Solved Slow laptop. IE/network is unreliable. (Win7Pro-64)

[Rwolf01]

Greetings. It seems is if IE has been slow to load pages. Sometimes it even gets network errors and fails when trying to follow a link to a new page. It could just be my ISP is bogging down, but I wanted to rule out Malware too.

I ran a full system scan with the latest version/database of Avira Antivirus Pro.

I then ran MalwareBytes, with all default settings, after checking for program & database updates.

Finally I ran DDS.COM.

The logfiles for MalwareBytes and DDS are below.

Thanks, in advance, for your kind assistance.

Note: Logfiles exceed 50k char limit so I'll break them into 2 or 3 posts.

Note: I'll start a separate thread for my housemate's laptop. We share the same DSL line, so it occurred to me that my Internet response might slow down if he has some malware that is generating a lot of network traffic. (pure speculation on my part)

====================== Malware Bytes Log ======================

Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 12/19/2014
Scan Time: 7:27:43 AM
Logfile: MWBlog2.txt
Administrator: Yes
Version: 2.00.4.1028
Malware Database: v2014.12.19.05
Rootkit Database: v2014.12.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Rwolf01
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 414920
Time Elapsed: 7 min, 52 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)

(end)

============================= DDS.TXT =============================

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17496 BrowserJavaVersion: 11.25.2
Run by Rwolf01 at 7:39:34 on 2014-12-19
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.12187.8019 [GMT -8:00]
.
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Sony\VAIO Boot Manager\ActiveDelayDeviceService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Windows\SysWOW64\lkads.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\National Instruments\MAX\nimxs.exe
C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe
c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Windows\SysWOW64\lkcitdl.exe
C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
C:\Windows\SysWOW64\lktsrv.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Sony\VAIO Control Center\VESGfxMgr.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files (x86)\Schwab\StreetSmart Edge\QuickLaunch.exe
C:\Windows\system32\RunDll32.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Sony\VAIO Care\VCPerfService.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
C:\Program Files\Sony\VAIO Care\VCService.exe
C:\Program Files\Sony\VAIO Care\VCAgent.exe
C:\Windows\System32\vds.exe
C:\Program Files\Sony\VAIO Care\VCAdmin.exe
C:\Program Files\Sony\VAIO Improvement\vim.exe
C:\Program Files\Sony\VAIO Improvement\vim.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/?gws_rd=ssl
mWinlogon: Userinit = userinit.exe
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
uRun: [Google Update] "C:\Users\Rwolf02\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [QuickLaunch] C:\Program Files (x86)\Schwab\StreetSmart Edge\QuickLaunch.exe
uRunOnce: [Adobe Speed Launcher] 1418748316
uRunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_246_ActiveX.exe -update activex
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [PMBVolumeWatcher] c:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
mRun: [AcronisTibMounterMonitor] C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
StartupFolder: C:\Users\Rwolf02\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Windows\System32\RunDll32.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: EnableSecureUIAPath = dword:1
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} - hxxp://esupport.sony.com/VaioInfo.CAB
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {B8E53531-F29E-4180-AE3E-DF485CC8BE32} - hxxp://palumbicam.stanford.edu/JpegInstV4.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{6588E2D2-D207-44D2-ACC4-CC6F54BBAC79} : DHCPNameServer = 172.20.10.1
TCP: Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255}\2577F6C66603132E08993702960586F6E656 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255}\2577F6C66603132E08993702960586F6E656 : DHCPNameServer = 172.20.10.1
TCP: Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255}\3305145485 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255}\3305145485 : DHCPNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255}\44F6279637E45647 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255}\44F6279637E45647 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255}\46C696E6B6 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255}\46C696E6B6 : DHCPNameServer = 200.63.212.110 200.25.144.1
TCP: Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255}\742716973734162696E6 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255}\742716973734162696E6 : DHCPNameServer = 75.104.160.61
TCP: Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255}\B4C6165737723734162696E6 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255}\B4C6165737723734162696E6 : DHCPNameServer = 10.0.0.2
TCP: Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255}\D494C4E45425D2C414D2355434552554 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255}\D494C4E45425D2C414D2355434552554 : DHCPNameServer = 10.128.128.128
TCP: Interfaces\{EBC5D493-D2ED-45D3-AF04-F988A557C173} : DHCPNameServer = 192.168.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: {41564952-412D-5637-4300-7A786E7484D7} - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SONYAPO
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 fltsrv;Acronis Storage Filter Management;C:\Windows\System32\drivers\fltsrv.sys [2014-12-12 108832]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-3-11 16152]
R0 mv61xx;mv61xx;C:\Windows\System32\drivers\mv61xx.sys [2011-5-17 182576]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2013-9-5 30496]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-8-18 55856]
R0 tib;Acronis TIB Manager;C:\Windows\System32\drivers\tib.sys [2014-12-12 1120032]
R0 tib_mounter;Acronis TIB Mounter;C:\Windows\System32\drivers\tib_mounter.sys [2014-12-12 183224]
R0 vididr;Acronis Virtual Disk;C:\Windows\System32\drivers\vididr.sys [2014-12-12 161568]
R0 vidsflt;Acronis Disk Storage Filter;C:\Windows\System32\drivers\vidsflt.sys [2014-12-12 117024]
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2014-12-15 28600]
R2 ActiveDelayDeviceService;ActiveDelayDeviceService;C:\Program Files (x86)\Sony\VAIO Boot Manager\ActiveDelayDeviceService.exe [2012-8-10 78472]
R2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-9-1 169624]
R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2014-12-12 3783672]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2013-7-29 772064]
R2 AntiVirMailService;Avira Mail Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [2014-12-15 807672]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2014-12-15 431920]
R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2014-12-15 431920]
R2 AntiVirWebService;Avira Web Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [2014-12-15 993584]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2014-12-15 119272]
R2 avnetflt;avnetflt;C:\Windows\System32\drivers\avnetflt.sys [2014-12-15 43064]
R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-9-12 135984]
R2 ESRV_SVC;Energy Server Service;C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe [2013-2-22 427432]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-8-10 13592]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2014-11-22 2429544]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448]
R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-8-10 127320]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2013-6-28 14624]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-8-10 162648]
R2 NIApplicationWebServer;NI Application Web Server;C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [2012-5-22 53960]
R2 nimDNSResponder;NI mDNS Responder Service;C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [2012-5-31 258776]
R2 NINetworkDiscovery;NI Network Discovery;C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe [2012-6-5 169192]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [2012-2-21 473960]
R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2013-2-21 258048]
R2 syncagentsrv;Acronis Sync Agent Service;C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2013-3-20 7084672]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-8-10 362840]
R2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2012-8-10 535688]
R2 VSNService;VSNService;C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2012-8-10 978056]
R2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2013-11-20 3674864]
R3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2014-12-12 367200]
R3 AMPPAL;Intel(r) Centrino(r) Wireless Bluetooth(r) + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2013-7-29 164832]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2011-12-13 94720]
R3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2011-12-13 747008]
R3 ibtfltcoex;ibtfltcoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2011-12-14 60416]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-4-4 331264]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-3-11 356120]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-3-11 788760]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2012-2-28 25496]
R3 semav6thermal64ro;semav6thermal64ro;C:\Windows\System32\drivers\semav6thermal64ro.sys [2012-11-15 13792]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2012-1-15 14336]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
R3 USER_ESRV_SVC;User Energy Server Service;C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe [2013-2-22 427432]
R3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2012-5-28 54464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 Oasis2Service;Oasis2Service;C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2013-7-2 61440]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 ADATA ToolBox Service;ADATA ToolBox Service;C:\Program Files (x86)\ADATA\SSD ToolBox\ToolBoxSvc.exe [2014-12-16 2236416]
S3 AMPPALP;Intel(r) Centrino(r) Wireless Bluetooth(r) + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2013-7-29 164832]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y60x64.sys [2009-6-10 281088]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-12-10 114688]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2012-2-28 34232]
S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\System32\drivers\ivusb.sys [2010-7-28 29720]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2013-11-20 284912]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2012-9-10 22528]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-8-4 83080]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-8-4 184968]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-3-2 19456]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2014-11-22 340072]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-8-10 676968]
S3 SIUSBXP;SIUSBXP;C:\Windows\System32\drivers\SiUSBXp.sys [2009-11-3 19456]
S3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-12-1 289952]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-3-2 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-3-2 30208]
S3 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-12-29 960160]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-12-21 550128]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-8-26 101600]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-17 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-12-19 1014096]
S4 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-12-19 1304912]
S4 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-12-19 1104208]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 NIApplicationWebServer64;NI Application Web Server (64-bit);C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [2012-5-22 76488]
S4 RsFx0103;RsFx0103 Driver;C:\Windows\System32\drivers\RsFx0103.sys [2009-3-30 311656]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADScriptFile="C:\Windows\notepad.exe" "%1"
FileExt: .inf: inffile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2014-12-18 11:11:54 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-12-18 11:11:54 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-12-16 12:42:24 -------- d-----w- C:\Program Files (x86)\ADATA
2014-12-16 11:36:48 -------- d-----w- C:\Program Files\CCleaner
2014-12-16 07:55:54 -------- d-----w- C:\Users\Rwolf02\AppData\Roaming\Avira
2014-12-16 07:55:23 43064 ----a-w- C:\Windows\System32\drivers\avnetflt.sys
2014-12-16 07:55:23 28600 ----a-w- C:\Windows\System32\drivers\avkmgr.sys
2014-12-16 07:55:23 119272 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2014-12-16 07:55:22 -------- d-----w- C:\Program Files (x86)\Avira
2014-12-13 01:09:31 367200 ----a-w- C:\Windows\System32\drivers\afcdp.sys
2014-12-13 01:09:29 1462560 ----a-w- C:\Windows\System32\drivers\tdrpman.sys
2014-12-13 01:09:27 183224 ----a-w- C:\Windows\System32\drivers\tib_mounter.sys
2014-12-13 01:09:27 161568 ----a-w- C:\Windows\System32\drivers\vididr.sys
2014-12-13 01:09:27 1120032 ----a-w- C:\Windows\System32\drivers\tib.sys
2014-12-13 01:09:26 117024 ----a-w- C:\Windows\System32\drivers\vidsflt.sys
2014-12-13 01:09:25 233760 ----a-w- C:\Windows\System32\drivers\snapman.sys
2014-12-13 01:09:23 108832 ----a-w- C:\Windows\System32\drivers\fltsrv.sys
2014-12-11 14:35:00 -------- d-----w- C:\Users\Rwolf02\AppData\Local\{92719C14-E488-4C46-AB7E-BC081599DCCE}
2014-12-11 02:33:57 -------- d-----w- C:\Users\Rwolf02\AppData\Local\{93CC4CB7-2908-4BBE-BD77-D5B1350B1B4E}
2014-12-10 14:33:40 -------- d-----w- C:\Users\Rwolf02\AppData\Local\{99EA9211-EB45-4103-8A7F-FD475CB7677D}
2014-12-10 11:21:27 -------- d-----w- C:\Windows\System32\appraiser
2014-12-10 11:01:31 4121600 ----a-w- C:\Windows\System32\mf.dll
2014-12-10 11:01:31 3209728 ----a-w- C:\Windows\SysWow64\mf.dll
2014-12-10 10:00:04 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-12-10 10:00:04 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-12-10 10:00:03 830976 ----a-w- C:\Windows\System32\appraiser.dll
2014-12-10 10:00:03 1232040 ----a-w- C:\Windows\System32\aitstatic.exe
2014-12-10 10:00:02 741376 ----a-w- C:\Windows\System32\invagent.dll
2014-12-10 10:00:02 413184 ----a-w- C:\Windows\System32\generaltel.dll
2014-12-10 10:00:02 396800 ----a-w- C:\Windows\System32\devinv.dll
2014-12-10 10:00:02 227328 ----a-w- C:\Windows\System32\aepdu.dll
2014-12-10 10:00:02 192000 ----a-w- C:\Windows\System32\aepic.dll
2014-12-10 10:00:02 1083392 ----a-w- C:\Windows\System32\aeinv.dll
2014-12-10 09:58:37 165888 ----a-w- C:\Windows\System32\charmap.exe
2014-12-10 09:58:37 155136 ----a-w- C:\Windows\SysWow64\charmap.exe
2014-12-10 09:58:35 346624 ----a-w- C:\Windows\System32\WSManMigrationPlugin.dll
2014-12-10 09:58:35 310272 ----a-w- C:\Windows\System32\WsmWmiPl.dll
2014-12-10 09:58:35 266240 ----a-w- C:\Windows\System32\WSManHTTPConfig.exe
2014-12-10 09:58:35 248832 ----a-w- C:\Windows\SysWow64\WSManMigrationPlugin.dll
2014-12-10 09:58:35 214016 ----a-w- C:\Windows\SysWow64\WsmWmiPl.dll
2014-12-10 09:58:35 2020352 ----a-w- C:\Windows\System32\WsmSvc.dll
2014-12-10 09:58:35 198656 ----a-w- C:\Windows\SysWow64\WSManHTTPConfig.exe
2014-12-10 09:58:35 181248 ----a-w- C:\Windows\System32\WsmAuto.dll
2014-12-10 09:58:35 145920 ----a-w- C:\Windows\SysWow64\WsmAuto.dll
2014-12-10 09:58:35 1177088 ----a-w- C:\Windows\SysWow64\WsmSvc.dll
2014-12-09 23:48:31 -------- d-----w- C:\Users\Rwolf02\AppData\Local\{5F407442-60FF-4952-B773-0C255A01C502}
2014-12-03 06:31:20 227048 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2014-11-22 11:02:41 9888872 ----a-w- C:\Windows\SysWow64\RtsPStorIcon.dll
2014-11-22 11:02:41 340072 ----a-w- C:\Windows\System32\drivers\RtsPStor.sys
.
==================== Find3M ====================
.
2014-12-19 15:27:24 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-12-10 17:36:08 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-10 17:36:08 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-11-22 03:06:23 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-11-22 03:06:11 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-11-22 02:50:39 66560 ----a-w- C:\Windows\System32\iesetup.dll
2014-11-22 02:50:10 580096 ----a-w- C:\Windows\System32\vbscript.dll
2014-11-22 02:49:54 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-11-22 02:48:20 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-11-22 02:35:29 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-11-22 02:34:51 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-11-22 02:34:07 6039552 ----a-w- C:\Windows\System32\jscript9.dll
2014-11-22 02:26:31 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-11-22 02:20:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-11-22 02:14:16 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-11-22 02:07:43 501248 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-11-22 02:07:17 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-11-22 02:06:32 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05:02 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-11-22 01:54:30 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-11-22 01:47:10 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-11-22 01:46:58 2125312 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-11-22 01:40:04 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29:26 4299264 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-11-22 01:28:21 2358272 ----a-w- C:\Windows\System32\wininet.dll
2014-11-22 01:22:49 2052096 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-11-22 01:21:57 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:00:20 1888256 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-11-21 14:14:22 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-11-21 14:14:12 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-11-21 14:14:08 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-11-18 22:56:48 1202848 ----a-w- C:\Windows\SysWow64\FM20.DLL
2014-11-11 03:09:06 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-11-11 03:08:52 241152 ----a-w- C:\Windows\System32\pku2u.dll
2014-11-11 03:08:48 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-11-11 02:44:45 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44:32 186880 ----a-w- C:\Windows\SysWow64\pku2u.dll
2014-11-11 02:44:25 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-11-11 01:46:26 119296 ----a-w- C:\Windows\System32\drivers\tdx.sys
2014-10-25 01:57:59 77824 ----a-w- C:\Windows\System32\packager.dll
2014-10-25 01:32:37 67584 ----a-w- C:\Windows\SysWow64\packager.dll
2014-10-18 02:05:23 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2014-10-18 01:33:18 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2014-10-14 19:03:30 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-10-14 02:16:37 155064 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-10-14 02:13:06 683520 ----a-w- C:\Windows\System32\termsrv.dll
2014-10-14 02:13:00 3241984 ----a-w- C:\Windows\System32\msi.dll
2014-10-14 02:12:57 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-10-14 02:09:31 146432 ----a-w- C:\Windows\System32\msaudite.dll
2014-10-14 02:07:31 681984 ----a-w- C:\Windows\System32\adtschema.dll
2014-10-14 01:50:47 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-10-14 01:50:41 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-10-14 01:49:38 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-10-14 01:47:30 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2014-10-14 01:46:02 681984 ----a-w- C:\Windows\SysWow64\adtschema.dll
2014-10-10 00:57:42 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-10-03 02:12:00 500224 ----a-w- C:\Windows\System32\AUDIOKSE.dll
2014-10-03 02:11:54 284672 ----a-w- C:\Windows\System32\EncDump.dll
2014-10-03 02:11:51 680960 ----a-w- C:\Windows\System32\audiosrv.dll
2014-10-03 02:11:51 440832 ----a-w- C:\Windows\System32\AudioEng.dll
2014-10-03 02:11:51 296448 ----a-w- C:\Windows\System32\AudioSes.dll
2014-10-03 01:44:42 442880 ----a-w- C:\Windows\SysWow64\AUDIOKSE.dll
2014-10-03 01:44:26 374784 ----a-w- C:\Windows\SysWow64\AudioEng.dll
2014-10-03 01:44:26 195584 ----a-w- C:\Windows\SysWow64\AudioSes.dll
2014-09-25 02:08:38 371712 ----a-w- C:\Windows\System32\qdvd.dll
2014-09-25 01:40:50 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
.
============= FINISH: 7:39:41.73 ===============

 

[Rwolf01]

================= Attach.txt ===========================
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume6
Install Date: 8/10/2012 4:12:18 PM
System Uptime: 12/16/2014 8:44:54 AM (71 hours ago)
.
Motherboard: Sony Corporation | | VAIO
Processor: Intel(R) Core(TM) i7-3612QM CPU @ 2.10GHz | N/A | 2101/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 219 GiB total, 94.579 GiB free.
D: is FIXED (NTFS) - 931 GiB total, 419.28 GiB free.
E: is FIXED (NTFS) - 1863 GiB total, 683.668 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Description: USB Input Device
Device ID: USB\VID_1908&PID_1331&MI_04\8&10C57A6&0&0004
Manufacturer: (Standard system devices)
Name: USB Input Device
PNP Device ID: USB\VID_1908&PID_1331&MI_04\8&10C57A6&0&0004
Service: HidUsb
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Realtek PCIe GBE Family Controller
Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_909B104D&REV_07\4&BFB7D19&0&00E2
Manufacturer: Realtek
Name: Realtek PCIe GBE Family Controller
PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_909B104D&REV_07\4&BFB7D19&0&00E2
Service: RTL8167
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Virtual WiFi Miniport Adapter
Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&1904002F&1&03
Manufacturer: Microsoft
Name: Microsoft Virtual WiFi Miniport Adapter #3
PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&1904002F&1&03
Service: vwifimp
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Bluetooth Device (Personal Area Network)
Device ID: BTH\MS_BTHPAN\7&31428CDE&0&2
Manufacturer: Microsoft
Name: Bluetooth Device (Personal Area Network)
PNP Device ID: BTH\MS_BTHPAN\7&31428CDE&0&2
Service: BthPan
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Virtual WiFi Miniport Adapter
Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&1904002F&1&04
Manufacturer: Microsoft
Name: Microsoft Virtual WiFi Miniport Adapter #4
PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&1904002F&1&04
Service: vwifimp
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: MediaPlayer
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_BUILDWIN&PROD__MEDIAPLAYER&REV_4.05#9&5D1CE9A&0&2010123456787899&0#
Manufacturer: Buildwin
Name: F:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_BUILDWIN&PROD__MEDIAPLAYER&REV_4.05#9&5D1CE9A&0&2010123456787899&0#
Service: WUDFRd
.
Class GUID: {4d36e979-e325-11ce-bfc1-08002be10318}
Description:
Device ID: ROOT\PRINTER\0000
Manufacturer:
Name:
PNP Device ID: ROOT\PRINTER\0000
Service:
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
ACID Music Studio 8.0
ADATA SSD ToolBox version 2.1.0
Adobe AIR
Adobe Community Help
Adobe Flash Player 15 ActiveX
Adobe Photoshop Elements 10
Adobe Photoshop Lightroom 4.4 64-bit
Adobe Photoshop.com Inspiration Browser
Adobe Premiere Elements 10
Adobe Reader XI (11.0.10)
Antivirus Pro
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Application Manager for VAIO
AutoCAD 2004
Autodesk Express Viewer
Bonjour
CCleaner
ChromecastApp
Critical Update for Microsoft Visual Studio 2010 Professional - ENU (KB2938807)
Crystal Reports for Visual Studio
CyberLink PowerDVD
D3DX10
Deco Planner 3
DeepSkyStacker
Dolby Home Theater v4
Dotfuscator Software Services - Community Edition
DVD Architect Studio 5.0
Elements 10 Organizer
EPSON WorkForce 1100 Series Printer Uninstall
Extended Asian Language font pack for Adobe Reader XI
FDUx86
Garmin MapSource
Garmin USB Drivers
Google Chrome
Google Earth
Google Update Helper
Hotfix for Microsoft Team Foundation Server 2010 Object Model - ENU (KB2736182)
Hotfix for Microsoft Team Foundation Server 2010 Object Model - ENU (KB2890573)
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2529927)
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2542054)
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2548139)
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2549864)
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2635973)
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2736182)
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2890573)
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB3002340)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2280741)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2284668)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2295689)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2420513)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2452649)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2455033)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2485545)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982517)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982721)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB983233)
HP Officejet 6700 Basic Device Software
iCloud
ImageJ 1.46r
Intel(R) Management Engine Components
Intel(R) OpenCL CPU Runtime
Intel(R) PRO/Wireless Driver
Intel(R) Processor Graphics
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
Intel(R) Rapid Storage Technology
Intel(R) USB 3.0 eXtensible Host Controller Driver
Intel(R) WiDi
Intel(R) Wireless Display
Intel® PROSet/Wireless Software
Intel® PROSet/Wireless WiFi Software
Intel® Trusted Connect Service Client
iTunes
Java 8 Update 25
Java Auto Updater
Junk Mail filter update
Keyboard_Shortcuts
KUx86
Malwarebytes Anti-Malware version 2.0.4.1028
MapSource - US Topo v3.02
Math Kernel Libraries
Math Kernel Libraries (64-bit)
Media Go
Mesh Runtime
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft ASP.NET MVC 2
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
Microsoft Camera Codec Pack
Microsoft Help Viewer 1.1
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Silverlight 3 SDK
Microsoft Silverlight 4 SDK
Microsoft Silverlight 5.1
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008 (64-bit)
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 R2 Data-Tier Application Framework
Microsoft SQL Server 2008 R2 Data-Tier Application Project
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 R2 Management Objects (x64)
Microsoft SQL Server 2008 R2 Transact-SQL Language Service
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Compact 3.5 SP2 x64 ENU
Microsoft SQL Server Database Publishing Wizard 1.4
Microsoft SQL Server System CLR Types
Microsoft SQL Server System CLR Types (x64)
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime v1.0 SP1 (x64)
Microsoft Sync Framework SDK v1.0 SP1
Microsoft Sync Framework Services v1.0 SP1 (x64)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)
Microsoft Team Foundation Server 2010 Object Model - ENU
Microsoft Visual C++ Compilers 2010 Standard - enu - x64
Microsoft Visual C++ Compilers 2010 Standard - enu - x86
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
Microsoft Visual F# 2.0 Runtime
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio 2010 Office Developer Tools (x64)
Microsoft Visual Studio 2010 Professional - ENU
Microsoft Visual Studio 2010 Service Pack 1
Microsoft Visual Studio 2010 SharePoint Developer Tools
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Microsoft Visual Studio Macro Tools
MPC-HC 1.6.8
MSVCRT
MSVCRT Redists
MSVCRT_amd64
MSXML 4.0 SP2 Parser and SDK
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MultiDeco divelog manager 2.68
National Instruments Software
NI-DAQmx/LabVIEW shared documentation 9.5.5
NI-DAQmx/LabVIEW shared documentation for 64 Bit Windows 9.5.5
NI-Mesa
NI-RPC 4.3.0f0
NI-RPC 4.3.0f0 for 64 Bit Windows
NI-RPC 4.3.0f0 for Phar Lap ETS
NI .NET Framework 4.0
NI ActiveX Container
NI ActiveX Container (64-bit)
NI Assistant Framework
NI Assistant Framework 64-bit
NI Assistant Framework LabVIEW Code Generator 2012
NI Authentication 12.0.0
NI Authentication 12.0.0 (64-bit)
NI CodeSignAPI
NI Curl 12.0.0
NI Curl 12.0.0 (64-bit)
NI Customer Experience Improvement Program
NI DataSocket 5.0
NI DataSocket 5.0 (64-bit)
NI Distributed System Manager 2012
NI DN 2.0 SP1 installer
NI Error Reporting 2012
NI EulaDepot
NI Example Finder 12.0
NI GMP Windows 32-bit Installer 12.0.0
NI GMP Windows 64-bit Installer 12.0.0
NI Help Assistant
NI Help Assistant (64bit)
NI Instrument IO Assistant for LabVIEW 2012 32-bit
NI LabVIEW 2011 Real-Time NBFifo
NI LabVIEW 2012
NI LabVIEW 2012 (32-bit)
NI LabVIEW 2012 Deployable License
NI LabVIEW 2012 Deployment Framework
NI LabVIEW 2012 Help
NI LabVIEW 2012 Help File
NI LabVIEW 2012 License
NI LabVIEW 2012 Manuals
NI LabVIEW 2012 MeasAppChm File
NI LabVIEW 2012 Real-Time Error Dialog
NI LabVIEW 2012 Real-Time NBFifo
NI LabVIEW 2012 Run-Time Engine Web Server
NI LabVIEW 2012 Scripting Code Generator
NI LabVIEW 2012 Search
NI LabVIEW 2012 Simulation
NI LabVIEW 2012 Variable Web Service
NI LabVIEW 2012 Web Server
NI LabVIEW Broker
NI LabVIEW Broker (64 bit)
NI LabVIEW C Interface
NI LabVIEW Compare Utility 12.0.0
NI LabVIEW MAX XML
NI LabVIEW Merge Utility 12.0.0
NI LabVIEW Run-Time Engine 2011 SP1
NI LabVIEW Run-Time Engine 2012
NI LabVIEW Run-Time Engine Interop 2011
NI LabVIEW Run-Time Engine Interop 2012
NI LabVIEW Web Server for Run-Time Engine
NI LabVIEW Web Services Runtime
NI LabWindows/CVI 2010 LabVIEW DLL Builder
NI LabWindows/CVI 2010 SP1 Analysis Library
NI LabWindows/CVI 2010 SP1 Analysis Library (64-bit)
NI LabWindows/CVI 2010 SP1 Code Generator
NI LabWindows/CVI 2010 SP1 Low-Level Driver (Original)
NI LabWindows/CVI 2010 SP1 Low-Level Driver (Updated)
NI LabWindows/CVI 2010 SP1 Network Variable Library
NI LabWindows/CVI 2010 SP1 Network Variable Library (64-bit)
NI LabWindows/CVI 2010 SP1 Run-Time Engine (64-bit)
NI LabWindows/CVI 2010 SP1 TDM Streaming Library
NI LabWindows/CVI 2010 SP1 TDM Streaming Library (64-bit)
NI LabWindows/CVI Run-Time Engine 2010 SP1
NI LabWindows/CVI Run-Time Engine 2010 SP1 (Updated)
NI License Manager
NI Logos 5.4
NI Logos 5.4 (64-bit)
NI Logos LabVIEW 2012 Support
NI Logos XT Support
NI Logos64 XT Support
NI Math Kernel Libraries
NI Math Kernel Libraries (64-bit)
NI MAX Remote Configuration 64-bit Installer 5.3
NI MAX Remote Configuration Installer 5.3
NI MAX Support for 64 Bit Windows
NI MDF Support
NI mDNS Responder 2.1 for Windows 64-bit
NI mDNS Responder 2.1.0
NI Measurement & Automation Explorer 5.3.0
NI Measurement Studio Recipe Processor
NI MetaSuite Installer
NI MXS 5.3.0
NI MXS 5.3.0 for 64 Bit Windows
NI Network Discovery 5.3
NI Network Discovery 5.3 for Windows 64-bit
NI NI LabVIEW 2011 SP1 Run-Time Engine Non-English Support
NI NI LabVIEW 2012 Run-Time Engine Non-English Support.
NI OPC Support
NI Portable Configuration 5.3.0
NI Portable Configuration for 64 Bit Windows 5.3.0
NI Registration Wizard
NI Remote Provider for MAX 5.3.0
NI Remote PXI Provider for MAX 5.3.0
NI Search Shared
NI SLCP 1.0
NI Software Provider for MAX 5.3.0
NI SSL LabVIEW 2012 Support
NI SSL LabVIEW RTE 2012 Support
NI SSL Support
NI SSL Support (64-bit)
NI System API Client for WIF 5.3.0
NI System API Web-Servce 32-bit 5.3.0
NI System API Windows 32-bit 5.3.0
NI System API Windows 64-bit 5.3.0
NI System Configuration 5.3.0 LabVIEW Support
NI System Configuration LV2012 Support 5.3.0
NI System Configuration Runtime 5.3.0
NI System Configuration Runtime 5.3.0 for Windows 64-bit
NI System State Publisher
NI System State Publisher (64-bit)
NI System Web Server 12.0
NI System Web Server Base 12.0.0
NI System Web Server Base 12.0.0 (64-bit)
NI TDM Excel Add-In 3.4
NI TDM Excel Add-In 3.4 64-bit
NI TDM Streaming 2.4
NI TDM Streaming 2.4 (64-bit)
NI Trace Engine
NI Trace Engine (64-bit)
NI Uninstaller
NI Update Service 2.1
NI USI 2.0.0
NI USI 2.0.0 64-Bit
NI Variable Engine (64-bit)
NI Variable Engine 2.6.0
NI Variable Engine LabVIEW 2012 Support
NI VC2005MSMs x64
NI VC2005MSMs x86
NI VC2008MSMs x64
NI VC2008MSMs x86
NI VC2010MSMs x64
NI VC2010MSMs x86
NI VIPM Helper 2012
NI Web Application Server 12.0
NI Web Application Server 12.0 (64-bit)
NI Web Interface Framework 2012
NI Web Pipeline 2.0.1
NI Web Pipeline 2.0.1 64-bit support
NI Xalan Delay Load 1.10.2
NI Xalan Delay Load 1.10.2 64-bit
NI Xerces Delay Load 2.7.3
NI Xerces Delay Load 2.7.3 64-bit
NVIDIA Control Panel 327.02
NVIDIA Graphics Driver 327.02
NVIDIA Install Application
NVIDIA Optimus 1.14.17
NVIDIA PhysX
NVIDIA PhysX System Software 9.11.1111
NVIDIA Update 1.14.17
NVIDIA Update Components
Oasis2Service
OLYMPUS Digital Camera Updater
OLYMPUS Raw Codec
Paint Shop Pro 7 Anniversary Edition
PDF4Free 2.0
PlayMemories Home
PlayReady PC Runtime amd64
PlayStation(R)Network Downloader
PlayStation(R)Store
PRE10STI64Installer
PrimoPDF -- brought to you by Nitro PDF Software
PSE10 STI Installer
QuickBooks Pro 99
QuickTime
Reader for PC
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek PCIE Card Reader
Recuva
Remote Keyboard
Remote Play with PlayStation(R)3
Reset NI Config 5.0.0
SeaTools for Windows
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596927) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2878233) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2920790) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2920792) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2984942) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2817565) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2920793) 32-Bit Edition
Security Update for Microsoft Visual Studio 2010 Professional - ENU (KB2644980)
Security Update for Microsoft Visual Studio 2010 Professional - ENU (KB2645410)
Security Update for Microsoft Visual Studio Macro Tools (KB2669970)
Service Pack 1 for SQL Server 2008 (KB968369) (64-bit)
Skype™ 6.11
SmartSound Common Data
SmartSound Premiere Elements 10 x64 Plugin
SmartSound Sonicfire Pro 5
Sound Forge Audio Studio 10.0
Sql Server Customer Experience Improvement Program
SSLx64
SSLx86
StreetSmart Edge®
Synaptics Pointing Device Driver
TrackID(TM) with BRAVIA
TriDef 3D (Sony) 2.0.5
True Image 2013
TurboTax 2012
TurboTax 2012 wcaiper
TurboTax 2012 WinPerFedFormset
TurboTax 2012 WinPerReleaseEngine
TurboTax 2012 WinPerTaxSupport
TurboTax 2012 wrapper
TurboTax 2013
TurboTax 2013 wcaiper
TurboTax 2013 WinPerFedFormset
TurboTax 2013 WinPerReleaseEngine
TurboTax 2013 WinPerTaxSupport
TurboTax 2013 wrapper
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2920789) 32-Bit Edition
Update for Microsoft Office PowerPoint 2007 (KB2597972) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
V3DPx86
VAIO - Microsoft Visual C++ 2010 SP1 Runtime 10.0.40219.325
VAIO - PlayMemories Home Plug-in
VAIO - Remote Keyboard
VAIO - Remote Keyboard with PlayStation®3
VAIO - Remote Play with PlayStation®3
VAIO - TrackID™ with BRAVIA
VAIO 3D Portal
VAIO Care
VAIO Control Center
VAIO CPU Fan Diagnostic
VAIO Data Restore Tool
VAIO Easy Connect
VAIO Gate
VAIO Gate Default
VAIO Gesture Control
VAIO Health Report
VAIO Help and Support
VAIO Improvement
VAIO Manual
VAIO OOBE
VAIO Sample Contents
VAIO Satisfaction Survey.
VAIO Smart Network
VAIO Transfer Support
VBMx86
VCCx64
VCCx86
Vegas Movie Studio HD Platinum 11.0
VGClientX64
VGClientX86
VHD
ViewSonic Windows 7 Signed Files
Visual Studio 2010 Prerequisites - English
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
VIx64
VIx86
VMLx86
VPMx64
VSNx64
VSNx86
VSSTx64
VSSTx86
VU5x64
VU5x86
VWSTx86
WCF RIA Services V1.0 SP1
Web Deployment Tool
WIF Core Dependencies Windows 5.3.0
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Driver Package - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 5.20 beta 1 (64-bit)
.
==== Event Viewer Messages From Past Week ========
.
12/19/2014 7:08:41 AM, Error: Schannel [36887] - The following fatal alert was received: 80.
12/18/2014 6:19:32 PM, Error: Schannel [36888] - The following fatal alert was generated: 50. The internal error state is 959.
12/16/2014 9:01:57 AM, Error: Schannel [36888] - The following fatal alert was generated: 43. The internal error state is 252.
12/16/2014 9:00:09 AM, Error: Service Control Manager [7034] - The Oasis2Service service terminated unexpectedly. It has done this 1 time(s).
12/16/2014 8:45:45 AM, Error: Service Control Manager [7023] - The Superfetch service terminated with the following error: The system cannot find the file specified.
12/16/2014 8:45:21 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
12/16/2014 8:44:57 AM, Error: volmgr [46] - Crash dump initialization failed!
12/16/2014 5:05:49 AM, Error: Schannel [36887] - The following fatal alert was received: 50.
12/16/2014 2:30:07 AM, Error: Schannel [36887] - The following fatal alert was received: 20.
12/16/2014 2:06:53 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user RWOLF02\Rwolf01 SID (S-1-5-21-747785638-1536544367-690633523-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
12/16/2014 2:06:53 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user RWOLF02\Rwolf01 SID (S-1-5-21-747785638-1536544367-690633523-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
12/15/2014 8:37:07 PM, Error: Service Control Manager [7022] - The Oasis2Service service hung on starting.
12/13/2014 3:36:37 PM, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.
12/12/2014 9:10:25 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10003] - WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\IWMSSvc.dll
12/12/2014 9:09:22 PM, Error: Service Control Manager [7031] - The Acronis Nonstop Backup Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
12/12/2014 7:17:04 PM, Error: Service Control Manager [7022] - The VAIO Care Performance Service service hung on starting.
12/12/2014 7:15:04 PM, Error: Service Control Manager [7022] - The NVIDIA Update Service Daemon service hung on starting.
12/12/2014 6:18:14 AM, Error: Service Control Manager [7022] - The Energy Server Service service hung on starting.
12/12/2014 5:11:27 PM, Error: Microsoft-Windows-BitLocker-Driver [24620] - Encrypted volume check: Volume information on cannot be read.
12/12/2014 4:37:01 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the PMBDeviceInfoProvider service to connect.
12/12/2014 4:37:01 PM, Error: Service Control Manager [7000] - The PMBDeviceInfoProvider service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/12/2014 3:59:18 PM, Error: Service Control Manager [7038] - The TermService service was unable to log on as NT Authority\NetworkService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
12/12/2014 3:59:18 PM, Error: Service Control Manager [7038] - The netprofm service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
12/12/2014 3:59:18 PM, Error: Service Control Manager [7038] - The bthserv service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
12/12/2014 3:59:18 PM, Error: Service Control Manager [7001] - The Application Information service depends on the User Profile Service service which failed to start because of the following error: The service has not been started.
12/12/2014 3:59:18 PM, Error: Service Control Manager [7000] - The VSNService service failed to start due to the following error: The pipe has been ended.
12/12/2014 3:59:18 PM, Error: Service Control Manager [7000] - The Remote Desktop Services service failed to start due to the following error: The service did not start due to a logon failure.
12/12/2014 3:59:18 PM, Error: Service Control Manager [7000] - The Portable Device Enumerator Service service failed to start due to the following error: A system shutdown is in progress.
12/12/2014 3:59:18 PM, Error: Service Control Manager [7000] - The Network List Service service failed to start due to the following error: The service did not start due to a logon failure.
12/12/2014 3:59:18 PM, Error: Service Control Manager [7000] - The Bluetooth Support Service service failed to start due to the following error: The service did not start due to a logon failure.
12/12/2014 3:59:17 PM, Error: Service Control Manager [7038] - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
12/12/2014 3:59:17 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
12/12/2014 3:59:17 PM, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The service has not been started.
12/12/2014 3:59:17 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/12/2014 3:59:17 PM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The service did not start due to a logon failure.
12/12/2014 2:16:34 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
12/12/2014 1:43:36 PM, Error: Service Control Manager [7001] - The Internet Connection Sharing (ICS) service depends on the Remote Access Connection Manager service which failed to start because of the following error: A system shutdown is in progress.
12/12/2014 1:43:36 PM, Error: Service Control Manager [7000] - The Remote Access Connection Manager service failed to start due to the following error: A system shutdown is in progress.
12/12/2014 1:43:36 PM, Error: Service Control Manager [7000] - The IP Helper service failed to start due to the following error: A system shutdown is in progress.
12/12/2014 1:43:36 PM, Error: Service Control Manager [7000] - The Avira Web Protection service failed to start due to the following error: The pipe has been ended.
12/12/2014 1:43:35 PM, Error: Service Control Manager [7000] - The Avira Mail Protection service failed to start due to the following error: The pipe has been ended.
12/12/2014 1:43:32 PM, Error: Microsoft-Windows-DistributedCOM [10004] - DCOM got error "1115" and was unable to logon nt authority\localservice in order to run the server: {CB45D4CA-8A34-4EF1-9957-6134E5270E83}
12/12/2014 1:43:31 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
.
==== End Of File ===========================

 

[Broni]

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=================================

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

• Close all the running programs
• Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
• Otherwise just double-click on RogueKiller.exe
• Pre-scan will start. Let it finish.
• Click on SCAN button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Download

Malwarebytes Anti-Rootkit (MBAR) to your desktop.

• Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
• Double click on downloaded file. OK self extracting prompt.
• MBAR will start. Click "Next" to continue.
• Click in the following screen "Update" to obtain the latest malware definitions.
• Once the update is complete select "Next" and click "Scan".
• When the scan is finished and no malware has been found select "Exit".
• If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
• Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
  • "mbar-log-{date} (xx-xx-xx).txt"
  • "system-log.txt"

NOTE. If you see This version requires you to completely exit the Anti Malware application message right click on the Malwarebytes Anti-Malware icon in the system tray and click on Exit.

 

[Rwolf01]

Thanks for the suggestions I'll get started on them right away.

Just to be clear, I'd like to start a second thread for the other laptop that shares the DSL link with this one.

I'll do that in a few minutes.

 

[Rwolf01]

I have the downloads & instructions. I'll take the LT offline and disable Avira, then proceed as instructed....

 

[Rwolf01]

==================== Rogue Killer Report ========================

RogueKiller V10.1.0.0 [Dec 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Rwolf01 [Administrator]
Mode : Delete -- Date : 12/20/2014 08:34:14
¤¤¤ Processes : 0 ¤¤¤
¤¤¤ Registry : 27 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Not selected
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Not selected
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Not selected
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Not selected
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Not selected
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Not selected
[PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Not selected
[PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Not selected
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Not selected
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Not selected
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-747785638-1536544367-690633523-1001\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Not selected
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-747785638-1536544367-690633523-1001\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Not selected
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-747785638-1536544367-690633523-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Not selected
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-747785638-1536544367-690633523-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Not selected
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Not selected
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6588E2D2-D207-44D2-ACC4-CC6F54BBAC79} | DhcpNameServer : 172.20.10.1 -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{6588E2D2-D207-44D2-ACC4-CC6F54BBAC79} | DhcpNameServer : 172.20.10.1 -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{6588E2D2-D207-44D2-ACC4-CC6F54BBAC79} | DhcpNameServer : 172.20.10.1 -> Not selected
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-747785638-1536544367-690633523-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Not selected
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-747785638-1536544367-690633523-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Not selected
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-747785638-1536544367-690633523-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Not selected
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-747785638-1536544367-690633523-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: HGST HTS721010A9E630 +++++
--- User ---
[MBR] 59331366a284da0291e63c178988ffb5
[BSP] f8600e20d08b4521c7de7b42d5becd39 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097151 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: ADATA SP900 +++++
--- User ---
[MBR] 9e79df6146b2c2fe08bd94b91ff7da3f
[BSP] 5aee74dd0c3bde15f28d4f5bdf1cb56d : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097151 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive2: Buildwin MediaPlayer USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
+++++ PhysicalDrive3: ASMT 2105 USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

============================================
RKreport_DEL_06162014_123847.log - RKreport_SCN_06162014_123437.log - RKreport_SCN_06162014_124515.log - RKreport_SCN_12202014_083026.log

 

[Rwolf01]

Note: The system restore features were not setup correctly (I think that was a side-effect from a recent hard disk upgrade), but I got that fixed and created a restore point.

MBAR alerted that a registry entry "AppInit_Dlls" might indicate rootkit activity. But I told it NOT to delete the file. Had to reconnect to the network to updated MBAR's definition files.

But, when all was said & done, MBAR Beta v1.08.2.1001 reported:

"Congratulations no cleanup is required! Scan Finished: No Malware Found!"


===================== MBAR log ============================

Malwarebytes Anti-Rootkit BETA 1.08.2.1001
www.malwarebytes.org
Database version: v2014.12.20.04
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17501
Rwolf01 :: RWOLF02 [administrator]
12/20/2014 9:03:44 AM
mbar-log-2014-12-20 (09-03-44).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 415453
Time elapsed: 6 minute(s), 5 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)

 

[Rwolf01]

Thanks again for your assistance. I am standing by for the next instruction....

 

[Broni]

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  If the connection is not there use restore point you created prior to running Combofix.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

 

[Rwolf01]

Ran ComboFix as instructed.

Note: Even though I had the umbrella folded up in Avira, it still trapped an attempt to access the registry by ComboFix. I let it run to completion anyway then disabled Avira properly and reran it. Both logs are attached.

Note: I did not need to resort to the renamed combofix or Rkill.

Here are complete instructions for disabling Avira Antivirus Pro (from v14.0.7.468)

Right click the tray icon and uncheck Real Time Protection, Mail Protection, Web Protection and Firewall.
Now right click and select Start Antivirus Pro.
Click Extras->Configuration->General->Security and uncheck everything.
Click apply and close the program.

Important: After the next reboot the Umbrella will be open and some -- but not all -- the settings will be re-enabled. Repeat the above procedure to make sure everything is turned on after the scanning task has been completed.

======================= First ComboFix Log ===========================

ComboFix 14-12-14.01 - Rwolf01 12/20/2014 17:34:52.1.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.12187.8862 [GMT -8:00]
Running from: c:\users\Rwolf02\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2014-11-21 to 2014-12-21 )))))))))))))))))))))))))))))))
.
.
2014-12-21 01:46 . 2014-12-21 01:46 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-12-21 01:46 . 2014-12-21 01:46 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-12-21 01:46 . 2014-12-21 01:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-12-20 16:27 . 2014-12-20 16:27 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-12-18 11:11 . 2014-12-13 05:09 144384 ----a-w- c:\windows\system32\ieUnatt.exe
2014-12-18 11:11 . 2014-12-13 03:33 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-12-16 12:42 . 2014-12-16 12:42 -------- d-----w- c:\program files (x86)\ADATA
2014-12-16 11:36 . 2014-12-16 11:37 -------- d-----w- c:\program files\CCleaner
2014-12-16 07:55 . 2014-12-16 07:55 -------- d-----w- c:\users\Rwolf02\AppData\Roaming\Avira
2014-12-16 07:55 . 2014-11-24 18:23 43064 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2014-12-16 07:55 . 2014-11-24 18:23 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2014-12-16 07:55 . 2014-11-24 18:23 131608 ----a-w- c:\windows\system32\drivers\avipbb.sys
2014-12-16 07:55 . 2014-11-24 18:23 119272 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-12-16 07:55 . 2014-12-16 07:55 -------- d-----w- c:\program files (x86)\Avira
2014-12-13 01:09 . 2014-12-13 01:09 367200 ----a-w- c:\windows\system32\drivers\afcdp.sys
2014-12-13 01:09 . 2014-12-13 01:09 1462560 ----a-w- c:\windows\system32\drivers\tdrpman.sys
2014-12-13 01:09 . 2014-12-13 01:09 183224 ----a-w- c:\windows\system32\drivers\tib_mounter.sys
2014-12-13 01:09 . 2014-12-13 01:09 161568 ----a-w- c:\windows\system32\drivers\vididr.sys
2014-12-13 01:09 . 2014-12-13 01:09 1120032 ----a-w- c:\windows\system32\drivers\tib.sys
2014-12-13 01:09 . 2014-12-13 01:09 117024 ----a-w- c:\windows\system32\drivers\vidsflt.sys
2014-12-13 01:09 . 2014-12-13 01:09 233760 ----a-w- c:\windows\system32\drivers\snapman.sys
2014-12-13 01:09 . 2014-12-13 01:09 108832 ----a-w- c:\windows\system32\drivers\fltsrv.sys
2014-12-13 01:09 . 2014-12-13 01:09 -------- d-----w- c:\program files (x86)\Common Files\Acronis
2014-12-13 01:09 . 2014-12-13 01:09 -------- d-----w- c:\program files (x86)\Acronis
2014-12-10 11:21 . 2014-12-10 11:21 -------- d-----w- c:\windows\system32\appraiser
2014-12-10 11:01 . 2014-10-18 02:05 4121600 ----a-w- c:\windows\system32\mf.dll
2014-12-10 11:01 . 2014-10-18 01:33 3209728 ----a-w- c:\windows\SysWow64\mf.dll
2014-12-10 10:00 . 2014-11-08 03:16 2048 ----a-w- c:\windows\system32\tzres.dll
2014-12-10 10:00 . 2014-11-08 02:45 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-12-10 10:00 . 2014-12-01 23:28 1232040 ----a-w- c:\windows\system32\aitstatic.exe
2014-12-10 10:00 . 2014-12-04 02:50 413184 ----a-w- c:\windows\system32\generaltel.dll
2014-12-10 10:00 . 2014-12-04 02:50 741376 ----a-w- c:\windows\system32\invagent.dll
2014-12-10 10:00 . 2014-12-04 02:50 396800 ----a-w- c:\windows\system32\devinv.dll
2014-12-10 10:00 . 2014-12-04 02:50 227328 ----a-w- c:\windows\system32\aepdu.dll
2014-12-10 10:00 . 2014-12-04 02:50 192000 ----a-w- c:\windows\system32\aepic.dll
2014-12-10 10:00 . 2014-12-04 02:44 1083392 ----a-w- c:\windows\system32\aeinv.dll
2014-12-10 09:58 . 2014-10-30 02:03 165888 ----a-w- c:\windows\system32\charmap.exe
2014-12-10 09:58 . 2014-10-30 01:45 155136 ----a-w- c:\windows\SysWow64\charmap.exe
2014-12-10 09:58 . 2014-10-03 02:12 310272 ----a-w- c:\windows\system32\WsmWmiPl.dll
2014-12-10 09:58 . 2014-10-03 02:12 2020352 ----a-w- c:\windows\system32\WsmSvc.dll
2014-12-10 09:58 . 2014-10-03 02:12 346624 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll
2014-12-10 09:58 . 2014-10-03 02:12 181248 ----a-w- c:\windows\system32\WsmAuto.dll
2014-12-10 09:58 . 2014-10-03 02:11 266240 ----a-w- c:\windows\system32\WSManHTTPConfig.exe
2014-12-10 09:58 . 2014-10-03 01:45 248832 ----a-w- c:\windows\SysWow64\WSManMigrationPlugin.dll
2014-12-10 09:58 . 2014-10-03 01:45 214016 ----a-w- c:\windows\SysWow64\WsmWmiPl.dll
2014-12-10 09:58 . 2014-10-03 01:45 145920 ----a-w- c:\windows\SysWow64\WsmAuto.dll
2014-12-10 09:58 . 2014-10-03 01:45 1177088 ----a-w- c:\windows\SysWow64\WsmSvc.dll
2014-12-10 09:58 . 2014-10-03 01:44 198656 ----a-w- c:\windows\SysWow64\WSManHTTPConfig.exe
2014-12-03 06:31 . 2014-12-03 06:31 227048 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2014-11-22 11:02 . 2012-05-01 08:22 9888872 ----a-w- c:\windows\SysWow64\RtsPStorIcon.dll
2014-11-22 11:02 . 2012-05-01 08:22 340072 ----a-w- c:\windows\system32\drivers\RtsPStor.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-20 17:02 . 2014-06-15 09:14 135384 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-12-20 16:52 . 2014-06-15 09:14 96472 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-12-10 17:36 . 2012-08-10 22:00 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-10 17:36 . 2012-08-10 22:00 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-12-10 11:02 . 2012-08-17 19:13 112710672 ----a-w- c:\windows\system32\MRT.exe
2014-11-21 14:14 . 2014-06-15 09:14 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-11-21 14:14 . 2014-06-15 09:14 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-11-18 22:56 . 2014-11-18 22:56 1202848 ----a-w- c:\windows\SysWow64\FM20.DLL
2014-11-17 10:13 . 2012-09-29 19:44 3642528 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2014-11-11 03:08 . 2014-11-18 21:46 241152 ----a-w- c:\windows\system32\pku2u.dll
2014-11-11 03:08 . 2014-11-18 21:46 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-11-11 02:44 . 2014-11-18 21:46 186880 ----a-w- c:\windows\SysWow64\pku2u.dll
2014-11-11 02:44 . 2014-11-18 21:46 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-10-25 01:57 . 2014-11-16 04:17 77824 ----a-w- c:\windows\system32\packager.dll
2014-10-25 01:32 . 2014-11-16 04:17 67584 ----a-w- c:\windows\SysWow64\packager.dll
2014-10-18 02:05 . 2014-11-16 04:17 861696 ----a-w- c:\windows\system32\oleaut32.dll
2014-10-18 01:33 . 2014-11-16 04:17 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2014-10-14 19:03 . 2014-10-14 19:03 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-10-14 02:16 . 2014-11-16 04:22 155064 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-10-14 02:13 . 2014-11-16 04:22 683520 ----a-w- c:\windows\system32\termsrv.dll
2014-10-14 02:13 . 2014-11-16 04:17 3241984 ----a-w- c:\windows\system32\msi.dll
2014-10-14 02:12 . 2014-11-16 04:22 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-10-14 02:09 . 2014-11-16 04:22 146432 ----a-w- c:\windows\system32\msaudite.dll
2014-10-14 02:07 . 2014-11-16 04:22 681984 ----a-w- c:\windows\system32\adtschema.dll
2014-10-14 01:50 . 2014-11-16 04:22 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-10-14 01:50 . 2014-11-16 04:17 2363904 ----a-w- c:\windows\SysWow64\msi.dll
2014-10-14 01:49 . 2014-11-16 04:22 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-10-14 01:47 . 2014-11-16 04:22 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
2014-10-14 01:46 . 2014-11-16 04:22 681984 ----a-w- c:\windows\SysWow64\adtschema.dll
2014-10-10 00:57 . 2014-11-16 04:17 3198976 ----a-w- c:\windows\system32\win32k.sys
2014-10-03 02:12 . 2014-11-16 04:17 500224 ----a-w- c:\windows\system32\AUDIOKSE.dll
2014-10-03 02:11 . 2014-11-16 04:17 284672 ----a-w- c:\windows\system32\EncDump.dll
2014-10-03 02:11 . 2014-11-16 04:17 680960 ----a-w- c:\windows\system32\audiosrv.dll
2014-10-03 02:11 . 2014-11-16 04:17 440832 ----a-w- c:\windows\system32\AudioEng.dll
2014-10-03 02:11 . 2014-11-16 04:17 296448 ----a-w- c:\windows\system32\AudioSes.dll
2014-10-03 01:44 . 2014-11-16 04:17 442880 ----a-w- c:\windows\SysWow64\AUDIOKSE.dll
2014-10-03 01:44 . 2014-11-16 04:17 374784 ----a-w- c:\windows\SysWow64\AudioEng.dll
2014-10-03 01:44 . 2014-11-16 04:17 195584 ----a-w- c:\windows\SysWow64\AudioSes.dll
2014-09-25 02:08 . 2014-09-30 18:13 371712 ----a-w- c:\windows\system32\qdvd.dll
2014-09-25 01:40 . 2014-09-30 18:13 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickLaunch"="c:\program files (x86)\Schwab\StreetSmart Edge\QuickLaunch.exe" [2014-08-08 12288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-05-14 56088]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-03-09 291608]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2011-09-20 60552]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe" [2012-02-21 693608]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-11-20 1021128]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-10-07 507776]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2013-04-11 6382328]
"AcronisTibMounterMonitor"="c:\program files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe" [2013-01-10 1103424]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-11-24 702768]
.
c:\users\Rwolf02\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Monitor Ink Alerts - HP Officejet 6700.lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Officejet 6700\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN2AJ7QGQB05RQ;CONNECTION=USB;MONITOR=1; [2009-7-13 45568]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableSecureUIAPath"= 1 (0x1)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service\Oasis2Service.exe;c:\program files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 ADATA ToolBox Service;ADATA ToolBox Service;c:\program files (x86)\ADATA\SSD ToolBox\ToolBoxSvc.exe;c:\program files (x86)\ADATA\SSD ToolBox\ToolBoxSvc.exe [x]
R3 AMPPALP;Intel(r) Centrino(r) Wireless Bluetooth(r) + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1y60x64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys;c:\windows\SYSNATIVE\DRIVERS\ivusb.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [x]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [x]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R4 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
R4 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
R4 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 NIApplicationWebServer64;NI Application Web Server (64-bit);c:\program files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe;c:\program files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [x]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys;c:\windows\SYSNATIVE\DRIVERS\fltsrv.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys;c:\windows\SYSNATIVE\drivers\mv61xx.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 tib;Acronis TIB Manager;c:\windows\system32\DRIVERS\tib.sys;c:\windows\SYSNATIVE\DRIVERS\tib.sys [x]
S0 tib_mounter;Acronis TIB Mounter;c:\windows\system32\DRIVERS\tib_mounter.sys;c:\windows\SYSNATIVE\DRIVERS\tib_mounter.sys [x]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys;c:\windows\SYSNATIVE\DRIVERS\vididr.sys [x]
S0 vidsflt;Acronis Disk Storage Filter;c:\windows\system32\DRIVERS\vidsflt.sys;c:\windows\SYSNATIVE\DRIVERS\vidsflt.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 ActiveDelayDeviceService;ActiveDelayDeviceService;c:\program files (x86)\Sony\VAIO Boot Manager\ActiveDelayDeviceService.exe;c:\program files (x86)\Sony\VAIO Boot Manager\ActiveDelayDeviceService.exe [x]
S2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [x]
S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 AntiVirMailService;Avira Mail Protection;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 ESRV_SVC;Energy Server Service;c:\program files\Sony\VAIO Care\esrv\esrv_svc.exe --AUTO_START --start --address 127.0.0.1;c:\program files\Sony\VAIO Care\esrv\esrv_svc.exe --AUTO_START --start --address 127.0.0.1 [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 NIApplicationWebServer;NI Application Web Server;c:\program files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe;c:\program files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [x]
S2 nimDNSResponder;NI mDNS Responder Service;c:\program files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe;c:\program files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [x]
S2 NINetworkDiscovery;NI Network Discovery;c:\program files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe;c:\program files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe [x]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [x]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe;c:\program files\Sony\VAIO Care\VCPerfService.exe [x]
S2 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe;c:\program files\Sony\VAIO Power Management\SPMService.exe [x]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe;c:\program files\Sony\VAIO Smart Network\VSNService.exe [x]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys;c:\windows\SYSNATIVE\DRIVERS\afcdp.sys [x]
S3 AMPPAL;Intel(r) Centrino(r) Wireless Bluetooth(r) + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
S3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 semav6thermal64ro;semav6thermal64ro;c:\windows\system32\drivers\semav6thermal64ro.sys;c:\windows\SYSNATIVE\drivers\semav6thermal64ro.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys;c:\windows\SYSNATIVE\DRIVERS\SFEP.sys [x]
S3 SIUSBXP;SIUSBXP;c:\windows\system32\drivers\SiUSBXp.sys;c:\windows\SYSNATIVE\drivers\SiUSBXp.sys [x]
S3 USER_ESRV_SVC;User Energy Server Service;c:\program files\Sony\VAIO Care\esrv\esrv_svc.exe;c:\program files\Sony\VAIO Care\esrv\esrv_svc.exe [x]
S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe;c:\program files\Sony\VAIO Care\VCService.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-12-12 12:15 1087816 ----a-w- c:\program files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-12-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-10 17:36]
.
2014-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-21 06:44]
.
2014-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-21 06:44]
.
2014-12-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-747785638-1536544367-690633523-1001Core.job
- c:\users\Rwolf02\AppData\Local\Google\Update\GoogleUpdate.exe [2014-04-30 22:04]
.
2014-12-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-747785638-1536544367-690633523-1001UA.job
- c:\users\Rwolf02\AppData\Local\Google\Update\GoogleUpdate.exe [2014-04-30 22:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncError]
@="{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}"
[HKEY_CLASSES_ROOT\CLSID\{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}]
2013-04-11 00:42 2888048 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncInProgress]
@="{00F848DC-B1D4-4892-9C25-CAADC86A215D}"
[HKEY_CLASSES_ROOT\CLSID\{00F848DC-B1D4-4892-9C25-CAADC86A215D}]
2013-04-11 00:42 2888048 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncOk]
@="{71573297-552E-46fc-BE3D-3DFAF88D47B7}"
[HKEY_CLASSES_ROOT\CLSID\{71573297-552E-46fc-BE3D-3DFAF88D47B7}]
2013-04-11 00:42 2888048 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-02-20 1158248]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-02-20 1158248]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-04-03 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-04-03 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-04-03 439064]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2013-02-15 516928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.com/?gws_rd=ssl
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255}\2577F6C66603132E08993702960586F6E656: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255}\3305145485: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255}\44F6279637E45647: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255}\46C696E6B6: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255}\742716973734162696E6: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255}\B4C6165737723734162696E6: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255}\D494C4E45425D2C414D2355434552554: NameServer = 8.8.8.8,8.8.4.4
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{41564952-412D-5637-4300-7A786E7484D7} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{0131D7EF-65FF-478F-8ABD-5ABEE24EC8EF} - c:\programdata\{AA28280A-C4CA-4B4F-9DF1-593032D2F3EC}\VAIO Messenger Setup 2.0.550.0.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\%C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_246_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_246_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-12-20 18:09:31
ComboFix-quarantined-files.txt 2014-12-21 02:09
.
Pre-Run: 100,336,418,816 bytes free
Post-Run: 100,243,820,544 bytes free
.
- - End Of File - - E2B3776C3C840F41BA2B5B19590F3A50

 

[Rwolf01]

====================== Second Combofix log =========================

ComboFix 14-12-14.01 - Rwolf01 12/20/2014 18:34:27.2.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.12187.8676 [GMT -8:00]
Running from: c:\users\Rwolf02\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2014-11-21 to 2014-12-21 )))))))))))))))))))))))))))))))
.
.
2014-12-21 02:44 . 2014-12-21 02:44 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-12-21 02:44 . 2014-12-21 02:44 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-12-21 02:44 . 2014-12-21 02:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-12-20 16:27 . 2014-12-20 16:27 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-12-18 11:11 . 2014-12-13 05:09 144384 ----a-w- c:\windows\system32\ieUnatt.exe
2014-12-18 11:11 . 2014-12-13 03:33 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-12-16 12:42 . 2014-12-16 12:42 -------- d-----w- c:\program files (x86)\ADATA
2014-12-16 11:36 . 2014-12-16 11:37 -------- d-----w- c:\program files\CCleaner
2014-12-16 07:55 . 2014-12-16 07:55 -------- d-----w- c:\users\Rwolf02\AppData\Roaming\Avira
2014-12-16 07:55 . 2014-11-24 18:23 43064 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2014-12-16 07:55 . 2014-11-24 18:23 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2014-12-16 07:55 . 2014-11-24 18:23 131608 ----a-w- c:\windows\system32\drivers\avipbb.sys
2014-12-16 07:55 . 2014-11-24 18:23 119272 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-12-16 07:55 . 2014-12-16 07:55 -------- d-----w- c:\program files (x86)\Avira
2014-12-13 01:09 . 2014-12-13 01:09 367200 ----a-w- c:\windows\system32\drivers\afcdp.sys
2014-12-13 01:09 . 2014-12-13 01:09 1462560 ----a-w- c:\windows\system32\drivers\tdrpman.sys
2014-12-13 01:09 . 2014-12-13 01:09 183224 ----a-w- c:\windows\system32\drivers\tib_mounter.sys
2014-12-13 01:09 . 2014-12-13 01:09 161568 ----a-w- c:\windows\system32\drivers\vididr.sys
2014-12-13 01:09 . 2014-12-13 01:09 1120032 ----a-w- c:\windows\system32\drivers\tib.sys
2014-12-13 01:09 . 2014-12-13 01:09 117024 ----a-w- c:\windows\system32\drivers\vidsflt.sys
2014-12-13 01:09 . 2014-12-13 01:09 233760 ----a-w- c:\windows\system32\drivers\snapman.sys
2014-12-13 01:09 . 2014-12-13 01:09 108832 ----a-w- c:\windows\system32\drivers\fltsrv.sys
2014-12-13 01:09 . 2014-12-13 01:09 -------- d-----w- c:\program files (x86)\Common Files\Acronis
2014-12-13 01:09 . 2014-12-13 01:09 -------- d-----w- c:\program files (x86)\Acronis
2014-12-10 11:21 . 2014-12-10 11:21 -------- d-----w- c:\windows\system32\appraiser
2014-12-10 11:01 . 2014-10-18 02:05 4121600 ----a-w- c:\windows\system32\mf.dll
2014-12-10 11:01 . 2014-10-18 01:33 3209728 ----a-w- c:\windows\SysWow64\mf.dll
2014-12-10 10:00 . 2014-11-08 03:16 2048 ----a-w- c:\windows\system32\tzres.dll
2014-12-10 10:00 . 2014-11-08 02:45 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-12-10 10:00 . 2014-12-01 23:28 1232040 ----a-w- c:\windows\system32\aitstatic.exe
2014-12-10 10:00 . 2014-12-04 02:50 413184 ----a-w- c:\windows\system32\generaltel.dll
2014-12-10 10:00 . 2014-12-04 02:50 741376 ----a-w- c:\windows\system32\invagent.dll
2014-12-10 10:00 . 2014-12-04 02:50 396800 ----a-w- c:\windows\system32\devinv.dll
2014-12-10 10:00 . 2014-12-04 02:50 227328 ----a-w- c:\windows\system32\aepdu.dll
2014-12-10 10:00 . 2014-12-04 02:50 192000 ----a-w- c:\windows\system32\aepic.dll
2014-12-10 10:00 . 2014-12-04 02:44 1083392 ----a-w- c:\windows\system32\aeinv.dll
2014-12-10 09:58 . 2014-10-30 02:03 165888 ----a-w- c:\windows\system32\charmap.exe
2014-12-10 09:58 . 2014-10-30 01:45 155136 ----a-w- c:\windows\SysWow64\charmap.exe
2014-12-10 09:58 . 2014-10-03 02:12 310272 ----a-w- c:\windows\system32\WsmWmiPl.dll
2014-12-10 09:58 . 2014-10-03 02:12 2020352 ----a-w- c:\windows\system32\WsmSvc.dll
2014-12-10 09:58 . 2014-10-03 02:12 346624 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll
2014-12-10 09:58 . 2014-10-03 02:12 181248 ----a-w- c:\windows\system32\WsmAuto.dll
2014-12-10 09:58 . 2014-10-03 02:11 266240 ----a-w- c:\windows\system32\WSManHTTPConfig.exe
2014-12-10 09:58 . 2014-10-03 01:45 248832 ----a-w- c:\windows\SysWow64\WSManMigrationPlugin.dll
2014-12-10 09:58 . 2014-10-03 01:45 214016 ----a-w- c:\windows\SysWow64\WsmWmiPl.dll
2014-12-10 09:58 . 2014-10-03 01:45 145920 ----a-w- c:\windows\SysWow64\WsmAuto.dll
2014-12-10 09:58 . 2014-10-03 01:45 1177088 ----a-w- c:\windows\SysWow64\WsmSvc.dll
2014-12-10 09:58 . 2014-10-03 01:44 198656 ----a-w- c:\windows\SysWow64\WSManHTTPConfig.exe
2014-12-03 06:31 . 2014-12-03 06:31 227048 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2014-11-22 11:02 . 2012-05-01 08:22 9888872 ----a-w- c:\windows\SysWow64\RtsPStorIcon.dll
2014-11-22 11:02 . 2012-05-01 08:22 340072 ----a-w- c:\windows\system32\drivers\RtsPStor.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-20 17:02 . 2014-06-15 09:14 135384 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-12-20 16:52 . 2014-06-15 09:14 96472 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-12-10 17:36 . 2012-08-10 22:00 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-10 17:36 . 2012-08-10 22:00 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-12-10 11:02 . 2012-08-17 19:13 112710672 ----a-w- c:\windows\system32\MRT.exe
2014-11-21 14:14 . 2014-06-15 09:14 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-11-21 14:14 . 2014-06-15 09:14 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-11-18 22:56 . 2014-11-18 22:56 1202848 ----a-w- c:\windows\SysWow64\FM20.DLL
2014-11-17 10:13 . 2012-09-29 19:44 3642528 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2014-11-11 03:08 . 2014-11-18 21:46 241152 ----a-w- c:\windows\system32\pku2u.dll
2014-11-11 03:08 . 2014-11-18 21:46 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-11-11 02:44 . 2014-11-18 21:46 186880 ----a-w- c:\windows\SysWow64\pku2u.dll
2014-11-11 02:44 . 2014-11-18 21:46 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-10-25 01:57 . 2014-11-16 04:17 77824 ----a-w- c:\windows\system32\packager.dll
2014-10-25 01:32 . 2014-11-16 04:17 67584 ----a-w- c:\windows\SysWow64\packager.dll
2014-10-18 02:05 . 2014-11-16 04:17 861696 ----a-w- c:\windows\system32\oleaut32.dll
2014-10-18 01:33 . 2014-11-16 04:17 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2014-10-14 19:03 . 2014-10-14 19:03 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-10-14 02:16 . 2014-11-16 04:22 155064 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-10-14 02:13 . 2014-11-16 04:22 683520 ----a-w- c:\windows\system32\termsrv.dll
2014-10-14 02:13 . 2014-11-16 04:17 3241984 ----a-w- c:\windows\system32\msi.dll
2014-10-14 02:12 . 2014-11-16 04:22 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-10-14 02:09 . 2014-11-16 04:22 146432 ----a-w- c:\windows\system32\msaudite.dll
2014-10-14 02:07 . 2014-11-16 04:22 681984 ----a-w- c:\windows\system32\adtschema.dll
2014-10-14 01:50 . 2014-11-16 04:22 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-10-14 01:50 . 2014-11-16 04:17 2363904 ----a-w- c:\windows\SysWow64\msi.dll
2014-10-14 01:49 . 2014-11-16 04:22 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-10-14 01:47 . 2014-11-16 04:22 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
2014-10-14 01:46 . 2014-11-16 04:22 681984 ----a-w- c:\windows\SysWow64\adtschema.dll
2014-10-10 00:57 . 2014-11-16 04:17 3198976 ----a-w- c:\windows\system32\win32k.sys
2014-10-03 02:12 . 2014-11-16 04:17 500224 ----a-w- c:\windows\system32\AUDIOKSE.dll
2014-10-03 02:11 . 2014-11-16 04:17 284672 ----a-w- c:\windows\system32\EncDump.dll
2014-10-03 02:11 . 2014-11-16 04:17 680960 ----a-w- c:\windows\system32\audiosrv.dll
2014-10-03 02:11 . 2014-11-16 04:17 440832 ----a-w- c:\windows\system32\AudioEng.dll
2014-10-03 02:11 . 2014-11-16 04:17 296448 ----a-w- c:\windows\system32\AudioSes.dll
2014-10-03 01:44 . 2014-11-16 04:17 442880 ----a-w- c:\windows\SysWow64\AUDIOKSE.dll
2014-10-03 01:44 . 2014-11-16 04:17 374784 ----a-w- c:\windows\SysWow64\AudioEng.dll
2014-10-03 01:44 . 2014-11-16 04:17 195584 ----a-w- c:\windows\SysWow64\AudioSes.dll
2014-09-25 02:08 . 2014-09-30 18:13 371712 ----a-w- c:\windows\system32\qdvd.dll
2014-09-25 01:40 . 2014-09-30 18:13 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickLaunch"="c:\program files (x86)\Schwab\StreetSmart Edge\QuickLaunch.exe" [2014-08-08 12288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-05-14 56088]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-03-09 291608]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2011-09-20 60552]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe" [2012-02-21 693608]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-11-20 1021128]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-10-07 507776]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2013-04-11 6382328]
"AcronisTibMounterMonitor"="c:\program files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe" [2013-01-10 1103424]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-11-24 702768]
.
c:\users\Rwolf02\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Monitor Ink Alerts - HP Officejet 6700.lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Officejet 6700\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN2AJ7QGQB05RQ;CONNECTION=USB;MONITOR=1; [2009-7-13 45568]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableSecureUIAPath"= 1 (0x1)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service\Oasis2Service.exe;c:\program files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 ADATA ToolBox Service;ADATA ToolBox Service;c:\program files (x86)\ADATA\SSD ToolBox\ToolBoxSvc.exe;c:\program files (x86)\ADATA\SSD ToolBox\ToolBoxSvc.exe [x]
R3 AMPPALP;Intel(r) Centrino(r) Wireless Bluetooth(r) + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1y60x64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys;c:\windows\SYSNATIVE\DRIVERS\ivusb.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [x]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [x]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R4 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
R4 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
R4 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 NIApplicationWebServer64;NI Application Web Server (64-bit);c:\program files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe;c:\program files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [x]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys;c:\windows\SYSNATIVE\DRIVERS\fltsrv.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys;c:\windows\SYSNATIVE\drivers\mv61xx.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 tib;Acronis TIB Manager;c:\windows\system32\DRIVERS\tib.sys;c:\windows\SYSNATIVE\DRIVERS\tib.sys [x]
S0 tib_mounter;Acronis TIB Mounter;c:\windows\system32\DRIVERS\tib_mounter.sys;c:\windows\SYSNATIVE\DRIVERS\tib_mounter.sys [x]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys;c:\windows\SYSNATIVE\DRIVERS\vididr.sys [x]
S0 vidsflt;Acronis Disk Storage Filter;c:\windows\system32\DRIVERS\vidsflt.sys;c:\windows\SYSNATIVE\DRIVERS\vidsflt.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 ActiveDelayDeviceService;ActiveDelayDeviceService;c:\program files (x86)\Sony\VAIO Boot Manager\ActiveDelayDeviceService.exe;c:\program files (x86)\Sony\VAIO Boot Manager\ActiveDelayDeviceService.exe [x]
S2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [x]
S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 AntiVirMailService;Avira Mail Protection;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 ESRV_SVC;Energy Server Service;c:\program files\Sony\VAIO Care\esrv\esrv_svc.exe --AUTO_START --start --address 127.0.0.1;c:\program files\Sony\VAIO Care\esrv\esrv_svc.exe --AUTO_START --start --address 127.0.0.1 [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 NIApplicationWebServer;NI Application Web Server;c:\program files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe;c:\program files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [x]
S2 nimDNSResponder;NI mDNS Responder Service;c:\program files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe;c:\program files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [x]
S2 NINetworkDiscovery;NI Network Discovery;c:\program files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe;c:\program files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe [x]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [x]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe;c:\program files\Sony\VAIO Care\VCPerfService.exe [x]
S2 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe;c:\program files\Sony\VAIO Power Management\SPMService.exe [x]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe;c:\program files\Sony\VAIO Smart Network\VSNService.exe [x]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys;c:\windows\SYSNATIVE\DRIVERS\afcdp.sys [x]
S3 AMPPAL;Intel(r) Centrino(r) Wireless Bluetooth(r) + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
S3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 semav6thermal64ro;semav6thermal64ro;c:\windows\system32\drivers\semav6thermal64ro.sys;c:\windows\SYSNATIVE\drivers\semav6thermal64ro.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys;c:\windows\SYSNATIVE\DRIVERS\SFEP.sys [x]
S3 SIUSBXP;SIUSBXP;c:\windows\system32\drivers\SiUSBXp.sys;c:\windows\SYSNATIVE\drivers\SiUSBXp.sys [x]
S3 USER_ESRV_SVC;User Energy Server Service;c:\program files\Sony\VAIO Care\esrv\esrv_svc.exe;c:\program files\Sony\VAIO Care\esrv\esrv_svc.exe [x]
S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe;c:\program files\Sony\VAIO Care\VCService.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-12-12 12:15 1087816 ----a-w- c:\program files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-12-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-10 17:36]
.
2014-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-21 06:44]
.
2014-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-21 06:44]
.
2014-12-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-747785638-1536544367-690633523-1001Core.job
- c:\users\Rwolf02\AppData\Local\Google\Update\GoogleUpdate.exe [2014-04-30 22:04]
.
2014-12-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-747785638-1536544367-690633523-1001UA.job
- c:\users\Rwolf02\AppData\Local\Google\Update\GoogleUpdate.exe [2014-04-30 22:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncError]
@="{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}"
[HKEY_CLASSES_ROOT\CLSID\{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}]
2013-04-11 00:42 2888048 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncInProgress]
@="{00F848DC-B1D4-4892-9C25-CAADC86A215D}"
[HKEY_CLASSES_ROOT\CLSID\{00F848DC-B1D4-4892-9C25-CAADC86A215D}]
2013-04-11 00:42 2888048 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncOk]
@="{71573297-552E-46fc-BE3D-3DFAF88D47B7}"
[HKEY_CLASSES_ROOT\CLSID\{71573297-552E-46fc-BE3D-3DFAF88D47B7}]
2013-04-11 00:42 2888048 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-02-20 1158248]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-02-20 1158248]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-04-03 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-04-03 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-04-03 439064]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2013-02-15 516928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.com/?gws_rd=ssl
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255}\2577F6C66603132E08993702960586F6E656: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255}\3305145485: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255}\44F6279637E45647: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255}\46C696E6B6: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255}\742716973734162696E6: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255}\B4C6165737723734162696E6: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255}\D494C4E45425D2C414D2355434552554: NameServer = 8.8.8.8,8.8.4.4
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{41564952-412D-5637-4300-7A786E7484D7} - (no file)
AddRemove-{0131D7EF-65FF-478F-8ABD-5ABEE24EC8EF} - c:\programdata\{AA28280A-C4CA-4B4F-9DF1-593032D2F3EC}\VAIO Messenger Setup 2.0.550.0.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\%C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_246_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_246_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-12-20 19:06:16
ComboFix-quarantined-files.txt 2014-12-21 03:06
ComboFix2.txt 2014-12-21 02:09
.
Pre-Run: 100,331,601,920 bytes free
Post-Run: 100,246,687,744 bytes free
.
- - End Of File - - DF220939D740D1D43D03F923C45D3E34

 

[Rwolf01]

Thanks again for your help. As I noted in the other thread, we'll be traveling for the holidays starting tomorrow. Both laptops will go with us and I will stay on top of this process.

However, I will lose access to the second LT from 12/30 to 1/7. This one will follow me everywhere. So I guess that makes the other machine the higher priority.

Note: Both machines are more or less functional at the moment, so if you need to push out either or both of these threads until after the New Year (to spend time with family, or help some poor soul who has much larger flames coming out of their PC) I'm happy to accommodate that. (but if you have the time, the holiday break will actually be a good opportunity for me to get through this, and I'm happy to do that)

Best Regards,

Rwolf

 

[Broni]

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
• Click on Scan button.
• When the scan has finished click on Clean button.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the contents of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.

 

[Rwolf01]

===================== AdwCleaner Log File ==================

# AdwCleaner v4.105 - Report created 20/12/2014 at 22:08:44
# Updated 08/12/2014 by Xplode
# Database : 2014-12-08.2 [Local]
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Rwolf01 - RWOLF02
# Running from : D:\MyDocs\Nuggets\TechSpot\12-16-14DiagnosticSession\adwcleaner_4.105.exe
# Option : Clean
***** [ Services ] *****

***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\iolo
Folder Deleted : C:\Users\Rwolf02\AppData\Roaming\iolo
***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{92F7027F-BEDE-4E87-B18A-A12E3C4A2A96}
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17496

-\\ Google Chrome v39.0.2171.95
[C:\Users\Rwolf02\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Rwolf02\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
*************************
AdwCleaner[R0].txt - [1312 octets] - [20/12/2014 21:59:59]
AdwCleaner[S0].txt - [1245 octets] - [20/12/2014 22:08:44]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1305 octets] ##########


======================== JRT.TXT ==========================


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Professional x64
Ran by Rwolf01 on Sat 12/20/2014 at 22:13:55.67
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Empty Folder] C:\Users\Rwolf02\appdata\local\{5F407442-60FF-4952-B773-0C255A01C502}
Successfully deleted: [Empty Folder] C:\Users\Rwolf02\appdata\local\{92719C14-E488-4C46-AB7E-BC081599DCCE}
Successfully deleted: [Empty Folder] C:\Users\Rwolf02\appdata\local\{93CC4CB7-2908-4BBE-BD77-D5B1350B1B4E}
Successfully deleted: [Empty Folder] C:\Users\Rwolf02\appdata\local\{99EA9211-EB45-4103-8A7F-FD475CB7677D}
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 12/20/2014 at 22:16:18.20
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


====================== FRST.TXT ========================

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-12-2014
Ran by Rwolf01 (administrator) on RWOLF02 on 20-12-2014 22:20:07
Running from C:\Users\Rwolf02\Desktop
Loaded Profiles: UpdatusUser & Rwolf01 (Available profiles: UpdatusUser & Rwolf01)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Boot Manager\ActiveDelayDeviceService.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(National Instruments Corporation) C:\Windows\SysWOW64\lkads.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\MAX\nimxs.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe
(Digital Delivery Networks, Inc.) C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(National Instruments, Inc.) C:\Windows\SysWOW64\lkcitdl.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(National Instruments Corporation) C:\Windows\SysWOW64\lktsrv.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESGfxMgr.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Charles Schwab & Co., Inc.) C:\Program Files (x86)\Schwab\StreetSmart Edge\QuickLaunch.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
() C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
() C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
(Sony of America Corporation) C:\Program Files\Sony\VAIO Care\listener.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAdmin.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Improvement\vim.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Improvement\vim.exe

==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-02-20] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-02-20] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2884880 2012-03-18] (Synaptics Incorporated)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [516928 2013-02-15] (Acronis)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-05-02] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-09] (Intel Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [60552 2011-09-20] (Sony Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] => c:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [693608 2012-02-21] (Sony Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [6382328 2013-04-10] (Acronis)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1103424 2013-01-10] (Acronis)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-11-24] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-747785638-1536544367-690633523-1001\...\Run: [QuickLaunch] => C:\Program Files (x86)\Schwab\StreetSmart Edge\QuickLaunch.exe [12288 2014-08-08] (Charles Schwab & Co., Inc.)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [141336 2013-09-05] (NVIDIA Corporation)
Startup: C:\Users\Rwolf02\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 6700.lnk
ShortcutTarget: Monitor Ink Alerts - HP Officejet 6700.lnk -> C:\Program Files\HP\HP Officejet 6700\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis)
ShellIconOverlayIdentifiers-x32: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\SysWOW64\AcSignIcon.dll (Autodesk)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-747785638-1536544367-690633523-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-747785638-1536544367-690633523-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-747785638-1536544367-690633523-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-747785638-1536544367-690633523-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-747785638-1536544367-690633523-1001 -> {AEBA69D8-4D86-4FF2-B8C0-47319A84C524} URL = https://www.google.com/search?q={searchTerms}
BHO: No Name -> {41564952-412D-5637-4300-7A786E7484D7} -> No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {02CF1781-EA91-4FA5-A200-646E8241987C} http://esupport.sony.com/VaioInfo.CAB
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {B8E53531-F29E-4180-AE3E-DF485CC8BE32} http://palumbicam.stanford.edu/JpegInstV4.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 10 C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [24320] (National Instruments Corporation)
Winsock: Catalog5-x64 10 C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [26368] (National Instruments Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255}: [NameServer] 8.8.8.8,8.8.4.4
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @playstation.com/PsndlCheck,version=1.00 -> C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF Plugin-x32: @sony.com/ReaderDesktop -> C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-747785638-1536544367-690633523-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Rwolf02\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-747785638-1536544367-690633523-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Rwolf02\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll No File
CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll No File
CHR Plugin: (Media Go Detector) - C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
CHR Plugin: (PlayStation(R)Network Downloader Check Plug-in) - C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
CHR Plugin: (Reader Application Detector) - C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll No File
CHR Plugin: (RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll No File
CHR Plugin: (RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll No File
CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Profile: C:\Users\Rwolf02\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Rwolf02\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-18]
CHR Extension: (Google Drive) - C:\Users\Rwolf02\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-18]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Rwolf02\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-07]
CHR Extension: (YouTube) - C:\Users\Rwolf02\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-18]
CHR Extension: (Google Cast) - C:\Users\Rwolf02\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-04-30]
CHR Extension: (Google Search) - C:\Users\Rwolf02\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-18]
CHR Extension: (Google Wallet) - C:\Users\Rwolf02\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-22]
CHR Extension: (Gmail) - C:\Users\Rwolf02\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-18]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 ActiveDelayDeviceService; C:\Program Files (x86)\Sony\VAIO Boot Manager\ActiveDelayDeviceService.exe [78472 2011-09-20] (Sony Corporation)
S3 ADATA ToolBox Service; C:\Program Files (x86)\ADATA\SSD ToolBox\ToolBoxSvc.exe [2236416 2014-11-07] () [File not signed]
R2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated)
R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [807672 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [993584 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 EPSON_EB_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE [163840 2007-12-17] (SEIKO EPSON CORPORATION) [File not signed]
R2 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE [126464 2007-01-11] (SEIKO EPSON CORPORATION) [File not signed]
R2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe [427432 2013-02-22] ()
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [127320 2012-03-23] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [162648 2012-03-23] (Intel Corporation)
R2 LkCitadelServer; C:\Windows\SysWOW64\lkcitdl.exe [695136 2011-05-06] (National Instruments, Inc.)
R2 lkClassAds; C:\Windows\SysWOW64\lkads.exe [50328 2012-06-05] (National Instruments Corporation)
R2 lkTimeSync; C:\Windows\SysWOW64\lktsrv.exe [60568 2012-06-05] (National Instruments Corporation)
R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation)
R2 mxssvr; C:\Program Files (x86)\National Instruments\MAX\nimxs.exe [51360 2012-05-22] (National Instruments Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-11-20] ()
R2 NIApplicationWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [53960 2012-05-22] (National Instruments Corporation)
S4 NIApplicationWebServer64; C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [76488 2012-05-22] (National Instruments Corporation)
R2 NIDomainService; C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [370328 2012-06-05] (National Instruments Corporation)
S3 NILM License Manager; C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe [1427688 2010-08-02] (Macrovision Corporation)
R2 nimDNSResponder; C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [258776 2012-05-31] (National Instruments Corporation)
R2 NINetworkDiscovery; C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe [169192 2012-06-05] (National Instruments Corporation)
R2 niSvcLoc; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe [53952 2012-05-22] (National Instruments Corporation)
R2 NITaggerService; C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe [680624 2012-06-07] (National Instruments Corporation)
R2 Oasis2Service; C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [61440 2013-07-02] (Digital Delivery Networks, Inc.) [File not signed]
R2 PMBDeviceInfoProvider; c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [473960 2012-02-21] (Sony Corporation)
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [258048 2013-03-04] (Sony Corporation) [File not signed]
S3 Sony SCSI Helper Service; C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe [73728 2011-09-23] (Sony Corporation) [File not signed]
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation)
R3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe [427432 2013-02-22] ()
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [960160 2011-12-29] (Sony Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3674864 2013-11-20] (Intel® Corporation)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [43064 2014-11-24] (Avira Operations GmbH & Co. KG)
R0 mv61xx; C:\Windows\System32\drivers\mv61xx.sys [182576 2011-05-17] (Marvell Semiconductor, Inc.)
R3 semav6thermal64ro; C:\Windows\system32\drivers\semav6thermal64ro.sys [13792 2012-11-06] ()
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2014-12-12] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [183224 2014-12-12] (Acronis)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2014-12-20] ()
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2014-12-12] (Acronis International GmbH)
S3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [285696 2007-06-17] (Jungo) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

(( to be continued in next post))

 

[Rwolf01]

==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-20 22:20 - 2014-12-20 22:20 - 00029832 _____ () C:\Users\Rwolf02\Desktop\FRST.txt
2014-12-20 22:19 - 2014-12-20 22:20 - 00000000 ____D () C:\FRST
2014-12-20 21:59 - 2014-12-20 22:08 - 00000000 ____D () C:\AdwCleaner
2014-12-20 21:53 - 2014-12-20 21:53 - 02122240 _____ (Farbar) C:\Users\Rwolf02\Desktop\FRST64.exe
2014-12-20 21:51 - 2014-12-20 21:51 - 02166272 _____ () C:\Users\Rwolf02\Downloads\adwcleaner_4.105.exe
2014-12-20 19:06 - 2014-12-20 19:06 - 00034716 _____ () C:\ComboFix.txt
2014-12-20 17:33 - 2014-12-20 19:07 - 00000000 ____D () C:\Qoobox
2014-12-20 17:33 - 2011-06-25 22:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-12-20 17:33 - 2010-11-07 09:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-12-20 17:33 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-12-20 17:33 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-12-20 17:33 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-12-20 17:33 - 2000-08-30 16:00 - 00098816 _____ () C:\Windows\sed.exe
2014-12-20 17:33 - 2000-08-30 16:00 - 00080412 _____ () C:\Windows\grep.exe
2014-12-20 17:33 - 2000-08-30 16:00 - 00068096 _____ () C:\Windows\zip.exe
2014-12-20 17:23 - 2014-12-20 17:23 - 01940728 _____ (Bleeping Computer, LLC) C:\Users\Rwolf02\Downloads\rkill.exe
2014-12-20 17:23 - 2014-12-20 17:23 - 01940728 _____ (Bleeping Computer, LLC) C:\Users\Rwolf02\Downloads\iExplore.exe
2014-12-20 17:17 - 2014-12-20 17:17 - 05601641 _____ (Swearware) C:\Users\Rwolf02\Downloads\Ralph_Wolf.exe
2014-12-20 08:27 - 2014-12-20 08:27 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-12-20 08:21 - 2014-12-20 08:22 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Rwolf02\Downloads\mbar-1.08.2.1001.exe
2014-12-20 08:20 - 2014-12-20 08:20 - 15201368 _____ () C:\Users\Rwolf02\Downloads\RogueKiller.exe
2014-12-19 07:30 - 2014-12-19 07:30 - 00688992 _____ (Swearware) C:\Users\Rwolf02\Downloads\dds.com
2014-12-18 03:11 - 2014-12-12 21:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 03:11 - 2014-12-12 19:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-16 08:45 - 2014-12-20 22:09 - 00000560 _____ () C:\Windows\setupact.log
2014-12-16 08:45 - 2014-12-16 08:45 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-16 08:44 - 2014-12-20 22:09 - 00163418 _____ () C:\Windows\PFRO.log
2014-12-16 04:42 - 2014-12-16 04:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ADATA
2014-12-16 04:42 - 2014-12-16 04:42 - 00000000 ____D () C:\Program Files (x86)\ADATA
2014-12-16 03:36 - 2014-12-16 03:37 - 00000000 ____D () C:\Program Files\CCleaner
2014-12-16 03:36 - 2014-12-16 03:36 - 00002776 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-12-16 03:35 - 2014-12-16 03:35 - 05162376 _____ (Piriform Ltd) C:\Users\Rwolf02\Downloads\ccsetup500pro.exe
2014-12-15 23:55 - 2014-12-15 23:55 - 00002074 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-12-15 23:55 - 2014-12-15 23:55 - 00000000 ____D () C:\Users\Rwolf02\AppData\Roaming\Avira
2014-12-15 23:55 - 2014-12-15 23:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-12-15 23:55 - 2014-12-15 23:55 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-12-15 23:55 - 2014-11-24 10:23 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-12-15 23:55 - 2014-11-24 10:23 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-12-15 23:55 - 2014-11-24 10:23 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-12-15 23:55 - 2014-11-24 10:23 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-12-12 17:10 - 2014-12-12 17:10 - 00000000 ____D () C:\Users\Rwolf02\AppData\Roaming\Acronis
2014-12-12 17:09 - 2014-12-16 06:44 - 00000000 ____D () C:\ProgramData\Acronis
2014-12-12 17:09 - 2014-12-12 17:09 - 01462560 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\tdrpman.sys
2014-12-12 17:09 - 2014-12-12 17:09 - 01120032 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\tib.sys
2014-12-12 17:09 - 2014-12-12 17:09 - 00367200 _____ (Acronis) C:\Windows\system32\Drivers\afcdp.sys
2014-12-12 17:09 - 2014-12-12 17:09 - 00233760 _____ (Acronis) C:\Windows\system32\Drivers\snapman.sys
2014-12-12 17:09 - 2014-12-12 17:09 - 00183224 _____ (Acronis) C:\Windows\system32\Drivers\tib_mounter.sys
2014-12-12 17:09 - 2014-12-12 17:09 - 00161568 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\vididr.sys
2014-12-12 17:09 - 2014-12-12 17:09 - 00117024 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\vidsflt.sys
2014-12-12 17:09 - 2014-12-12 17:09 - 00108832 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\fltsrv.sys
2014-12-12 17:09 - 2014-12-12 17:09 - 00001211 _____ () C:\Users\Public\Desktop\True Image 2013.lnk
2014-12-12 17:09 - 2014-12-12 17:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis
2014-12-12 17:09 - 2014-12-12 17:09 - 00000000 ____D () C:\Program Files (x86)\Acronis
2014-12-10 03:21 - 2014-12-10 03:21 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-10 03:01 - 2014-10-17 18:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-10 03:01 - 2014-10-17 17:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-10 02:00 - 2014-12-03 18:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-10 02:00 - 2014-12-03 18:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-10 02:00 - 2014-12-03 18:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-10 02:00 - 2014-12-03 18:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-10 02:00 - 2014-12-03 18:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-10 02:00 - 2014-12-03 18:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-10 02:00 - 2014-12-03 18:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-10 02:00 - 2014-12-01 15:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-10 02:00 - 2014-11-07 19:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-10 02:00 - 2014-11-07 18:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-10 01:59 - 2014-11-26 17:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-10 01:59 - 2014-11-26 17:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-10 01:59 - 2014-11-21 19:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 01:59 - 2014-11-21 19:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-10 01:59 - 2014-11-21 19:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-10 01:59 - 2014-11-21 18:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 01:59 - 2014-11-21 18:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-10 01:59 - 2014-11-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 01:59 - 2014-11-21 18:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-10 01:59 - 2014-11-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-10 01:59 - 2014-11-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-10 01:59 - 2014-11-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-10 01:59 - 2014-11-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-10 01:59 - 2014-11-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-10 01:59 - 2014-11-21 18:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 01:59 - 2014-11-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-10 01:59 - 2014-11-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-10 01:59 - 2014-11-21 18:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-10 01:59 - 2014-11-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-10 01:59 - 2014-11-21 18:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-10 01:59 - 2014-11-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-10 01:59 - 2014-11-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-10 01:59 - 2014-11-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 01:59 - 2014-11-21 18:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-10 01:59 - 2014-11-21 18:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-10 01:59 - 2014-11-21 18:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-10 01:59 - 2014-11-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 01:59 - 2014-11-21 18:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-10 01:59 - 2014-11-21 18:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-10 01:59 - 2014-11-21 17:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-10 01:59 - 2014-11-21 17:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-10 01:59 - 2014-11-21 17:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-10 01:59 - 2014-11-21 17:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-10 01:59 - 2014-11-21 17:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 01:59 - 2014-11-21 17:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-10 01:59 - 2014-11-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-10 01:59 - 2014-11-21 17:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 01:59 - 2014-11-21 17:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-10 01:59 - 2014-11-21 17:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 01:59 - 2014-11-21 17:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-10 01:59 - 2014-11-21 17:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-10 01:59 - 2014-11-21 17:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-10 01:59 - 2014-11-21 17:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-10 01:59 - 2014-11-21 17:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-10 01:59 - 2014-11-21 17:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 01:59 - 2014-11-21 17:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-10 01:59 - 2014-11-21 17:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-10 01:59 - 2014-11-21 17:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-10 01:59 - 2014-11-21 17:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 01:59 - 2014-11-21 17:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-10 01:59 - 2014-11-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-10 01:59 - 2014-11-21 17:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-10 01:59 - 2014-11-21 16:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-10 01:59 - 2014-11-21 16:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-10 01:59 - 2014-11-10 19:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 01:59 - 2014-11-10 18:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-10 01:59 - 2014-11-10 17:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-10 01:58 - 2014-10-29 18:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-10 01:58 - 2014-10-29 17:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-10 01:58 - 2014-10-02 18:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-10 01:58 - 2014-10-02 18:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-10 01:58 - 2014-10-02 18:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-10 01:58 - 2014-10-02 18:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-10 01:58 - 2014-10-02 18:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-10 01:58 - 2014-10-02 17:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-10 01:58 - 2014-10-02 17:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-10 01:58 - 2014-10-02 17:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-10 01:58 - 2014-10-02 17:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-10 01:58 - 2014-10-02 17:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-09 15:47 - 2014-12-09 15:47 - 00003336 _____ () C:\Users\Rwolf02\Desktop\Kyle.eml
2014-11-22 03:02 - 2012-05-01 00:22 - 09888872 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RtsPStorIcon.dll
2014-11-22 03:02 - 2012-05-01 00:22 - 00340072 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RtsPStor.sys
2014-11-21 14:36 - 2014-11-21 14:36 - 00000000 ____D () C:\Users\Rwolf02\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromecast
2014-11-20 20:53 - 2014-11-20 21:16 - 00019968 ___SH () C:\Users\Public\Thumbs.db
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-20 22:17 - 2009-07-13 20:45 - 00036944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-20 22:17 - 2009-07-13 20:45 - 00036944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-20 22:15 - 2013-06-24 10:32 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{0FEEFD52-E0F9-4D3D-B98B-6C0330E5EB59}
2014-12-20 22:15 - 2012-08-20 22:44 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-20 22:15 - 2009-07-13 21:13 - 00880194 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-20 22:13 - 2012-08-10 12:39 - 01469063 _____ () C:\Windows\WindowsUpdate.log
2014-12-20 22:10 - 2012-08-20 22:44 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-20 22:09 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-20 21:53 - 2012-08-16 15:08 - 00000000 ____D () C:\Users\Rwolf02\AppData\Roaming\PrimoPDF
2014-12-20 20:36 - 2012-08-10 14:00 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-20 20:35 - 2014-04-30 14:05 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-747785638-1536544367-690633523-1001UA.job
2014-12-20 18:45 - 2009-07-13 18:34 - 00000215 _____ () C:\Windows\system.ini
2014-12-20 09:10 - 2014-06-16 11:57 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-12-20 09:02 - 2014-06-15 01:14 - 00135384 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-20 08:52 - 2014-06-15 01:14 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-20 07:19 - 2012-08-10 16:41 - 00000000 ____D () C:\MyDocs
2014-12-20 02:00 - 2014-08-28 13:12 - 00000000 ____D () C:\Users\Rwolf02\AppData\Local\Adobe
2014-12-19 21:35 - 2014-04-30 14:05 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-747785638-1536544367-690633523-1001Core.job
2014-12-18 22:52 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-17 17:32 - 2014-06-16 19:50 - 00000000 ____D () C:\Users\Rwolf02\AppData\Local\CrashDumps
2014-12-16 03:37 - 2011-02-10 14:48 - 00000000 ____D () C:\Windows\Panther
2014-12-16 02:35 - 2014-06-15 01:14 - 00001110 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-16 02:35 - 2014-06-15 01:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-16 02:35 - 2014-06-15 01:14 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-15 23:55 - 2012-08-28 10:04 - 00000000 ____D () C:\ProgramData\Avira
2014-12-15 20:45 - 2012-09-24 18:48 - 00000815 _____ () C:\Users\Rwolf02\Desktop\To Do.lnk
2014-12-10 09:36 - 2012-08-10 14:00 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-10 09:36 - 2012-08-10 14:00 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-10 09:36 - 2012-08-10 14:00 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-10 04:01 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2014-12-10 03:21 - 2014-05-07 02:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-10 03:21 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-10 03:21 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-10 03:06 - 2012-08-10 16:30 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-10 03:05 - 2013-07-19 02:06 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 03:02 - 2012-08-17 11:13 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-09 21:32 - 2014-06-17 16:00 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-09 14:32 - 2012-09-07 10:06 - 00000000 ____D () C:\Program Files\Recuva
2014-12-06 05:10 - 2014-10-14 10:47 - 00000000 ____D () C:\Users\Public\Documents\Techstream
2014-12-04 02:33 - 2014-02-24 13:52 - 00007638 _____ () C:\Users\Rwolf02\AppData\Local\Resmon.ResmonCfg
2014-11-22 03:02 - 2012-08-10 12:59 - 00000000 ____D () C:\Windows\SysWOW64\sda
2014-11-22 03:02 - 2012-08-10 12:49 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-11-22 03:01 - 2012-08-10 15:26 - 00000023 _____ () C:\Windows\Model.txt
2014-11-21 23:54 - 2012-08-10 13:33 - 00000000 ____D () C:\ProgramData\Sony Corporation
2014-11-21 14:36 - 2014-04-30 14:05 - 00001219 _____ () C:\Users\Rwolf02\Desktop\Chromecast.lnk
2014-11-21 14:36 - 2012-08-20 22:44 - 00000000 ____D () C:\Users\Rwolf02\AppData\Local\Google
2014-11-21 06:14 - 2014-06-15 01:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-21 06:14 - 2014-06-15 01:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
Some content of TEMP:
====================
C:\Users\Rwolf02\AppData\Local\Temp\avgnt.exe
C:\Users\Rwolf02\AppData\Local\Temp\Quarantine.exe
C:\Users\Rwolf02\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-12-16 10:55
==================== End Of Log ============================

 

[Rwolf01]

======================= ADDITION.TXT ====================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-12-2014
Ran by Rwolf01 at 2014-12-20 22:20:30
Running from C:\Users\Rwolf02\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
ACID Music Studio 8.0 (x32 Version: 8.0.178 - Sony) Hidden
ADATA SSD ToolBox version 2.1.0 (HKLM-x32\...\{C0991D3E-8786-48E7-A5DB-57FBACB0A03A}_is1) (Version: 2.1.0 - ADATA, Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.870 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Photoshop Elements 10 (HKLM-x32\...\Adobe Photoshop Elements 10) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 4.4 64-bit (HKLM\...\{11A955CD-4398-405A-886D-E464C3618FBF}) (Version: 4.4.1 - Adobe)
Adobe Photoshop.com Inspiration Browser (HKLM-x32\...\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1) (Version: 3.07 - Adobe Systems Incorporated)
Adobe Premiere Elements 10 (HKLM\...\PremElem100) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 10 (Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Antivirus Pro (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Application Manager for VAIO (HKLM-x32\...\Application Manager for VAIO) (Version: - )
AutoCAD 2004 (HKLM-x32\...\{5783F2D7-0201-0409-0000-0060B0CE6BBA}) (Version: 16.0.0.086 - Autodesk)
Autodesk Express Viewer (HKLM-x32\...\Autodesk Express Viewer) (Version: 3.1 - Autodesk, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
ChromecastApp (HKU\S-1-5-21-747785638-1536544367-690633523-1001\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1383.0 - Google Inc.)
Crystal Reports for Visual Studio (x32 Version: 12.51.0.240 - SAP) Hidden
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.5009.52 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Deco Planner 3 (HKLM-x32\...\ST6UNST #1) (Version: - )
DeepSkyStacker (HKLM-x32\...\{18435829-4E75-4CD1-9796-A62DBBAE2ED7}) (Version: 3.2.0 - )
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.7000.4 - Dolby Laboratories Inc)
Dotfuscator Software Services - Community Edition (HKLM-x32\...\{1AA5BD63-6614-44B2-88A7-605191EDB835}) (Version: 5.0.2500.0 - PreEmptive Solutions)
DVD Architect Studio 5.0 (x32 Version: 5.0.157 - Sony) Hidden
Elements 10 Organizer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
EPSON WorkForce 1100 Series Printer Uninstall (HKLM\...\EPSON WorkForce 1100 Series) (Version: - SEIKO EPSON Corporation)
Extended Asian Language font pack for Adobe Reader XI (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-A00000000049}) (Version: 11.0.09 - Adobe Systems Incorporated)
FDUx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Garmin MapSource (HKLM-x32\...\{AFBAB9A0-DDE8-49AE-8C17-A01B61BEE64B}) (Version: 6.16.3 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{510D2239-6C2E-457B-9590-485EC552D94D}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
HP Officejet 6700 Basic Device Software (HKLM\...\{A1CFA587-90D4-4DE6-B200-68CC0F92252F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
iCloud (HKLM\...\{704C0303-D20C-45AF-BD2B-556EAF31BE09}) (Version: 2.1.2.8 - Apple Inc.)
ImageJ 1.46r (HKLM-x32\...\ImageJ_is1) (Version: - NIH)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.4.1441 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2712 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{F0932859-AA60-459E-B843-0BDECA34E2C7}) (Version: 2.0.0.0086 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.3.1001 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{4E4282C3-F66E-4852-837A-7675527178C2}) (Version: 3.1.26.0 - Intel Corporation)
Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - )
Intel® PROSet/Wireless Software (HKLM-x32\...\{440d014b-4444-4533-b96d-2910e1ca2bcf}) (Version: 16.7.0 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
iTunes (HKLM\...\{76FF0F03-B707-4332-B5D1-A56C8303514E}) (Version: 11.0.4.4 - Apple Inc.)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Keyboard_Shortcuts (x32 Version: 1.1.0.12190 - Sony Corporation) Hidden
KUx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MapSource - US Topo v3.02 (HKLM-x32\...\{AD4203ED-7683-435E-B436-C299773A9936}) (Version: - )
Math Kernel Libraries (64-bit) (Version: 1.0.23.0 - National Instruments) Hidden
Math Kernel Libraries (x32 Version: 1.0.23.0 - National Instruments) Hidden
Media Go (x32 Version: 2.0.317 - Sony) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (HKLM-x32\...\{40416836-56CC-4C0E-A6AF-5C34BADCE483}) (Version: 2.0.50217.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)
Microsoft Camera Codec Pack (HKLM-x32\...\{CB8C2D73-42F5-45AF-85E6-9E9BFA139F7A}) (Version: 16.4.1899.0416 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Silverlight 3 SDK (HKLM-x32\...\{2012098D-EEE9-4769-8DD3-B038050854D4}) (Version: 3.0.40818.0 - Microsoft Corporation)
Microsoft Silverlight 4 SDK (HKLM-x32\...\{05855322-BE43-41FE-B583-D3AE0C326D58}) (Version: 4.0.50826.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 (64-bit) (HKLM\...\Microsoft SQL Server 10 Release) (Version: - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Data-Tier Application Framework (HKLM-x32\...\{BC537AE0-88AF-47ED-B762-33B0D62B5188}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Data-Tier Application Project (HKLM-x32\...\{7A56D81D-6406-40E7-9184-8AC1769C4D69}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (x64) (HKLM\...\{EAEBF166-B06A-4D7F-BAF7-6615303D5C7C}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Transact-SQL Language Service (HKLM-x32\...\{09C52940-A4D1-4409-A7CC-1AAE630CF578}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Database Publishing Wizard 1.4 (HKLM-x32\...\{ACE28263-76A4-4BF5-B6F4-8BD719595969}) (Version: 10.1.2512.8 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{877B76B2-F83F-4F5A-B28D-3F398641ADB6}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{1E6ED082-E32D-4B2B-8B6A-70B094815135}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft Sync Framework Runtime v1.0 SP1 (x64) (HKLM\...\{8438EC02-B8A9-462D-AC72-1B521349C001}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework SDK v1.0 SP1 (HKLM-x32\...\{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework Services v1.0 SP1 (x64) (HKLM\...\{034106B5-54B7-467F-B477-5B7DBB492624}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) (HKLM\...\{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}) (Version: 2.0.3010.0 - Microsoft Corporation)
Microsoft Team Foundation Server 2010 Object Model - ENU (HKLM\...\Microsoft Team Foundation Server 2010 Object Model - ENU) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319 (HKLM\...\{F5079164-1DB9-3BDA-853B-F78AF67CE071}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual F# 2.0 Runtime (HKLM-x32\...\{85467CBC-7A39-33C9-8940-D72D9269B84F}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Professional - ENU (HKLM-x32\...\Microsoft Visual Studio 2010 Professional - ENU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Macro Tools (HKLM-x32\...\Microsoft Visual Studio Macro Tools) (Version: 9.0.30729 - Microsoft Corporation)
MPC-HC 1.6.8 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.6.8.7417 - MPC-HC Team)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MultiDeco divelog manager 2.68 (HKLM-x32\...\V-Planner_divelog_is1) (Version: 2.68.1.91 - HHS Software Corp)
National Instruments Software (HKLM-x32\...\NI Uninstaller) (Version: - National Instruments)
NI .NET Framework 4.0 (x32 Version: 4.01.49152 - National Instruments) Hidden
NI ActiveX Container (64-bit) (Version: 12.0.14.0 - National Instruments) Hidden
NI ActiveX Container (x32 Version: 12.0.14.0 - National Instruments) Hidden
NI Assistant Framework (x32 Version: 8.0.112.0 - National Instruments) Hidden
NI Assistant Framework 64-bit (Version: 8.0.120.0 - National Instruments) Hidden
NI Assistant Framework LabVIEW Code Generator 2012 (x32 Version: 8.0.70.0 - National Instruments) Hidden
NI Authentication 12.0.0 (64-bit) (Version: 12.0.367.0 - National Instruments) Hidden
NI Authentication 12.0.0 (x32 Version: 12.0.367.0 - National Instruments) Hidden
NI CodeSignAPI (x32 Version: 2.70.346 - National Instruments) Hidden
NI Curl 12.0.0 (64-bit) (Version: 12.0.412.0 - National Instruments) Hidden
NI Curl 12.0.0 (x32 Version: 12.0.412.0 - National Instruments) Hidden
NI Customer Experience Improvement Program (x32 Version: 1.0.138.0 - National Instruments) Hidden
NI DataSocket 5.0 (64-bit) (Version: 5.0.115.0 - National Instruments) Hidden
NI DataSocket 5.0 (x32 Version: 5.0.115.0 - National Instruments) Hidden
NI Distributed System Manager 2012 (x32 Version: 12.0.55.0 - National Instruments) Hidden
NI DN 2.0 SP1 installer (x32 Version: 2.11.49152 - National Instruments) Hidden
NI Error Reporting 2012 (x32 Version: 12.0.172.0 - National Instruments) Hidden
NI EulaDepot (x32 Version: 3.10.386 - National Instruments) Hidden
NI Example Finder 12.0 (x32 Version: 12.0.291.0 - National Instruments) Hidden
NI GMP Windows 32-bit Installer 12.0.0 (x32 Version: 12.0.46.0 - National Instruments) Hidden
NI GMP Windows 64-bit Installer 12.0.0 (Version: 12.0.46.0 - National Instruments) Hidden
NI Help Assistant (64bit) (Version: 1.0.11 - National Instruments) Hidden
NI Help Assistant (x32 Version: 1.0.11 - National Instruments) Hidden
NI Instrument IO Assistant for LabVIEW 2012 32-bit (x32 Version: 1.0.24.0 - National Instruments) Hidden
NI LabVIEW 2011 Real-Time NBFifo (x32 Version: 11.0.250.0 - National Instruments) Hidden
NI LabVIEW 2012 (32-bit) (x32 Version: 12.0.231.0 - National Instruments) Hidden
NI LabVIEW 2012 (32-bit) (x32 Version: 12.0.322.0 - National Instruments) Hidden
NI LabVIEW 2012 (32-bit) (x32 Version: 12.0.388.0 - National Instruments) Hidden
NI LabVIEW 2012 (x32 Version: 12.0.378.0 - National Instruments) Hidden
NI LabVIEW 2012 Deployable License (x32 Version: 12.0.364.0 - National Instruments) Hidden
NI LabVIEW 2012 Deployment Framework (x32 Version: 12.0.369.0 - National Instruments) Hidden
NI LabVIEW 2012 Help (x32 Version: 12.0.363.0 - National Instruments) Hidden
NI LabVIEW 2012 Help File (x32 Version: 12.0.359.0 - National Instruments) Hidden
NI LabVIEW 2012 License (x32 Version: 12.0.360.0 - National Instruments) Hidden
NI LabVIEW 2012 Manuals (x32 Version: 12.0.358.0 - National Instruments) Hidden
NI LabVIEW 2012 MeasAppChm File (x32 Version: 12.0.359.0 - National Instruments) Hidden
NI LabVIEW 2012 Real-Time Error Dialog (x32 Version: 12.0.71.0 - National Instruments) Hidden
NI LabVIEW 2012 Real-Time NBFifo (x32 Version: 12.0.219.0 - National Instruments) Hidden
NI LabVIEW 2012 Run-Time Engine Web Server (x32 Version: 12.0.406.0 - National Instruments) Hidden
NI LabVIEW 2012 Scripting Code Generator (x32 Version: 8.0.247.0 - National Instruments) Hidden
NI LabVIEW 2012 Search (x32 Version: 12.0.4.0 - National Instruments) Hidden
NI LabVIEW 2012 Simulation (x32 Version: 12.0.359.0 - National Instruments) Hidden
NI LabVIEW 2012 Variable Web Service (x32 Version: 12.0.191.0 - National Instruments) Hidden
NI LabVIEW 2012 Web Server (x32 Version: 12.0.407.0 - National Instruments) Hidden
NI LabVIEW Broker (64 bit) (Version: 6.8.10.0 - National Instruments) Hidden
NI LabVIEW Broker (x32 Version: 6.8.10.0 - National Instruments) Hidden
NI LabVIEW C Interface (x32 Version: 1.0.1 - National Instruments) Hidden
NI LabVIEW Compare Utility 12.0.0 (x32 Version: 12.0.186.0 - National Instruments) Hidden
NI LabVIEW MAX XML (x32 Version: 9.0.6.0 - National Instruments) Hidden
NI LabVIEW Merge Utility 12.0.0 (x32 Version: 12.0.187.0 - National Instruments) Hidden
NI LabVIEW Run-Time Engine 2011 SP1 (x32 Version: 11.0.445.0 - National Instruments) Hidden
NI LabVIEW Run-Time Engine 2012 (x32 Version: 12.0.377.0 - National Instruments) Hidden
NI LabVIEW Run-Time Engine Interop 2011 (x32 Version: 11.0.446.0 - National Instruments) Hidden
NI LabVIEW Run-Time Engine Interop 2012 (x32 Version: 12.0.146.0 - National Instruments) Hidden
NI LabVIEW Web Server for Run-Time Engine (x32 Version: 11.0.375.0 - National Instruments) Hidden
NI LabVIEW Web Services Runtime (x32 Version: 12.0.409.0 - National Instruments) Hidden
NI LabWindows/CVI 2010 LabVIEW DLL Builder (x32 Version: 10.0.0360 - National Instruments) Hidden
NI LabWindows/CVI 2010 SP1 Analysis Library (64-bit) (Version: 10.0.1434 - National Instruments) Hidden
NI LabWindows/CVI 2010 SP1 Analysis Library (x32 Version: 10.0.1434 - National Instruments) Hidden
NI LabWindows/CVI 2010 SP1 Code Generator (x32 Version: 10.0.1434 - National Instruments) Hidden
NI LabWindows/CVI 2010 SP1 Low-Level Driver (Original) (x32 Version: 10.0.1434 - National Instruments) Hidden
NI LabWindows/CVI 2010 SP1 Low-Level Driver (Updated) (x32 Version: 10.0.1434 - National Instruments) Hidden
NI LabWindows/CVI 2010 SP1 Network Variable Library (64-bit) (Version: 10.0.1434 - National Instruments) Hidden
NI LabWindows/CVI 2010 SP1 Network Variable Library (x32 Version: 10.0.1434 - National Instruments) Hidden
NI LabWindows/CVI 2010 SP1 Run-Time Engine (64-bit) (Version: 10.0.1434 - National Instruments) Hidden
NI LabWindows/CVI 2010 SP1 TDM Streaming Library (64-bit) (Version: 10.0.1434 - National Instruments) Hidden
NI LabWindows/CVI 2010 SP1 TDM Streaming Library (x32 Version: 10.0.1434 - National Instruments) Hidden
NI LabWindows/CVI Run-Time Engine 2010 SP1 (Updated) (x32 Version: 10.0.1434 - National Instruments) Hidden
NI LabWindows/CVI Run-Time Engine 2010 SP1 (x32 Version: 10.0.1434 - National Instruments) Hidden
NI License Manager (x32 Version: 3.7.44 - National Instruments) Hidden
NI Logos 5.4 (64-bit) (Version: 5.4.303.0 - National Instruments) Hidden
NI Logos 5.4 (x32 Version: 5.4.303.0 - National Instruments) Hidden
NI Logos XT Support (x32 Version: 5.4.295.0 - National Instruments) Hidden
NI Logos64 XT Support (Version: 5.4.295.0 - National Instruments) Hidden
NI Math Kernel Libraries (64-bit) (Version: 1.0.10.0 - National Instruments) Hidden
NI Math Kernel Libraries (x32 Version: 1.0.10.0 - National Instruments) Hidden
NI MAX Remote Configuration 64-bit Installer 5.3 (Version: 5.30.49152 - National Instruments) Hidden
NI MAX Remote Configuration Installer 5.3 (x32 Version: 5.30.49152 - National Instruments) Hidden
NI MAX Support for 64 Bit Windows (Version: 5.30.49152 - National Instruments) Hidden
NI MDF Support (x32 Version: 3.10.386 - National Instruments) Hidden
NI mDNS Responder 2.1 for Windows 64-bit (Version: 2.10.49152 - National Instruments) Hidden
NI mDNS Responder 2.1.0 (x32 Version: 2.10.49152 - National Instruments) Hidden
NI Measurement & Automation Explorer 5.3.0 (x32 Version: 5.30.49152 - National Instruments) Hidden
NI Measurement Studio Recipe Processor (x32 Version: 8.0.0101 - National Instruments) Hidden
NI MetaSuite Installer (x32 Version: 3.10.386 - National Instruments) Hidden
NI MXS 5.3.0 (x32 Version: 5.30.49152 - National Instruments) Hidden
NI MXS 5.3.0 for 64 Bit Windows (Version: 5.30.49152 - National Instruments) Hidden
NI Network Discovery 5.3 (x32 Version: 5.30.49152 - National Instruments) Hidden
NI Network Discovery 5.3 for Windows 64-bit (Version: 5.30.49152 - National Instruments) Hidden
NI NI LabVIEW 2011 SP1 Run-Time Engine Non-English Support (x32 Version: 11.0.302.0 - National Instruments) Hidden
NI NI LabVIEW 2012 Run-Time Engine Non-English Support. (x32 Version: 12.0.363.0 - National Instruments) Hidden
NI OPC Support (x32 Version: 12.0.295.0 - National Instruments) Hidden
NI Portable Configuration 5.3.0 (x32 Version: 5.30.49152 - National Instruments) Hidden
NI Portable Configuration for 64 Bit Windows 5.3.0 (Version: 5.30.49152 - National Instruments) Hidden
NI Registration Wizard (x32 Version: 1.3.87.0 - National Instruments) Hidden
NI Remote Provider for MAX 5.3.0 (x32 Version: 5.30.49152 - National Instruments) Hidden
NI Remote PXI Provider for MAX 5.3.0 (x32 Version: 5.30.49152 - National Instruments) Hidden
NI Search Shared (x32 Version: 12.0.5.0 - National Instruments) Hidden
NI SLCP 1.0 (x32 Version: 1.0.63.0 - National Instruments) Hidden
NI Software Provider for MAX 5.3.0 (x32 Version: 5.30.49152 - National Instruments) Hidden
NI SSL LabVIEW 2012 Support (x32 Version: 12.0.406.0 - National Instruments) Hidden
NI SSL LabVIEW RTE 2012 Support (x32 Version: 12.0.125.0 - National Instruments) Hidden
NI SSL Support (64-bit) (Version: 12.0.408.0 - National Instruments) Hidden
NI SSL Support (x32 Version: 12.0.408.0 - National Instruments) Hidden
NI System API Client for WIF 5.3.0 (x32 Version: 5.30.461.0 - National Instruments) Hidden
NI System API Web-Servce 32-bit 5.3.0 (x32 Version: 5.30.460.0 - National Instruments) Hidden
NI System API Windows 32-bit 5.3.0 (x32 Version: 5.30.460.0 - National Instruments) Hidden
NI System API Windows 64-bit 5.3.0 (Version: 5.30.460.0 - National Instruments) Hidden
NI System Configuration 5.3.0 LabVIEW Support (x32 Version: 5.30.212.0 - National Instruments) Hidden
NI System Configuration LV2012 Support 5.3.0 (x32 Version: 5.30.207.0 - National Instruments) Hidden
NI System Configuration Runtime 5.3.0 (x32 Version: 5.30.427.0 - National Instruments) Hidden
NI System Configuration Runtime 5.3.0 for Windows 64-bit (Version: 5.30.426.0 - National Instruments) Hidden
NI System State Publisher (64-bit) (Version: 12.0.218.0 - National Instruments) Hidden
NI System State Publisher (x32 Version: 12.0.358.0 - National Instruments) Hidden
NI System Web Server 12.0 (x32 Version: 12.0.414.0 - National Instruments) Hidden
NI System Web Server Base 12.0.0 (64-bit) (Version: 12.0.407.0 - National Instruments) Hidden
NI System Web Server Base 12.0.0 (x32 Version: 12.0.407.0 - National Instruments) Hidden
NI TDM Excel Add-In 3.4 (x32 Version: 3.4.19.0 - National Instruments) Hidden
NI TDM Excel Add-In 3.4 64-bit (Version: 3.4.19.0 - National Instruments) Hidden
NI TDM Streaming 2.4 (64-bit) (Version: 2.4.55.0 - National Instruments) Hidden
NI TDM Streaming 2.4 (x32 Version: 2.4.55.0 - National Instruments) Hidden
NI Trace Engine (64-bit) (Version: 12.0.401.0 - National Instruments) Hidden
NI Trace Engine (x32 Version: 12.0.401.0 - National Instruments) Hidden
NI Uninstaller (x32 Version: 3.10.386 - National Instruments) Hidden
NI Update Service 2.1 (x32 Version: 2.10.114.0 - National Instruments) Hidden
NI USI 2.0.0 (x32 Version: 2.0.04901 - National Instruments) Hidden
NI USI 2.0.0 64-Bit (Version: 2.0.04901 - National Instruments) Hidden
NI Variable Engine (64-bit) (Version: 2.6.296.0 - National Instruments) Hidden
NI Variable Engine 2.6.0 (x32 Version: 2.6.296.0 - National Instruments) Hidden
NI Variable Engine LabVIEW 2012 Support (x32 Version: 12.0.360.0 - National Instruments) Hidden
NI VC2005MSMs x64 (Version: 8.05.0 - National Instruments) Hidden
NI VC2005MSMs x86 (x32 Version: 8.05.0 - National Instruments) Hidden
NI VC2008MSMs x64 (Version: 9.0.401 - National Instruments) Hidden
NI VC2008MSMs x86 (x32 Version: 9.0.401 - National Instruments) Hidden
NI VC2010MSMs x64 (Version: 10.0.001 - National Instruments) Hidden
NI VC2010MSMs x86 (x32 Version: 10.0.001 - National Instruments) Hidden
NI VIPM Helper 2012 (x32 Version: 12.0.211.0 - National Instruments) Hidden
NI Web Application Server 12.0 (64-bit) (Version: 12.0.422.0 - National Instruments) Hidden
NI Web Application Server 12.0 (x32 Version: 12.0.422.0 - National Instruments) Hidden
NI Web Interface Framework 2012 (x32 Version: 12.0.352.0 - National Instruments) Hidden
NI Web Pipeline 2.0.1 (x32 Version: 2.0.128.0 - National Instruments) Hidden
NI Web Pipeline 2.0.1 64-bit support (Version: 2.0.122.0 - National Instruments) Hidden
NI Xalan Delay Load 1.10.2 (x32 Version: 1.10.72.0 - National Instruments) Hidden
NI Xalan Delay Load 1.10.2 64-bit (Version: 1.10.73.0 - National Instruments) Hidden
NI Xerces Delay Load 2.7.3 (x32 Version: 2.7.180.0 - National Instruments) Hidden
NI Xerces Delay Load 2.7.3 64-bit (Version: 2.7.190.0 - National Instruments) Hidden
NI-DAQmx/LabVIEW shared documentation 9.5.5 (x32 Version: 9.55.49152 - National Instruments) Hidden
NI-DAQmx/LabVIEW shared documentation for 64 Bit Windows 9.5.5 (Version: 9.55.49152 - National Instruments) Hidden
NI-Mesa (Version: 11.0.11.0 - National Instruments) Hidden
NI-Mesa (x32 Version: 11.0.11.0 - National Instruments) Hidden
NI-RPC 4.3.0f0 (x32 Version: 4.30.49152 - National Instruments) Hidden
NI-RPC 4.3.0f0 for 64 Bit Windows (Version: 4.30.49152 - National Instruments) Hidden
NI-RPC 4.3.0f0 for Phar Lap ETS (x32 Version: 4.30.49152 - National Instruments) Hidden
NVIDIA Graphics Driver 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.11.1111 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.11.1111 - NVIDIA Corporation)
NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation)
Oasis2Service (HKLM-x32\...\{E50FC5DB-7CBD-407D-A46E-0C13E45BC386}) (Version: 1.0.4 - DDNi)
OLYMPUS Digital Camera Updater (HKLM-x32\...\{2A9E8F56-C31B-4DBB-BFE2-0F4EC8192355}) (Version: 1.0.3 - OLYMPUS IMAGING CORP.)
OLYMPUS Raw Codec (HKLM\...\{0136EF84-8660-4FE0-A9E5-F052F6230085}) (Version: 1.3.0 - OLYMPUS IMAGING CORP.)
Paint Shop Pro 7 Anniversary Edition (HKLM-x32\...\{D6DE02C7-1F47-11D4-9515-00105AE4B89A}) (Version: 7.0.4.0000 - Jasc Software Inc)
PDF4Free 2.0 (HKLM-x32\...\PDF4Free_is1) (Version: - PDF Bean Inc.)
PlayMemories Home (x32 Version: 6.1.01.14210 - Sony Corporation) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayStation(R)Network Downloader (x32 Version: 2.07.00849 - Sony Computer Entertainment Inc.) Hidden
PlayStation(R)Store (x32 Version: 4.5.15.13232 - Sony Computer Entertainment Inc.) Hidden
PRE10STI64Installer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
PSE10 STI Installer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
QuickBooks Pro 99 (HKLM-x32\...\QuickBooks 99) (Version: - )
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Reader for PC (x32 Version: 1.1.02.10070 - Sony Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.53.216.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6570 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.92 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.43 - Piriform)
Remote Keyboard (x32 Version: 1.2.0.09270 - Sony Corporation) Hidden
Remote Play with PlayStation(R)3 (x32 Version: 1.1.0.21090 - Sony Corporation) Hidden
Reset NI Config 5.0.0 (x32 Version: 5.0.146.0 - National Instruments) Hidden
SeaTools for Windows (HKLM-x32\...\SeaTools for Windows) (Version: - Seagate Technology)
Service Pack 1 for SQL Server 2008 (KB968369) (64-bit) (HKLM\...\KB968369) (Version: 10.1.2531.0 - Microsoft Corporation)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SmartSound Common Data (HKLM-x32\...\InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.)
SmartSound Common Data (x32 Version: 1.1.0 - SmartSound Software Inc.) Hidden
SmartSound Premiere Elements 10 x64 Plugin (HKLM\...\{3DAE9A67-DD8D-4EDB-91F7-7B5132B1864D}) (Version: 5.70.0001 - SmartSound Software Inc.)
SmartSound Sonicfire Pro 5 (HKLM-x32\...\InstallShield_{1D273D91-D7D5-4036-8B84-EB4615FF5F81}) (Version: 5.7.1 - SmartSound Software Inc.)
SmartSound Sonicfire Pro 5 (x32 Version: 5.7.1 - SmartSound Software Inc.) Hidden
Sound Forge Audio Studio 10.0 (x32 Version: 10.0.176 - Sony) Hidden
Sql Server Customer Experience Improvement Program (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
SSLx64 (Version: 1.0.0 - Sony Corporation ) Hidden
SSLx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
StreetSmart Edge® (HKLM-x32\...\{5646676A-5A97-4B66-BE71-1B1770AD982B}) (Version: 1.30.117.0 - Schwab)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.0.0.5 - Synaptics Incorporated)
TrackID(TM) with BRAVIA (x32 Version: 1.2.0.09270 - Sony Corportaion) Hidden
TriDef 3D (Sony) 2.0.5 (HKLM-x32\...\experience-sony-bundle) (Version: 2.0.5 - Dynamic Digital Depth Australia Pty Ltd)
True Image 2013 (HKLM-x32\...\{5CD38D95-4406-42E7-B52A-A90F11E126EC}) (Version: 16.0.6306 - Acronis)
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
V3DPx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VAIO - Microsoft Visual C++ 2010 SP1 Runtime 10.0.40219.325 (HKLM\...\{34EB42BE-F4D3-44C1-B28E-9740115DB72C}) (Version: 1.0.00.01300 - Sony Corporation)
VAIO - PlayMemories Home Plug-in (HKLM\...\{886C0C18-F905-49B2-90BA-EFC0FEDF27C6}) (Version: 2.0.01.03310 - Sony Corporation)
VAIO - Remote Keyboard (x32 Version: 1.2.0.09270 - Sony Corporation) Hidden
VAIO - Remote Keyboard with PlayStation®3 (x32 Version: 1.2.0.09210 - Sony Corporation) Hidden
VAIO - Remote Play with PlayStation®3 (x32 Version: 1.1.0.21090 - Sony Corporation) Hidden
VAIO - TrackID™ with BRAVIA (x32 Version: 1.2.0.09270 - Sony Corporation) Hidden
VAIO 3D Portal (x32 Version: 1.2.0.10131 - Sony Corporation) Hidden
VAIO Care (HKLM\...\{4D95D095-8C6F-4357-BDD8-27E295F37FB1}) (Version: 7.3.1.05290 - Sony Corporation)
VAIO Control Center (x32 Version: 5.2.2.16060 - Sony Corporation) Hidden
VAIO CPU Fan Diagnostic (x32 Version: 1.1.0.09200 - Sony Corporation) Hidden
VAIO Data Restore Tool (x32 Version: 1.9.0.13190 - Sony Corporation) Hidden
VAIO Easy Connect (x32 Version: 1.1.2.01120 - Sony Corporation) Hidden
VAIO Gate (x32 Version: 2.4.1.09230 - Sony Corporation) Hidden
VAIO Gate (x32 Version: 2.4.2.02200 - Sony Corporation) Hidden
VAIO Gate Default (x32 Version: 2.5.2.02090 - Sony Corporation) Hidden
VAIO Gesture Control (x32 Version: 1.0.0.12300 - Sony Corporation) Hidden
VAIO Health Report (HKLM-x32\...\VAIO Health Report1.0) (Version: 1.0 - Sony Electronics)
VAIO Help and Support (x32 Version: 17.00.0109 - Sony Corporation) Hidden
VAIO Improvement (x32 Version: 1.3.0.12280 - Sony Corporation) Hidden
VAIO Manual (x32 Version: 2.3.0.12300 - Sony Corporation) Hidden
VAIO OOBE (x32 Version: 12.2.1.2483 - Sony Corporation) Hidden
VAIO Sample Contents (x32 Version: 1.4.0.09010 - Sony Corporation) Hidden
VAIO Satisfaction Survey. (x32 Version: 3.0 - Sony Electronics Inc.) Hidden
VAIO Smart Network (x32 Version: 3.11.1.15220 - Sony Corporation) Hidden
VAIO Transfer Support (x32 Version: 1.7.1.06040 - Sony Corporation) Hidden
VBMx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VCCx64 (Version: 1.0.0 - Sony Corporation) Hidden
VCCx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Vegas Movie Studio HD Platinum 11.0 (x32 Version: 11.0.256 - Sony) Hidden
VGClientX64 (Version: 1.0.0 - Sony Corporation) Hidden
VGClientX86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VHD (x32 Version: 1.0.0 - Microsoft) Hidden
ViewSonic Windows 7 Signed Files (HKLM-x32\...\{FC47C7A5-BE63-11D5-B7C9-005004566E4D}) (Version: - )
Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)
VIx64 (Version: 1.0.0 - Sony Corporation) Hidden
VIx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VMLx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VPMx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSNx64 (Version: 1.0.0 - Sony Corporation) Hidden
VSNx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VSSTx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden
VWSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
WCF RIA Services V1.0 SP1 (HKLM-x32\...\{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}) (Version: 4.1.60114.0 - Microsoft Corporation)
Web Deployment Tool (HKLM\...\{0F37D969-1260-419E-B308-EF7D29ABDE20}) (Version: 1.1.0618 - Microsoft Corporation)
WIF Core Dependencies Windows 5.3.0 (x32 Version: 5.30.208.0 - National Instruments) Hidden
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)
Windows Driver Package - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0) (HKLM\...\2C1C2F29FADF39F533CEEE67B90F07A5306A4BDB) (Version: 09/09/2009 1.0.0.0 - OLYMPUS IMAGING CORP.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 5.20 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.1 - win.rar GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-747785638-1536544367-690633523-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Rwolf02\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-747785638-1536544367-690633523-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Rwolf02\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-747785638-1536544367-690633523-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Rwolf02\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-747785638-1536544367-690633523-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Rwolf02\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-747785638-1536544367-690633523-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Rwolf02\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-747785638-1536544367-690633523-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Rwolf02\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

(( to be continued...))

 

[Rwolf01]

==================== Restore Points =========================
20-12-2014 08:41:22 Created before running MWB anti-rootkit
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 18:34 - 2014-06-16 17:09 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {040EB34D-87EE-463D-A5B2-254C3AF9D72A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)
Task: {0529C3F0-CD75-4C63-BB12-C116AA7C13C6} - System32\Tasks\Sony Corporation\VAIO Care\VAU => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-05-28] (Sony Corporation)
Task: {0951228A-9DF7-4E6C-BF77-BE03F3CD0B10} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-05-28] (Sony Corporation)
Task: {1443FDAD-987E-4B31-B224-C29A174E2190} - System32\Tasks\Sony Corporation\VAIO Gesture Control\VCGULogonTask => C:\Program Files (x86)\Sony\VAIO Camera Gesture Utility\VCGU.exe [2011-12-27] (Sony Corporation)
Task: {1597A663-C2A0-4A47-8712-30B542ED0784} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-08-20] (Google Inc.)
Task: {19796B1A-3CBE-4BDE-9BBE-BB8CD170C918} - System32\Tasks\Sony Corporation\VAIO Power Management\VPM Logon Start => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2012-01-10] (Sony Corporation)
Task: {1AB48406-B75B-4A41-BA7C-1C6AB32B3473} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2012-02-20] (Sony Corporation)
Task: {1BCBB6B7-08E3-4501-8B5A-78F311459F08} - System32\Tasks\NIUpdateServiceCheckTask => C:\Program Files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe [2012-06-08] (National Instruments)
Task: {1CFEFE93-0404-40D7-BF06-F31DDF91BCD6} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-747785638-1536544367-690633523-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {2697AED8-73C1-4F70-82BE-3FAEEFCAB289} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-08-20] (Google Inc.)
Task: {26E76C8B-60F7-4C61-8166-CBCFDFB6ED6D} - System32\Tasks\USER_ESRV_SVC => Wscript.exe //B //NoLogo "C:\Program Files\Sony\VAIO Care\esrv\task.vbs"
Task: {3185C5A0-CF36-4D27-93C1-805EA568ED32} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-747785638-1536544367-690633523-1001UA => C:\Users\Rwolf02\AppData\Local\Google\Update\GoogleUpdate.exe [2014-04-30] (Google Inc.)
Task: {34E937FA-A0D1-48F8-A341-48AAE9AE7030} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe
Task: {36F4AC5A-C120-45A5-B78D-3275245A7B66} - System32\Tasks\VAIO Health Report => C:\Program Files (x86)\Sony\VAIO Health Report\VAIOHealthReport.exe [2013-06-20] (Sony Electronics)
Task: {38AF5305-641D-4A8E-8B9A-44FB2EA3F7A5} - System32\Tasks\{F274C381-329F-49FD-BF4D-44797D156C0B} => pcalua.exe -a C:\MyDocs\Nuggets\ToyotaDiagnostics\AlternateVersion\TIS-V7.00.020\TISKEY.exe -d C:\MyDocs\Nuggets\ToyotaDiagnostics\AlternateVersion\TIS-V7.00.020
Task: {41EEEF63-F7EE-4256-B29B-4BB8065E1A0F} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-747785638-1536544367-690633523-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {46DFFB3C-9DF6-4971-A7C9-290B420DA623} - System32\Tasks\Sony Corporation\VAIO Care\CRMReminder => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-05-28] (Sony Corporation)
Task: {47C853F8-FB17-4C4A-9F04-36469AA6ED72} - System32\Tasks\{AF0A93F1-3BF2-4F40-B760-6DDE412F623F} => pcalua.exe -a C:\MyDocs\Nuggets\ToyotaDiagnostics\TISKEY.exe -d C:\MyDocs\Nuggets\ToyotaDiagnostics
Task: {530DA2B1-7FEA-496B-A01B-47A4B452ADA2} - System32\Tasks\Sony Corporation\VAIO Gate\StartExecuteProxy => C:\Program Files\Sony\VAIO Gate\ExecutionProxy.exe [2012-02-20] (Sony Corporation)
Task: {5B2FD75E-F437-44AD-A383-15E81191EEDC} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementMonitorSystem => C:\Program Files\Sony\VAIO Improvement\vim.exe [2011-12-27] (Sony Corporation)
Task: {65CCE672-104C-4702-A4DD-34D360D669FD} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-05-28] (Sony Corporation)
Task: {6F0F8D13-BF80-478D-9852-919DCE5669B9} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementMonitorUser => C:\Program Files\Sony\VAIO Improvement\vim.exe [2011-12-27] (Sony Corporation)
Task: {7109216E-AE30-4B3D-8549-9D100092ADD3} - System32\Tasks\Sony Corporation\VAIO Power Management\VPM Session Change => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2012-01-10] (Sony Corporation)
Task: {78D36D03-6158-486E-BCA5-C0BFBF1C6938} - System32\Tasks\{15C9FE66-00CB-4FEB-983F-46DAF7E0AD60} => pcalua.exe -a "C:\Program Files (x86)\Toyota Diagnostics\Techstream\bin\TISKEY.exe" -d "C:\Program Files (x86)\Toyota Diagnostics\Techstream\bin"
Task: {86B39C72-AAA4-44E5-9E93-0547E266863F} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
Task: {8CABC5B6-A14F-4F5F-9359-D275D516E1C7} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
Task: {93EEF2AC-8F1C-420A-9BAF-289AF1A55775} - System32\Tasks\VHDInformationCheck => C:\Program Files (x86)\Sony\VAIO Recovery\plugins\InformationCheck.exe [2012-02-24] (Sony Corporation)
Task: {9DB39B01-6014-4C67-8B16-DA4828529C44} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\viuploader.exe [2011-12-27] (Sony Corporation)
Task: {A24FF0FF-CFDB-4EEB-8766-182218537DEA} - System32\Tasks\Sony Corporation\VAIO Power Management\VPM Unlock => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2012-01-10] (Sony Corporation)
Task: {A2C94F33-5622-455C-AB29-ED1AE6DF8B23} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-747785638-1536544367-690633523-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {A4729563-F87C-49E8-AB1A-BC1DD0C09CA8} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-05-28] (Sony Corporation)
Task: {A5DC8FBF-CA06-4D95-BECD-FEB43358FA79} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-747785638-1536544367-690633523-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {B0A85B5E-7E7A-46E8-990F-EF259D5F38AE} - System32\Tasks\AdobeAAMUpdater-1.0-RWOLF02-Rwolf01 => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {B0FBF4FB-FDC4-447F-8776-FD5AD8D1DCA8} - System32\Tasks\Sony\Keyboard Shortcuts => C:\Program Files (x86)\Sony\Keyboard Shortcuts\KeyboardShortcuts.exe [2012-03-20] ()
Task: {B58AA691-A698-4125-9D59-E654F16CED03} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Daily => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-04-06] (Sony Corporation)
Task: {B6C49D35-0498-42E6-9C9C-B61AF5EEC890} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-05-28] (Sony Corporation)
Task: {C26C57BC-D4A5-4C30-B42B-3244095606B3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated)
Task: {CABFC79B-267F-4C52-82FA-F9D94A2D1095} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Month => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-04-06] (Sony Corporation)
Task: {D2BABDF1-E7AA-474E-B1DB-C7A31D7EC715} - System32\Tasks\Sony Corporation\VAIO Care\AutoCheckMessage => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-05-28] (Sony Corporation)
Task: {D3537B18-416D-441E-8C4C-99BEED1BA28D} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate Restart => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2012-02-20] (Sony Corporation)
Task: {DCAD392E-9448-4CC6-B96A-4C2705E428DE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-747785638-1536544367-690633523-1001Core => C:\Users\Rwolf02\AppData\Local\Google\Update\GoogleUpdate.exe [2014-04-30] (Google Inc.)
Task: {E8D73E83-87AE-430A-8618-DFD496C7428A} - System32\Tasks\Sony Corporation\VAIO Smart Network\VSN Logon Start => net
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-747785638-1536544367-690633523-1001Core.job => C:\Users\Rwolf02\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-747785638-1536544367-690633523-1001UA.job => C:\Users\Rwolf02\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2012-08-21 16:40 - 2011-02-28 14:37 - 00095008 _____ () C:\Windows\System32\Primomonnt.dll
2012-08-10 12:55 - 2013-08-29 14:43 - 00097568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-08-10 12:57 - 2012-03-23 00:47 - 00127320 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
2012-04-04 18:04 - 2012-04-03 12:16 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-02-22 14:30 - 2013-02-22 11:02 - 00427432 _____ () C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe
2013-02-22 14:30 - 2013-02-22 11:02 - 00528296 _____ () C:\Program Files\Sony\VAIO Care\esrv\intel_modeler.dll
2013-02-22 14:30 - 2013-02-22 11:02 - 00171432 _____ () C:\Program Files\Sony\VAIO Care\esrv\sony_acpi_battery_input.dll
2013-02-22 14:30 - 2013-02-22 11:02 - 00144296 _____ () C:\Program Files\Sony\VAIO Care\esrv\sony_sema_thermal_input.dll
2013-02-22 14:30 - 2013-02-22 11:02 - 00146344 _____ () C:\Program Files\Sony\VAIO Care\esrv\sony_wifi_input.dll
2012-05-15 10:08 - 2012-05-15 10:08 - 00320512 _____ () C:\Program Files\Sony\VAIO Care\CRM\ManagedVAIORecoveryMedia.dll
2012-05-15 10:08 - 2012-05-15 10:08 - 00179712 _____ () C:\Program Files\Sony\VAIO Care\CRM\VAIORecovery.dll
2012-05-15 10:08 - 2012-05-15 10:08 - 00054784 _____ () C:\Program Files\Sony\VAIO Care\CRM\Logging.dll
2012-05-15 10:08 - 2012-05-15 10:08 - 00061440 _____ () C:\Program Files\Sony\VAIO Care\CRM\VAIOCommon.dll
2012-05-15 10:08 - 2012-05-15 10:08 - 00192000 _____ () C:\Program Files\Sony\VAIO Care\CRM\OsServices.dll
2012-05-15 10:08 - 2012-05-15 10:08 - 00037376 _____ () C:\Program Files\Sony\VAIO Care\CRM\PluginFactory.dll
2012-05-15 10:08 - 2012-05-15 10:08 - 02229760 _____ () C:\Program Files\Sony\VAIO Care\CRM\RecoveryPartitionManager.dll
2012-05-15 10:08 - 2012-05-15 10:08 - 00035840 _____ () C:\Program Files\Sony\VAIO Care\CRM\XMLTools.dll
2012-05-15 10:08 - 2012-05-15 10:08 - 00055296 _____ () C:\Program Files\Sony\VAIO Care\CRM\VAIOInstallAppsDrivers.dll
2012-05-15 10:08 - 2012-05-15 10:08 - 00137728 _____ () C:\Program Files\Sony\VAIO Care\CRM\InstallDB.dll
2012-05-15 10:08 - 2012-05-15 10:08 - 00134144 _____ () C:\Program Files\Sony\VAIO Care\CRM\InstallationTools.dll
2012-05-15 10:08 - 2012-05-15 10:08 - 00024064 _____ () C:\Program Files\Sony\VAIO Care\CRM\VAIOUtility.dll
2011-11-30 17:49 - 2011-11-30 17:49 - 00276992 _____ () C:\Program Files\Sony\VAIO Care\READ\RecoveryPartitionManagerREAD.dll
2013-04-10 16:43 - 2013-04-10 16:43 - 00021824 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\x64\ti_managers_proxy_stub.dll
2013-04-05 11:58 - 2013-04-05 11:58 - 00954696 _____ () C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll
2013-01-28 12:08 - 2013-01-28 12:08 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-01-28 12:08 - 2013-01-28 12:08 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-06-06 21:46 - 2012-06-06 21:46 - 02214912 _____ () C:\Program Files (x86)\National Instruments\Shared\LabVIEW Run-Time\2012\NIQtCore_2012.dll
2012-06-06 21:46 - 2012-06-06 21:46 - 08044544 _____ () C:\Program Files (x86)\National Instruments\Shared\LabVIEW Run-Time\2012\NIQtGui_2012.dll
2012-01-26 10:36 - 2012-01-26 10:36 - 00278528 ____R () C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\xerces-depdom_2_6.dll
2013-07-02 22:06 - 2013-07-02 22:06 - 00039936 _____ () C:\Program Files (x86)\DDNi\Oasis2Service\OasisCloudModel.dll
2013-07-02 22:06 - 2013-07-02 22:06 - 00011264 _____ () C:\Program Files (x86)\DDNi\Oasis2Service\OasisCloudClient.dll
2012-08-10 13:52 - 2012-04-06 13:37 - 00021128 _____ () C:\Program Files (x86)\Sony\VAIO Control Center\VESBasePS.dll
2014-10-15 05:22 - 2014-10-15 05:22 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\e5fd017ccd434fd52b0a0ac39c15aff3\IsdiInterop.ni.dll
2012-08-10 12:47 - 2012-05-02 12:53 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-04-10 16:10 - 2013-04-10 16:10 - 00420160 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll
2012-08-10 12:57 - 2012-03-23 00:47 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-04-10 16:40 - 2013-04-10 16:40 - 00021312 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers_proxy_stub.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\Rwolf02\Desktop\Kyle.eml:OECustomProperty
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: Bluetooth Device Monitor => 2
MSCONFIG\Services: Bluetooth Media Service => 3
MSCONFIG\Services: Bluetooth OBEX Service => 2
MSCONFIG\Services: RealPlayer Cloud Service => 2
MSCONFIG\Services: RealPlayerUpdateSvc => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NI Error Reporting.lnk => C:\Windows\pss\NI Error Reporting.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RealPlayer Cloud Service UI.lnk => C:\Windows\pss\RealPlayer Cloud Service UI.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BTMTrayAgent => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
MSCONFIG\startupreg: Dolby Home Theater v4 => "C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: NI Update Service => "C:\Program Files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe" -startupTask
MSCONFIG\startupreg: TkBellExe => "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
========================= Accounts: ==========================
Administrator (S-1-5-21-747785638-1536544367-690633523-500 - Administrator - Disabled)
Guest (S-1-5-21-747785638-1536544367-690633523-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-747785638-1536544367-690633523-1004 - Limited - Enabled)
Rwolf01 (S-1-5-21-747785638-1536544367-690633523-1001 - Administrator - Enabled) => C:\Users\Rwolf02
UpdatusUser (S-1-5-21-747785638-1536544367-690633523-1000 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Faulty Device Manager Devices =============
Name: Bluetooth Device (Personal Area Network)
Description: Bluetooth Device (Personal Area Network)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: BthPan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name:
Description:
Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: U:\
Description: 2105
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: ASMT
Service: WUDFRd
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: Intel(R) Centrino(R) Advanced-N 6235
Description: Intel(R) Centrino(R) Advanced-N 6235
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: NETwNs64
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: F:\
Description: MediaPlayer
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Buildwin
Service: WUDFRd
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: USB Input Device
Description: USB Input Device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service: HidUsb
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2014-06-16 18:04:36.059
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-06-16 18:04:35.993
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2012-08-25 18:48:35.854
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
Date: 2012-08-25 18:33:44.022
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
Date: 2012-08-25 18:13:22.128
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
Date: 2012-08-21 19:54:26.280
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
Date: 2012-08-21 19:38:37.242
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
Date: 2012-08-21 19:19:01.557
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
Date: 2012-08-21 19:03:01.482
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
Date: 2012-08-21 18:45:45.838
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-3612QM CPU @ 2.10GHz
Percentage of memory in use: 21%
Total physical RAM: 12187.28 MB
Available physical RAM: 9589.14 MB
Total Pagefile: 12185.46 MB
Available Pagefile: 9297.46 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: (WIN7-SSD) (Fixed) (Total:218.72 GB) (Free:93.35 GB) NTFS
Drive d: (Data) (Fixed) (Total:931.39 GB) (Free:417.4 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 920CD996)
Partition: GPT Partition Type.
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 289C3D70)
Partition: GPT Partition Type.
==================== End Of Log ============================

 

[Broni]

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

[Rwolf01]

Script was run. fixlog.txt below. I made 2 other small changes since last night. I found that my copy of Adobe Flash Player was old and it was having problems playing videos on Facebook. I updated to the latest version to fix that problem. Also, Outlook reported that the windows indexing service was disabled. I re-enabled it. Neither one seemed like a risky move to me, but I thought I should mention them.

======================= FixLog.txt ================================

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-12-2014
Ran by Rwolf01 at 2014-12-21 12:12:33 Run:1
Running from C:\Users\Rwolf02\Desktop
Loaded Profiles: UpdatusUser & Rwolf01 (Available profiles: UpdatusUser & Rwolf01)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
HKU\S-1-5-21-747785638-1536544367-690633523-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-747785638-1536544367-690633523-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: No Name -> {41564952-412D-5637-4300-7A786E7484D7} -> No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll No File
CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll No File
CHR Plugin: (RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll No File
CHR Plugin: (RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll No File
CHR Plugin: (RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll No File
CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
C:\Users\Rwolf02\AppData\Local\Temp\avgnt.exe
C:\Users\Rwolf02\AppData\Local\Temp\Quarantine.exe
C:\Users\Rwolf02\AppData\Local\Temp\sqlite3.dll
CustomCLSID: HKU\S-1-5-21-747785638-1536544367-690633523-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Rwolf02\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-747785638-1536544367-690633523-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Rwolf02\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-747785638-1536544367-690633523-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Rwolf02\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-747785638-1536544367-690633523-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Rwolf02\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
AlternateDataStreams: C:\Users\Rwolf02\Desktop\Kyle.eml:OECustomProperty
*****************
"HKU\S-1-5-21-747785638-1536544367-690633523-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-747785638-1536544367-690633523-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41564952-412D-5637-4300-7A786E7484D7}" => Key deleted successfully.
HKCR\CLSID\{41564952-412D-5637-4300-7A786E7484D7} => Key not found.
C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll not found.
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll not found.
C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll not found.
C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll not found.
C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll not found.
C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll not found.
C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll not found.
C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll not found.
C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll not found.
C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll not found.
C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll not found.
C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll not found.
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll not found.
c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll not found.
ACDaemon => Service deleted successfully.
catchme => Service deleted successfully.
C:\Users\Rwolf02\AppData\Local\Temp\avgnt.exe => Moved successfully.
C:\Users\Rwolf02\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Rwolf02\AppData\Local\Temp\sqlite3.dll => Moved successfully.
"HKU\S-1-5-21-747785638-1536544367-690633523-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => Key deleted successfully.
"HKU\S-1-5-21-747785638-1536544367-690633523-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => Key deleted successfully.
"HKU\S-1-5-21-747785638-1536544367-690633523-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => Key deleted successfully.
"HKU\S-1-5-21-747785638-1536544367-690633523-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => Key deleted successfully.
C:\Users\Rwolf02\Desktop\Kyle.eml => ":OECustomProperty" ADS removed successfully.
==== End of Fixlog ====

 

[Broni]

Last scans...

Download Security Check from here or here and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

Download Sophos Free Virus Removal Tool and save it to your desktop.

• Double click the icon and select Run
• Click Next
• Select I accept the terms in this license agreement, then click Next twice
• Click Install
• Click Finish to launch the program
• Once the virus database has been updated click Start Scanning
• If any threats are found click Details, then View log file... (bottom left hand corner)
• Copy and paste the results in your reply
• Close the Notepad document, close the Threat Details screen, then click Start cleanup
• Click Exit to close the program

 

[Rwolf01]

So far so good.... Sophos is still running but I can start uploading the other logs.
(I'm at the airport and it looks like it will be tight if that scan finished before I have to board!)

Here are the log files from the rest of the scans:

======================= Checkup.txt ================================

Results of screen317's Security Check version 0.99.93
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Firewall Disabled!
Avira Desktop
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Java 8 Update 25
Java version 32-bit out of Date!
Adobe Reader XI
Google Chrome (39.0.2171.71)
Google Chrome (39.0.2171.95)
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````

====================== FSS.TXT ===============================

Farbar Service Scanner Version: 21-07-2014
Ran by Rwolf01 (administrator) on 21-12-2014 at 13:12:06
Running from "C:\Users\Rwolf02\Desktop"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0

System Restore:
============
System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============
Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****

Note: TFC only cleaned about 60 MB or so of stuff. (I generally run TFC and Ccleaner right after each backup)

 

[Broni]

Did you disable Windows firewall for whatever reason?

 

[Rwolf01]

I turn off everything in Avira before running each tool, and then turn it back on when it's done. I think one of the checkboxes was for a firewall, but not sure if it's windows or Avira that does it.

Sophos scan completed. 1 malware found. see log below:

2014-12-21 21:14:27.173 Sophos Virus Removal Tool version 2.5.4
2014-12-21 21:14:27.173 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.
2014-12-21 21:14:27.173 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.
2014-12-21 21:14:27.173 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x100 PT=0x1 WOW64
2014-12-21 21:14:27.174 Checking for updates...
2014-12-21 21:14:32.554 Option all = no
2014-12-21 21:14:32.554 Option recurse = yes
2014-12-21 21:14:32.554 Option archive = no
2014-12-21 21:14:32.554 Option service = yes
2014-12-21 21:14:32.554 Option confirm = yes
2014-12-21 21:14:32.554 Option sxl = yes
2014-12-21 21:14:32.555 Option max-data-age = 35
2014-12-21 21:14:32.555 Option EnableSafeClean = yes
2014-12-21 21:14:33.631 Option vdl-logging = yes
2014-12-21 21:14:33.633 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2014-12-21 21:14:33.633 Machine ID: 69b3a95841a741d8970a8f45438d1e41
2014-12-21 21:14:33.634 Component SVRTcli.exe version 2.5.4
2014-12-21 21:14:33.634 Component control.dll version 2.5.4
2014-12-21 21:14:33.634 Component SVRTservice.exe version 2.5.4
2014-12-21 21:14:33.634 Component engine\osdp.dll version 1.44.1.2183
2014-12-21 21:14:33.634 Component engine\veex.dll version 3.58.3.2183
2014-12-21 21:14:33.634 Component engine\savi.dll version 8.1.5.2183
2014-12-21 21:14:33.634 Component rkdisk.dll version 1.5.30.0
2014-12-21 21:14:33.635 Version info: Product version 2.5.4
2014-12-21 21:14:33.635 Version info: Detection engine 3.58.3
2014-12-21 21:14:33.635 Version info: Detection data 5.08
2014-12-21 21:14:33.635 Version info: Build date 11/11/2014
2014-12-21 21:14:33.635 Version info: Data files added 434
2014-12-21 21:14:33.635 Version info: Last successful update (not yet updated)
2014-12-21 21:14:34.327 Update progress: proxy server not available
2014-12-21 21:14:59.128 Downloading updates...
2014-12-21 21:14:59.129 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
2014-12-21 21:14:59.129 Update progress: [I49502] Found supplement SAVIW32 LATEST
2014-12-21 21:14:59.129 Update progress: [I49502] Found supplement IDE509 LATEST
2014-12-21 21:14:59.129 Update progress: [I49502] Found supplement IDE510 LATEST
2014-12-21 21:14:59.129 Update progress: [I49502] Found supplement IDE511 LATEST
2014-12-21 21:14:59.129 Update progress: [I49502] Found supplement IDE512 LATEST
2014-12-21 21:14:59.129 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2014-12-21 21:14:59.129 Update progress: [I19463] Syncing product SAVIW32 48
2014-12-21 21:15:04.055 Update progress: [I19463] Syncing product IDE509 177
2014-12-21 21:15:05.384 Installing updates...
2014-12-21 21:15:05.986 Error level 1
2014-12-21 21:15:05.996 Update progress: [I19463] Syncing product IDE510 179
2014-12-21 21:15:05.996 Update progress: [I19463] Syncing product IDE511 81
2014-12-21 21:15:05.996 Update progress: [I19463] Syncing product IDE512 1
2014-12-21 21:15:08.526 Update successful
2014-12-21 21:15:13.939 Option all = no
2014-12-21 21:15:13.939 Option recurse = yes
2014-12-21 21:15:13.939 Option archive = no
2014-12-21 21:15:13.939 Option service = yes
2014-12-21 21:15:13.939 Option confirm = yes
2014-12-21 21:15:13.939 Option sxl = yes
2014-12-21 21:15:13.940 Option max-data-age = 35
2014-12-21 21:15:13.940 Option EnableSafeClean = yes
2014-12-21 21:15:13.978 Option vdl-logging = yes
2014-12-21 21:15:13.980 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2014-12-21 21:15:13.980 Machine ID: 69b3a95841a741d8970a8f45438d1e41
2014-12-21 21:15:13.981 Component SVRTcli.exe version 2.5.4
2014-12-21 21:15:13.981 Component control.dll version 2.5.4
2014-12-21 21:15:13.981 Component SVRTservice.exe version 2.5.4
2014-12-21 21:15:13.981 Component engine\osdp.dll version 1.44.1.2183
2014-12-21 21:15:13.981 Component engine\veex.dll version 3.58.3.2183
2014-12-21 21:15:13.981 Component engine\savi.dll version 8.1.5.2183
2014-12-21 21:15:13.981 Component rkdisk.dll version 1.5.30.0
2014-12-21 21:15:13.981 Version info: Product version 2.5.4
2014-12-21 21:15:13.982 Version info: Detection engine 3.58.3
2014-12-21 21:15:13.982 Version info: Detection data 5.08G
2014-12-21 21:15:13.982 Version info: Build date 11/11/2014
2014-12-21 21:15:13.982 Version info: Data files added 434
2014-12-21 21:15:13.982 Version info: Last successful update 12/21/2014 1:15:08 PM
2014-12-21 21:26:34.112 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-12-21 21:26:34.112 Could not open C:\System Volume Information\{61da3602-8935-11e4-9fb1-f8d81e548df1}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-12-21 21:26:34.112 Could not open C:\System Volume Information\{d3768ccb-88d9-11e4-98a4-30f9ededddb1}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-12-21 21:26:34.112 Could not open C:\System Volume Information\{d3768d0c-88d9-11e4-98a4-30f9ededddb1}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-12-21 21:26:34.112 Could not open C:\System Volume Information\{dd4b6c3a-8542-11e4-b2fd-ec274aaf700c}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-12-21 21:26:37.917 >>> Virus 'Mal/Behav-374' found in file C:\Temp\mvci\FirmwareUpdateTool.exe
2014-12-21 21:26:37.917 >>> Virus 'Mal/Behav-374' found in file HKU\S-1-5-21-747785638-1536544367-690633523-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-12-21 21:26:37.917 >>> Virus 'Mal/Behav-374' found in file HKU\S-1-5-21-747785638-1536544367-690633523-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-12-21 21:26:37.917 >>> Virus 'Mal/Behav-374' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-12-21 21:27:02.466 Could not check C:\Users\Rwolf02\Documents\MultiDeco\DiveLogs\mddlm_dives.zip\sn_map.ini (corrupt)
2014-12-21 21:30:03.057 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2014-12-21 21:30:03.057 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2014-12-21 21:30:03.786 Could not open C:\Windows\System32\config\RegBack\DEFAULT
2014-12-21 21:30:03.787 Could not open C:\Windows\System32\config\RegBack\SAM
2014-12-21 21:30:03.787 Could not open C:\Windows\System32\config\RegBack\SECURITY
2014-12-21 21:30:03.788 Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2014-12-21 21:30:03.789 Could not open C:\Windows\System32\config\RegBack\SYSTEM
2014-12-21 22:16:58.940 Could not open D:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-12-21 22:16:58.940 Could not open D:\System Volume Information\{61da3603-8935-11e4-9fb1-f8d81e548df1}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-12-21 22:16:58.940 Could not open D:\System Volume Information\{d3768ccc-88d9-11e4-98a4-30f9ededddb1}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-12-21 22:16:58.941 Could not open D:\System Volume Information\{d3768d0d-88d9-11e4-98a4-30f9ededddb1}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-12-21 22:16:58.941 Could not open D:\System Volume Information\{dd4b6c3b-8542-11e4-b2fd-ec274aaf700c}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-12-21 22:17:00.455 The following items will be cleaned up:
2014-12-21 22:17:00.455 Mal/Behav-374

 

[Rwolf01]

Just double checked. The Avira checkbox says "Windows Firewall" so yeah, it was probably me. Sorry for the confusion.

Oops. boarding now. Gotta run. Will check in in 6 or 7 hours....

 

[Broni]

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download

DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

• Activate UAC (optional; some users prefer to keep it off)
• Remove disinfection tools
• Create registry backup
• Purge System Restore
• Reset system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

12. Please, let me know, how your computer is doing.