHeal => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-07-02] (Sony Corporation)
    Task: {231E1D56-AB0F-4A7A-BB64-22725BD889C8} - System32\Tasks\Sony Corporation\VAIO Care\UpdateSolution => C:\Program Files\Sony\VAIO Care\Solution.Updater.exe [2014-06-25] (Sony Corporation)
    Task: {308AD868-1A9C-4CE2-BB79-6E0033823072} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-07-02] (Sony Corporation)
    Task: {399EB672-2EF0-44F8-AABA-8A550056661C} - System32\Tasks\USER_ESRV_SVC => Wscript.exe //B //NoLogo "C:\Program Files\Sony\VAIO Care\ESRV\task.vbs"
    Task: {47B02703-876A-4C7C-B7CC-1704FDF2031B} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
    Task: {4F63624C-6D4B-49CF-A5D6-D33D6DA13C87} - System32\Tasks\Sony\Java Update => C:\Program Files\Java\jre6\bin\jusched.exe
    Task: {5BCBA550-7DC5-425B-AF8A-80ED4D8D00C4} - System32\Tasks\Sony Corporation\VAIO Update\Launch Application => C:\Program Files\SONY\VAIO Update\ShellExeProxy.exe [2014-01-27] (Sony Corporation)
    Task: {606850F6-55EC-409B-8E1D-2A458AC19A50} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-07-02] (Sony Corporation)
    Task: {64361707-C3AD-4F34-A1F6-6155CF5C0755} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-26] (Google Inc.)
    Task: {76479AA9-479A-4BEC-A399-9E27DCE04E19} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2014-02-28] (Sony Corporation)
    Task: {81A488CC-8316-4451-84A5-4A0ACF9452FA} - System32\Tasks\Sony Corporation\VAIO Care\CheckSystemInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-07-02] (Sony Corporation)
    Task: {8FF61CA2-8B58-412D-B374-D21BB67B20CF} - System32\Tasks\Sony Corporation\VAIO Care\DeployCRMflag => C:\Program Files\Sony\VAIO Care\DeployCRMflag.exe [2014-01-16] (Sony Corporation)
    Task: {95ABCCB4-CB73-4E26-9B5F-6522B3EA591C} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2014-02-27] (Sony Corporation)
    Task: {A3AB0A12-A7D7-4A7B-BCB9-44E3D69A7E2E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-08] (Adobe Systems Incorporated)
    Task: {BA1DE20A-07A0-40ED-8E27-490075B19DE0} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-07-02] (Sony Corporation)
    Task: {BB0AF418-0538-4691-841C-08DCCA16D8E0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-26] (Google Inc.)
    Task: {BC2ED770-ABC6-4317-A84B-2F80014DB162} - System32\Tasks\Sony Corporation\VAIO Care\UploadPOT => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-07-02] (Sony Corporation)
    Task: {C0CFCF93-8895-448F-91EC-C419F03F8606} - System32\Tasks\Sony Corporation\VAIO Care\VCRLog => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-07-02] (Sony Corporation)
    Task: {D999C970-E19B-469D-8ADF-6F2B1073F1B6} - System32\Tasks\VAIO Care Support => C:\Program Files\Sony\VAIO Care\VCSpt.exe
    Task: {DAEA6B5F-83DF-46C5-9737-BC3375F4056F} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-07-02] (Sony Corporation)
    Task: {DD8760EC-9E10-4EAE-80AC-BF5C5B61842B} - System32\Tasks\Sony Corporation\VAIO Gate\StartExecuteProxy => C:\Program Files\Sony\VAIO Gate\ExecutionProxy.exe [2012-02-20] (Sony Corporation)
    Task: {F3E91642-B74B-4D17-9C8F-25F5789BCA8D} - System32\Tasks\VAIO Health Report => C:\Program Files (x86)\Sony\VAIO Health Report\VAIOHealthReport.exe [2013-06-20] (Sony Electronics)
    Task: {F9CB8D37-BEC2-4BC9-B5E6-45095D4DAF8C} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate Restart => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2012-02-20] (Sony Corporation)
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) =============

    2013-04-29 23:25 - 2013-04-29 23:25 - 00073728 ____C () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
    2010-06-24 17:40 - 2010-06-24 17:40 - 00046080 _____ () C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe
    2013-11-01 14:59 - 2013-11-01 14:59 - 00062464 _____ () C:\Program Files\Sony\VAIO Care\listener.exe
    2010-06-24 17:40 - 2010-06-24 17:40 - 00049152 _____ () C:\Program Files (x86)\DDNi\Oasis2Service 1.0\DdniCore.dll
    2010-06-24 17:40 - 2010-06-24 17:40 - 00033280 _____ () C:\Program Files (x86)\DDNi\Oasis2Service 1.0\AspUpdate.dll
    2010-02-05 21:52 - 2010-02-24 17:59 - 00135168 _____ () C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\Extension\MrsMpegParser.dll
    2010-02-05 22:00 - 2010-03-02 19:22 - 00013824 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESBasePS.dll
    2010-02-05 22:00 - 2010-03-02 19:22 - 00013312 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSubPS.dll
    2010-02-05 21:52 - 2010-02-24 17:59 - 00379904 _____ () C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\sqlite3.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VAIO Messenger.lnk => C:\Windows\pss\VAIO Messenger.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^Users^Estevan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
    MSCONFIG\startupreg: CanonSolutionMenu => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon
    MSCONFIG\startupreg: ConservativeTalkNow_4n Browser Plugin Loader => C:\PROGRA~2\CONSER~2\bar\1.bin\4nbrmon.exe
    MSCONFIG\startupreg: DATAMNGR => C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\DATAMN~1.EXE
    MSCONFIG\startupreg: EPSON0C0A45 (Epson Stylus NX330) => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHAA.EXE /FU "C:\Users\Estevan\AppData\Local\Temp\E_SF6E1.tmp" /EF "HKCU"
    MSCONFIG\startupreg: Intuit SyncManager => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
    MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    MSCONFIG\startupreg: PMBVolumeWatcher => C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
    MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    MSCONFIG\startupreg: RadioPI_4e Browser Plugin Loader => C:\PROGRA~2\RADIOP~2\bar\1.bin\4ebrmon.exe
    MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    MSCONFIG\startupreg: SHTtray.exe => C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe
    MSCONFIG\startupreg: SmartWiHelper => "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup
    MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

    ========================= Accounts: ==========================

    Administrator (S-1-5-21-3067653732-3291335556-3345723209-500 - Administrator - Disabled)
    Estevan (S-1-5-21-3067653732-3291335556-3345723209-1004 - Administrator - Enabled) => C:\Users\Estevan
    Guest (S-1-5-21-3067653732-3291335556-3345723209-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-3067653732-3291335556-3345723209-1008 - Limited - Enabled)

    ==================== Faulty Device Manager Devices =============

    Name: regi
    Description: regi
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: regi
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (10/27/2014 10:29:41 PM) (Source: MSSQL$DDNI) (EventID: 17207) (User: )
    Description: FileMgr::StartLogFiles: Operating system error 2(The system cannot find the file specified.) occurred while creating or opening file 'C:\ProgramData\DDNi\Oasis\Data\Oasis2_log.ldf'. Diagnose and correct the operating system error, and retry the operation.

    Error: (10/27/2014 10:29:41 PM) (Source: MSSQL$DDNI) (EventID: 17204) (User: )
    Description: FCB::Open failed: Could not open file C:\ProgramData\DDNi\Oasis\Data\Oasis2.mdf for file number 1. OS error: 2(The system cannot find the file specified.).


    System errors:
    =============

    Microsoft Office Sessions:
    =========================

    CodeIntegrity Errors:
    ===================================
    Date: 2014-10-27 21:53:48.129
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-10-27 21:53:47.864
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-10-26 09:28:25.789
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

    Date: 2014-10-26 09:28:25.453
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

    Date: 2014-10-26 09:28:24.949
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

    Date: 2014-10-26 09:28:24.511
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

    Date: 2014-10-26 09:28:23.375
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

    Date: 2014-10-26 09:28:23.090
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

    Date: 2014-10-26 09:28:22.516
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\gpapi.dll because the set of per-page image hashes could not be found on the system.

    Date: 2014-10-26 09:28:22.109
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\gpapi.dll because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: AMD Athlon(tm) II P320 Dual-Core Processor
    Percentage of memory in use: 38%
    Total physical RAM: 3834.9 MB
    Available physical RAM: 2365.21 MB
    Total Pagefile: 7667.98 MB
    Available Pagefile: 5834.25 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.83 MB

    ==================== Drives ================================

    Drive c: (hard drive) (Fixed) (Total:288.41 GB) (Free:232.13 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 361D9106)
    Partition 1: (Not Active) - (Size=9.6 GB) - (Type=27)
    Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=288.4 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================
     
  25. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    [​IMG] Uninstall Search Toolbar.

    [​IMG] Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...