TechSpot

Slow laptop. IE/network is unreliable.  (Win7Pro-64)

By Rwolf01
Dec 19, 2014
  1. Greetings. It seems is if IE has been slow to load pages. Sometimes it even gets network errors and fails when trying to follow a link to a new page. It could just be my ISP is bogging down, but I wanted to rule out Malware too.

    I ran a full system scan with the latest version/database of Avira Antivirus Pro.

    I then ran MalwareBytes, with all default settings, after checking for program & database updates.

    Finally I ran DDS.COM.

    The logfiles for MalwareBytes and DDS are below.

    Thanks, in advance, for your kind assistance.

    Note: Logfiles exceed 50k char limit so I'll break them into 2 or 3 posts.

    Note: I'll start a separate thread for my housemate's laptop. We share the same DSL line, so it occurred to me that my Internet response might slow down if he has some malware that is generating a lot of network traffic. (pure speculation on my part)

    ====================== Malware Bytes Log ======================

    Malwarebytes Anti-Malware
    www.malwarebytes.org
    Scan Date: 12/19/2014
    Scan Time: 7:27:43 AM
    Logfile: MWBlog2.txt
    Administrator: Yes
    Version: 2.00.4.1028
    Malware Database: v2014.12.19.05
    Rootkit Database: v2014.12.14.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled
    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: Rwolf01
    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 414920
    Time Elapsed: 7 min, 52 sec
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled
    Processes: 0
    (No malicious items detected)
    Modules: 0
    (No malicious items detected)
    Registry Keys: 0
    (No malicious items detected)
    Registry Values: 0
    (No malicious items detected)
    Registry Data: 0
    (No malicious items detected)
    Folders: 0
    (No malicious items detected)
    Files: 0
    (No malicious items detected)
    Physical Sectors: 0
    (No malicious items detected)

    (end)

    ============================= DDS.TXT =============================

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 11.0.9600.17496 BrowserJavaVersion: 11.25.2
    Run by Rwolf01 at 7:39:34 on 2014-12-19
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.12187.8019 [GMT -8:00]
    .
    AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
    SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
    C:\Program Files (x86)\Sony\VAIO Boot Manager\ActiveDelayDeviceService.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
    C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Intel\iCLS Client\HeciServer.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    C:\Windows\SysWOW64\lkads.exe
    c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
    C:\Program Files (x86)\National Instruments\MAX\nimxs.exe
    C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
    C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe
    c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
    C:\Windows\SysWOW64\lkcitdl.exe
    C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
    C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
    C:\Windows\SysWOW64\lktsrv.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe
    C:\Windows\SysWOW64\DllHost.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\SysWOW64\DllHost.exe
    C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
    C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
    C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Sony\VAIO Control Center\VESGfxMgr.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\igfxext.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
    C:\Program Files (x86)\Schwab\StreetSmart Edge\QuickLaunch.exe
    C:\Windows\system32\RunDll32.exe
    C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
    C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
    C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
    C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
    C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
    C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
    C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe
    C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
    C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
    C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
    C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
    C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    C:\Program Files\Sony\VAIO Care\VCPerfService.exe
    C:\Program Files\Sony\VAIO Care\listener.exe
    C:\Program Files\Sony\VAIO Power Management\SPMService.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
    C:\Program Files\Sony\VAIO Care\VCService.exe
    C:\Program Files\Sony\VAIO Care\VCAgent.exe
    C:\Windows\System32\vds.exe
    C:\Program Files\Sony\VAIO Care\VCAdmin.exe
    C:\Program Files\Sony\VAIO Improvement\vim.exe
    C:\Program Files\Sony\VAIO Improvement\vim.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Windows\System32\WUDFHost.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxps://www.google.com/?gws_rd=ssl
    mWinlogon: Userinit = userinit.exe
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
    uRun: [Google Update] "C:\Users\Rwolf02\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [QuickLaunch] C:\Program Files (x86)\Schwab\StreetSmart Edge\QuickLaunch.exe
    uRunOnce: [Adobe Speed Launcher] 1418748316
    uRunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_246_ActiveX.exe -update activex
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
    mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
    mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
    mRun: [PMBVolumeWatcher] c:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
    mRun: [AcronisTibMounterMonitor] C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
    mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    StartupFolder: C:\Users\Rwolf02\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Windows\System32\RunDll32.exe
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: EnableSecureUIAPath = dword:1
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} - hxxp://esupport.sony.com/VaioInfo.CAB
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {B8E53531-F29E-4180-AE3E-DF485CC8BE32} - hxxp://palumbicam.stanford.edu/JpegInstV4.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{6588E2D2-D207-44D2-ACC4-CC6F54BBAC79} : DHCPNameServer = 172.20.10.1
    TCP: Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255} : NameServer = 8.8.8.8,8.8.4.4
    TCP: Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255}\2577F6C66603132E08993702960586F6E656 : NameServer = 8.8.8.8,8.8.4.4
    TCP: Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255}\2577F6C66603132E08993702960586F6E656 : DHCPNameServer = 172.20.10.1
    TCP: Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255}\3305145485 : NameServer = 8.8.8.8,8.8.4.4
    TCP: Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255}\3305145485 : DHCPNameServer = 8.8.8.8 8.8.4.4
    TCP: Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255}\44F6279637E45647 : NameServer = 8.8.8.8,8.8.4.4
    TCP: Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255}\44F6279637E45647 : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255}\46C696E6B6 : NameServer = 8.8.8.8,8.8.4.4
    TCP: Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255}\46C696E6B6 : DHCPNameServer = 200.63.212.110 200.25.144.1
    TCP: Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255}\742716973734162696E6 : NameServer = 8.8.8.8,8.8.4.4
    TCP: Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255}\742716973734162696E6 : DHCPNameServer = 75.104.160.61
    TCP: Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255}\B4C6165737723734162696E6 : NameServer = 8.8.8.8,8.8.4.4
    TCP: Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255}\B4C6165737723734162696E6 : DHCPNameServer = 10.0.0.2
    TCP: Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255}\D494C4E45425D2C414D2355434552554 : NameServer = 8.8.8.8,8.8.4.4
    TCP: Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255}\D494C4E45425D2C414D2355434552554 : DHCPNameServer = 10.128.128.128
    TCP: Interfaces\{EBC5D493-D2ED-45D3-AF04-F988A557C173} : DHCPNameServer = 192.168.0.1
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: {41564952-412D-5637-4300-7A786E7484D7} - <orphaned>
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4
    x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SONYAPO
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 fltsrv;Acronis Storage Filter Management;C:\Windows\System32\drivers\fltsrv.sys [2014-12-12 108832]
    R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-3-11 16152]
    R0 mv61xx;mv61xx;C:\Windows\System32\drivers\mv61xx.sys [2011-5-17 182576]
    R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2013-9-5 30496]
    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-8-18 55856]
    R0 tib;Acronis TIB Manager;C:\Windows\System32\drivers\tib.sys [2014-12-12 1120032]
    R0 tib_mounter;Acronis TIB Mounter;C:\Windows\System32\drivers\tib_mounter.sys [2014-12-12 183224]
    R0 vididr;Acronis Virtual Disk;C:\Windows\System32\drivers\vididr.sys [2014-12-12 161568]
    R0 vidsflt;Acronis Disk Storage Filter;C:\Windows\System32\drivers\vidsflt.sys [2014-12-12 117024]
    R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2014-12-15 28600]
    R2 ActiveDelayDeviceService;ActiveDelayDeviceService;C:\Program Files (x86)\Sony\VAIO Boot Manager\ActiveDelayDeviceService.exe [2012-8-10 78472]
    R2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-9-1 169624]
    R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2014-12-12 3783672]
    R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2013-7-29 772064]
    R2 AntiVirMailService;Avira Mail Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [2014-12-15 807672]
    R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2014-12-15 431920]
    R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2014-12-15 431920]
    R2 AntiVirWebService;Avira Web Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [2014-12-15 993584]
    R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2014-12-15 119272]
    R2 avnetflt;avnetflt;C:\Windows\System32\drivers\avnetflt.sys [2014-12-15 43064]
    R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-9-12 135984]
    R2 ESRV_SVC;Energy Server Service;C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe [2013-2-22 427432]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-8-10 13592]
    R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2014-11-22 2429544]
    R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448]
    R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-8-10 127320]
    R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2013-6-28 14624]
    R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-8-10 162648]
    R2 NIApplicationWebServer;NI Application Web Server;C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [2012-5-22 53960]
    R2 nimDNSResponder;NI mDNS Responder Service;C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [2012-5-31 258776]
    R2 NINetworkDiscovery;NI Network Discovery;C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe [2012-6-5 169192]
    R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [2012-2-21 473960]
    R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2013-2-21 258048]
    R2 syncagentsrv;Acronis Sync Agent Service;C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2013-3-20 7084672]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-8-10 362840]
    R2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2012-8-10 535688]
    R2 VSNService;VSNService;C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2012-8-10 978056]
    R2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2013-11-20 3674864]
    R3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2014-12-12 367200]
    R3 AMPPAL;Intel(r) Centrino(r) Wireless Bluetooth(r) + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2013-7-29 164832]
    R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2011-12-13 94720]
    R3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2011-12-13 747008]
    R3 ibtfltcoex;ibtfltcoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2011-12-14 60416]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-4-4 331264]
    R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-3-11 356120]
    R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-3-11 788760]
    R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2012-2-28 25496]
    R3 semav6thermal64ro;semav6thermal64ro;C:\Windows\System32\drivers\semav6thermal64ro.sys [2012-11-15 13792]
    R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2012-1-15 14336]
    R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
    R3 USER_ESRV_SVC;User Energy Server Service;C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe [2013-2-22 427432]
    R3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2012-5-28 54464]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
    S2 Oasis2Service;Oasis2Service;C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2013-7-2 61440]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
    S3 ADATA ToolBox Service;ADATA ToolBox Service;C:\Program Files (x86)\ADATA\SSD ToolBox\ToolBoxSvc.exe [2014-12-16 2236416]
    S3 AMPPALP;Intel(r) Centrino(r) Wireless Bluetooth(r) + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2013-7-29 164832]
    S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y60x64.sys [2009-6-10 281088]
    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-12-10 114688]
    S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2012-2-28 34232]
    S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\System32\drivers\ivusb.sys [2010-7-28 29720]
    S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2013-11-20 284912]
    S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2012-9-10 22528]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-8-4 83080]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-8-4 184968]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-3-2 19456]
    S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2014-11-22 340072]
    S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-8-10 676968]
    S3 SIUSBXP;SIUSBXP;C:\Windows\System32\drivers\SiUSBXp.sys [2009-11-3 19456]
    S3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-12-1 289952]
    S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-3-2 56832]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-3-2 30208]
    S3 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-12-29 960160]
    S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-12-21 550128]
    S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-8-26 101600]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-17 1255736]
    S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
    S4 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-12-19 1014096]
    S4 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-12-19 1304912]
    S4 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-12-19 1104208]
    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
    S4 NIApplicationWebServer64;NI Application Web Server (64-bit);C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [2012-5-22 76488]
    S4 RsFx0103;RsFx0103 Driver;C:\Windows\System32\drivers\RsFx0103.sys [2009-3-30 311656]
    S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== File Associations ===============
    .
    FileExt: .scr: AutoCADScriptFile="C:\Windows\notepad.exe" "%1"
    FileExt: .inf: inffile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
    .
    =============== Created Last 30 ================
    .
    2014-12-18 11:11:54 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
    2014-12-18 11:11:54 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2014-12-16 12:42:24 -------- d-----w- C:\Program Files (x86)\ADATA
    2014-12-16 11:36:48 -------- d-----w- C:\Program Files\CCleaner
    2014-12-16 07:55:54 -------- d-----w- C:\Users\Rwolf02\AppData\Roaming\Avira
    2014-12-16 07:55:23 43064 ----a-w- C:\Windows\System32\drivers\avnetflt.sys
    2014-12-16 07:55:23 28600 ----a-w- C:\Windows\System32\drivers\avkmgr.sys
    2014-12-16 07:55:23 119272 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
    2014-12-16 07:55:22 -------- d-----w- C:\Program Files (x86)\Avira
    2014-12-13 01:09:31 367200 ----a-w- C:\Windows\System32\drivers\afcdp.sys
    2014-12-13 01:09:29 1462560 ----a-w- C:\Windows\System32\drivers\tdrpman.sys
    2014-12-13 01:09:27 183224 ----a-w- C:\Windows\System32\drivers\tib_mounter.sys
    2014-12-13 01:09:27 161568 ----a-w- C:\Windows\System32\drivers\vididr.sys
    2014-12-13 01:09:27 1120032 ----a-w- C:\Windows\System32\drivers\tib.sys
    2014-12-13 01:09:26 117024 ----a-w- C:\Windows\System32\drivers\vidsflt.sys
    2014-12-13 01:09:25 233760 ----a-w- C:\Windows\System32\drivers\snapman.sys
    2014-12-13 01:09:23 108832 ----a-w- C:\Windows\System32\drivers\fltsrv.sys
    2014-12-11 14:35:00 -------- d-----w- C:\Users\Rwolf02\AppData\Local\{92719C14-E488-4C46-AB7E-BC081599DCCE}
    2014-12-11 02:33:57 -------- d-----w- C:\Users\Rwolf02\AppData\Local\{93CC4CB7-2908-4BBE-BD77-D5B1350B1B4E}
    2014-12-10 14:33:40 -------- d-----w- C:\Users\Rwolf02\AppData\Local\{99EA9211-EB45-4103-8A7F-FD475CB7677D}
    2014-12-10 11:21:27 -------- d-----w- C:\Windows\System32\appraiser
    2014-12-10 11:01:31 4121600 ----a-w- C:\Windows\System32\mf.dll
    2014-12-10 11:01:31 3209728 ----a-w- C:\Windows\SysWow64\mf.dll
    2014-12-10 10:00:04 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2014-12-10 10:00:04 2048 ----a-w- C:\Windows\System32\tzres.dll
    2014-12-10 10:00:03 830976 ----a-w- C:\Windows\System32\appraiser.dll
    2014-12-10 10:00:03 1232040 ----a-w- C:\Windows\System32\aitstatic.exe
    2014-12-10 10:00:02 741376 ----a-w- C:\Windows\System32\invagent.dll
    2014-12-10 10:00:02 413184 ----a-w- C:\Windows\System32\generaltel.dll
    2014-12-10 10:00:02 396800 ----a-w- C:\Windows\System32\devinv.dll
    2014-12-10 10:00:02 227328 ----a-w- C:\Windows\System32\aepdu.dll
    2014-12-10 10:00:02 192000 ----a-w- C:\Windows\System32\aepic.dll
    2014-12-10 10:00:02 1083392 ----a-w- C:\Windows\System32\aeinv.dll
    2014-12-10 09:58:37 165888 ----a-w- C:\Windows\System32\charmap.exe
    2014-12-10 09:58:37 155136 ----a-w- C:\Windows\SysWow64\charmap.exe
    2014-12-10 09:58:35 346624 ----a-w- C:\Windows\System32\WSManMigrationPlugin.dll
    2014-12-10 09:58:35 310272 ----a-w- C:\Windows\System32\WsmWmiPl.dll
    2014-12-10 09:58:35 266240 ----a-w- C:\Windows\System32\WSManHTTPConfig.exe
    2014-12-10 09:58:35 248832 ----a-w- C:\Windows\SysWow64\WSManMigrationPlugin.dll
    2014-12-10 09:58:35 214016 ----a-w- C:\Windows\SysWow64\WsmWmiPl.dll
    2014-12-10 09:58:35 2020352 ----a-w- C:\Windows\System32\WsmSvc.dll
    2014-12-10 09:58:35 198656 ----a-w- C:\Windows\SysWow64\WSManHTTPConfig.exe
    2014-12-10 09:58:35 181248 ----a-w- C:\Windows\System32\WsmAuto.dll
    2014-12-10 09:58:35 145920 ----a-w- C:\Windows\SysWow64\WsmAuto.dll
    2014-12-10 09:58:35 1177088 ----a-w- C:\Windows\SysWow64\WsmSvc.dll
    2014-12-09 23:48:31 -------- d-----w- C:\Users\Rwolf02\AppData\Local\{5F407442-60FF-4952-B773-0C255A01C502}
    2014-12-03 06:31:20 227048 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
    2014-11-22 11:02:41 9888872 ----a-w- C:\Windows\SysWow64\RtsPStorIcon.dll
    2014-11-22 11:02:41 340072 ----a-w- C:\Windows\System32\drivers\RtsPStor.sys
    .
    ==================== Find3M ====================
    .
    2014-12-19 15:27:24 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
    2014-12-10 17:36:08 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-12-10 17:36:08 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2014-11-22 03:06:23 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
    2014-11-22 03:06:11 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
    2014-11-22 02:50:39 66560 ----a-w- C:\Windows\System32\iesetup.dll
    2014-11-22 02:50:10 580096 ----a-w- C:\Windows\System32\vbscript.dll
    2014-11-22 02:49:54 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
    2014-11-22 02:48:20 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
    2014-11-22 02:35:29 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
    2014-11-22 02:34:51 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
    2014-11-22 02:34:07 6039552 ----a-w- C:\Windows\System32\jscript9.dll
    2014-11-22 02:26:31 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
    2014-11-22 02:20:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2014-11-22 02:14:16 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
    2014-11-22 02:07:43 501248 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2014-11-22 02:07:17 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2014-11-22 02:06:32 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
    2014-11-22 02:05:02 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
    2014-11-22 01:54:30 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
    2014-11-22 01:47:10 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
    2014-11-22 01:46:58 2125312 ----a-w- C:\Windows\System32\inetcpl.cpl
    2014-11-22 01:40:04 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
    2014-11-22 01:29:26 4299264 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2014-11-22 01:28:21 2358272 ----a-w- C:\Windows\System32\wininet.dll
    2014-11-22 01:22:49 2052096 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2014-11-22 01:21:57 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
    2014-11-22 01:00:20 1888256 ----a-w- C:\Windows\SysWow64\wininet.dll
    2014-11-21 14:14:22 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
    2014-11-21 14:14:12 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
    2014-11-21 14:14:08 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2014-11-18 22:56:48 1202848 ----a-w- C:\Windows\SysWow64\FM20.DLL
    2014-11-11 03:09:06 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
    2014-11-11 03:08:52 241152 ----a-w- C:\Windows\System32\pku2u.dll
    2014-11-11 03:08:48 728064 ----a-w- C:\Windows\System32\kerberos.dll
    2014-11-11 02:44:45 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
    2014-11-11 02:44:32 186880 ----a-w- C:\Windows\SysWow64\pku2u.dll
    2014-11-11 02:44:25 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
    2014-11-11 01:46:26 119296 ----a-w- C:\Windows\System32\drivers\tdx.sys
    2014-10-25 01:57:59 77824 ----a-w- C:\Windows\System32\packager.dll
    2014-10-25 01:32:37 67584 ----a-w- C:\Windows\SysWow64\packager.dll
    2014-10-18 02:05:23 861696 ----a-w- C:\Windows\System32\oleaut32.dll
    2014-10-18 01:33:18 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
    2014-10-14 19:03:30 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2014-10-14 02:16:37 155064 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
    2014-10-14 02:13:06 683520 ----a-w- C:\Windows\System32\termsrv.dll
    2014-10-14 02:13:00 3241984 ----a-w- C:\Windows\System32\msi.dll
    2014-10-14 02:12:57 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
    2014-10-14 02:09:31 146432 ----a-w- C:\Windows\System32\msaudite.dll
    2014-10-14 02:07:31 681984 ----a-w- C:\Windows\System32\adtschema.dll
    2014-10-14 01:50:47 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2014-10-14 01:50:41 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
    2014-10-14 01:49:38 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    2014-10-14 01:47:30 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
    2014-10-14 01:46:02 681984 ----a-w- C:\Windows\SysWow64\adtschema.dll
    2014-10-10 00:57:42 3198976 ----a-w- C:\Windows\System32\win32k.sys
    2014-10-03 02:12:00 500224 ----a-w- C:\Windows\System32\AUDIOKSE.dll
    2014-10-03 02:11:54 284672 ----a-w- C:\Windows\System32\EncDump.dll
    2014-10-03 02:11:51 680960 ----a-w- C:\Windows\System32\audiosrv.dll
    2014-10-03 02:11:51 440832 ----a-w- C:\Windows\System32\AudioEng.dll
    2014-10-03 02:11:51 296448 ----a-w- C:\Windows\System32\AudioSes.dll
    2014-10-03 01:44:42 442880 ----a-w- C:\Windows\SysWow64\AUDIOKSE.dll
    2014-10-03 01:44:26 374784 ----a-w- C:\Windows\SysWow64\AudioEng.dll
    2014-10-03 01:44:26 195584 ----a-w- C:\Windows\SysWow64\AudioSes.dll
    2014-09-25 02:08:38 371712 ----a-w- C:\Windows\System32\qdvd.dll
    2014-09-25 01:40:50 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
    .
    ============= FINISH: 7:39:41.73 ===============
     
    Last edited: Dec 19, 2014
  2. Rwolf01

    Rwolf01 TS Enthusiast Topic Starter Posts: 127

    ================= Attach.txt ===========================
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume6
    Install Date: 8/10/2012 4:12:18 PM
    System Uptime: 12/16/2014 8:44:54 AM (71 hours ago)
    .
    Motherboard: Sony Corporation | | VAIO
    Processor: Intel(R) Core(TM) i7-3612QM CPU @ 2.10GHz | N/A | 2101/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 219 GiB total, 94.579 GiB free.
    D: is FIXED (NTFS) - 931 GiB total, 419.28 GiB free.
    E: is FIXED (NTFS) - 1863 GiB total, 683.668 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
    Description: USB Input Device
    Device ID: USB\VID_1908&PID_1331&MI_04\8&10C57A6&0&0004
    Manufacturer: (Standard system devices)
    Name: USB Input Device
    PNP Device ID: USB\VID_1908&PID_1331&MI_04\8&10C57A6&0&0004
    Service: HidUsb
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Realtek PCIe GBE Family Controller
    Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_909B104D&REV_07\4&BFB7D19&0&00E2
    Manufacturer: Realtek
    Name: Realtek PCIe GBE Family Controller
    PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_909B104D&REV_07\4&BFB7D19&0&00E2
    Service: RTL8167
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft Virtual WiFi Miniport Adapter
    Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&1904002F&1&03
    Manufacturer: Microsoft
    Name: Microsoft Virtual WiFi Miniport Adapter #3
    PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&1904002F&1&03
    Service: vwifimp
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Bluetooth Device (Personal Area Network)
    Device ID: BTH\MS_BTHPAN\7&31428CDE&0&2
    Manufacturer: Microsoft
    Name: Bluetooth Device (Personal Area Network)
    PNP Device ID: BTH\MS_BTHPAN\7&31428CDE&0&2
    Service: BthPan
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft Virtual WiFi Miniport Adapter
    Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&1904002F&1&04
    Manufacturer: Microsoft
    Name: Microsoft Virtual WiFi Miniport Adapter #4
    PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&1904002F&1&04
    Service: vwifimp
    .
    Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
    Description: MediaPlayer
    Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_BUILDWIN&PROD__MEDIAPLAYER&REV_4.05#9&5D1CE9A&0&2010123456787899&0#
    Manufacturer: Buildwin
    Name: F:\
    PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_BUILDWIN&PROD__MEDIAPLAYER&REV_4.05#9&5D1CE9A&0&2010123456787899&0#
    Service: WUDFRd
    .
    Class GUID: {4d36e979-e325-11ce-bfc1-08002be10318}
    Description:
    Device ID: ROOT\PRINTER\0000
    Manufacturer:
    Name:
    PNP Device ID: ROOT\PRINTER\0000
    Service:
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    ACID Music Studio 8.0
    ADATA SSD ToolBox version 2.1.0
    Adobe AIR
    Adobe Community Help
    Adobe Flash Player 15 ActiveX
    Adobe Photoshop Elements 10
    Adobe Photoshop Lightroom 4.4 64-bit
    Adobe Photoshop.com Inspiration Browser
    Adobe Premiere Elements 10
    Adobe Reader XI (11.0.10)
    Antivirus Pro
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Application Manager for VAIO
    AutoCAD 2004
    Autodesk Express Viewer
    Bonjour
    CCleaner
    ChromecastApp
    Critical Update for Microsoft Visual Studio 2010 Professional - ENU (KB2938807)
    Crystal Reports for Visual Studio
    CyberLink PowerDVD
    D3DX10
    Deco Planner 3
    DeepSkyStacker
    Dolby Home Theater v4
    Dotfuscator Software Services - Community Edition
    DVD Architect Studio 5.0
    Elements 10 Organizer
    EPSON WorkForce 1100 Series Printer Uninstall
    Extended Asian Language font pack for Adobe Reader XI
    FDUx86
    Garmin MapSource
    Garmin USB Drivers
    Google Chrome
    Google Earth
    Google Update Helper
    Hotfix for Microsoft Team Foundation Server 2010 Object Model - ENU (KB2736182)
    Hotfix for Microsoft Team Foundation Server 2010 Object Model - ENU (KB2890573)
    Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2529927)
    Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2542054)
    Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2548139)
    Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2549864)
    Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2635973)
    Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2736182)
    Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2890573)
    Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB3002340)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2280741)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2284668)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2295689)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2420513)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2452649)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2455033)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2485545)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982517)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982721)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB983233)
    HP Officejet 6700 Basic Device Software
    iCloud
    ImageJ 1.46r
    Intel(R) Management Engine Components
    Intel(R) OpenCL CPU Runtime
    Intel(R) PRO/Wireless Driver
    Intel(R) Processor Graphics
    Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed
    Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
    Intel(R) Rapid Storage Technology
    Intel(R) USB 3.0 eXtensible Host Controller Driver
    Intel(R) WiDi
    Intel(R) Wireless Display
    Intel® PROSet/Wireless Software
    Intel® PROSet/Wireless WiFi Software
    Intel® Trusted Connect Service Client
    iTunes
    Java 8 Update 25
    Java Auto Updater
    Junk Mail filter update
    Keyboard_Shortcuts
    KUx86
    Malwarebytes Anti-Malware version 2.0.4.1028
    MapSource - US Topo v3.02
    Math Kernel Libraries
    Math Kernel Libraries (64-bit)
    Media Go
    Mesh Runtime
    Microsoft .NET Framework 4 Multi-Targeting Pack
    Microsoft .NET Framework 4.5.1
    Microsoft Application Error Reporting
    Microsoft ASP.NET MVC 2
    Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
    Microsoft Camera Codec Pack
    Microsoft Help Viewer 1.1
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Office 64-bit Components 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional Plus 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared 64-bit MUI (English) 2007
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Silverlight 3 SDK
    Microsoft Silverlight 4 SDK
    Microsoft Silverlight 5.1
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server 2008 (64-bit)
    Microsoft SQL Server 2008 Browser
    Microsoft SQL Server 2008 Common Files
    Microsoft SQL Server 2008 Database Engine Services
    Microsoft SQL Server 2008 Database Engine Shared
    Microsoft SQL Server 2008 Native Client
    Microsoft SQL Server 2008 R2 Data-Tier Application Framework
    Microsoft SQL Server 2008 R2 Data-Tier Application Project
    Microsoft SQL Server 2008 R2 Management Objects
    Microsoft SQL Server 2008 R2 Management Objects (x64)
    Microsoft SQL Server 2008 R2 Transact-SQL Language Service
    Microsoft SQL Server 2008 RsFx Driver
    Microsoft SQL Server 2008 Setup Support Files
    Microsoft SQL Server Compact 3.5 SP2 ENU
    Microsoft SQL Server Compact 3.5 SP2 x64 ENU
    Microsoft SQL Server Database Publishing Wizard 1.4
    Microsoft SQL Server System CLR Types
    Microsoft SQL Server System CLR Types (x64)
    Microsoft SQL Server VSS Writer
    Microsoft Sync Framework Runtime v1.0 SP1 (x64)
    Microsoft Sync Framework SDK v1.0 SP1
    Microsoft Sync Framework Services v1.0 SP1 (x64)
    Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)
    Microsoft Team Foundation Server 2010 Object Model - ENU
    Microsoft Visual C++ Compilers 2010 Standard - enu - x64
    Microsoft Visual C++ Compilers 2010 Standard - enu - x86
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
    Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
    Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
    Microsoft Visual F# 2.0 Runtime
    Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
    Microsoft Visual Studio 2010 Office Developer Tools (x64)
    Microsoft Visual Studio 2010 Professional - ENU
    Microsoft Visual Studio 2010 Service Pack 1
    Microsoft Visual Studio 2010 SharePoint Developer Tools
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    Microsoft Visual Studio Macro Tools
    MPC-HC 1.6.8
    MSVCRT
    MSVCRT Redists
    MSVCRT_amd64
    MSXML 4.0 SP2 Parser and SDK
    MSXML 4.0 SP3 Parser
    MSXML 4.0 SP3 Parser (KB2721691)
    MSXML 4.0 SP3 Parser (KB2758694)
    MultiDeco divelog manager 2.68
    National Instruments Software
    NI-DAQmx/LabVIEW shared documentation 9.5.5
    NI-DAQmx/LabVIEW shared documentation for 64 Bit Windows 9.5.5
    NI-Mesa
    NI-RPC 4.3.0f0
    NI-RPC 4.3.0f0 for 64 Bit Windows
    NI-RPC 4.3.0f0 for Phar Lap ETS
    NI .NET Framework 4.0
    NI ActiveX Container
    NI ActiveX Container (64-bit)
    NI Assistant Framework
    NI Assistant Framework 64-bit
    NI Assistant Framework LabVIEW Code Generator 2012
    NI Authentication 12.0.0
    NI Authentication 12.0.0 (64-bit)
    NI CodeSignAPI
    NI Curl 12.0.0
    NI Curl 12.0.0 (64-bit)
    NI Customer Experience Improvement Program
    NI DataSocket 5.0
    NI DataSocket 5.0 (64-bit)
    NI Distributed System Manager 2012
    NI DN 2.0 SP1 installer
    NI Error Reporting 2012
    NI EulaDepot
    NI Example Finder 12.0
    NI GMP Windows 32-bit Installer 12.0.0
    NI GMP Windows 64-bit Installer 12.0.0
    NI Help Assistant
    NI Help Assistant (64bit)
    NI Instrument IO Assistant for LabVIEW 2012 32-bit
    NI LabVIEW 2011 Real-Time NBFifo
    NI LabVIEW 2012
    NI LabVIEW 2012 (32-bit)
    NI LabVIEW 2012 Deployable License
    NI LabVIEW 2012 Deployment Framework
    NI LabVIEW 2012 Help
    NI LabVIEW 2012 Help File
    NI LabVIEW 2012 License
    NI LabVIEW 2012 Manuals
    NI LabVIEW 2012 MeasAppChm File
    NI LabVIEW 2012 Real-Time Error Dialog
    NI LabVIEW 2012 Real-Time NBFifo
    NI LabVIEW 2012 Run-Time Engine Web Server
    NI LabVIEW 2012 Scripting Code Generator
    NI LabVIEW 2012 Search
    NI LabVIEW 2012 Simulation
    NI LabVIEW 2012 Variable Web Service
    NI LabVIEW 2012 Web Server
    NI LabVIEW Broker
    NI LabVIEW Broker (64 bit)
    NI LabVIEW C Interface
    NI LabVIEW Compare Utility 12.0.0
    NI LabVIEW MAX XML
    NI LabVIEW Merge Utility 12.0.0
    NI LabVIEW Run-Time Engine 2011 SP1
    NI LabVIEW Run-Time Engine 2012
    NI LabVIEW Run-Time Engine Interop 2011
    NI LabVIEW Run-Time Engine Interop 2012
    NI LabVIEW Web Server for Run-Time Engine
    NI LabVIEW Web Services Runtime
    NI LabWindows/CVI 2010 LabVIEW DLL Builder
    NI LabWindows/CVI 2010 SP1 Analysis Library
    NI LabWindows/CVI 2010 SP1 Analysis Library (64-bit)
    NI LabWindows/CVI 2010 SP1 Code Generator
    NI LabWindows/CVI 2010 SP1 Low-Level Driver (Original)
    NI LabWindows/CVI 2010 SP1 Low-Level Driver (Updated)
    NI LabWindows/CVI 2010 SP1 Network Variable Library
    NI LabWindows/CVI 2010 SP1 Network Variable Library (64-bit)
    NI LabWindows/CVI 2010 SP1 Run-Time Engine (64-bit)
    NI LabWindows/CVI 2010 SP1 TDM Streaming Library
    NI LabWindows/CVI 2010 SP1 TDM Streaming Library (64-bit)
    NI LabWindows/CVI Run-Time Engine 2010 SP1
    NI LabWindows/CVI Run-Time Engine 2010 SP1 (Updated)
    NI License Manager
    NI Logos 5.4
    NI Logos 5.4 (64-bit)
    NI Logos LabVIEW 2012 Support
    NI Logos XT Support
    NI Logos64 XT Support
    NI Math Kernel Libraries
    NI Math Kernel Libraries (64-bit)
    NI MAX Remote Configuration 64-bit Installer 5.3
    NI MAX Remote Configuration Installer 5.3
    NI MAX Support for 64 Bit Windows
    NI MDF Support
    NI mDNS Responder 2.1 for Windows 64-bit
    NI mDNS Responder 2.1.0
    NI Measurement & Automation Explorer 5.3.0
    NI Measurement Studio Recipe Processor
    NI MetaSuite Installer
    NI MXS 5.3.0
    NI MXS 5.3.0 for 64 Bit Windows
    NI Network Discovery 5.3
    NI Network Discovery 5.3 for Windows 64-bit
    NI NI LabVIEW 2011 SP1 Run-Time Engine Non-English Support
    NI NI LabVIEW 2012 Run-Time Engine Non-English Support.
    NI OPC Support
    NI Portable Configuration 5.3.0
    NI Portable Configuration for 64 Bit Windows 5.3.0
    NI Registration Wizard
    NI Remote Provider for MAX 5.3.0
    NI Remote PXI Provider for MAX 5.3.0
    NI Search Shared
    NI SLCP 1.0
    NI Software Provider for MAX 5.3.0
    NI SSL LabVIEW 2012 Support
    NI SSL LabVIEW RTE 2012 Support
    NI SSL Support
    NI SSL Support (64-bit)
    NI System API Client for WIF 5.3.0
    NI System API Web-Servce 32-bit 5.3.0
    NI System API Windows 32-bit 5.3.0
    NI System API Windows 64-bit 5.3.0
    NI System Configuration 5.3.0 LabVIEW Support
    NI System Configuration LV2012 Support 5.3.0
    NI System Configuration Runtime 5.3.0
    NI System Configuration Runtime 5.3.0 for Windows 64-bit
    NI System State Publisher
    NI System State Publisher (64-bit)
    NI System Web Server 12.0
    NI System Web Server Base 12.0.0
    NI System Web Server Base 12.0.0 (64-bit)
    NI TDM Excel Add-In 3.4
    NI TDM Excel Add-In 3.4 64-bit
    NI TDM Streaming 2.4
    NI TDM Streaming 2.4 (64-bit)
    NI Trace Engine
    NI Trace Engine (64-bit)
    NI Uninstaller
    NI Update Service 2.1
    NI USI 2.0.0
    NI USI 2.0.0 64-Bit
    NI Variable Engine (64-bit)
    NI Variable Engine 2.6.0
    NI Variable Engine LabVIEW 2012 Support
    NI VC2005MSMs x64
    NI VC2005MSMs x86
    NI VC2008MSMs x64
    NI VC2008MSMs x86
    NI VC2010MSMs x64
    NI VC2010MSMs x86
    NI VIPM Helper 2012
    NI Web Application Server 12.0
    NI Web Application Server 12.0 (64-bit)
    NI Web Interface Framework 2012
    NI Web Pipeline 2.0.1
    NI Web Pipeline 2.0.1 64-bit support
    NI Xalan Delay Load 1.10.2
    NI Xalan Delay Load 1.10.2 64-bit
    NI Xerces Delay Load 2.7.3
    NI Xerces Delay Load 2.7.3 64-bit
    NVIDIA Control Panel 327.02
    NVIDIA Graphics Driver 327.02
    NVIDIA Install Application
    NVIDIA Optimus 1.14.17
    NVIDIA PhysX
    NVIDIA PhysX System Software 9.11.1111
    NVIDIA Update 1.14.17
    NVIDIA Update Components
    Oasis2Service
    OLYMPUS Digital Camera Updater
    OLYMPUS Raw Codec
    Paint Shop Pro 7 Anniversary Edition
    PDF4Free 2.0
    PlayMemories Home
    PlayReady PC Runtime amd64
    PlayStation(R)Network Downloader
    PlayStation(R)Store
    PRE10STI64Installer
    PrimoPDF -- brought to you by Nitro PDF Software
    PSE10 STI Installer
    QuickBooks Pro 99
    QuickTime
    Reader for PC
    Realtek Ethernet Controller Driver
    Realtek High Definition Audio Driver
    Realtek PCIE Card Reader
    Recuva
    Remote Keyboard
    Remote Play with PlayStation(R)3
    Reset NI Config 5.0.0
    SeaTools for Windows
    Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596927) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2878233) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2920790) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2920792) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2984942) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2817565) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2920793) 32-Bit Edition
    Security Update for Microsoft Visual Studio 2010 Professional - ENU (KB2644980)
    Security Update for Microsoft Visual Studio 2010 Professional - ENU (KB2645410)
    Security Update for Microsoft Visual Studio Macro Tools (KB2669970)
    Service Pack 1 for SQL Server 2008 (KB968369) (64-bit)
    Skype™ 6.11
    SmartSound Common Data
    SmartSound Premiere Elements 10 x64 Plugin
    SmartSound Sonicfire Pro 5
    Sound Forge Audio Studio 10.0
    Sql Server Customer Experience Improvement Program
    SSLx64
    SSLx86
    StreetSmart Edge®
    Synaptics Pointing Device Driver
    TrackID(TM) with BRAVIA
    TriDef 3D (Sony) 2.0.5
    True Image 2013
    TurboTax 2012
    TurboTax 2012 wcaiper
    TurboTax 2012 WinPerFedFormset
    TurboTax 2012 WinPerReleaseEngine
    TurboTax 2012 WinPerTaxSupport
    TurboTax 2012 wrapper
    TurboTax 2013
    TurboTax 2013 wcaiper
    TurboTax 2013 WinPerFedFormset
    TurboTax 2013 WinPerReleaseEngine
    TurboTax 2013 WinPerTaxSupport
    TurboTax 2013 wrapper
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2920789) 32-Bit Edition
    Update for Microsoft Office PowerPoint 2007 (KB2597972) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    V3DPx86
    VAIO - Microsoft Visual C++ 2010 SP1 Runtime 10.0.40219.325
    VAIO - PlayMemories Home Plug-in
    VAIO - Remote Keyboard
    VAIO - Remote Keyboard with PlayStation®3
    VAIO - Remote Play with PlayStation®3
    VAIO - TrackID™ with BRAVIA
    VAIO 3D Portal
    VAIO Care
    VAIO Control Center
    VAIO CPU Fan Diagnostic
    VAIO Data Restore Tool
    VAIO Easy Connect
    VAIO Gate
    VAIO Gate Default
    VAIO Gesture Control
    VAIO Health Report
    VAIO Help and Support
    VAIO Improvement
    VAIO Manual
    VAIO OOBE
    VAIO Sample Contents
    VAIO Satisfaction Survey.
    VAIO Smart Network
    VAIO Transfer Support
    VBMx86
    VCCx64
    VCCx86
    Vegas Movie Studio HD Platinum 11.0
    VGClientX64
    VGClientX86
    VHD
    ViewSonic Windows 7 Signed Files
    Visual Studio 2010 Prerequisites - English
    Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
    VIx64
    VIx86
    VMLx86
    VPMx64
    VSNx64
    VSNx86
    VSSTx64
    VSSTx86
    VU5x64
    VU5x86
    VWSTx86
    WCF RIA Services V1.0 SP1
    Web Deployment Tool
    WIF Core Dependencies Windows 5.3.0
    Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
    Windows Driver Package - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    WinRAR 5.20 beta 1 (64-bit)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    12/19/2014 7:08:41 AM, Error: Schannel [36887] - The following fatal alert was received: 80.
    12/18/2014 6:19:32 PM, Error: Schannel [36888] - The following fatal alert was generated: 50. The internal error state is 959.
    12/16/2014 9:01:57 AM, Error: Schannel [36888] - The following fatal alert was generated: 43. The internal error state is 252.
    12/16/2014 9:00:09 AM, Error: Service Control Manager [7034] - The Oasis2Service service terminated unexpectedly. It has done this 1 time(s).
    12/16/2014 8:45:45 AM, Error: Service Control Manager [7023] - The Superfetch service terminated with the following error: The system cannot find the file specified.
    12/16/2014 8:45:21 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
    12/16/2014 8:44:57 AM, Error: volmgr [46] - Crash dump initialization failed!
    12/16/2014 5:05:49 AM, Error: Schannel [36887] - The following fatal alert was received: 50.
    12/16/2014 2:30:07 AM, Error: Schannel [36887] - The following fatal alert was received: 20.
    12/16/2014 2:06:53 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user RWOLF02\Rwolf01 SID (S-1-5-21-747785638-1536544367-690633523-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    12/16/2014 2:06:53 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user RWOLF02\Rwolf01 SID (S-1-5-21-747785638-1536544367-690633523-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    12/15/2014 8:37:07 PM, Error: Service Control Manager [7022] - The Oasis2Service service hung on starting.
    12/13/2014 3:36:37 PM, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.
    12/12/2014 9:10:25 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10003] - WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\IWMSSvc.dll
    12/12/2014 9:09:22 PM, Error: Service Control Manager [7031] - The Acronis Nonstop Backup Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
    12/12/2014 7:17:04 PM, Error: Service Control Manager [7022] - The VAIO Care Performance Service service hung on starting.
    12/12/2014 7:15:04 PM, Error: Service Control Manager [7022] - The NVIDIA Update Service Daemon service hung on starting.
    12/12/2014 6:18:14 AM, Error: Service Control Manager [7022] - The Energy Server Service service hung on starting.
    12/12/2014 5:11:27 PM, Error: Microsoft-Windows-BitLocker-Driver [24620] - Encrypted volume check: Volume information on cannot be read.
    12/12/2014 4:37:01 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the PMBDeviceInfoProvider service to connect.
    12/12/2014 4:37:01 PM, Error: Service Control Manager [7000] - The PMBDeviceInfoProvider service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    12/12/2014 3:59:18 PM, Error: Service Control Manager [7038] - The TermService service was unable to log on as NT Authority\NetworkService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    12/12/2014 3:59:18 PM, Error: Service Control Manager [7038] - The netprofm service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    12/12/2014 3:59:18 PM, Error: Service Control Manager [7038] - The bthserv service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    12/12/2014 3:59:18 PM, Error: Service Control Manager [7001] - The Application Information service depends on the User Profile Service service which failed to start because of the following error: The service has not been started.
    12/12/2014 3:59:18 PM, Error: Service Control Manager [7000] - The VSNService service failed to start due to the following error: The pipe has been ended.
    12/12/2014 3:59:18 PM, Error: Service Control Manager [7000] - The Remote Desktop Services service failed to start due to the following error: The service did not start due to a logon failure.
    12/12/2014 3:59:18 PM, Error: Service Control Manager [7000] - The Portable Device Enumerator Service service failed to start due to the following error: A system shutdown is in progress.
    12/12/2014 3:59:18 PM, Error: Service Control Manager [7000] - The Network List Service service failed to start due to the following error: The service did not start due to a logon failure.
    12/12/2014 3:59:18 PM, Error: Service Control Manager [7000] - The Bluetooth Support Service service failed to start due to the following error: The service did not start due to a logon failure.
    12/12/2014 3:59:17 PM, Error: Service Control Manager [7038] - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    12/12/2014 3:59:17 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
    12/12/2014 3:59:17 PM, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The service has not been started.
    12/12/2014 3:59:17 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    12/12/2014 3:59:17 PM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The service did not start due to a logon failure.
    12/12/2014 2:16:34 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
    12/12/2014 1:43:36 PM, Error: Service Control Manager [7001] - The Internet Connection Sharing (ICS) service depends on the Remote Access Connection Manager service which failed to start because of the following error: A system shutdown is in progress.
    12/12/2014 1:43:36 PM, Error: Service Control Manager [7000] - The Remote Access Connection Manager service failed to start due to the following error: A system shutdown is in progress.
    12/12/2014 1:43:36 PM, Error: Service Control Manager [7000] - The IP Helper service failed to start due to the following error: A system shutdown is in progress.
    12/12/2014 1:43:36 PM, Error: Service Control Manager [7000] - The Avira Web Protection service failed to start due to the following error: The pipe has been ended.
    12/12/2014 1:43:35 PM, Error: Service Control Manager [7000] - The Avira Mail Protection service failed to start due to the following error: The pipe has been ended.
    12/12/2014 1:43:32 PM, Error: Microsoft-Windows-DistributedCOM [10004] - DCOM got error "1115" and was unable to logon nt authority\localservice in order to run the server: {CB45D4CA-8A34-4EF1-9957-6134E5270E83}
    12/12/2014 1:43:31 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
    .
    ==== End Of File ===========================
     
  3. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =================================

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download [​IMG] Malwarebytes Anti-Rootkit (MBAR) to your desktop.
    • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
    • Double click on downloaded file. OK self extracting prompt.
    • MBAR will start. Click "Next" to continue.
    • Click in the following screen "Update" to obtain the latest malware definitions.
    • Once the update is complete select "Next" and click "Scan".
    • When the scan is finished and no malware has been found select "Exit".
    • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
    • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
      • "mbar-log-{date} (xx-xx-xx).txt"
      • "system-log.txt"
    NOTE. If you see This version requires you to completely exit the Anti Malware application message right click on the Malwarebytes Anti-Malware icon in the system tray and click on Exit.
     
  4. Rwolf01

    Rwolf01 TS Enthusiast Topic Starter Posts: 127

    Thanks for the suggestions I'll get started on them right away.

    Just to be clear, I'd like to start a second thread for the other laptop that shares the DSL link with this one.

    I'll do that in a few minutes.
     
  5. Rwolf01

    Rwolf01 TS Enthusiast Topic Starter Posts: 127

    I have the downloads & instructions. I'll take the LT offline and disable Avira, then proceed as instructed....
     
  6. Rwolf01

    Rwolf01 TS Enthusiast Topic Starter Posts: 127

    ==================== Rogue Killer Report ========================

    RogueKiller V10.1.0.0 [Dec 11 2014] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com
    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Rwolf01 [Administrator]
    Mode : Delete -- Date : 12/20/2014 08:34:14
    ¤¤¤ Processes : 0 ¤¤¤
    ¤¤¤ Registry : 27 ¤¤¤
    [PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Not selected
    [PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Not selected
    [PUM.HomePage] (X64) HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Not selected
    [PUM.HomePage] (X86) HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Not selected
    [PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Not selected
    [PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Not selected
    [PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Not selected
    [PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Not selected
    [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Not selected
    [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Not selected
    [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-747785638-1536544367-690633523-1001\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Not selected
    [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-747785638-1536544367-690633523-1001\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Not selected
    [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-747785638-1536544367-690633523-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Not selected
    [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-747785638-1536544367-690633523-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Not selected
    [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Not selected
    [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6588E2D2-D207-44D2-ACC4-CC6F54BBAC79} | DhcpNameServer : 172.20.10.1 -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{6588E2D2-D207-44D2-ACC4-CC6F54BBAC79} | DhcpNameServer : 172.20.10.1 -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{6588E2D2-D207-44D2-ACC4-CC6F54BBAC79} | DhcpNameServer : 172.20.10.1 -> Not selected
    [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-747785638-1536544367-690633523-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Not selected
    [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-747785638-1536544367-690633523-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Not selected
    [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-747785638-1536544367-690633523-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Not selected
    [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-747785638-1536544367-690633523-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Not selected
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
    ¤¤¤ Tasks : 0 ¤¤¤
    ¤¤¤ Files : 0 ¤¤¤
    ¤¤¤ Hosts File : 1 ¤¤¤
    [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
    ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤
    ¤¤¤ Web browsers : 0 ¤¤¤
    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: HGST HTS721010A9E630 +++++
    --- User ---
    [MBR] 59331366a284da0291e63c178988ffb5
    [BSP] f8600e20d08b4521c7de7b42d5becd39 : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097151 MB
    User = LL1 ... OK
    User = LL2 ... OK
    +++++ PhysicalDrive1: ADATA SP900 +++++
    --- User ---
    [MBR] 9e79df6146b2c2fe08bd94b91ff7da3f
    [BSP] 5aee74dd0c3bde15f28d4f5bdf1cb56d : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097151 MB
    User = LL1 ... OK
    User = LL2 ... OK
    +++++ PhysicalDrive2: Buildwin MediaPlayer USB Device +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )
    +++++ PhysicalDrive3: ASMT 2105 USB Device +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )

    ============================================
    RKreport_DEL_06162014_123847.log - RKreport_SCN_06162014_123437.log - RKreport_SCN_06162014_124515.log - RKreport_SCN_12202014_083026.log
     
  7. Rwolf01

    Rwolf01 TS Enthusiast Topic Starter Posts: 127

    Note: The system restore features were not setup correctly (I think that was a side-effect from a recent hard disk upgrade), but I got that fixed and created a restore point.

    MBAR alerted that a registry entry "AppInit_Dlls" might indicate rootkit activity. But I told it NOT to delete the file. Had to reconnect to the network to updated MBAR's definition files.

    But, when all was said & done, MBAR Beta v1.08.2.1001 reported:

    "Congratulations no cleanup is required! Scan Finished: No Malware Found!"


    ===================== MBAR log ============================

    Malwarebytes Anti-Rootkit BETA 1.08.2.1001
    www.malwarebytes.org
    Database version: v2014.12.20.04
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 11.0.9600.17501
    Rwolf01 :: RWOLF02 [administrator]
    12/20/2014 9:03:44 AM
    mbar-log-2014-12-20 (09-03-44).txt
    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Objects scanned: 415453
    Time elapsed: 6 minute(s), 5 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    Physical Sectors Detected: 0
    (No malicious items detected)
    (end)
     
  8. Rwolf01

    Rwolf01 TS Enthusiast Topic Starter Posts: 127

    Thanks again for your assistance. I am standing by for the next instruction....
     
  9. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  10. Rwolf01

    Rwolf01 TS Enthusiast Topic Starter Posts: 127

    Ran ComboFix as instructed.

    Note: Even though I had the umbrella folded up in Avira, it still trapped an attempt to access the registry by ComboFix. I let it run to completion anyway then disabled Avira properly and reran it. Both logs are attached.

    Note: I did not need to resort to the renamed combofix or Rkill.

    Here are complete instructions for disabling Avira Antivirus Pro (from v14.0.7.468)

    Right click the tray icon and uncheck Real Time Protection, Mail Protection, Web Protection and Firewall.
    Now right click and select Start Antivirus Pro.
    Click Extras->Configuration->General->Security and uncheck everything.
    Click apply and close the program.

    Important: After the next reboot the Umbrella will be open and some -- but not all -- the settings will be re-enabled. Repeat the above procedure to make sure everything is turned on after the scanning task has been completed.

    ======================= First ComboFix Log ===========================

    ComboFix 14-12-14.01 - Rwolf01 12/20/2014 17:34:52.1.8 - x64
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.12187.8862 [GMT -8:00]
    Running from: c:\users\Rwolf02\Desktop\ComboFix.exe
    AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
    SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2014-11-21 to 2014-12-21 )))))))))))))))))))))))))))))))
    .
    .
    2014-12-21 01:46 . 2014-12-21 01:46 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2014-12-21 01:46 . 2014-12-21 01:46 -------- d-----w- c:\users\Public\AppData\Local\temp
    2014-12-21 01:46 . 2014-12-21 01:46 -------- d-----w- c:\users\Default\AppData\Local\temp
    2014-12-20 16:27 . 2014-12-20 16:27 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
    2014-12-18 11:11 . 2014-12-13 05:09 144384 ----a-w- c:\windows\system32\ieUnatt.exe
    2014-12-18 11:11 . 2014-12-13 03:33 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2014-12-16 12:42 . 2014-12-16 12:42 -------- d-----w- c:\program files (x86)\ADATA
    2014-12-16 11:36 . 2014-12-16 11:37 -------- d-----w- c:\program files\CCleaner
    2014-12-16 07:55 . 2014-12-16 07:55 -------- d-----w- c:\users\Rwolf02\AppData\Roaming\Avira
    2014-12-16 07:55 . 2014-11-24 18:23 43064 ----a-w- c:\windows\system32\drivers\avnetflt.sys
    2014-12-16 07:55 . 2014-11-24 18:23 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
    2014-12-16 07:55 . 2014-11-24 18:23 131608 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2014-12-16 07:55 . 2014-11-24 18:23 119272 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2014-12-16 07:55 . 2014-12-16 07:55 -------- d-----w- c:\program files (x86)\Avira
    2014-12-13 01:09 . 2014-12-13 01:09 367200 ----a-w- c:\windows\system32\drivers\afcdp.sys
    2014-12-13 01:09 . 2014-12-13 01:09 1462560 ----a-w- c:\windows\system32\drivers\tdrpman.sys
    2014-12-13 01:09 . 2014-12-13 01:09 183224 ----a-w- c:\windows\system32\drivers\tib_mounter.sys
    2014-12-13 01:09 . 2014-12-13 01:09 161568 ----a-w- c:\windows\system32\drivers\vididr.sys
    2014-12-13 01:09 . 2014-12-13 01:09 1120032 ----a-w- c:\windows\system32\drivers\tib.sys
    2014-12-13 01:09 . 2014-12-13 01:09 117024 ----a-w- c:\windows\system32\drivers\vidsflt.sys
    2014-12-13 01:09 . 2014-12-13 01:09 233760 ----a-w- c:\windows\system32\drivers\snapman.sys
    2014-12-13 01:09 . 2014-12-13 01:09 108832 ----a-w- c:\windows\system32\drivers\fltsrv.sys
    2014-12-13 01:09 . 2014-12-13 01:09 -------- d-----w- c:\program files (x86)\Common Files\Acronis
    2014-12-13 01:09 . 2014-12-13 01:09 -------- d-----w- c:\program files (x86)\Acronis
    2014-12-10 11:21 . 2014-12-10 11:21 -------- d-----w- c:\windows\system32\appraiser
    2014-12-10 11:01 . 2014-10-18 02:05 4121600 ----a-w- c:\windows\system32\mf.dll
    2014-12-10 11:01 . 2014-10-18 01:33 3209728 ----a-w- c:\windows\SysWow64\mf.dll
    2014-12-10 10:00 . 2014-11-08 03:16 2048 ----a-w- c:\windows\system32\tzres.dll
    2014-12-10 10:00 . 2014-11-08 02:45 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2014-12-10 10:00 . 2014-12-01 23:28 1232040 ----a-w- c:\windows\system32\aitstatic.exe
    2014-12-10 10:00 . 2014-12-04 02:50 413184 ----a-w- c:\windows\system32\generaltel.dll
    2014-12-10 10:00 . 2014-12-04 02:50 741376 ----a-w- c:\windows\system32\invagent.dll
    2014-12-10 10:00 . 2014-12-04 02:50 396800 ----a-w- c:\windows\system32\devinv.dll
    2014-12-10 10:00 . 2014-12-04 02:50 227328 ----a-w- c:\windows\system32\aepdu.dll
    2014-12-10 10:00 . 2014-12-04 02:50 192000 ----a-w- c:\windows\system32\aepic.dll
    2014-12-10 10:00 . 2014-12-04 02:44 1083392 ----a-w- c:\windows\system32\aeinv.dll
    2014-12-10 09:58 . 2014-10-30 02:03 165888 ----a-w- c:\windows\system32\charmap.exe
    2014-12-10 09:58 . 2014-10-30 01:45 155136 ----a-w- c:\windows\SysWow64\charmap.exe
    2014-12-10 09:58 . 2014-10-03 02:12 310272 ----a-w- c:\windows\system32\WsmWmiPl.dll
    2014-12-10 09:58 . 2014-10-03 02:12 2020352 ----a-w- c:\windows\system32\WsmSvc.dll
    2014-12-10 09:58 . 2014-10-03 02:12 346624 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll
    2014-12-10 09:58 . 2014-10-03 02:12 181248 ----a-w- c:\windows\system32\WsmAuto.dll
    2014-12-10 09:58 . 2014-10-03 02:11 266240 ----a-w- c:\windows\system32\WSManHTTPConfig.exe
    2014-12-10 09:58 . 2014-10-03 01:45 248832 ----a-w- c:\windows\SysWow64\WSManMigrationPlugin.dll
    2014-12-10 09:58 . 2014-10-03 01:45 214016 ----a-w- c:\windows\SysWow64\WsmWmiPl.dll
    2014-12-10 09:58 . 2014-10-03 01:45 145920 ----a-w- c:\windows\SysWow64\WsmAuto.dll
    2014-12-10 09:58 . 2014-10-03 01:45 1177088 ----a-w- c:\windows\SysWow64\WsmSvc.dll
    2014-12-10 09:58 . 2014-10-03 01:44 198656 ----a-w- c:\windows\SysWow64\WSManHTTPConfig.exe
    2014-12-03 06:31 . 2014-12-03 06:31 227048 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
    2014-11-22 11:02 . 2012-05-01 08:22 9888872 ----a-w- c:\windows\SysWow64\RtsPStorIcon.dll
    2014-11-22 11:02 . 2012-05-01 08:22 340072 ----a-w- c:\windows\system32\drivers\RtsPStor.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-12-20 17:02 . 2014-06-15 09:14 135384 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-12-20 16:52 . 2014-06-15 09:14 96472 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-12-10 17:36 . 2012-08-10 22:00 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-12-10 17:36 . 2012-08-10 22:00 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2014-12-10 11:02 . 2012-08-17 19:13 112710672 ----a-w- c:\windows\system32\MRT.exe
    2014-11-21 14:14 . 2014-06-15 09:14 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
    2014-11-21 14:14 . 2014-06-15 09:14 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
    2014-11-18 22:56 . 2014-11-18 22:56 1202848 ----a-w- c:\windows\SysWow64\FM20.DLL
    2014-11-17 10:13 . 2012-09-29 19:44 3642528 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
    2014-11-11 03:08 . 2014-11-18 21:46 241152 ----a-w- c:\windows\system32\pku2u.dll
    2014-11-11 03:08 . 2014-11-18 21:46 728064 ----a-w- c:\windows\system32\kerberos.dll
    2014-11-11 02:44 . 2014-11-18 21:46 186880 ----a-w- c:\windows\SysWow64\pku2u.dll
    2014-11-11 02:44 . 2014-11-18 21:46 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
    2014-10-25 01:57 . 2014-11-16 04:17 77824 ----a-w- c:\windows\system32\packager.dll
    2014-10-25 01:32 . 2014-11-16 04:17 67584 ----a-w- c:\windows\SysWow64\packager.dll
    2014-10-18 02:05 . 2014-11-16 04:17 861696 ----a-w- c:\windows\system32\oleaut32.dll
    2014-10-18 01:33 . 2014-11-16 04:17 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
    2014-10-14 19:03 . 2014-10-14 19:03 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2014-10-14 02:16 . 2014-11-16 04:22 155064 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2014-10-14 02:13 . 2014-11-16 04:22 683520 ----a-w- c:\windows\system32\termsrv.dll
    2014-10-14 02:13 . 2014-11-16 04:17 3241984 ----a-w- c:\windows\system32\msi.dll
    2014-10-14 02:12 . 2014-11-16 04:22 1460736 ----a-w- c:\windows\system32\lsasrv.dll
    2014-10-14 02:09 . 2014-11-16 04:22 146432 ----a-w- c:\windows\system32\msaudite.dll
    2014-10-14 02:07 . 2014-11-16 04:22 681984 ----a-w- c:\windows\system32\adtschema.dll
    2014-10-14 01:50 . 2014-11-16 04:22 22016 ----a-w- c:\windows\SysWow64\secur32.dll
    2014-10-14 01:50 . 2014-11-16 04:17 2363904 ----a-w- c:\windows\SysWow64\msi.dll
    2014-10-14 01:49 . 2014-11-16 04:22 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
    2014-10-14 01:47 . 2014-11-16 04:22 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
    2014-10-14 01:46 . 2014-11-16 04:22 681984 ----a-w- c:\windows\SysWow64\adtschema.dll
    2014-10-10 00:57 . 2014-11-16 04:17 3198976 ----a-w- c:\windows\system32\win32k.sys
    2014-10-03 02:12 . 2014-11-16 04:17 500224 ----a-w- c:\windows\system32\AUDIOKSE.dll
    2014-10-03 02:11 . 2014-11-16 04:17 284672 ----a-w- c:\windows\system32\EncDump.dll
    2014-10-03 02:11 . 2014-11-16 04:17 680960 ----a-w- c:\windows\system32\audiosrv.dll
    2014-10-03 02:11 . 2014-11-16 04:17 440832 ----a-w- c:\windows\system32\AudioEng.dll
    2014-10-03 02:11 . 2014-11-16 04:17 296448 ----a-w- c:\windows\system32\AudioSes.dll
    2014-10-03 01:44 . 2014-11-16 04:17 442880 ----a-w- c:\windows\SysWow64\AUDIOKSE.dll
    2014-10-03 01:44 . 2014-11-16 04:17 374784 ----a-w- c:\windows\SysWow64\AudioEng.dll
    2014-10-03 01:44 . 2014-11-16 04:17 195584 ----a-w- c:\windows\SysWow64\AudioSes.dll
    2014-09-25 02:08 . 2014-09-30 18:13 371712 ----a-w- c:\windows\system32\qdvd.dll
    2014-09-25 01:40 . 2014-09-30 18:13 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QuickLaunch"="c:\program files (x86)\Schwab\StreetSmart Edge\QuickLaunch.exe" [2014-08-08 12288]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-05-14 56088]
    "USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-03-09 291608]
    "ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2011-09-20 60552]
    "PMBVolumeWatcher"="c:\program files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe" [2012-02-21 693608]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-11-20 1021128]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-10-07 507776]
    "TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2013-04-11 6382328]
    "AcronisTibMounterMonitor"="c:\program files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe" [2013-01-10 1103424]
    "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-11-24 702768]
    .
    c:\users\Rwolf02\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Monitor Ink Alerts - HP Officejet 6700.lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Officejet 6700\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN2AJ7QGQB05RQ;CONNECTION=USB;MONITOR=1; [2009-7-13 45568]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "EnableSecureUIAPath"= 1 (0x1)
    "EnableLinkedConnections"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "Userinit"="userinit.exe"
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service\Oasis2Service.exe;c:\program files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R3 ADATA ToolBox Service;ADATA ToolBox Service;c:\program files (x86)\ADATA\SSD ToolBox\ToolBoxSvc.exe;c:\program files (x86)\ADATA\SSD ToolBox\ToolBoxSvc.exe [x]
    R3 AMPPALP;Intel(r) Centrino(r) Wireless Bluetooth(r) + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
    R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1y60x64.sys [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
    R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys;c:\windows\SYSNATIVE\DRIVERS\ivusb.sys [x]
    R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
    R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
    R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x]
    R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x]
    R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
    R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
    R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
    R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [x]
    R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [x]
    R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
    R4 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
    R4 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
    R4 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
    R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
    R4 NIApplicationWebServer64;NI Application Web Server (64-bit);c:\program files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe;c:\program files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [x]
    R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0103.sys [x]
    R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
    S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys;c:\windows\SYSNATIVE\DRIVERS\fltsrv.sys [x]
    S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
    S0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys;c:\windows\SYSNATIVE\drivers\mv61xx.sys [x]
    S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
    S0 tib;Acronis TIB Manager;c:\windows\system32\DRIVERS\tib.sys;c:\windows\SYSNATIVE\DRIVERS\tib.sys [x]
    S0 tib_mounter;Acronis TIB Mounter;c:\windows\system32\DRIVERS\tib_mounter.sys;c:\windows\SYSNATIVE\DRIVERS\tib_mounter.sys [x]
    S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys;c:\windows\SYSNATIVE\DRIVERS\vididr.sys [x]
    S0 vidsflt;Acronis Disk Storage Filter;c:\windows\system32\DRIVERS\vidsflt.sys;c:\windows\SYSNATIVE\DRIVERS\vidsflt.sys [x]
    S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
    S2 ActiveDelayDeviceService;ActiveDelayDeviceService;c:\program files (x86)\Sony\VAIO Boot Manager\ActiveDelayDeviceService.exe;c:\program files (x86)\Sony\VAIO Boot Manager\ActiveDelayDeviceService.exe [x]
    S2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [x]
    S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [x]
    S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
    S2 AntiVirMailService;Avira Mail Protection;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe [x]
    S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
    S2 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
    S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
    S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
    S2 ESRV_SVC;Energy Server Service;c:\program files\Sony\VAIO Care\esrv\esrv_svc.exe --AUTO_START --start --address 127.0.0.1;c:\program files\Sony\VAIO Care\esrv\esrv_svc.exe --AUTO_START --start --address 127.0.0.1 [x]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
    S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
    S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
    S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
    S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x]
    S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
    S2 NIApplicationWebServer;NI Application Web Server;c:\program files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe;c:\program files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [x]
    S2 nimDNSResponder;NI mDNS Responder Service;c:\program files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe;c:\program files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [x]
    S2 NINetworkDiscovery;NI Network Discovery;c:\program files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe;c:\program files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe [x]
    S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [x]
    S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe;c:\program files\Sony\VAIO Care\VCPerfService.exe [x]
    S2 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [x]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
    S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe;c:\program files\Sony\VAIO Power Management\SPMService.exe [x]
    S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe;c:\program files\Sony\VAIO Smart Network\VSNService.exe [x]
    S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
    S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys;c:\windows\SYSNATIVE\DRIVERS\afcdp.sys [x]
    S3 AMPPAL;Intel(r) Centrino(r) Wireless Bluetooth(r) + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
    S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
    S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
    S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
    S3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
    S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
    S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
    S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
    S3 semav6thermal64ro;semav6thermal64ro;c:\windows\system32\drivers\semav6thermal64ro.sys;c:\windows\SYSNATIVE\drivers\semav6thermal64ro.sys [x]
    S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys;c:\windows\SYSNATIVE\DRIVERS\SFEP.sys [x]
    S3 SIUSBXP;SIUSBXP;c:\windows\system32\drivers\SiUSBXp.sys;c:\windows\SYSNATIVE\drivers\SiUSBXp.sys [x]
    S3 USER_ESRV_SVC;User Energy Server Service;c:\program files\Sony\VAIO Care\esrv\esrv_svc.exe;c:\program files\Sony\VAIO Care\esrv\esrv_svc.exe [x]
    S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe;c:\program files\Sony\VAIO Care\VCService.exe [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2014-12-12 12:15 1087816 ----a-w- c:\program files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-12-21 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-10 17:36]
    .
    2014-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-21 06:44]
    .
    2014-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-21 06:44]
    .
    2014-12-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-747785638-1536544367-690633523-1001Core.job
    - c:\users\Rwolf02\AppData\Local\Google\Update\GoogleUpdate.exe [2014-04-30 22:04]
    .
    2014-12-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-747785638-1536544367-690633523-1001UA.job
    - c:\users\Rwolf02\AppData\Local\Google\Update\GoogleUpdate.exe [2014-04-30 22:04]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncError]
    @="{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}"
    [HKEY_CLASSES_ROOT\CLSID\{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}]
    2013-04-11 00:42 2888048 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncInProgress]
    @="{00F848DC-B1D4-4892-9C25-CAADC86A215D}"
    [HKEY_CLASSES_ROOT\CLSID\{00F848DC-B1D4-4892-9C25-CAADC86A215D}]
    2013-04-11 00:42 2888048 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncOk]
    @="{71573297-552E-46fc-BE3D-3DFAF88D47B7}"
    [HKEY_CLASSES_ROOT\CLSID\{71573297-552E-46fc-BE3D-3DFAF88D47B7}]
    2013-04-11 00:42 2888048 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-02-20 1158248]
    "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-02-20 1158248]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-04-03 170264]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-04-03 398616]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2012-04-03 439064]
    "Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2013-02-15 516928]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=c:\windows\System32\nvinitx.dll
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = https://www.google.com/?gws_rd=ssl
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255}: NameServer = 8.8.8.8,8.8.4.4
    TCP: Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255}\2577F6C66603132E08993702960586F6E656: NameServer = 8.8.8.8,8.8.4.4
    TCP: Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255}\3305145485: NameServer = 8.8.8.8,8.8.4.4
    TCP: Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255}\44F6279637E45647: NameServer = 8.8.8.8,8.8.4.4
    TCP: Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255}\46C696E6B6: NameServer = 8.8.8.8,8.8.4.4
    TCP: Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255}\742716973734162696E6: NameServer = 8.8.8.8,8.8.4.4
    TCP: Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255}\B4C6165737723734162696E6: NameServer = 8.8.8.8,8.8.4.4
    TCP: Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255}\D494C4E45425D2C414D2355434552554: NameServer = 8.8.8.8,8.8.4.4
    .
    - - - - ORPHANS REMOVED - - - -
    .
    BHO-{41564952-412D-5637-4300-7A786E7484D7} - (no file)
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    AddRemove-{0131D7EF-65FF-478F-8ABD-5ABEE24EC8EF} - c:\programdata\{AA28280A-C4CA-4B4F-9DF1-593032D2F3EC}\VAIO Messenger Setup 2.0.550.0.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
    "ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\%C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_246_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_246_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.15"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2014-12-20 18:09:31
    ComboFix-quarantined-files.txt 2014-12-21 02:09
    .
    Pre-Run: 100,336,418,816 bytes free
    Post-Run: 100,243,820,544 bytes free
    .
    - - End Of File - - E2B3776C3C840F41BA2B5B19590F3A50
     
  11. Rwolf01

    Rwolf01 TS Enthusiast Topic Starter Posts: 127

    ====================== Second Combofix log =========================

    ComboFix 14-12-14.01 - Rwolf01 12/20/2014 18:34:27.2.8 - x64
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.12187.8676 [GMT -8:00]
    Running from: c:\users\Rwolf02\Desktop\ComboFix.exe
    AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
    SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2014-11-21 to 2014-12-21 )))))))))))))))))))))))))))))))
    .
    .
    2014-12-21 02:44 . 2014-12-21 02:44 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2014-12-21 02:44 . 2014-12-21 02:44 -------- d-----w- c:\users\Public\AppData\Local\temp
    2014-12-21 02:44 . 2014-12-21 02:44 -------- d-----w- c:\users\Default\AppData\Local\temp
    2014-12-20 16:27 . 2014-12-20 16:27 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
    2014-12-18 11:11 . 2014-12-13 05:09 144384 ----a-w- c:\windows\system32\ieUnatt.exe
    2014-12-18 11:11 . 2014-12-13 03:33 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2014-12-16 12:42 . 2014-12-16 12:42 -------- d-----w- c:\program files (x86)\ADATA
    2014-12-16 11:36 . 2014-12-16 11:37 -------- d-----w- c:\program files\CCleaner
    2014-12-16 07:55 . 2014-12-16 07:55 -------- d-----w- c:\users\Rwolf02\AppData\Roaming\Avira
    2014-12-16 07:55 . 2014-11-24 18:23 43064 ----a-w- c:\windows\system32\drivers\avnetflt.sys
    2014-12-16 07:55 . 2014-11-24 18:23 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
    2014-12-16 07:55 . 2014-11-24 18:23 131608 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2014-12-16 07:55 . 2014-11-24 18:23 119272 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2014-12-16 07:55 . 2014-12-16 07:55 -------- d-----w- c:\program files (x86)\Avira
    2014-12-13 01:09 . 2014-12-13 01:09 367200 ----a-w- c:\windows\system32\drivers\afcdp.sys
    2014-12-13 01:09 . 2014-12-13 01:09 1462560 ----a-w- c:\windows\system32\drivers\tdrpman.sys
    2014-12-13 01:09 . 2014-12-13 01:09 183224 ----a-w- c:\windows\system32\drivers\tib_mounter.sys
    2014-12-13 01:09 . 2014-12-13 01:09 161568 ----a-w- c:\windows\system32\drivers\vididr.sys
    2014-12-13 01:09 . 2014-12-13 01:09 1120032 ----a-w- c:\windows\system32\drivers\tib.sys
    2014-12-13 01:09 . 2014-12-13 01:09 117024 ----a-w- c:\windows\system32\drivers\vidsflt.sys
    2014-12-13 01:09 . 2014-12-13 01:09 233760 ----a-w- c:\windows\system32\drivers\snapman.sys
    2014-12-13 01:09 . 2014-12-13 01:09 108832 ----a-w- c:\windows\system32\drivers\fltsrv.sys
    2014-12-13 01:09 . 2014-12-13 01:09 -------- d-----w- c:\program files (x86)\Common Files\Acronis
    2014-12-13 01:09 . 2014-12-13 01:09 -------- d-----w- c:\program files (x86)\Acronis
    2014-12-10 11:21 . 2014-12-10 11:21 -------- d-----w- c:\windows\system32\appraiser
    2014-12-10 11:01 . 2014-10-18 02:05 4121600 ----a-w- c:\windows\system32\mf.dll
    2014-12-10 11:01 . 2014-10-18 01:33 3209728 ----a-w- c:\windows\SysWow64\mf.dll
    2014-12-10 10:00 . 2014-11-08 03:16 2048 ----a-w- c:\windows\system32\tzres.dll
    2014-12-10 10:00 . 2014-11-08 02:45 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2014-12-10 10:00 . 2014-12-01 23:28 1232040 ----a-w- c:\windows\system32\aitstatic.exe
    2014-12-10 10:00 . 2014-12-04 02:50 413184 ----a-w- c:\windows\system32\generaltel.dll
    2014-12-10 10:00 . 2014-12-04 02:50 741376 ----a-w- c:\windows\system32\invagent.dll
    2014-12-10 10:00 . 2014-12-04 02:50 396800 ----a-w- c:\windows\system32\devinv.dll
    2014-12-10 10:00 . 2014-12-04 02:50 227328 ----a-w- c:\windows\system32\aepdu.dll
    2014-12-10 10:00 . 2014-12-04 02:50 192000 ----a-w- c:\windows\system32\aepic.dll
    2014-12-10 10:00 . 2014-12-04 02:44 1083392 ----a-w- c:\windows\system32\aeinv.dll
    2014-12-10 09:58 . 2014-10-30 02:03 165888 ----a-w- c:\windows\system32\charmap.exe
    2014-12-10 09:58 . 2014-10-30 01:45 155136 ----a-w- c:\windows\SysWow64\charmap.exe
    2014-12-10 09:58 . 2014-10-03 02:12 310272 ----a-w- c:\windows\system32\WsmWmiPl.dll
    2014-12-10 09:58 . 2014-10-03 02:12 2020352 ----a-w- c:\windows\system32\WsmSvc.dll
    2014-12-10 09:58 . 2014-10-03 02:12 346624 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll
    2014-12-10 09:58 . 2014-10-03 02:12 181248 ----a-w- c:\windows\system32\WsmAuto.dll
    2014-12-10 09:58 . 2014-10-03 02:11 266240 ----a-w- c:\windows\system32\WSManHTTPConfig.exe
    2014-12-10 09:58 . 2014-10-03 01:45 248832 ----a-w- c:\windows\SysWow64\WSManMigrationPlugin.dll
    2014-12-10 09:58 . 2014-10-03 01:45 214016 ----a-w- c:\windows\SysWow64\WsmWmiPl.dll
    2014-12-10 09:58 . 2014-10-03 01:45 145920 ----a-w- c:\windows\SysWow64\WsmAuto.dll
    2014-12-10 09:58 . 2014-10-03 01:45 1177088 ----a-w- c:\windows\SysWow64\WsmSvc.dll
    2014-12-10 09:58 . 2014-10-03 01:44 198656 ----a-w- c:\windows\SysWow64\WSManHTTPConfig.exe
    2014-12-03 06:31 . 2014-12-03 06:31 227048 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
    2014-11-22 11:02 . 2012-05-01 08:22 9888872 ----a-w- c:\windows\SysWow64\RtsPStorIcon.dll
    2014-11-22 11:02 . 2012-05-01 08:22 340072 ----a-w- c:\windows\system32\drivers\RtsPStor.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-12-20 17:02 . 2014-06-15 09:14 135384 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-12-20 16:52 . 2014-06-15 09:14 96472 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-12-10 17:36 . 2012-08-10 22:00 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-12-10 17:36 . 2012-08-10 22:00 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2014-12-10 11:02 . 2012-08-17 19:13 112710672 ----a-w- c:\windows\system32\MRT.exe
    2014-11-21 14:14 . 2014-06-15 09:14 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
    2014-11-21 14:14 . 2014-06-15 09:14 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
    2014-11-18 22:56 . 2014-11-18 22:56 1202848 ----a-w- c:\windows\SysWow64\FM20.DLL
    2014-11-17 10:13 . 2012-09-29 19:44 3642528 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
    2014-11-11 03:08 . 2014-11-18 21:46 241152 ----a-w- c:\windows\system32\pku2u.dll
    2014-11-11 03:08 . 2014-11-18 21:46 728064 ----a-w- c:\windows\system32\kerberos.dll
    2014-11-11 02:44 . 2014-11-18 21:46 186880 ----a-w- c:\windows\SysWow64\pku2u.dll
    2014-11-11 02:44 . 2014-11-18 21:46 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
    2014-10-25 01:57 . 2014-11-16 04:17 77824 ----a-w- c:\windows\system32\packager.dll
    2014-10-25 01:32 . 2014-11-16 04:17 67584 ----a-w- c:\windows\SysWow64\packager.dll
    2014-10-18 02:05 . 2014-11-16 04:17 861696 ----a-w- c:\windows\system32\oleaut32.dll
    2014-10-18 01:33 . 2014-11-16 04:17 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
    2014-10-14 19:03 . 2014-10-14 19:03 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2014-10-14 02:16 . 2014-11-16 04:22 155064 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2014-10-14 02:13 . 2014-11-16 04:22 683520 ----a-w- c:\windows\system32\termsrv.dll
    2014-10-14 02:13 . 2014-11-16 04:17 3241984 ----a-w- c:\windows\system32\msi.dll
    2014-10-14 02:12 . 2014-11-16 04:22 1460736 ----a-w- c:\windows\system32\lsasrv.dll
    2014-10-14 02:09 . 2014-11-16 04:22 146432 ----a-w- c:\windows\system32\msaudite.dll
    2014-10-14 02:07 . 2014-11-16 04:22 681984 ----a-w- c:\windows\system32\adtschema.dll
    2014-10-14 01:50 . 2014-11-16 04:22 22016 ----a-w- c:\windows\SysWow64\secur32.dll
    2014-10-14 01:50 . 2014-11-16 04:17 2363904 ----a-w- c:\windows\SysWow64\msi.dll
    2014-10-14 01:49 . 2014-11-16 04:22 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
    2014-10-14 01:47 . 2014-11-16 04:22 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
    2014-10-14 01:46 . 2014-11-16 04:22 681984 ----a-w- c:\windows\SysWow64\adtschema.dll
    2014-10-10 00:57 . 2014-11-16 04:17 3198976 ----a-w- c:\windows\system32\win32k.sys
    2014-10-03 02:12 . 2014-11-16 04:17 500224 ----a-w- c:\windows\system32\AUDIOKSE.dll
    2014-10-03 02:11 . 2014-11-16 04:17 284672 ----a-w- c:\windows\system32\EncDump.dll
    2014-10-03 02:11 . 2014-11-16 04:17 680960 ----a-w- c:\windows\system32\audiosrv.dll
    2014-10-03 02:11 . 2014-11-16 04:17 440832 ----a-w- c:\windows\system32\AudioEng.dll
    2014-10-03 02:11 . 2014-11-16 04:17 296448 ----a-w- c:\windows\system32\AudioSes.dll
    2014-10-03 01:44 . 2014-11-16 04:17 442880 ----a-w- c:\windows\SysWow64\AUDIOKSE.dll
    2014-10-03 01:44 . 2014-11-16 04:17 374784 ----a-w- c:\windows\SysWow64\AudioEng.dll
    2014-10-03 01:44 . 2014-11-16 04:17 195584 ----a-w- c:\windows\SysWow64\AudioSes.dll
    2014-09-25 02:08 . 2014-09-30 18:13 371712 ----a-w- c:\windows\system32\qdvd.dll
    2014-09-25 01:40 . 2014-09-30 18:13 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QuickLaunch"="c:\program files (x86)\Schwab\StreetSmart Edge\QuickLaunch.exe" [2014-08-08 12288]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-05-14 56088]
    "USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-03-09 291608]
    "ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2011-09-20 60552]
    "PMBVolumeWatcher"="c:\program files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe" [2012-02-21 693608]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-11-20 1021128]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-10-07 507776]
    "TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2013-04-11 6382328]
    "AcronisTibMounterMonitor"="c:\program files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe" [2013-01-10 1103424]
    "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-11-24 702768]
    .
    c:\users\Rwolf02\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Monitor Ink Alerts - HP Officejet 6700.lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Officejet 6700\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN2AJ7QGQB05RQ;CONNECTION=USB;MONITOR=1; [2009-7-13 45568]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "EnableSecureUIAPath"= 1 (0x1)
    "EnableLinkedConnections"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service\Oasis2Service.exe;c:\program files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R3 ADATA ToolBox Service;ADATA ToolBox Service;c:\program files (x86)\ADATA\SSD ToolBox\ToolBoxSvc.exe;c:\program files (x86)\ADATA\SSD ToolBox\ToolBoxSvc.exe [x]
    R3 AMPPALP;Intel(r) Centrino(r) Wireless Bluetooth(r) + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
    R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1y60x64.sys [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
    R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys;c:\windows\SYSNATIVE\DRIVERS\ivusb.sys [x]
    R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
    R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
    R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x]
    R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x]
    R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
    R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
    R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
    R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [x]
    R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [x]
    R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
    R4 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
    R4 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
    R4 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
    R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
    R4 NIApplicationWebServer64;NI Application Web Server (64-bit);c:\program files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe;c:\program files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [x]
    R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0103.sys [x]
    R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
    S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys;c:\windows\SYSNATIVE\DRIVERS\fltsrv.sys [x]
    S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
    S0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys;c:\windows\SYSNATIVE\drivers\mv61xx.sys [x]
    S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
    S0 tib;Acronis TIB Manager;c:\windows\system32\DRIVERS\tib.sys;c:\windows\SYSNATIVE\DRIVERS\tib.sys [x]
    S0 tib_mounter;Acronis TIB Mounter;c:\windows\system32\DRIVERS\tib_mounter.sys;c:\windows\SYSNATIVE\DRIVERS\tib_mounter.sys [x]
    S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys;c:\windows\SYSNATIVE\DRIVERS\vididr.sys [x]
    S0 vidsflt;Acronis Disk Storage Filter;c:\windows\system32\DRIVERS\vidsflt.sys;c:\windows\SYSNATIVE\DRIVERS\vidsflt.sys [x]
    S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
    S2 ActiveDelayDeviceService;ActiveDelayDeviceService;c:\program files (x86)\Sony\VAIO Boot Manager\ActiveDelayDeviceService.exe;c:\program files (x86)\Sony\VAIO Boot Manager\ActiveDelayDeviceService.exe [x]
    S2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [x]
    S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [x]
    S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
    S2 AntiVirMailService;Avira Mail Protection;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe [x]
    S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
    S2 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
    S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
    S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
    S2 ESRV_SVC;Energy Server Service;c:\program files\Sony\VAIO Care\esrv\esrv_svc.exe --AUTO_START --start --address 127.0.0.1;c:\program files\Sony\VAIO Care\esrv\esrv_svc.exe --AUTO_START --start --address 127.0.0.1 [x]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
    S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
    S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
    S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
    S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x]
    S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
    S2 NIApplicationWebServer;NI Application Web Server;c:\program files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe;c:\program files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [x]
    S2 nimDNSResponder;NI mDNS Responder Service;c:\program files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe;c:\program files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [x]
    S2 NINetworkDiscovery;NI Network Discovery;c:\program files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe;c:\program files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe [x]
    S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [x]
    S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe;c:\program files\Sony\VAIO Care\VCPerfService.exe [x]
    S2 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [x]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
    S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe;c:\program files\Sony\VAIO Power Management\SPMService.exe [x]
    S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe;c:\program files\Sony\VAIO Smart Network\VSNService.exe [x]
    S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
    S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys;c:\windows\SYSNATIVE\DRIVERS\afcdp.sys [x]
    S3 AMPPAL;Intel(r) Centrino(r) Wireless Bluetooth(r) + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
    S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
    S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
    S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
    S3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
    S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
    S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
    S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
    S3 semav6thermal64ro;semav6thermal64ro;c:\windows\system32\drivers\semav6thermal64ro.sys;c:\windows\SYSNATIVE\drivers\semav6thermal64ro.sys [x]
    S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys;c:\windows\SYSNATIVE\DRIVERS\SFEP.sys [x]
    S3 SIUSBXP;SIUSBXP;c:\windows\system32\drivers\SiUSBXp.sys;c:\windows\SYSNATIVE\drivers\SiUSBXp.sys [x]
    S3 USER_ESRV_SVC;User Energy Server Service;c:\program files\Sony\VAIO Care\esrv\esrv_svc.exe;c:\program files\Sony\VAIO Care\esrv\esrv_svc.exe [x]
    S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe;c:\program files\Sony\VAIO Care\VCService.exe [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2014-12-12 12:15 1087816 ----a-w- c:\program files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-12-21 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-10 17:36]
    .
    2014-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-21 06:44]
    .
    2014-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-21 06:44]
    .
    2014-12-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-747785638-1536544367-690633523-1001Core.job
    - c:\users\Rwolf02\AppData\Local\Google\Update\GoogleUpdate.exe [2014-04-30 22:04]
    .
    2014-12-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-747785638-1536544367-690633523-1001UA.job
    - c:\users\Rwolf02\AppData\Local\Google\Update\GoogleUpdate.exe [2014-04-30 22:04]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncError]
    @="{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}"
    [HKEY_CLASSES_ROOT\CLSID\{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}]
    2013-04-11 00:42 2888048 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncInProgress]
    @="{00F848DC-B1D4-4892-9C25-CAADC86A215D}"
    [HKEY_CLASSES_ROOT\CLSID\{00F848DC-B1D4-4892-9C25-CAADC86A215D}]
    2013-04-11 00:42 2888048 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncOk]
    @="{71573297-552E-46fc-BE3D-3DFAF88D47B7}"
    [HKEY_CLASSES_ROOT\CLSID\{71573297-552E-46fc-BE3D-3DFAF88D47B7}]
    2013-04-11 00:42 2888048 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-02-20 1158248]
    "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-02-20 1158248]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-04-03 170264]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-04-03 398616]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2012-04-03 439064]
    "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
    "Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2013-02-15 516928]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=c:\windows\System32\nvinitx.dll
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = https://www.google.com/?gws_rd=ssl
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255}: NameServer = 8.8.8.8,8.8.4.4
    TCP: Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255}\2577F6C66603132E08993702960586F6E656: NameServer = 8.8.8.8,8.8.4.4
    TCP: Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255}\3305145485: NameServer = 8.8.8.8,8.8.4.4
    TCP: Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255}\44F6279637E45647: NameServer = 8.8.8.8,8.8.4.4
    TCP: Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255}\46C696E6B6: NameServer = 8.8.8.8,8.8.4.4
    TCP: Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255}\742716973734162696E6: NameServer = 8.8.8.8,8.8.4.4
    TCP: Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255}\B4C6165737723734162696E6: NameServer = 8.8.8.8,8.8.4.4
    TCP: Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255}\D494C4E45425D2C414D2355434552554: NameServer = 8.8.8.8,8.8.4.4
    .
    - - - - ORPHANS REMOVED - - - -
    .
    BHO-{41564952-412D-5637-4300-7A786E7484D7} - (no file)
    AddRemove-{0131D7EF-65FF-478F-8ABD-5ABEE24EC8EF} - c:\programdata\{AA28280A-C4CA-4B4F-9DF1-593032D2F3EC}\VAIO Messenger Setup 2.0.550.0.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
    "ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\%C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_246_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_246_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.15"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2014-12-20 19:06:16
    ComboFix-quarantined-files.txt 2014-12-21 03:06
    ComboFix2.txt 2014-12-21 02:09
    .
    Pre-Run: 100,331,601,920 bytes free
    Post-Run: 100,246,687,744 bytes free
    .
    - - End Of File - - DF220939D740D1D43D03F923C45D3E34
     
  12. Rwolf01

    Rwolf01 TS Enthusiast Topic Starter Posts: 127

    Thanks again for your help. As I noted in the other thread, we'll be traveling for the holidays starting tomorrow. Both laptops will go with us and I will stay on top of this process.

    However, I will lose access to the second LT from 12/30 to 1/7. This one will follow me everywhere. So I guess that makes the other machine the higher priority.

    Note: Both machines are more or less functional at the moment, so if you need to push out either or both of these threads until after the New Year (to spend time with family, or help some poor soul who has much larger flames coming out of their PC) I'm happy to accommodate that. (but if you have the time, the holiday break will actually be a good opportunity for me to get through this, and I'm happy to do that)

    Best Regards,

    Rwolf
     
  13. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
     
  14. Rwolf01

    Rwolf01 TS Enthusiast Topic Starter Posts: 127

    ===================== AdwCleaner Log File ==================

    # AdwCleaner v4.105 - Report created 20/12/2014 at 22:08:44
    # Updated 08/12/2014 by Xplode
    # Database : 2014-12-08.2 [Local]
    # Operating System : Windows 7 Professional Service Pack 1 (64 bits)
    # Username : Rwolf01 - RWOLF02
    # Running from : D:\MyDocs\Nuggets\TechSpot\12-16-14DiagnosticSession\adwcleaner_4.105.exe
    # Option : Clean
    ***** [ Services ] *****

    ***** [ Files / Folders ] *****
    Folder Deleted : C:\ProgramData\apn
    Folder Deleted : C:\ProgramData\iolo
    Folder Deleted : C:\Users\Rwolf02\AppData\Roaming\iolo
    ***** [ Scheduled Tasks ] *****

    ***** [ Shortcuts ] *****

    ***** [ Registry ] *****
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{92F7027F-BEDE-4E87-B18A-A12E3C4A2A96}
    ***** [ Browsers ] *****
    -\\ Internet Explorer v11.0.9600.17496

    -\\ Google Chrome v39.0.2171.95
    [C:\Users\Rwolf02\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
    [C:\Users\Rwolf02\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    *************************
    AdwCleaner[R0].txt - [1312 octets] - [20/12/2014 21:59:59]
    AdwCleaner[S0].txt - [1245 octets] - [20/12/2014 22:08:44]
    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1305 octets] ##########


    ======================== JRT.TXT ==========================


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.4.0 (11.29.2014:1)
    OS: Windows 7 Professional x64
    Ran by Rwolf01 on Sat 12/20/2014 at 22:13:55.67
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    ~~~ Services
    ~~~ Registry Values
    ~~~ Registry Keys
    ~~~ Files
    ~~~ Folders
    Successfully deleted: [Empty Folder] C:\Users\Rwolf02\appdata\local\{5F407442-60FF-4952-B773-0C255A01C502}
    Successfully deleted: [Empty Folder] C:\Users\Rwolf02\appdata\local\{92719C14-E488-4C46-AB7E-BC081599DCCE}
    Successfully deleted: [Empty Folder] C:\Users\Rwolf02\appdata\local\{93CC4CB7-2908-4BBE-BD77-D5B1350B1B4E}
    Successfully deleted: [Empty Folder] C:\Users\Rwolf02\appdata\local\{99EA9211-EB45-4103-8A7F-FD475CB7677D}
    ~~~ Event Viewer Logs were cleared
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sat 12/20/2014 at 22:16:18.20
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    ====================== FRST.TXT ========================

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-12-2014
    Ran by Rwolf01 (administrator) on RWOLF02 on 20-12-2014 22:20:07
    Running from C:\Users\Rwolf02\Desktop
    Loaded Profiles: UpdatusUser & Rwolf01 (Available profiles: UpdatusUser & Rwolf01)
    Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
    ==================== Processes (Whitelisted) =================
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
    (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Boot Manager\ActiveDelayDeviceService.exe
    (Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
    (SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
    (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
    (National Instruments Corporation) C:\Windows\SysWOW64\lkads.exe
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
    (National Instruments Corporation) C:\Program Files (x86)\National Instruments\MAX\nimxs.exe
    (National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
    (National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe
    (Digital Delivery Networks, Inc.) C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe
    (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
    (National Instruments, Inc.) C:\Windows\SysWOW64\lkcitdl.exe
    (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
    (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
    (National Instruments Corporation) C:\Windows\SysWOW64\lktsrv.exe
    (National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
    (National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
    (National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
    (National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
    (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESGfxMgr.exe
    (Intel Corporation) C:\Windows\System32\igfxext.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
    (Charles Schwab & Co., Inc.) C:\Program Files (x86)\Schwab\StreetSmart Edge\QuickLaunch.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    (Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
    (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
    (Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
    (Acronis) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
    (Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
    () C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe
    (Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
    (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
    (Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
    () C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
    (Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
    (Sony of America Corporation) C:\Program Files\Sony\VAIO Care\listener.exe
    (Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
    (Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
    (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
    (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
    (Microsoft Corporation) C:\Windows\System32\vds.exe
    (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAdmin.exe
    (Sony Corporation) C:\Program Files\Sony\VAIO Improvement\vim.exe
    (Sony Corporation) C:\Program Files\Sony\VAIO Improvement\vim.exe

    ==================== Registry (Whitelisted) ==================
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
    HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-02-20] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-02-20] (Realtek Semiconductor)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2884880 2012-03-18] (Synaptics Incorporated)
    HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [516928 2013-02-15] (Acronis)
    HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-05-02] (Intel Corporation)
    HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-09] (Intel Corporation)
    HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [60552 2011-09-20] (Sony Corporation)
    HKLM-x32\...\Run: [PMBVolumeWatcher] => c:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [693608 2012-02-21] (Sony Corporation)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
    HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [6382328 2013-04-10] (Acronis)
    HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1103424 2013-01-10] (Acronis)
    HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-11-24] (Avira Operations GmbH & Co. KG)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-747785638-1536544367-690633523-1001\...\Run: [QuickLaunch] => C:\Program Files (x86)\Schwab\StreetSmart Edge\QuickLaunch.exe [12288 2014-08-08] (Charles Schwab & Co., Inc.)
    AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation)
    AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [141336 2013-09-05] (NVIDIA Corporation)
    Startup: C:\Users\Rwolf02\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 6700.lnk
    ShortcutTarget: Monitor Ink Alerts - HP Officejet 6700.lnk -> C:\Program Files\HP\HP Officejet 6700\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
    ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis)
    ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis)
    ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis)
    ShellIconOverlayIdentifiers-x32: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\SysWOW64\AcSignIcon.dll (Autodesk)
    ==================== Internet (Whitelisted) ====================
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
    HKU\S-1-5-21-747785638-1536544367-690633523-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-747785638-1536544367-690633523-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-747785638-1536544367-690633523-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-747785638-1536544367-690633523-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-747785638-1536544367-690633523-1001 -> {AEBA69D8-4D86-4FF2-B8C0-47319A84C524} URL = https://www.google.com/search?q={searchTerms}
    BHO: No Name -> {41564952-412D-5637-4300-7A786E7484D7} -> No File
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
    DPF: HKLM-x32 {02CF1781-EA91-4FA5-A200-646E8241987C} http://esupport.sony.com/VaioInfo.CAB
    DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
    DPF: HKLM-x32 {B8E53531-F29E-4180-AE3E-DF485CC8BE32} http://palumbicam.stanford.edu/JpegInstV4.cab
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Winsock: Catalog5 10 C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [24320] (National Instruments Corporation)
    Winsock: Catalog5-x64 10 C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [26368] (National Instruments Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255}: [NameServer] 8.8.8.8,8.8.4.4
    FireFox:
    ========
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @playstation.com/PsndlCheck,version=1.00 -> C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
    FF Plugin-x32: @sony.com/ReaderDesktop -> C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)
    FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
    FF Plugin HKU\S-1-5-21-747785638-1536544367-690633523-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Rwolf02\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKU\S-1-5-21-747785638-1536544367-690633523-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Rwolf02\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.google.com/
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll ()
    CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll ()
    CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
    CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
    CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
    CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
    CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll No File
    CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll No File
    CHR Plugin: (Media Go Detector) - C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
    CHR Plugin: (PlayStation(R)Network Downloader Check Plug-in) - C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
    CHR Plugin: (Reader Application Detector) - C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)
    CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    CHR Plugin: (RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll No File
    CHR Plugin: (RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll No File
    CHR Plugin: (RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll No File
    CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll No File
    CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
    CHR Profile: C:\Users\Rwolf02\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\Rwolf02\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-18]
    CHR Extension: (Google Drive) - C:\Users\Rwolf02\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-18]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Rwolf02\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-07]
    CHR Extension: (YouTube) - C:\Users\Rwolf02\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-18]
    CHR Extension: (Google Cast) - C:\Users\Rwolf02\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-04-30]
    CHR Extension: (Google Search) - C:\Users\Rwolf02\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-18]
    CHR Extension: (Google Wallet) - C:\Users\Rwolf02\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-22]
    CHR Extension: (Gmail) - C:\Users\Rwolf02\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-18]
    ==================== Services (Whitelisted) =================
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
    R2 ActiveDelayDeviceService; C:\Program Files (x86)\Sony\VAIO Boot Manager\ActiveDelayDeviceService.exe [78472 2011-09-20] (Sony Corporation)
    S3 ADATA ToolBox Service; C:\Program Files (x86)\ADATA\SSD ToolBox\ToolBoxSvc.exe [2236416 2014-11-07] () [File not signed]
    R2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated)
    R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [807672 2014-11-24] (Avira Operations GmbH & Co. KG)
    R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
    R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
    R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [993584 2014-11-24] (Avira Operations GmbH & Co. KG)
    R2 EPSON_EB_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE [163840 2007-12-17] (SEIKO EPSON CORPORATION) [File not signed]
    R2 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE [126464 2007-01-11] (SEIKO EPSON CORPORATION) [File not signed]
    R2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe [427432 2013-02-22] ()
    R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [127320 2012-03-23] ()
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [162648 2012-03-23] (Intel Corporation)
    R2 LkCitadelServer; C:\Windows\SysWOW64\lkcitdl.exe [695136 2011-05-06] (National Instruments, Inc.)
    R2 lkClassAds; C:\Windows\SysWOW64\lkads.exe [50328 2012-06-05] (National Instruments Corporation)
    R2 lkTimeSync; C:\Windows\SysWOW64\lktsrv.exe [60568 2012-06-05] (National Instruments Corporation)
    R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation)
    R2 mxssvr; C:\Program Files (x86)\National Instruments\MAX\nimxs.exe [51360 2012-05-22] (National Instruments Corporation)
    S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-11-20] ()
    R2 NIApplicationWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [53960 2012-05-22] (National Instruments Corporation)
    S4 NIApplicationWebServer64; C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [76488 2012-05-22] (National Instruments Corporation)
    R2 NIDomainService; C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [370328 2012-06-05] (National Instruments Corporation)
    S3 NILM License Manager; C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe [1427688 2010-08-02] (Macrovision Corporation)
    R2 nimDNSResponder; C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [258776 2012-05-31] (National Instruments Corporation)
    R2 NINetworkDiscovery; C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe [169192 2012-06-05] (National Instruments Corporation)
    R2 niSvcLoc; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe [53952 2012-05-22] (National Instruments Corporation)
    R2 NITaggerService; C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe [680624 2012-06-07] (National Instruments Corporation)
    R2 Oasis2Service; C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [61440 2013-07-02] (Digital Delivery Networks, Inc.) [File not signed]
    R2 PMBDeviceInfoProvider; c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [473960 2012-02-21] (Sony Corporation)
    R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [258048 2013-03-04] (Sony Corporation) [File not signed]
    S3 Sony SCSI Helper Service; C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe [73728 2011-09-23] (Sony Corporation) [File not signed]
    S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation)
    R3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe [427432 2013-02-22] ()
    S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [960160 2011-12-29] (Sony Corporation)
    R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3674864 2013-11-20] (Intel® Corporation)
    S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]
    ==================== Drivers (Whitelisted) ====================
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
    R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-11-24] (Avira Operations GmbH & Co. KG)
    R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-11-24] (Avira Operations GmbH & Co. KG)
    R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG)
    R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [43064 2014-11-24] (Avira Operations GmbH & Co. KG)
    R0 mv61xx; C:\Windows\System32\drivers\mv61xx.sys [182576 2011-05-17] (Marvell Semiconductor, Inc.)
    R3 semav6thermal64ro; C:\Windows\system32\drivers\semav6thermal64ro.sys [13792 2012-11-06] ()
    R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2014-12-12] (Acronis International GmbH)
    R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [183224 2014-12-12] (Acronis)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2014-12-20] ()
    R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2014-12-12] (Acronis International GmbH)
    S3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [285696 2007-06-17] (Jungo) [File not signed]
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    ==================== NetSvcs (Whitelisted) ===================
    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

    (( to be continued in next post))
     
  15. Rwolf01

    Rwolf01 TS Enthusiast Topic Starter Posts: 127

    ==================== One Month Created Files and Folders ========
    (If an entry is included in the fixlist, the file\folder will be moved.)
    2014-12-20 22:20 - 2014-12-20 22:20 - 00029832 _____ () C:\Users\Rwolf02\Desktop\FRST.txt
    2014-12-20 22:19 - 2014-12-20 22:20 - 00000000 ____D () C:\FRST
    2014-12-20 21:59 - 2014-12-20 22:08 - 00000000 ____D () C:\AdwCleaner
    2014-12-20 21:53 - 2014-12-20 21:53 - 02122240 _____ (Farbar) C:\Users\Rwolf02\Desktop\FRST64.exe
    2014-12-20 21:51 - 2014-12-20 21:51 - 02166272 _____ () C:\Users\Rwolf02\Downloads\adwcleaner_4.105.exe
    2014-12-20 19:06 - 2014-12-20 19:06 - 00034716 _____ () C:\ComboFix.txt
    2014-12-20 17:33 - 2014-12-20 19:07 - 00000000 ____D () C:\Qoobox
    2014-12-20 17:33 - 2011-06-25 22:45 - 00256000 _____ () C:\Windows\PEV.exe
    2014-12-20 17:33 - 2010-11-07 09:20 - 00208896 _____ () C:\Windows\MBR.exe
    2014-12-20 17:33 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2014-12-20 17:33 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2014-12-20 17:33 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2014-12-20 17:33 - 2000-08-30 16:00 - 00098816 _____ () C:\Windows\sed.exe
    2014-12-20 17:33 - 2000-08-30 16:00 - 00080412 _____ () C:\Windows\grep.exe
    2014-12-20 17:33 - 2000-08-30 16:00 - 00068096 _____ () C:\Windows\zip.exe
    2014-12-20 17:23 - 2014-12-20 17:23 - 01940728 _____ (Bleeping Computer, LLC) C:\Users\Rwolf02\Downloads\rkill.exe
    2014-12-20 17:23 - 2014-12-20 17:23 - 01940728 _____ (Bleeping Computer, LLC) C:\Users\Rwolf02\Downloads\iExplore.exe
    2014-12-20 17:17 - 2014-12-20 17:17 - 05601641 _____ (Swearware) C:\Users\Rwolf02\Downloads\Ralph_Wolf.exe
    2014-12-20 08:27 - 2014-12-20 08:27 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
    2014-12-20 08:21 - 2014-12-20 08:22 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Rwolf02\Downloads\mbar-1.08.2.1001.exe
    2014-12-20 08:20 - 2014-12-20 08:20 - 15201368 _____ () C:\Users\Rwolf02\Downloads\RogueKiller.exe
    2014-12-19 07:30 - 2014-12-19 07:30 - 00688992 _____ (Swearware) C:\Users\Rwolf02\Downloads\dds.com
    2014-12-18 03:11 - 2014-12-12 21:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-12-18 03:11 - 2014-12-12 19:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2014-12-16 08:45 - 2014-12-20 22:09 - 00000560 _____ () C:\Windows\setupact.log
    2014-12-16 08:45 - 2014-12-16 08:45 - 00000000 _____ () C:\Windows\setuperr.log
    2014-12-16 08:44 - 2014-12-20 22:09 - 00163418 _____ () C:\Windows\PFRO.log
    2014-12-16 04:42 - 2014-12-16 04:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ADATA
    2014-12-16 04:42 - 2014-12-16 04:42 - 00000000 ____D () C:\Program Files (x86)\ADATA
    2014-12-16 03:36 - 2014-12-16 03:37 - 00000000 ____D () C:\Program Files\CCleaner
    2014-12-16 03:36 - 2014-12-16 03:36 - 00002776 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
    2014-12-16 03:35 - 2014-12-16 03:35 - 05162376 _____ (Piriform Ltd) C:\Users\Rwolf02\Downloads\ccsetup500pro.exe
    2014-12-15 23:55 - 2014-12-15 23:55 - 00002074 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
    2014-12-15 23:55 - 2014-12-15 23:55 - 00000000 ____D () C:\Users\Rwolf02\AppData\Roaming\Avira
    2014-12-15 23:55 - 2014-12-15 23:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
    2014-12-15 23:55 - 2014-12-15 23:55 - 00000000 ____D () C:\Program Files (x86)\Avira
    2014-12-15 23:55 - 2014-11-24 10:23 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
    2014-12-15 23:55 - 2014-11-24 10:23 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
    2014-12-15 23:55 - 2014-11-24 10:23 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
    2014-12-15 23:55 - 2014-11-24 10:23 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
    2014-12-12 17:10 - 2014-12-12 17:10 - 00000000 ____D () C:\Users\Rwolf02\AppData\Roaming\Acronis
    2014-12-12 17:09 - 2014-12-16 06:44 - 00000000 ____D () C:\ProgramData\Acronis
    2014-12-12 17:09 - 2014-12-12 17:09 - 01462560 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\tdrpman.sys
    2014-12-12 17:09 - 2014-12-12 17:09 - 01120032 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\tib.sys
    2014-12-12 17:09 - 2014-12-12 17:09 - 00367200 _____ (Acronis) C:\Windows\system32\Drivers\afcdp.sys
    2014-12-12 17:09 - 2014-12-12 17:09 - 00233760 _____ (Acronis) C:\Windows\system32\Drivers\snapman.sys
    2014-12-12 17:09 - 2014-12-12 17:09 - 00183224 _____ (Acronis) C:\Windows\system32\Drivers\tib_mounter.sys
    2014-12-12 17:09 - 2014-12-12 17:09 - 00161568 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\vididr.sys
    2014-12-12 17:09 - 2014-12-12 17:09 - 00117024 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\vidsflt.sys
    2014-12-12 17:09 - 2014-12-12 17:09 - 00108832 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\fltsrv.sys
    2014-12-12 17:09 - 2014-12-12 17:09 - 00001211 _____ () C:\Users\Public\Desktop\True Image 2013.lnk
    2014-12-12 17:09 - 2014-12-12 17:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis
    2014-12-12 17:09 - 2014-12-12 17:09 - 00000000 ____D () C:\Program Files (x86)\Acronis
    2014-12-10 03:21 - 2014-12-10 03:21 - 00000000 ____D () C:\Windows\system32\appraiser
    2014-12-10 03:01 - 2014-10-17 18:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
    2014-12-10 03:01 - 2014-10-17 17:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
    2014-12-10 02:00 - 2014-12-03 18:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2014-12-10 02:00 - 2014-12-03 18:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2014-12-10 02:00 - 2014-12-03 18:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2014-12-10 02:00 - 2014-12-03 18:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2014-12-10 02:00 - 2014-12-03 18:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-12-10 02:00 - 2014-12-03 18:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
    2014-12-10 02:00 - 2014-12-03 18:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2014-12-10 02:00 - 2014-12-01 15:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
    2014-12-10 02:00 - 2014-11-07 19:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2014-12-10 02:00 - 2014-11-07 18:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2014-12-10 01:59 - 2014-11-26 17:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2014-12-10 01:59 - 2014-11-26 17:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2014-12-10 01:59 - 2014-11-21 19:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-12-10 01:59 - 2014-11-21 19:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-12-10 01:59 - 2014-11-21 19:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2014-12-10 01:59 - 2014-11-21 18:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2014-12-10 01:59 - 2014-11-21 18:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-12-10 01:59 - 2014-11-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-12-10 01:59 - 2014-11-21 18:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2014-12-10 01:59 - 2014-11-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2014-12-10 01:59 - 2014-11-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-12-10 01:59 - 2014-11-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-12-10 01:59 - 2014-11-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-12-10 01:59 - 2014-11-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2014-12-10 01:59 - 2014-11-21 18:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-12-10 01:59 - 2014-11-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2014-12-10 01:59 - 2014-11-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2014-12-10 01:59 - 2014-11-21 18:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-12-10 01:59 - 2014-11-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2014-12-10 01:59 - 2014-11-21 18:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-12-10 01:59 - 2014-11-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2014-12-10 01:59 - 2014-11-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2014-12-10 01:59 - 2014-11-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-12-10 01:59 - 2014-11-21 18:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2014-12-10 01:59 - 2014-11-21 18:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2014-12-10 01:59 - 2014-11-21 18:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2014-12-10 01:59 - 2014-11-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2014-12-10 01:59 - 2014-11-21 18:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2014-12-10 01:59 - 2014-11-21 18:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2014-12-10 01:59 - 2014-11-21 17:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2014-12-10 01:59 - 2014-11-21 17:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2014-12-10 01:59 - 2014-11-21 17:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2014-12-10 01:59 - 2014-11-21 17:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2014-12-10 01:59 - 2014-11-21 17:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-12-10 01:59 - 2014-11-21 17:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2014-12-10 01:59 - 2014-11-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2014-12-10 01:59 - 2014-11-21 17:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-12-10 01:59 - 2014-11-21 17:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2014-12-10 01:59 - 2014-11-21 17:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-12-10 01:59 - 2014-11-21 17:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2014-12-10 01:59 - 2014-11-21 17:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2014-12-10 01:59 - 2014-11-21 17:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2014-12-10 01:59 - 2014-11-21 17:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2014-12-10 01:59 - 2014-11-21 17:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2014-12-10 01:59 - 2014-11-21 17:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-12-10 01:59 - 2014-11-21 17:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2014-12-10 01:59 - 2014-11-21 17:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2014-12-10 01:59 - 2014-11-21 17:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2014-12-10 01:59 - 2014-11-21 17:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-12-10 01:59 - 2014-11-21 17:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2014-12-10 01:59 - 2014-11-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2014-12-10 01:59 - 2014-11-21 17:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2014-12-10 01:59 - 2014-11-21 16:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2014-12-10 01:59 - 2014-11-21 16:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2014-12-10 01:59 - 2014-11-10 19:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
    2014-12-10 01:59 - 2014-11-10 18:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
    2014-12-10 01:59 - 2014-11-10 17:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
    2014-12-10 01:58 - 2014-10-29 18:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
    2014-12-10 01:58 - 2014-10-29 17:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
    2014-12-10 01:58 - 2014-10-02 18:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
    2014-12-10 01:58 - 2014-10-02 18:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
    2014-12-10 01:58 - 2014-10-02 18:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
    2014-12-10 01:58 - 2014-10-02 18:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
    2014-12-10 01:58 - 2014-10-02 18:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
    2014-12-10 01:58 - 2014-10-02 17:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
    2014-12-10 01:58 - 2014-10-02 17:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
    2014-12-10 01:58 - 2014-10-02 17:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
    2014-12-10 01:58 - 2014-10-02 17:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
    2014-12-10 01:58 - 2014-10-02 17:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
    2014-12-09 15:47 - 2014-12-09 15:47 - 00003336 _____ () C:\Users\Rwolf02\Desktop\Kyle.eml
    2014-11-22 03:02 - 2012-05-01 00:22 - 09888872 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RtsPStorIcon.dll
    2014-11-22 03:02 - 2012-05-01 00:22 - 00340072 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RtsPStor.sys
    2014-11-21 14:36 - 2014-11-21 14:36 - 00000000 ____D () C:\Users\Rwolf02\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromecast
    2014-11-20 20:53 - 2014-11-20 21:16 - 00019968 ___SH () C:\Users\Public\Thumbs.db
    ==================== One Month Modified Files and Folders =======
    (If an entry is included in the fixlist, the file\folder will be moved.)
    2014-12-20 22:17 - 2009-07-13 20:45 - 00036944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-12-20 22:17 - 2009-07-13 20:45 - 00036944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-12-20 22:15 - 2013-06-24 10:32 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{0FEEFD52-E0F9-4D3D-B98B-6C0330E5EB59}
    2014-12-20 22:15 - 2012-08-20 22:44 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-12-20 22:15 - 2009-07-13 21:13 - 00880194 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-12-20 22:13 - 2012-08-10 12:39 - 01469063 _____ () C:\Windows\WindowsUpdate.log
    2014-12-20 22:10 - 2012-08-20 22:44 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-12-20 22:09 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-12-20 21:53 - 2012-08-16 15:08 - 00000000 ____D () C:\Users\Rwolf02\AppData\Roaming\PrimoPDF
    2014-12-20 20:36 - 2012-08-10 14:00 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-12-20 20:35 - 2014-04-30 14:05 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-747785638-1536544367-690633523-1001UA.job
    2014-12-20 18:45 - 2009-07-13 18:34 - 00000215 _____ () C:\Windows\system.ini
    2014-12-20 09:10 - 2014-06-16 11:57 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2014-12-20 09:02 - 2014-06-15 01:14 - 00135384 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-12-20 08:52 - 2014-06-15 01:14 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-12-20 07:19 - 2012-08-10 16:41 - 00000000 ____D () C:\MyDocs
    2014-12-20 02:00 - 2014-08-28 13:12 - 00000000 ____D () C:\Users\Rwolf02\AppData\Local\Adobe
    2014-12-19 21:35 - 2014-04-30 14:05 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-747785638-1536544367-690633523-1001Core.job
    2014-12-18 22:52 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\NDF
    2014-12-17 17:32 - 2014-06-16 19:50 - 00000000 ____D () C:\Users\Rwolf02\AppData\Local\CrashDumps
    2014-12-16 03:37 - 2011-02-10 14:48 - 00000000 ____D () C:\Windows\Panther
    2014-12-16 02:35 - 2014-06-15 01:14 - 00001110 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-12-16 02:35 - 2014-06-15 01:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-12-16 02:35 - 2014-06-15 01:14 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-12-15 23:55 - 2012-08-28 10:04 - 00000000 ____D () C:\ProgramData\Avira
    2014-12-15 20:45 - 2012-09-24 18:48 - 00000815 _____ () C:\Users\Rwolf02\Desktop\To Do.lnk
    2014-12-10 09:36 - 2012-08-10 14:00 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2014-12-10 09:36 - 2012-08-10 14:00 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-12-10 09:36 - 2012-08-10 14:00 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2014-12-10 04:01 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
    2014-12-10 03:21 - 2014-05-07 02:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2014-12-10 03:21 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
    2014-12-10 03:21 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\AppCompat
    2014-12-10 03:06 - 2012-08-10 16:30 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2014-12-10 03:05 - 2013-07-19 02:06 - 00000000 ____D () C:\Windows\system32\MRT
    2014-12-10 03:02 - 2012-08-17 11:13 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2014-12-09 21:32 - 2014-06-17 16:00 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
    2014-12-09 14:32 - 2012-09-07 10:06 - 00000000 ____D () C:\Program Files\Recuva
    2014-12-06 05:10 - 2014-10-14 10:47 - 00000000 ____D () C:\Users\Public\Documents\Techstream
    2014-12-04 02:33 - 2014-02-24 13:52 - 00007638 _____ () C:\Users\Rwolf02\AppData\Local\Resmon.ResmonCfg
    2014-11-22 03:02 - 2012-08-10 12:59 - 00000000 ____D () C:\Windows\SysWOW64\sda
    2014-11-22 03:02 - 2012-08-10 12:49 - 00000000 ____D () C:\Program Files (x86)\Realtek
    2014-11-22 03:01 - 2012-08-10 15:26 - 00000023 _____ () C:\Windows\Model.txt
    2014-11-21 23:54 - 2012-08-10 13:33 - 00000000 ____D () C:\ProgramData\Sony Corporation
    2014-11-21 14:36 - 2014-04-30 14:05 - 00001219 _____ () C:\Users\Rwolf02\Desktop\Chromecast.lnk
    2014-11-21 14:36 - 2012-08-20 22:44 - 00000000 ____D () C:\Users\Rwolf02\AppData\Local\Google
    2014-11-21 06:14 - 2014-06-15 01:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2014-11-21 06:14 - 2014-06-15 01:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    Some content of TEMP:
    ====================
    C:\Users\Rwolf02\AppData\Local\Temp\avgnt.exe
    C:\Users\Rwolf02\AppData\Local\Temp\Quarantine.exe
    C:\Users\Rwolf02\AppData\Local\Temp\sqlite3.dll

    ==================== Bamital & volsnap Check =================
    (There is no automatic fix for files that do not pass verification.)
    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2014-12-16 10:55
    ==================== End Of Log ============================
     
  16. Rwolf01

    Rwolf01 TS Enthusiast Topic Starter Posts: 127

    ======================= ADDITION.TXT ====================


    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-12-2014
    Ran by Rwolf01 at 2014-12-20 22:20:30
    Running from C:\Users\Rwolf02\Desktop
    Boot Mode: Normal
    ==========================================================

    ==================== Security Center ========================
    (If an entry is included in the fixlist, it will be removed.)
    AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
    AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    ==================== Installed Programs ======================
    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
    ACID Music Studio 8.0 (x32 Version: 8.0.178 - Sony) Hidden
    ADATA SSD ToolBox version 2.1.0 (HKLM-x32\...\{C0991D3E-8786-48E7-A5DB-57FBACB0A03A}_is1) (Version: 2.1.0 - ADATA, Inc.)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.870 - Adobe Systems Incorporated)
    Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
    Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
    Adobe Photoshop Elements 10 (HKLM-x32\...\Adobe Photoshop Elements 10) (Version: 10.0 - Adobe Systems Incorporated)
    Adobe Photoshop Lightroom 4.4 64-bit (HKLM\...\{11A955CD-4398-405A-886D-E464C3618FBF}) (Version: 4.4.1 - Adobe)
    Adobe Photoshop.com Inspiration Browser (HKLM-x32\...\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1) (Version: 3.07 - Adobe Systems Incorporated)
    Adobe Premiere Elements 10 (HKLM\...\PremElem100) (Version: 10.0 - Adobe Systems Incorporated)
    Adobe Premiere Elements 10 (Version: 10.0 - Adobe Systems Incorporated) Hidden
    Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
    Antivirus Pro (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
    Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Application Manager for VAIO (HKLM-x32\...\Application Manager for VAIO) (Version: - )
    AutoCAD 2004 (HKLM-x32\...\{5783F2D7-0201-0409-0000-0060B0CE6BBA}) (Version: 16.0.0.086 - Autodesk)
    Autodesk Express Viewer (HKLM-x32\...\Autodesk Express Viewer) (Version: 3.1 - Autodesk, Inc.)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
    ChromecastApp (HKU\S-1-5-21-747785638-1536544367-690633523-1001\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1383.0 - Google Inc.)
    Crystal Reports for Visual Studio (x32 Version: 12.51.0.240 - SAP) Hidden
    CyberLink PowerDVD (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.5009.52 - CyberLink Corp.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Deco Planner 3 (HKLM-x32\...\ST6UNST #1) (Version: - )
    DeepSkyStacker (HKLM-x32\...\{18435829-4E75-4CD1-9796-A62DBBAE2ED7}) (Version: 3.2.0 - )
    Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.7000.4 - Dolby Laboratories Inc)
    Dotfuscator Software Services - Community Edition (HKLM-x32\...\{1AA5BD63-6614-44B2-88A7-605191EDB835}) (Version: 5.0.2500.0 - PreEmptive Solutions)
    DVD Architect Studio 5.0 (x32 Version: 5.0.157 - Sony) Hidden
    Elements 10 Organizer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
    EPSON WorkForce 1100 Series Printer Uninstall (HKLM\...\EPSON WorkForce 1100 Series) (Version: - SEIKO EPSON Corporation)
    Extended Asian Language font pack for Adobe Reader XI (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-A00000000049}) (Version: 11.0.09 - Adobe Systems Incorporated)
    FDUx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
    Garmin MapSource (HKLM-x32\...\{AFBAB9A0-DDE8-49AE-8C17-A01B61BEE64B}) (Version: 6.16.3 - Garmin Ltd or its subsidiaries)
    Garmin USB Drivers (HKLM-x32\...\{510D2239-6C2E-457B-9590-485EC552D94D}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
    Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    HP Officejet 6700 Basic Device Software (HKLM\...\{A1CFA587-90D4-4DE6-B200-68CC0F92252F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
    iCloud (HKLM\...\{704C0303-D20C-45AF-BD2B-556EAF31BE09}) (Version: 2.1.2.8 - Apple Inc.)
    ImageJ 1.46r (HKLM-x32\...\ImageJ_is1) (Version: - NIH)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.4.1441 - Intel Corporation)
    Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2712 - Intel Corporation)
    Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{F0932859-AA60-459E-B843-0BDECA34E2C7}) (Version: 2.0.0.0086 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.3.1001 - Intel Corporation)
    Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
    Intel(R) WiDi (HKLM\...\{4E4282C3-F66E-4852-837A-7675527178C2}) (Version: 3.1.26.0 - Intel Corporation)
    Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - )
    Intel® PROSet/Wireless Software (HKLM-x32\...\{440d014b-4444-4533-b96d-2910e1ca2bcf}) (Version: 16.7.0 - Intel Corporation)
    Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
    iTunes (HKLM\...\{76FF0F03-B707-4332-B5D1-A56C8303514E}) (Version: 11.0.4.4 - Apple Inc.)
    Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Keyboard_Shortcuts (x32 Version: 1.1.0.12190 - Sony Corporation) Hidden
    KUx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    MapSource - US Topo v3.02 (HKLM-x32\...\{AD4203ED-7683-435E-B436-C299773A9936}) (Version: - )
    Math Kernel Libraries (64-bit) (Version: 1.0.23.0 - National Instruments) Hidden
    Math Kernel Libraries (x32 Version: 1.0.23.0 - National Instruments) Hidden
    Media Go (x32 Version: 2.0.317 - Sony) Hidden
    Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (HKLM-x32\...\{40416836-56CC-4C0E-A6AF-5C34BADCE483}) (Version: 2.0.50217.0 - Microsoft Corporation)
    Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)
    Microsoft Camera Codec Pack (HKLM-x32\...\{CB8C2D73-42F5-45AF-85E6-9E9BFA139F7A}) (Version: 16.4.1899.0416 - Microsoft Corporation)
    Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft Silverlight 3 SDK (HKLM-x32\...\{2012098D-EEE9-4769-8DD3-B038050854D4}) (Version: 3.0.40818.0 - Microsoft Corporation)
    Microsoft Silverlight 4 SDK (HKLM-x32\...\{05855322-BE43-41FE-B583-D3AE0C326D58}) (Version: 4.0.50826.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft SQL Server 2008 (64-bit) (HKLM\...\Microsoft SQL Server 10 Release) (Version: - Microsoft Corporation)
    Microsoft SQL Server 2008 Browser (HKLM-x32\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.1.2531.0 - Microsoft Corporation)
    Microsoft SQL Server 2008 Native Client (HKLM\...\{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}) (Version: 10.1.2531.0 - Microsoft Corporation)
    Microsoft SQL Server 2008 R2 Data-Tier Application Framework (HKLM-x32\...\{BC537AE0-88AF-47ED-B762-33B0D62B5188}) (Version: 10.50.1750.9 - Microsoft Corporation)
    Microsoft SQL Server 2008 R2 Data-Tier Application Project (HKLM-x32\...\{7A56D81D-6406-40E7-9184-8AC1769C4D69}) (Version: 10.50.1750.9 - Microsoft Corporation)
    Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}) (Version: 10.50.1750.9 - Microsoft Corporation)
    Microsoft SQL Server 2008 R2 Management Objects (x64) (HKLM\...\{EAEBF166-B06A-4D7F-BAF7-6615303D5C7C}) (Version: 10.50.1750.9 - Microsoft Corporation)
    Microsoft SQL Server 2008 R2 Transact-SQL Language Service (HKLM-x32\...\{09C52940-A4D1-4409-A7CC-1AAE630CF578}) (Version: 10.50.1750.9 - Microsoft Corporation)
    Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
    Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
    Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
    Microsoft SQL Server Database Publishing Wizard 1.4 (HKLM-x32\...\{ACE28263-76A4-4BF5-B6F4-8BD719595969}) (Version: 10.1.2512.8 - Microsoft Corporation)
    Microsoft SQL Server System CLR Types (HKLM-x32\...\{877B76B2-F83F-4F5A-B28D-3F398641ADB6}) (Version: 10.50.1750.9 - Microsoft Corporation)
    Microsoft SQL Server System CLR Types (x64) (HKLM\...\{1E6ED082-E32D-4B2B-8B6A-70B094815135}) (Version: 10.50.1750.9 - Microsoft Corporation)
    Microsoft SQL Server VSS Writer (HKLM\...\{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.1.2531.0 - Microsoft Corporation)
    Microsoft Sync Framework Runtime v1.0 SP1 (x64) (HKLM\...\{8438EC02-B8A9-462D-AC72-1B521349C001}) (Version: 1.0.3010.0 - Microsoft Corporation)
    Microsoft Sync Framework SDK v1.0 SP1 (HKLM-x32\...\{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}) (Version: 1.0.3010.0 - Microsoft Corporation)
    Microsoft Sync Framework Services v1.0 SP1 (x64) (HKLM\...\{034106B5-54B7-467F-B477-5B7DBB492624}) (Version: 1.0.3010.0 - Microsoft Corporation)
    Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) (HKLM\...\{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}) (Version: 2.0.3010.0 - Microsoft Corporation)
    Microsoft Team Foundation Server 2010 Object Model - ENU (HKLM\...\Microsoft Team Foundation Server 2010 Object Model - ENU) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319 (HKLM\...\{F5079164-1DB9-3BDA-853B-F78AF67CE071}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
    Microsoft Visual F# 2.0 Runtime (HKLM-x32\...\{85467CBC-7A39-33C9-8940-D72D9269B84F}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Professional - ENU (HKLM-x32\...\Microsoft Visual Studio 2010 Professional - ENU) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Microsoft Visual Studio Macro Tools (HKLM-x32\...\Microsoft Visual Studio Macro Tools) (Version: 9.0.30729 - Microsoft Corporation)
    MPC-HC 1.6.8 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.6.8.7417 - MPC-HC Team)
    MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
    MultiDeco divelog manager 2.68 (HKLM-x32\...\V-Planner_divelog_is1) (Version: 2.68.1.91 - HHS Software Corp)
    National Instruments Software (HKLM-x32\...\NI Uninstaller) (Version: - National Instruments)
    NI .NET Framework 4.0 (x32 Version: 4.01.49152 - National Instruments) Hidden
    NI ActiveX Container (64-bit) (Version: 12.0.14.0 - National Instruments) Hidden
    NI ActiveX Container (x32 Version: 12.0.14.0 - National Instruments) Hidden
    NI Assistant Framework (x32 Version: 8.0.112.0 - National Instruments) Hidden
    NI Assistant Framework 64-bit (Version: 8.0.120.0 - National Instruments) Hidden
    NI Assistant Framework LabVIEW Code Generator 2012 (x32 Version: 8.0.70.0 - National Instruments) Hidden
    NI Authentication 12.0.0 (64-bit) (Version: 12.0.367.0 - National Instruments) Hidden
    NI Authentication 12.0.0 (x32 Version: 12.0.367.0 - National Instruments) Hidden
    NI CodeSignAPI (x32 Version: 2.70.346 - National Instruments) Hidden
    NI Curl 12.0.0 (64-bit) (Version: 12.0.412.0 - National Instruments) Hidden
    NI Curl 12.0.0 (x32 Version: 12.0.412.0 - National Instruments) Hidden
    NI Customer Experience Improvement Program (x32 Version: 1.0.138.0 - National Instruments) Hidden
    NI DataSocket 5.0 (64-bit) (Version: 5.0.115.0 - National Instruments) Hidden
    NI DataSocket 5.0 (x32 Version: 5.0.115.0 - National Instruments) Hidden
    NI Distributed System Manager 2012 (x32 Version: 12.0.55.0 - National Instruments) Hidden
    NI DN 2.0 SP1 installer (x32 Version: 2.11.49152 - National Instruments) Hidden
    NI Error Reporting 2012 (x32 Version: 12.0.172.0 - National Instruments) Hidden
    NI EulaDepot (x32 Version: 3.10.386 - National Instruments) Hidden
    NI Example Finder 12.0 (x32 Version: 12.0.291.0 - National Instruments) Hidden
    NI GMP Windows 32-bit Installer 12.0.0 (x32 Version: 12.0.46.0 - National Instruments) Hidden
    NI GMP Windows 64-bit Installer 12.0.0 (Version: 12.0.46.0 - National Instruments) Hidden
    NI Help Assistant (64bit) (Version: 1.0.11 - National Instruments) Hidden
    NI Help Assistant (x32 Version: 1.0.11 - National Instruments) Hidden
    NI Instrument IO Assistant for LabVIEW 2012 32-bit (x32 Version: 1.0.24.0 - National Instruments) Hidden
    NI LabVIEW 2011 Real-Time NBFifo (x32 Version: 11.0.250.0 - National Instruments) Hidden
    NI LabVIEW 2012 (32-bit) (x32 Version: 12.0.231.0 - National Instruments) Hidden
    NI LabVIEW 2012 (32-bit) (x32 Version: 12.0.322.0 - National Instruments) Hidden
    NI LabVIEW 2012 (32-bit) (x32 Version: 12.0.388.0 - National Instruments) Hidden
    NI LabVIEW 2012 (x32 Version: 12.0.378.0 - National Instruments) Hidden
    NI LabVIEW 2012 Deployable License (x32 Version: 12.0.364.0 - National Instruments) Hidden
    NI LabVIEW 2012 Deployment Framework (x32 Version: 12.0.369.0 - National Instruments) Hidden
    NI LabVIEW 2012 Help (x32 Version: 12.0.363.0 - National Instruments) Hidden
    NI LabVIEW 2012 Help File (x32 Version: 12.0.359.0 - National Instruments) Hidden
    NI LabVIEW 2012 License (x32 Version: 12.0.360.0 - National Instruments) Hidden
    NI LabVIEW 2012 Manuals (x32 Version: 12.0.358.0 - National Instruments) Hidden
    NI LabVIEW 2012 MeasAppChm File (x32 Version: 12.0.359.0 - National Instruments) Hidden
    NI LabVIEW 2012 Real-Time Error Dialog (x32 Version: 12.0.71.0 - National Instruments) Hidden
    NI LabVIEW 2012 Real-Time NBFifo (x32 Version: 12.0.219.0 - National Instruments) Hidden
    NI LabVIEW 2012 Run-Time Engine Web Server (x32 Version: 12.0.406.0 - National Instruments) Hidden
    NI LabVIEW 2012 Scripting Code Generator (x32 Version: 8.0.247.0 - National Instruments) Hidden
    NI LabVIEW 2012 Search (x32 Version: 12.0.4.0 - National Instruments) Hidden
    NI LabVIEW 2012 Simulation (x32 Version: 12.0.359.0 - National Instruments) Hidden
    NI LabVIEW 2012 Variable Web Service (x32 Version: 12.0.191.0 - National Instruments) Hidden
    NI LabVIEW 2012 Web Server (x32 Version: 12.0.407.0 - National Instruments) Hidden
    NI LabVIEW Broker (64 bit) (Version: 6.8.10.0 - National Instruments) Hidden
    NI LabVIEW Broker (x32 Version: 6.8.10.0 - National Instruments) Hidden
    NI LabVIEW C Interface (x32 Version: 1.0.1 - National Instruments) Hidden
    NI LabVIEW Compare Utility 12.0.0 (x32 Version: 12.0.186.0 - National Instruments) Hidden
    NI LabVIEW MAX XML (x32 Version: 9.0.6.0 - National Instruments) Hidden
    NI LabVIEW Merge Utility 12.0.0 (x32 Version: 12.0.187.0 - National Instruments) Hidden
    NI LabVIEW Run-Time Engine 2011 SP1 (x32 Version: 11.0.445.0 - National Instruments) Hidden
    NI LabVIEW Run-Time Engine 2012 (x32 Version: 12.0.377.0 - National Instruments) Hidden
    NI LabVIEW Run-Time Engine Interop 2011 (x32 Version: 11.0.446.0 - National Instruments) Hidden
    NI LabVIEW Run-Time Engine Interop 2012 (x32 Version: 12.0.146.0 - National Instruments) Hidden
    NI LabVIEW Web Server for Run-Time Engine (x32 Version: 11.0.375.0 - National Instruments) Hidden
    NI LabVIEW Web Services Runtime (x32 Version: 12.0.409.0 - National Instruments) Hidden
    NI LabWindows/CVI 2010 LabVIEW DLL Builder (x32 Version: 10.0.0360 - National Instruments) Hidden
    NI LabWindows/CVI 2010 SP1 Analysis Library (64-bit) (Version: 10.0.1434 - National Instruments) Hidden
    NI LabWindows/CVI 2010 SP1 Analysis Library (x32 Version: 10.0.1434 - National Instruments) Hidden
    NI LabWindows/CVI 2010 SP1 Code Generator (x32 Version: 10.0.1434 - National Instruments) Hidden
    NI LabWindows/CVI 2010 SP1 Low-Level Driver (Original) (x32 Version: 10.0.1434 - National Instruments) Hidden
    NI LabWindows/CVI 2010 SP1 Low-Level Driver (Updated) (x32 Version: 10.0.1434 - National Instruments) Hidden
    NI LabWindows/CVI 2010 SP1 Network Variable Library (64-bit) (Version: 10.0.1434 - National Instruments) Hidden
    NI LabWindows/CVI 2010 SP1 Network Variable Library (x32 Version: 10.0.1434 - National Instruments) Hidden
    NI LabWindows/CVI 2010 SP1 Run-Time Engine (64-bit) (Version: 10.0.1434 - National Instruments) Hidden
    NI LabWindows/CVI 2010 SP1 TDM Streaming Library (64-bit) (Version: 10.0.1434 - National Instruments) Hidden
    NI LabWindows/CVI 2010 SP1 TDM Streaming Library (x32 Version: 10.0.1434 - National Instruments) Hidden
    NI LabWindows/CVI Run-Time Engine 2010 SP1 (Updated) (x32 Version: 10.0.1434 - National Instruments) Hidden
    NI LabWindows/CVI Run-Time Engine 2010 SP1 (x32 Version: 10.0.1434 - National Instruments) Hidden
    NI License Manager (x32 Version: 3.7.44 - National Instruments) Hidden
    NI Logos 5.4 (64-bit) (Version: 5.4.303.0 - National Instruments) Hidden
    NI Logos 5.4 (x32 Version: 5.4.303.0 - National Instruments) Hidden
    NI Logos XT Support (x32 Version: 5.4.295.0 - National Instruments) Hidden
    NI Logos64 XT Support (Version: 5.4.295.0 - National Instruments) Hidden
    NI Math Kernel Libraries (64-bit) (Version: 1.0.10.0 - National Instruments) Hidden
    NI Math Kernel Libraries (x32 Version: 1.0.10.0 - National Instruments) Hidden
    NI MAX Remote Configuration 64-bit Installer 5.3 (Version: 5.30.49152 - National Instruments) Hidden
    NI MAX Remote Configuration Installer 5.3 (x32 Version: 5.30.49152 - National Instruments) Hidden
    NI MAX Support for 64 Bit Windows (Version: 5.30.49152 - National Instruments) Hidden
    NI MDF Support (x32 Version: 3.10.386 - National Instruments) Hidden
    NI mDNS Responder 2.1 for Windows 64-bit (Version: 2.10.49152 - National Instruments) Hidden
    NI mDNS Responder 2.1.0 (x32 Version: 2.10.49152 - National Instruments) Hidden
    NI Measurement & Automation Explorer 5.3.0 (x32 Version: 5.30.49152 - National Instruments) Hidden
    NI Measurement Studio Recipe Processor (x32 Version: 8.0.0101 - National Instruments) Hidden
    NI MetaSuite Installer (x32 Version: 3.10.386 - National Instruments) Hidden
    NI MXS 5.3.0 (x32 Version: 5.30.49152 - National Instruments) Hidden
    NI MXS 5.3.0 for 64 Bit Windows (Version: 5.30.49152 - National Instruments) Hidden
    NI Network Discovery 5.3 (x32 Version: 5.30.49152 - National Instruments) Hidden
    NI Network Discovery 5.3 for Windows 64-bit (Version: 5.30.49152 - National Instruments) Hidden
    NI NI LabVIEW 2011 SP1 Run-Time Engine Non-English Support (x32 Version: 11.0.302.0 - National Instruments) Hidden
    NI NI LabVIEW 2012 Run-Time Engine Non-English Support. (x32 Version: 12.0.363.0 - National Instruments) Hidden
    NI OPC Support (x32 Version: 12.0.295.0 - National Instruments) Hidden
    NI Portable Configuration 5.3.0 (x32 Version: 5.30.49152 - National Instruments) Hidden
    NI Portable Configuration for 64 Bit Windows 5.3.0 (Version: 5.30.49152 - National Instruments) Hidden
    NI Registration Wizard (x32 Version: 1.3.87.0 - National Instruments) Hidden
    NI Remote Provider for MAX 5.3.0 (x32 Version: 5.30.49152 - National Instruments) Hidden
    NI Remote PXI Provider for MAX 5.3.0 (x32 Version: 5.30.49152 - National Instruments) Hidden
    NI Search Shared (x32 Version: 12.0.5.0 - National Instruments) Hidden
    NI SLCP 1.0 (x32 Version: 1.0.63.0 - National Instruments) Hidden
    NI Software Provider for MAX 5.3.0 (x32 Version: 5.30.49152 - National Instruments) Hidden
    NI SSL LabVIEW 2012 Support (x32 Version: 12.0.406.0 - National Instruments) Hidden
    NI SSL LabVIEW RTE 2012 Support (x32 Version: 12.0.125.0 - National Instruments) Hidden
    NI SSL Support (64-bit) (Version: 12.0.408.0 - National Instruments) Hidden
    NI SSL Support (x32 Version: 12.0.408.0 - National Instruments) Hidden
    NI System API Client for WIF 5.3.0 (x32 Version: 5.30.461.0 - National Instruments) Hidden
    NI System API Web-Servce 32-bit 5.3.0 (x32 Version: 5.30.460.0 - National Instruments) Hidden
    NI System API Windows 32-bit 5.3.0 (x32 Version: 5.30.460.0 - National Instruments) Hidden
    NI System API Windows 64-bit 5.3.0 (Version: 5.30.460.0 - National Instruments) Hidden
    NI System Configuration 5.3.0 LabVIEW Support (x32 Version: 5.30.212.0 - National Instruments) Hidden
    NI System Configuration LV2012 Support 5.3.0 (x32 Version: 5.30.207.0 - National Instruments) Hidden
    NI System Configuration Runtime 5.3.0 (x32 Version: 5.30.427.0 - National Instruments) Hidden
    NI System Configuration Runtime 5.3.0 for Windows 64-bit (Version: 5.30.426.0 - National Instruments) Hidden
    NI System State Publisher (64-bit) (Version: 12.0.218.0 - National Instruments) Hidden
    NI System State Publisher (x32 Version: 12.0.358.0 - National Instruments) Hidden
    NI System Web Server 12.0 (x32 Version: 12.0.414.0 - National Instruments) Hidden
    NI System Web Server Base 12.0.0 (64-bit) (Version: 12.0.407.0 - National Instruments) Hidden
    NI System Web Server Base 12.0.0 (x32 Version: 12.0.407.0 - National Instruments) Hidden
    NI TDM Excel Add-In 3.4 (x32 Version: 3.4.19.0 - National Instruments) Hidden
    NI TDM Excel Add-In 3.4 64-bit (Version: 3.4.19.0 - National Instruments) Hidden
    NI TDM Streaming 2.4 (64-bit) (Version: 2.4.55.0 - National Instruments) Hidden
    NI TDM Streaming 2.4 (x32 Version: 2.4.55.0 - National Instruments) Hidden
    NI Trace Engine (64-bit) (Version: 12.0.401.0 - National Instruments) Hidden
    NI Trace Engine (x32 Version: 12.0.401.0 - National Instruments) Hidden
    NI Uninstaller (x32 Version: 3.10.386 - National Instruments) Hidden
    NI Update Service 2.1 (x32 Version: 2.10.114.0 - National Instruments) Hidden
    NI USI 2.0.0 (x32 Version: 2.0.04901 - National Instruments) Hidden
    NI USI 2.0.0 64-Bit (Version: 2.0.04901 - National Instruments) Hidden
    NI Variable Engine (64-bit) (Version: 2.6.296.0 - National Instruments) Hidden
    NI Variable Engine 2.6.0 (x32 Version: 2.6.296.0 - National Instruments) Hidden
    NI Variable Engine LabVIEW 2012 Support (x32 Version: 12.0.360.0 - National Instruments) Hidden
    NI VC2005MSMs x64 (Version: 8.05.0 - National Instruments) Hidden
    NI VC2005MSMs x86 (x32 Version: 8.05.0 - National Instruments) Hidden
    NI VC2008MSMs x64 (Version: 9.0.401 - National Instruments) Hidden
    NI VC2008MSMs x86 (x32 Version: 9.0.401 - National Instruments) Hidden
    NI VC2010MSMs x64 (Version: 10.0.001 - National Instruments) Hidden
    NI VC2010MSMs x86 (x32 Version: 10.0.001 - National Instruments) Hidden
    NI VIPM Helper 2012 (x32 Version: 12.0.211.0 - National Instruments) Hidden
    NI Web Application Server 12.0 (64-bit) (Version: 12.0.422.0 - National Instruments) Hidden
    NI Web Application Server 12.0 (x32 Version: 12.0.422.0 - National Instruments) Hidden
    NI Web Interface Framework 2012 (x32 Version: 12.0.352.0 - National Instruments) Hidden
    NI Web Pipeline 2.0.1 (x32 Version: 2.0.128.0 - National Instruments) Hidden
    NI Web Pipeline 2.0.1 64-bit support (Version: 2.0.122.0 - National Instruments) Hidden
    NI Xalan Delay Load 1.10.2 (x32 Version: 1.10.72.0 - National Instruments) Hidden
    NI Xalan Delay Load 1.10.2 64-bit (Version: 1.10.73.0 - National Instruments) Hidden
    NI Xerces Delay Load 2.7.3 (x32 Version: 2.7.180.0 - National Instruments) Hidden
    NI Xerces Delay Load 2.7.3 64-bit (Version: 2.7.190.0 - National Instruments) Hidden
    NI-DAQmx/LabVIEW shared documentation 9.5.5 (x32 Version: 9.55.49152 - National Instruments) Hidden
    NI-DAQmx/LabVIEW shared documentation for 64 Bit Windows 9.5.5 (Version: 9.55.49152 - National Instruments) Hidden
    NI-Mesa (Version: 11.0.11.0 - National Instruments) Hidden
    NI-Mesa (x32 Version: 11.0.11.0 - National Instruments) Hidden
    NI-RPC 4.3.0f0 (x32 Version: 4.30.49152 - National Instruments) Hidden
    NI-RPC 4.3.0f0 for 64 Bit Windows (Version: 4.30.49152 - National Instruments) Hidden
    NI-RPC 4.3.0f0 for Phar Lap ETS (x32 Version: 4.30.49152 - National Instruments) Hidden
    NVIDIA Graphics Driver 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.11.1111 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.11.1111 - NVIDIA Corporation)
    NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation)
    Oasis2Service (HKLM-x32\...\{E50FC5DB-7CBD-407D-A46E-0C13E45BC386}) (Version: 1.0.4 - DDNi)
    OLYMPUS Digital Camera Updater (HKLM-x32\...\{2A9E8F56-C31B-4DBB-BFE2-0F4EC8192355}) (Version: 1.0.3 - OLYMPUS IMAGING CORP.)
    OLYMPUS Raw Codec (HKLM\...\{0136EF84-8660-4FE0-A9E5-F052F6230085}) (Version: 1.3.0 - OLYMPUS IMAGING CORP.)
    Paint Shop Pro 7 Anniversary Edition (HKLM-x32\...\{D6DE02C7-1F47-11D4-9515-00105AE4B89A}) (Version: 7.0.4.0000 - Jasc Software Inc)
    PDF4Free 2.0 (HKLM-x32\...\PDF4Free_is1) (Version: - PDF Bean Inc.)
    PlayMemories Home (x32 Version: 6.1.01.14210 - Sony Corporation) Hidden
    PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
    PlayStation(R)Network Downloader (x32 Version: 2.07.00849 - Sony Computer Entertainment Inc.) Hidden
    PlayStation(R)Store (x32 Version: 4.5.15.13232 - Sony Computer Entertainment Inc.) Hidden
    PRE10STI64Installer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
    PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
    PSE10 STI Installer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
    QuickBooks Pro 99 (HKLM-x32\...\QuickBooks 99) (Version: - )
    QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
    Reader for PC (x32 Version: 1.1.02.10070 - Sony Corporation) Hidden
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.53.216.2012 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6570 - Realtek Semiconductor Corp.)
    Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.92 - Realtek Semiconductor Corp.)
    Recuva (HKLM\...\Recuva) (Version: 1.43 - Piriform)
    Remote Keyboard (x32 Version: 1.2.0.09270 - Sony Corporation) Hidden
    Remote Play with PlayStation(R)3 (x32 Version: 1.1.0.21090 - Sony Corporation) Hidden
    Reset NI Config 5.0.0 (x32 Version: 5.0.146.0 - National Instruments) Hidden
    SeaTools for Windows (HKLM-x32\...\SeaTools for Windows) (Version: - Seagate Technology)
    Service Pack 1 for SQL Server 2008 (KB968369) (64-bit) (HKLM\...\KB968369) (Version: 10.1.2531.0 - Microsoft Corporation)
    Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
    SmartSound Common Data (HKLM-x32\...\InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.)
    SmartSound Common Data (x32 Version: 1.1.0 - SmartSound Software Inc.) Hidden
    SmartSound Premiere Elements 10 x64 Plugin (HKLM\...\{3DAE9A67-DD8D-4EDB-91F7-7B5132B1864D}) (Version: 5.70.0001 - SmartSound Software Inc.)
    SmartSound Sonicfire Pro 5 (HKLM-x32\...\InstallShield_{1D273D91-D7D5-4036-8B84-EB4615FF5F81}) (Version: 5.7.1 - SmartSound Software Inc.)
    SmartSound Sonicfire Pro 5 (x32 Version: 5.7.1 - SmartSound Software Inc.) Hidden
    Sound Forge Audio Studio 10.0 (x32 Version: 10.0.176 - Sony) Hidden
    Sql Server Customer Experience Improvement Program (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
    SSLx64 (Version: 1.0.0 - Sony Corporation ) Hidden
    SSLx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
    StreetSmart Edge® (HKLM-x32\...\{5646676A-5A97-4B66-BE71-1B1770AD982B}) (Version: 1.30.117.0 - Schwab)
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.0.0.5 - Synaptics Incorporated)
    TrackID(TM) with BRAVIA (x32 Version: 1.2.0.09270 - Sony Corportaion) Hidden
    TriDef 3D (Sony) 2.0.5 (HKLM-x32\...\experience-sony-bundle) (Version: 2.0.5 - Dynamic Digital Depth Australia Pty Ltd)
    True Image 2013 (HKLM-x32\...\{5CD38D95-4406-42E7-B52A-A90F11E126EC}) (Version: 16.0.6306 - Acronis)
    TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
    TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    V3DPx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
    VAIO - Microsoft Visual C++ 2010 SP1 Runtime 10.0.40219.325 (HKLM\...\{34EB42BE-F4D3-44C1-B28E-9740115DB72C}) (Version: 1.0.00.01300 - Sony Corporation)
    VAIO - PlayMemories Home Plug-in (HKLM\...\{886C0C18-F905-49B2-90BA-EFC0FEDF27C6}) (Version: 2.0.01.03310 - Sony Corporation)
    VAIO - Remote Keyboard (x32 Version: 1.2.0.09270 - Sony Corporation) Hidden
    VAIO - Remote Keyboard with PlayStation®3 (x32 Version: 1.2.0.09210 - Sony Corporation) Hidden
    VAIO - Remote Play with PlayStation®3 (x32 Version: 1.1.0.21090 - Sony Corporation) Hidden
    VAIO - TrackID™ with BRAVIA (x32 Version: 1.2.0.09270 - Sony Corporation) Hidden
    VAIO 3D Portal (x32 Version: 1.2.0.10131 - Sony Corporation) Hidden
    VAIO Care (HKLM\...\{4D95D095-8C6F-4357-BDD8-27E295F37FB1}) (Version: 7.3.1.05290 - Sony Corporation)
    VAIO Control Center (x32 Version: 5.2.2.16060 - Sony Corporation) Hidden
    VAIO CPU Fan Diagnostic (x32 Version: 1.1.0.09200 - Sony Corporation) Hidden
    VAIO Data Restore Tool (x32 Version: 1.9.0.13190 - Sony Corporation) Hidden
    VAIO Easy Connect (x32 Version: 1.1.2.01120 - Sony Corporation) Hidden
    VAIO Gate (x32 Version: 2.4.1.09230 - Sony Corporation) Hidden
    VAIO Gate (x32 Version: 2.4.2.02200 - Sony Corporation) Hidden
    VAIO Gate Default (x32 Version: 2.5.2.02090 - Sony Corporation) Hidden
    VAIO Gesture Control (x32 Version: 1.0.0.12300 - Sony Corporation) Hidden
    VAIO Health Report (HKLM-x32\...\VAIO Health Report1.0) (Version: 1.0 - Sony Electronics)
    VAIO Help and Support (x32 Version: 17.00.0109 - Sony Corporation) Hidden
    VAIO Improvement (x32 Version: 1.3.0.12280 - Sony Corporation) Hidden
    VAIO Manual (x32 Version: 2.3.0.12300 - Sony Corporation) Hidden
    VAIO OOBE (x32 Version: 12.2.1.2483 - Sony Corporation) Hidden
    VAIO Sample Contents (x32 Version: 1.4.0.09010 - Sony Corporation) Hidden
    VAIO Satisfaction Survey. (x32 Version: 3.0 - Sony Electronics Inc.) Hidden
    VAIO Smart Network (x32 Version: 3.11.1.15220 - Sony Corporation) Hidden
    VAIO Transfer Support (x32 Version: 1.7.1.06040 - Sony Corporation) Hidden
    VBMx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
    VCCx64 (Version: 1.0.0 - Sony Corporation) Hidden
    VCCx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
    Vegas Movie Studio HD Platinum 11.0 (x32 Version: 11.0.256 - Sony) Hidden
    VGClientX64 (Version: 1.0.0 - Sony Corporation) Hidden
    VGClientX86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
    VHD (x32 Version: 1.0.0 - Microsoft) Hidden
    ViewSonic Windows 7 Signed Files (HKLM-x32\...\{FC47C7A5-BE63-11D5-B7C9-005004566E4D}) (Version: - )
    Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation)
    Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)
    VIx64 (Version: 1.0.0 - Sony Corporation) Hidden
    VIx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
    VMLx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
    VPMx64 (Version: 1.0.0 - Sony Corporation ) Hidden
    VSNx64 (Version: 1.0.0 - Sony Corporation) Hidden
    VSNx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
    VSSTx64 (Version: 1.0.0 - Sony Corporation ) Hidden
    VSSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
    VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden
    VU5x86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
    VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden
    VWSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
    WCF RIA Services V1.0 SP1 (HKLM-x32\...\{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}) (Version: 4.1.60114.0 - Microsoft Corporation)
    Web Deployment Tool (HKLM\...\{0F37D969-1260-419E-B308-EF7D29ABDE20}) (Version: 1.1.0618 - Microsoft Corporation)
    WIF Core Dependencies Windows 5.3.0 (x32 Version: 5.30.208.0 - National Instruments) Hidden
    Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)
    Windows Driver Package - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0) (HKLM\...\2C1C2F29FADF39F533CEEE67B90F07A5306A4BDB) (Version: 09/09/2009 1.0.0.0 - OLYMPUS IMAGING CORP.)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
    Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
    WinRAR 5.20 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.1 - win.rar GmbH)
    ==================== Custom CLSID (selected items): ==========================
    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
    CustomCLSID: HKU\S-1-5-21-747785638-1536544367-690633523-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Rwolf02\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-747785638-1536544367-690633523-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Rwolf02\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-747785638-1536544367-690633523-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Rwolf02\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-747785638-1536544367-690633523-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Rwolf02\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-747785638-1536544367-690633523-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Rwolf02\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-747785638-1536544367-690633523-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Rwolf02\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

    (( to be continued...))
     
  17. Rwolf01

    Rwolf01 TS Enthusiast Topic Starter Posts: 127

    ==================== Restore Points =========================
    20-12-2014 08:41:22 Created before running MWB anti-rootkit
    ==================== Hosts content: ==========================
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
    2009-07-13 18:34 - 2014-06-16 17:09 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost
    ==================== Scheduled Tasks (whitelisted) =============
    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
    Task: {040EB34D-87EE-463D-A5B2-254C3AF9D72A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)
    Task: {0529C3F0-CD75-4C63-BB12-C116AA7C13C6} - System32\Tasks\Sony Corporation\VAIO Care\VAU => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-05-28] (Sony Corporation)
    Task: {0951228A-9DF7-4E6C-BF77-BE03F3CD0B10} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-05-28] (Sony Corporation)
    Task: {1443FDAD-987E-4B31-B224-C29A174E2190} - System32\Tasks\Sony Corporation\VAIO Gesture Control\VCGULogonTask => C:\Program Files (x86)\Sony\VAIO Camera Gesture Utility\VCGU.exe [2011-12-27] (Sony Corporation)
    Task: {1597A663-C2A0-4A47-8712-30B542ED0784} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-08-20] (Google Inc.)
    Task: {19796B1A-3CBE-4BDE-9BBE-BB8CD170C918} - System32\Tasks\Sony Corporation\VAIO Power Management\VPM Logon Start => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2012-01-10] (Sony Corporation)
    Task: {1AB48406-B75B-4A41-BA7C-1C6AB32B3473} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2012-02-20] (Sony Corporation)
    Task: {1BCBB6B7-08E3-4501-8B5A-78F311459F08} - System32\Tasks\NIUpdateServiceCheckTask => C:\Program Files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe [2012-06-08] (National Instruments)
    Task: {1CFEFE93-0404-40D7-BF06-F31DDF91BCD6} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-747785638-1536544367-690633523-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
    Task: {2697AED8-73C1-4F70-82BE-3FAEEFCAB289} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-08-20] (Google Inc.)
    Task: {26E76C8B-60F7-4C61-8166-CBCFDFB6ED6D} - System32\Tasks\USER_ESRV_SVC => Wscript.exe //B //NoLogo "C:\Program Files\Sony\VAIO Care\esrv\task.vbs"
    Task: {3185C5A0-CF36-4D27-93C1-805EA568ED32} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-747785638-1536544367-690633523-1001UA => C:\Users\Rwolf02\AppData\Local\Google\Update\GoogleUpdate.exe [2014-04-30] (Google Inc.)
    Task: {34E937FA-A0D1-48F8-A341-48AAE9AE7030} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe
    Task: {36F4AC5A-C120-45A5-B78D-3275245A7B66} - System32\Tasks\VAIO Health Report => C:\Program Files (x86)\Sony\VAIO Health Report\VAIOHealthReport.exe [2013-06-20] (Sony Electronics)
    Task: {38AF5305-641D-4A8E-8B9A-44FB2EA3F7A5} - System32\Tasks\{F274C381-329F-49FD-BF4D-44797D156C0B} => pcalua.exe -a C:\MyDocs\Nuggets\ToyotaDiagnostics\AlternateVersion\TIS-V7.00.020\TISKEY.exe -d C:\MyDocs\Nuggets\ToyotaDiagnostics\AlternateVersion\TIS-V7.00.020
    Task: {41EEEF63-F7EE-4256-B29B-4BB8065E1A0F} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-747785638-1536544367-690633523-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
    Task: {46DFFB3C-9DF6-4971-A7C9-290B420DA623} - System32\Tasks\Sony Corporation\VAIO Care\CRMReminder => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-05-28] (Sony Corporation)
    Task: {47C853F8-FB17-4C4A-9F04-36469AA6ED72} - System32\Tasks\{AF0A93F1-3BF2-4F40-B760-6DDE412F623F} => pcalua.exe -a C:\MyDocs\Nuggets\ToyotaDiagnostics\TISKEY.exe -d C:\MyDocs\Nuggets\ToyotaDiagnostics
    Task: {530DA2B1-7FEA-496B-A01B-47A4B452ADA2} - System32\Tasks\Sony Corporation\VAIO Gate\StartExecuteProxy => C:\Program Files\Sony\VAIO Gate\ExecutionProxy.exe [2012-02-20] (Sony Corporation)
    Task: {5B2FD75E-F437-44AD-A383-15E81191EEDC} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementMonitorSystem => C:\Program Files\Sony\VAIO Improvement\vim.exe [2011-12-27] (Sony Corporation)
    Task: {65CCE672-104C-4702-A4DD-34D360D669FD} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-05-28] (Sony Corporation)
    Task: {6F0F8D13-BF80-478D-9852-919DCE5669B9} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementMonitorUser => C:\Program Files\Sony\VAIO Improvement\vim.exe [2011-12-27] (Sony Corporation)
    Task: {7109216E-AE30-4B3D-8549-9D100092ADD3} - System32\Tasks\Sony Corporation\VAIO Power Management\VPM Session Change => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2012-01-10] (Sony Corporation)
    Task: {78D36D03-6158-486E-BCA5-C0BFBF1C6938} - System32\Tasks\{15C9FE66-00CB-4FEB-983F-46DAF7E0AD60} => pcalua.exe -a "C:\Program Files (x86)\Toyota Diagnostics\Techstream\bin\TISKEY.exe" -d "C:\Program Files (x86)\Toyota Diagnostics\Techstream\bin"
    Task: {86B39C72-AAA4-44E5-9E93-0547E266863F} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
    Task: {8CABC5B6-A14F-4F5F-9359-D275D516E1C7} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
    Task: {93EEF2AC-8F1C-420A-9BAF-289AF1A55775} - System32\Tasks\VHDInformationCheck => C:\Program Files (x86)\Sony\VAIO Recovery\plugins\InformationCheck.exe [2012-02-24] (Sony Corporation)
    Task: {9DB39B01-6014-4C67-8B16-DA4828529C44} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\viuploader.exe [2011-12-27] (Sony Corporation)
    Task: {A24FF0FF-CFDB-4EEB-8766-182218537DEA} - System32\Tasks\Sony Corporation\VAIO Power Management\VPM Unlock => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2012-01-10] (Sony Corporation)
    Task: {A2C94F33-5622-455C-AB29-ED1AE6DF8B23} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-747785638-1536544367-690633523-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
    Task: {A4729563-F87C-49E8-AB1A-BC1DD0C09CA8} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-05-28] (Sony Corporation)
    Task: {A5DC8FBF-CA06-4D95-BECD-FEB43358FA79} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-747785638-1536544367-690633523-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
    Task: {B0A85B5E-7E7A-46E8-990F-EF259D5F38AE} - System32\Tasks\AdobeAAMUpdater-1.0-RWOLF02-Rwolf01 => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
    Task: {B0FBF4FB-FDC4-447F-8776-FD5AD8D1DCA8} - System32\Tasks\Sony\Keyboard Shortcuts => C:\Program Files (x86)\Sony\Keyboard Shortcuts\KeyboardShortcuts.exe [2012-03-20] ()
    Task: {B58AA691-A698-4125-9D59-E654F16CED03} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Daily => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-04-06] (Sony Corporation)
    Task: {B6C49D35-0498-42E6-9C9C-B61AF5EEC890} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-05-28] (Sony Corporation)
    Task: {C26C57BC-D4A5-4C30-B42B-3244095606B3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated)
    Task: {CABFC79B-267F-4C52-82FA-F9D94A2D1095} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Month => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-04-06] (Sony Corporation)
    Task: {D2BABDF1-E7AA-474E-B1DB-C7A31D7EC715} - System32\Tasks\Sony Corporation\VAIO Care\AutoCheckMessage => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-05-28] (Sony Corporation)
    Task: {D3537B18-416D-441E-8C4C-99BEED1BA28D} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate Restart => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2012-02-20] (Sony Corporation)
    Task: {DCAD392E-9448-4CC6-B96A-4C2705E428DE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-747785638-1536544367-690633523-1001Core => C:\Users\Rwolf02\AppData\Local\Google\Update\GoogleUpdate.exe [2014-04-30] (Google Inc.)
    Task: {E8D73E83-87AE-430A-8618-DFD496C7428A} - System32\Tasks\Sony Corporation\VAIO Smart Network\VSN Logon Start => net
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-747785638-1536544367-690633523-1001Core.job => C:\Users\Rwolf02\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-747785638-1536544367-690633523-1001UA.job => C:\Users\Rwolf02\AppData\Local\Google\Update\GoogleUpdate.exe
    ==================== Loaded Modules (whitelisted) =============
    2012-08-21 16:40 - 2011-02-28 14:37 - 00095008 _____ () C:\Windows\System32\Primomonnt.dll
    2012-08-10 12:55 - 2013-08-29 14:43 - 00097568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2012-08-10 12:57 - 2012-03-23 00:47 - 00127320 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    2012-04-04 18:04 - 2012-04-03 12:16 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
    2013-02-22 14:30 - 2013-02-22 11:02 - 00427432 _____ () C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe
    2013-02-22 14:30 - 2013-02-22 11:02 - 00528296 _____ () C:\Program Files\Sony\VAIO Care\esrv\intel_modeler.dll
    2013-02-22 14:30 - 2013-02-22 11:02 - 00171432 _____ () C:\Program Files\Sony\VAIO Care\esrv\sony_acpi_battery_input.dll
    2013-02-22 14:30 - 2013-02-22 11:02 - 00144296 _____ () C:\Program Files\Sony\VAIO Care\esrv\sony_sema_thermal_input.dll
    2013-02-22 14:30 - 2013-02-22 11:02 - 00146344 _____ () C:\Program Files\Sony\VAIO Care\esrv\sony_wifi_input.dll
    2012-05-15 10:08 - 2012-05-15 10:08 - 00320512 _____ () C:\Program Files\Sony\VAIO Care\CRM\ManagedVAIORecoveryMedia.dll
    2012-05-15 10:08 - 2012-05-15 10:08 - 00179712 _____ () C:\Program Files\Sony\VAIO Care\CRM\VAIORecovery.dll
    2012-05-15 10:08 - 2012-05-15 10:08 - 00054784 _____ () C:\Program Files\Sony\VAIO Care\CRM\Logging.dll
    2012-05-15 10:08 - 2012-05-15 10:08 - 00061440 _____ () C:\Program Files\Sony\VAIO Care\CRM\VAIOCommon.dll
    2012-05-15 10:08 - 2012-05-15 10:08 - 00192000 _____ () C:\Program Files\Sony\VAIO Care\CRM\OsServices.dll
    2012-05-15 10:08 - 2012-05-15 10:08 - 00037376 _____ () C:\Program Files\Sony\VAIO Care\CRM\PluginFactory.dll
    2012-05-15 10:08 - 2012-05-15 10:08 - 02229760 _____ () C:\Program Files\Sony\VAIO Care\CRM\RecoveryPartitionManager.dll
    2012-05-15 10:08 - 2012-05-15 10:08 - 00035840 _____ () C:\Program Files\Sony\VAIO Care\CRM\XMLTools.dll
    2012-05-15 10:08 - 2012-05-15 10:08 - 00055296 _____ () C:\Program Files\Sony\VAIO Care\CRM\VAIOInstallAppsDrivers.dll
    2012-05-15 10:08 - 2012-05-15 10:08 - 00137728 _____ () C:\Program Files\Sony\VAIO Care\CRM\InstallDB.dll
    2012-05-15 10:08 - 2012-05-15 10:08 - 00134144 _____ () C:\Program Files\Sony\VAIO Care\CRM\InstallationTools.dll
    2012-05-15 10:08 - 2012-05-15 10:08 - 00024064 _____ () C:\Program Files\Sony\VAIO Care\CRM\VAIOUtility.dll
    2011-11-30 17:49 - 2011-11-30 17:49 - 00276992 _____ () C:\Program Files\Sony\VAIO Care\READ\RecoveryPartitionManagerREAD.dll
    2013-04-10 16:43 - 2013-04-10 16:43 - 00021824 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\x64\ti_managers_proxy_stub.dll
    2013-04-05 11:58 - 2013-04-05 11:58 - 00954696 _____ () C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll
    2013-01-28 12:08 - 2013-01-28 12:08 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2013-01-28 12:08 - 2013-01-28 12:08 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2012-06-06 21:46 - 2012-06-06 21:46 - 02214912 _____ () C:\Program Files (x86)\National Instruments\Shared\LabVIEW Run-Time\2012\NIQtCore_2012.dll
    2012-06-06 21:46 - 2012-06-06 21:46 - 08044544 _____ () C:\Program Files (x86)\National Instruments\Shared\LabVIEW Run-Time\2012\NIQtGui_2012.dll
    2012-01-26 10:36 - 2012-01-26 10:36 - 00278528 ____R () C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\xerces-depdom_2_6.dll
    2013-07-02 22:06 - 2013-07-02 22:06 - 00039936 _____ () C:\Program Files (x86)\DDNi\Oasis2Service\OasisCloudModel.dll
    2013-07-02 22:06 - 2013-07-02 22:06 - 00011264 _____ () C:\Program Files (x86)\DDNi\Oasis2Service\OasisCloudClient.dll
    2012-08-10 13:52 - 2012-04-06 13:37 - 00021128 _____ () C:\Program Files (x86)\Sony\VAIO Control Center\VESBasePS.dll
    2014-10-15 05:22 - 2014-10-15 05:22 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\e5fd017ccd434fd52b0a0ac39c15aff3\IsdiInterop.ni.dll
    2012-08-10 12:47 - 2012-05-02 12:53 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
    2013-04-10 16:10 - 2013-04-10 16:10 - 00420160 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll
    2012-08-10 12:57 - 2012-03-23 00:47 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
    2013-04-10 16:40 - 2013-04-10 16:40 - 00021312 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers_proxy_stub.dll
    ==================== Alternate Data Streams (whitelisted) =========
    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
    AlternateDataStreams: C:\Users\Rwolf02\Desktop\Kyle.eml:OECustomProperty
    ==================== Safe Mode (whitelisted) ===================
    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    ==================== EXE Association (whitelisted) =============
    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

    ==================== MSCONFIG/TASK MANAGER disabled items =========
    (Currently there is no automatic fix for this section.)
    MSCONFIG\Services: Bluetooth Device Monitor => 2
    MSCONFIG\Services: Bluetooth Media Service => 3
    MSCONFIG\Services: Bluetooth OBEX Service => 2
    MSCONFIG\Services: RealPlayer Cloud Service => 2
    MSCONFIG\Services: RealPlayerUpdateSvc => 2
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NI Error Reporting.lnk => C:\Windows\pss\NI Error Reporting.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RealPlayer Cloud Service UI.lnk => C:\Windows\pss\RealPlayer Cloud Service UI.lnk.CommonStartup
    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    MSCONFIG\startupreg: BTMTrayAgent => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
    MSCONFIG\startupreg: Dolby Home Theater v4 => "C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart
    MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    MSCONFIG\startupreg: NI Update Service => "C:\Program Files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe" -startupTask
    MSCONFIG\startupreg: TkBellExe => "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
    ========================= Accounts: ==========================
    Administrator (S-1-5-21-747785638-1536544367-690633523-500 - Administrator - Disabled)
    Guest (S-1-5-21-747785638-1536544367-690633523-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-747785638-1536544367-690633523-1004 - Limited - Enabled)
    Rwolf01 (S-1-5-21-747785638-1536544367-690633523-1001 - Administrator - Enabled) => C:\Users\Rwolf02
    UpdatusUser (S-1-5-21-747785638-1536544367-690633523-1000 - Limited - Enabled) => C:\Users\UpdatusUser
    ==================== Faulty Device Manager Devices =============
    Name: Bluetooth Device (Personal Area Network)
    Description: Bluetooth Device (Personal Area Network)
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: BthPan
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
    Name:
    Description:
    Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
    Name: U:\
    Description: 2105
    Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
    Manufacturer: ASMT
    Service: WUDFRd
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
    Name: Intel(R) Centrino(R) Advanced-N 6235
    Description: Intel(R) Centrino(R) Advanced-N 6235
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Intel Corporation
    Service: NETwNs64
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
    Name: F:\
    Description: MediaPlayer
    Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
    Manufacturer: Buildwin
    Service: WUDFRd
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
    Name: USB Input Device
    Description: USB Input Device
    Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
    Manufacturer: (Standard system devices)
    Service: HidUsb
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    ==================== Event log errors: =========================
    Application errors:
    ==================
    System errors:
    =============
    Microsoft Office Sessions:
    =========================
    CodeIntegrity Errors:
    ===================================
    Date: 2014-06-16 18:04:36.059
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    Date: 2014-06-16 18:04:35.993
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    Date: 2012-08-25 18:48:35.854
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
    Date: 2012-08-25 18:33:44.022
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
    Date: 2012-08-25 18:13:22.128
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
    Date: 2012-08-21 19:54:26.280
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
    Date: 2012-08-21 19:38:37.242
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
    Date: 2012-08-21 19:19:01.557
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
    Date: 2012-08-21 19:03:01.482
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
    Date: 2012-08-21 18:45:45.838
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

    ==================== Memory info ===========================
    Processor: Intel(R) Core(TM) i7-3612QM CPU @ 2.10GHz
    Percentage of memory in use: 21%
    Total physical RAM: 12187.28 MB
    Available physical RAM: 9589.14 MB
    Total Pagefile: 12185.46 MB
    Available Pagefile: 9297.46 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.81 MB
    ==================== Drives ================================
    Drive c: (WIN7-SSD) (Fixed) (Total:218.72 GB) (Free:93.35 GB) NTFS
    Drive d: (Data) (Fixed) (Total:931.39 GB) (Free:417.4 GB) NTFS
    ==================== MBR & Partition Table ==================
    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 920CD996)
    Partition: GPT Partition Type.
    ========================================================
    Disk: 1 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 289C3D70)
    Partition: GPT Partition Type.
    ==================== End Of Log ============================
     
  18. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  19. Rwolf01

    Rwolf01 TS Enthusiast Topic Starter Posts: 127

    Script was run. fixlog.txt below. I made 2 other small changes since last night. I found that my copy of Adobe Flash Player was old and it was having problems playing videos on Facebook. I updated to the latest version to fix that problem. Also, Outlook reported that the windows indexing service was disabled. I re-enabled it. Neither one seemed like a risky move to me, but I thought I should mention them.

    ======================= FixLog.txt ================================

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-12-2014
    Ran by Rwolf01 at 2014-12-21 12:12:33 Run:1
    Running from C:\Users\Rwolf02\Desktop
    Loaded Profiles: UpdatusUser & Rwolf01 (Available profiles: UpdatusUser & Rwolf01)
    Boot Mode: Normal
    ==============================================
    Content of fixlist:
    *****************
    HKU\S-1-5-21-747785638-1536544367-690633523-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-747785638-1536544367-690633523-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: No Name -> {41564952-412D-5637-4300-7A786E7484D7} -> No File
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
    CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
    CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
    CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll No File
    CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll No File
    CHR Plugin: (RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll No File
    CHR Plugin: (RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll No File
    CHR Plugin: (RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll No File
    CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll No File
    CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
    S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    C:\Users\Rwolf02\AppData\Local\Temp\avgnt.exe
    C:\Users\Rwolf02\AppData\Local\Temp\Quarantine.exe
    C:\Users\Rwolf02\AppData\Local\Temp\sqlite3.dll
    CustomCLSID: HKU\S-1-5-21-747785638-1536544367-690633523-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Rwolf02\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-747785638-1536544367-690633523-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Rwolf02\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-747785638-1536544367-690633523-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Rwolf02\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-747785638-1536544367-690633523-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Rwolf02\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
    AlternateDataStreams: C:\Users\Rwolf02\Desktop\Kyle.eml:OECustomProperty
    *****************
    "HKU\S-1-5-21-747785638-1536544367-690633523-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
    HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    HKU\S-1-5-21-747785638-1536544367-690633523-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41564952-412D-5637-4300-7A786E7484D7}" => Key deleted successfully.
    HKCR\CLSID\{41564952-412D-5637-4300-7A786E7484D7} => Key not found.
    C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll not found.
    C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll not found.
    C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll not found.
    C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll not found.
    C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll not found.
    C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll not found.
    C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll not found.
    C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll not found.
    C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll not found.
    C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll not found.
    C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll not found.
    C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll not found.
    C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll not found.
    c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll not found.
    ACDaemon => Service deleted successfully.
    catchme => Service deleted successfully.
    C:\Users\Rwolf02\AppData\Local\Temp\avgnt.exe => Moved successfully.
    C:\Users\Rwolf02\AppData\Local\Temp\Quarantine.exe => Moved successfully.
    C:\Users\Rwolf02\AppData\Local\Temp\sqlite3.dll => Moved successfully.
    "HKU\S-1-5-21-747785638-1536544367-690633523-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => Key deleted successfully.
    "HKU\S-1-5-21-747785638-1536544367-690633523-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => Key deleted successfully.
    "HKU\S-1-5-21-747785638-1536544367-690633523-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => Key deleted successfully.
    "HKU\S-1-5-21-747785638-1536544367-690633523-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => Key deleted successfully.
    C:\Users\Rwolf02\Desktop\Kyle.eml => ":OECustomProperty" ADS removed successfully.
    ==== End of Fixlog ====
     
  20. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
    NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
      • Other Services
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    [​IMG] Download Sophos Free Virus Removal Tool and save it to your desktop.
    • Double click the icon and select Run
    • Click Next
    • Select I accept the terms in this license agreement, then click Next twice
    • Click Install
    • Click Finish to launch the program
    • Once the virus database has been updated click Start Scanning
    • If any threats are found click Details, then View log file... (bottom left hand corner)
    • Copy and paste the results in your reply
    • Close the Notepad document, close the Threat Details screen, then click Start cleanup
    • Click Exit to close the program
     
  21. Rwolf01

    Rwolf01 TS Enthusiast Topic Starter Posts: 127

    So far so good.... Sophos is still running but I can start uploading the other logs.
    (I'm at the airport and it looks like it will be tight if that scan finished before I have to board!)

    Here are the log files from the rest of the scans:

    ======================= Checkup.txt ================================

    Results of screen317's Security Check version 0.99.93
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Windows Firewall Disabled!
    Avira Desktop
    Antivirus up to date! (On Access scanning disabled!)
    `````````Anti-malware/Other Utilities Check:`````````
    Java 8 Update 25
    Java version 32-bit out of Date!
    Adobe Reader XI
    Google Chrome (39.0.2171.71)
    Google Chrome (39.0.2171.95)
    ````````Process Check: objlist.exe by Laurent````````
    Avira Antivir avgnt.exe
    Avira Antivir avguard.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 2%
    ````````````````````End of Log``````````````````````

    ====================== FSS.TXT ===============================

    Farbar Service Scanner Version: 21-07-2014
    Ran by Rwolf01 (administrator) on 21-12-2014 at 13:12:06
    Running from "C:\Users\Rwolf02\Desktop"
    Microsoft Windows 7 Professional Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.

    Windows Firewall:
    =============
    Firewall Disabled Policy:
    ==================
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall"=DWORD:0

    System Restore:
    ============
    System Restore Disabled Policy:
    ========================

    Action Center:
    ============

    Windows Update:
    ============
    Windows Autoupdate Disabled Policy:
    ============================

    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.

    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1

    Other Services:
    ==============

    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => File is digitally signed
    C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
    C:\Windows\System32\dhcpcore.dll => File is digitally signed
    C:\Windows\System32\drivers\afd.sys => File is digitally signed
    C:\Windows\System32\drivers\tdx.sys => File is digitally signed
    C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
    C:\Windows\System32\dnsrslvr.dll => File is digitally signed
    C:\Windows\System32\mpssvc.dll => File is digitally signed
    C:\Windows\System32\bfe.dll => File is digitally signed
    C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
    C:\Windows\System32\SDRSVC.dll => File is digitally signed
    C:\Windows\System32\vssvc.exe => File is digitally signed
    C:\Windows\System32\wscsvc.dll => File is digitally signed
    C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
    C:\Windows\System32\wuaueng.dll => File is digitally signed
    C:\Windows\System32\qmgr.dll => File is digitally signed
    C:\Windows\System32\es.dll => File is digitally signed
    C:\Windows\System32\cryptsvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
    C:\Windows\System32\ipnathlp.dll => File is digitally signed
    C:\Windows\System32\iphlpsvc.dll => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed

    **** End of log ****

    Note: TFC only cleaned about 60 MB or so of stuff. (I generally run TFC and Ccleaner right after each backup)
     
  22. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Did you disable Windows firewall for whatever reason?
     
  23. Rwolf01

    Rwolf01 TS Enthusiast Topic Starter Posts: 127

    I turn off everything in Avira before running each tool, and then turn it back on when it's done. I think one of the checkboxes was for a firewall, but not sure if it's windows or Avira that does it.

    Sophos scan completed. 1 malware found. see log below:

    2014-12-21 21:14:27.173 Sophos Virus Removal Tool version 2.5.4
    2014-12-21 21:14:27.173 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.
    2014-12-21 21:14:27.173 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.
    2014-12-21 21:14:27.173 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x100 PT=0x1 WOW64
    2014-12-21 21:14:27.174 Checking for updates...
    2014-12-21 21:14:32.554 Option all = no
    2014-12-21 21:14:32.554 Option recurse = yes
    2014-12-21 21:14:32.554 Option archive = no
    2014-12-21 21:14:32.554 Option service = yes
    2014-12-21 21:14:32.554 Option confirm = yes
    2014-12-21 21:14:32.554 Option sxl = yes
    2014-12-21 21:14:32.555 Option max-data-age = 35
    2014-12-21 21:14:32.555 Option EnableSafeClean = yes
    2014-12-21 21:14:33.631 Option vdl-logging = yes
    2014-12-21 21:14:33.633 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
    2014-12-21 21:14:33.633 Machine ID: 69b3a95841a741d8970a8f45438d1e41
    2014-12-21 21:14:33.634 Component SVRTcli.exe version 2.5.4
    2014-12-21 21:14:33.634 Component control.dll version 2.5.4
    2014-12-21 21:14:33.634 Component SVRTservice.exe version 2.5.4
    2014-12-21 21:14:33.634 Component engine\osdp.dll version 1.44.1.2183
    2014-12-21 21:14:33.634 Component engine\veex.dll version 3.58.3.2183
    2014-12-21 21:14:33.634 Component engine\savi.dll version 8.1.5.2183
    2014-12-21 21:14:33.634 Component rkdisk.dll version 1.5.30.0
    2014-12-21 21:14:33.635 Version info: Product version 2.5.4
    2014-12-21 21:14:33.635 Version info: Detection engine 3.58.3
    2014-12-21 21:14:33.635 Version info: Detection data 5.08
    2014-12-21 21:14:33.635 Version info: Build date 11/11/2014
    2014-12-21 21:14:33.635 Version info: Data files added 434
    2014-12-21 21:14:33.635 Version info: Last successful update (not yet updated)
    2014-12-21 21:14:34.327 Update progress: proxy server not available
    2014-12-21 21:14:59.128 Downloading updates...
    2014-12-21 21:14:59.129 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
    2014-12-21 21:14:59.129 Update progress: [I49502] Found supplement SAVIW32 LATEST
    2014-12-21 21:14:59.129 Update progress: [I49502] Found supplement IDE509 LATEST
    2014-12-21 21:14:59.129 Update progress: [I49502] Found supplement IDE510 LATEST
    2014-12-21 21:14:59.129 Update progress: [I49502] Found supplement IDE511 LATEST
    2014-12-21 21:14:59.129 Update progress: [I49502] Found supplement IDE512 LATEST
    2014-12-21 21:14:59.129 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
    2014-12-21 21:14:59.129 Update progress: [I19463] Syncing product SAVIW32 48
    2014-12-21 21:15:04.055 Update progress: [I19463] Syncing product IDE509 177
    2014-12-21 21:15:05.384 Installing updates...
    2014-12-21 21:15:05.986 Error level 1
    2014-12-21 21:15:05.996 Update progress: [I19463] Syncing product IDE510 179
    2014-12-21 21:15:05.996 Update progress: [I19463] Syncing product IDE511 81
    2014-12-21 21:15:05.996 Update progress: [I19463] Syncing product IDE512 1
    2014-12-21 21:15:08.526 Update successful
    2014-12-21 21:15:13.939 Option all = no
    2014-12-21 21:15:13.939 Option recurse = yes
    2014-12-21 21:15:13.939 Option archive = no
    2014-12-21 21:15:13.939 Option service = yes
    2014-12-21 21:15:13.939 Option confirm = yes
    2014-12-21 21:15:13.939 Option sxl = yes
    2014-12-21 21:15:13.940 Option max-data-age = 35
    2014-12-21 21:15:13.940 Option EnableSafeClean = yes
    2014-12-21 21:15:13.978 Option vdl-logging = yes
    2014-12-21 21:15:13.980 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
    2014-12-21 21:15:13.980 Machine ID: 69b3a95841a741d8970a8f45438d1e41
    2014-12-21 21:15:13.981 Component SVRTcli.exe version 2.5.4
    2014-12-21 21:15:13.981 Component control.dll version 2.5.4
    2014-12-21 21:15:13.981 Component SVRTservice.exe version 2.5.4
    2014-12-21 21:15:13.981 Component engine\osdp.dll version 1.44.1.2183
    2014-12-21 21:15:13.981 Component engine\veex.dll version 3.58.3.2183
    2014-12-21 21:15:13.981 Component engine\savi.dll version 8.1.5.2183
    2014-12-21 21:15:13.981 Component rkdisk.dll version 1.5.30.0
    2014-12-21 21:15:13.981 Version info: Product version 2.5.4
    2014-12-21 21:15:13.982 Version info: Detection engine 3.58.3
    2014-12-21 21:15:13.982 Version info: Detection data 5.08G
    2014-12-21 21:15:13.982 Version info: Build date 11/11/2014
    2014-12-21 21:15:13.982 Version info: Data files added 434
    2014-12-21 21:15:13.982 Version info: Last successful update 12/21/2014 1:15:08 PM
    2014-12-21 21:26:34.112 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
    2014-12-21 21:26:34.112 Could not open C:\System Volume Information\{61da3602-8935-11e4-9fb1-f8d81e548df1}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2014-12-21 21:26:34.112 Could not open C:\System Volume Information\{d3768ccb-88d9-11e4-98a4-30f9ededddb1}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2014-12-21 21:26:34.112 Could not open C:\System Volume Information\{d3768d0c-88d9-11e4-98a4-30f9ededddb1}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2014-12-21 21:26:34.112 Could not open C:\System Volume Information\{dd4b6c3a-8542-11e4-b2fd-ec274aaf700c}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2014-12-21 21:26:37.917 >>> Virus 'Mal/Behav-374' found in file C:\Temp\mvci\FirmwareUpdateTool.exe
    2014-12-21 21:26:37.917 >>> Virus 'Mal/Behav-374' found in file HKU\S-1-5-21-747785638-1536544367-690633523-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
    2014-12-21 21:26:37.917 >>> Virus 'Mal/Behav-374' found in file HKU\S-1-5-21-747785638-1536544367-690633523-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
    2014-12-21 21:26:37.917 >>> Virus 'Mal/Behav-374' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
    2014-12-21 21:27:02.466 Could not check C:\Users\Rwolf02\Documents\MultiDeco\DiveLogs\mddlm_dives.zip\sn_map.ini (corrupt)
    2014-12-21 21:30:03.057 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
    2014-12-21 21:30:03.057 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
    2014-12-21 21:30:03.786 Could not open C:\Windows\System32\config\RegBack\DEFAULT
    2014-12-21 21:30:03.787 Could not open C:\Windows\System32\config\RegBack\SAM
    2014-12-21 21:30:03.787 Could not open C:\Windows\System32\config\RegBack\SECURITY
    2014-12-21 21:30:03.788 Could not open C:\Windows\System32\config\RegBack\SOFTWARE
    2014-12-21 21:30:03.789 Could not open C:\Windows\System32\config\RegBack\SYSTEM
    2014-12-21 22:16:58.940 Could not open D:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
    2014-12-21 22:16:58.940 Could not open D:\System Volume Information\{61da3603-8935-11e4-9fb1-f8d81e548df1}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2014-12-21 22:16:58.940 Could not open D:\System Volume Information\{d3768ccc-88d9-11e4-98a4-30f9ededddb1}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2014-12-21 22:16:58.941 Could not open D:\System Volume Information\{d3768d0d-88d9-11e4-98a4-30f9ededddb1}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2014-12-21 22:16:58.941 Could not open D:\System Volume Information\{dd4b6c3b-8542-11e4-b2fd-ec274aaf700c}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2014-12-21 22:17:00.455 The following items will be cleaned up:
    2014-12-21 22:17:00.455 Mal/Behav-374
     
  24. Rwolf01

    Rwolf01 TS Enthusiast Topic Starter Posts: 127

    Just double checked. The Avira checkbox says "Windows Firewall" so yeah, it was probably me. Sorry for the confusion.

    Oops. boarding now. Gotta run. Will check in in 6 or 7 hours....
     
  25. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Your computer is clean [​IMG]

    1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
    This is a very crucial step so make sure you don't skip it.
    Download [​IMG]DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

    Double-click Delfix.exe to start the tool.
    Make sure the following items are checked:
    • Activate UAC (optional; some users prefer to keep it off)
    • Remove disinfection tools
    • Create registry backup
    • Purge System Restore
    • Reset system settings
    Now click "Run" and wait patiently.
    Once finished a logfile will be created. You don't have to attach it to your next reply.

    2. Make sure Windows Updates are current.

    3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    4. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    11. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
    About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

    12. Please, let me know, how your computer is doing.
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...