TechSpot

Win7Pro64 system suffered BSOD in IE  Malware?

Solved
By Rwolf01
Jun 15, 2014
  1. Greetings wizards!

    I suffered a BSOD (Blue Screen of Death) while reading the news at sfgate.com. If was preceded by a pop-up telling me that IE had stopped working and gave me the choice to debug or close the application. (This I see every other day or so) The BSOD happened as soon as I clicked 'close'.

    To recover I ran CHKDSK, which found & corrected a few minor problems. I then updated and ran an Avira virus scan, which did not find anything unusual. (there are some old false-positives in some diagnostic binaries I got from a reliable source)

    I then ran MalwareBytes which found "OpenCandy" in a downloadable Codec package. I accepted the quarantine recommendations for that.

    Finally I ran DDS, as instructed in the 4-steps starting point.

    The logs push me over the 50k limit, so I'll post them as separate replies.

    As always, thank you for being here and dispensing your wisdom to the huddled unwashed masses, yearning to be free....
     
  2. Rwolf01

    Rwolf01 TS Rookie Topic Starter Posts: 91

    ====================| Avira System Scan Log |=====================


    Avira Antivirus Suite
    Report file date: Sunday, June 15, 2014 02:04

    The program is running as an unrestricted full version.
    Online services are available.
    Licensee : Ralph Wolf
    Serial number : 2222585904-PEPWM-0000003
    Platform : Windows 7 Professional
    Windows version : (Service Pack 1) [6.1.7601]
    Boot mode : Normally booted
    Username : SYSTEM
    Computer name : RWOLF02
    Version information:
    BUILD.DAT : 14.0.4.672 93716 Bytes 5/27/2014 17:59:00
    AVSCAN.EXE : 14.0.4.632 1030736 Bytes 5/20/2014 07:53:37
    AVSCANRC.DLL : 14.0.4.620 52304 Bytes 5/20/2014 07:53:37
    LUKE.DLL : 14.0.4.620 57936 Bytes 5/20/2014 07:53:55
    AVSCPLR.DLL : 14.0.4.620 89680 Bytes 5/20/2014 07:53:37
    AVREG.DLL : 14.0.4.632 261200 Bytes 5/20/2014 07:53:35
    avlode.dll : 14.0.4.638 583760 Bytes 5/20/2014 07:53:33
    avlode.rdf : 14.0.4.22 64276 Bytes 5/15/2014 13:58:29
    XBV00008.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:00:42
    XBV00009.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:00:42
    XBV00010.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:00:42
    XBV00011.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:00:42
    XBV00012.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:00:42
    XBV00013.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:00:42
    XBV00014.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:00:42
    XBV00015.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:00:42
    XBV00016.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:00:42
    XBV00017.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:00:42
    XBV00018.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:00:42
    XBV00019.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:00:43
    XBV00020.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:00:43
    XBV00021.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:00:43
    XBV00022.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:00:43
    XBV00023.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:00:43
    XBV00024.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:00:43
    XBV00025.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:00:43
    XBV00026.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:00:43
    XBV00027.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:00:43
    XBV00028.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:00:43
    XBV00029.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:00:43
    XBV00030.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:00:43
    XBV00031.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:00:43
    XBV00032.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:00:44
    XBV00033.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:00:44
    XBV00034.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:00:44
    XBV00035.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:00:44
    XBV00036.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:00:44
    XBV00037.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:00:44
    XBV00038.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:00:44
    XBV00039.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:00:44
    XBV00040.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:00:44
    XBV00041.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:00:44
    XBV00098.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:00:59
    XBV00099.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:00:59
    XBV00100.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:00:59
    XBV00101.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:00:59
    XBV00102.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:00:59
    XBV00103.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:00:59
    XBV00104.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:00:59
    XBV00105.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:00:59
    XBV00106.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:00:59
    XBV00107.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:00:59
    XBV00108.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:00:59
    XBV00109.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:00:59
    XBV00110.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:00:59
    XBV00111.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:01
    XBV00112.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:01
    XBV00113.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:02
    XBV00114.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:02
    XBV00115.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:02
    XBV00116.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:02
    XBV00117.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:02
    XBV00118.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:02
    XBV00119.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:02
    XBV00120.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:02
    XBV00121.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:02
    XBV00122.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:02
    XBV00123.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:02
    XBV00124.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:02
    XBV00125.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:02
    XBV00126.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:02
    XBV00127.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:02
    XBV00128.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:03
    XBV00129.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:03
    XBV00130.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:03
    XBV00131.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:03
    XBV00132.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:03
    XBV00133.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:03
    XBV00134.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:03
    XBV00135.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:03
    XBV00136.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:03
    XBV00137.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:03
    XBV00138.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:03
    XBV00139.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:03
    XBV00140.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:03
    XBV00141.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:03
    XBV00142.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:03
    XBV00143.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:04
    XBV00144.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:04
    XBV00145.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:04
    XBV00146.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:04
    XBV00147.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:04
    XBV00148.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:04
    XBV00149.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:04
    XBV00150.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:04
    XBV00151.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:04
    XBV00152.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:04
    XBV00153.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:04
    XBV00154.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:04
    XBV00155.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:04
    XBV00156.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:04
    XBV00157.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:04
    XBV00158.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:05
    XBV00159.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:05
    XBV00160.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:05
    XBV00161.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:05
    XBV00162.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:05
    XBV00163.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:05
    XBV00164.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:05
    XBV00165.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:05
    XBV00166.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:05
    XBV00167.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:05
    XBV00168.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:05
    XBV00169.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:05
    XBV00170.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:05
    XBV00171.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:05
    XBV00172.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:05
    XBV00173.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:05
    XBV00174.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:06
    XBV00175.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:06
    XBV00176.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:06
    XBV00177.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:06
    XBV00178.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:06
    XBV00179.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:06
    XBV00180.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:06
    XBV00181.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:06
    XBV00182.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:06
    XBV00183.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:06
    XBV00184.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:06
    XBV00185.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:06
    XBV00186.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:06
    XBV00187.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:06
    XBV00188.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:06
    XBV00189.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:07
    XBV00190.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:07
    XBV00191.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:07
    XBV00192.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:07
    XBV00193.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:07
    XBV00194.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:07
    XBV00195.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:07
    XBV00196.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:07
    XBV00197.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:07
    XBV00198.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:07
    XBV00199.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:07
    XBV00200.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:07
    XBV00201.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:07
    XBV00202.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:07
    XBV00203.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:07
    XBV00204.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:08
    XBV00205.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:08
    XBV00206.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:08
    XBV00207.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:08
    XBV00208.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:08
    XBV00209.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:08
    XBV00210.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:08
    XBV00211.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:08
    XBV00212.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:08
    XBV00213.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:08
    XBV00214.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:08
    XBV00215.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:08
    XBV00216.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:08
    XBV00217.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:08
    XBV00218.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:08
    XBV00219.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:09
    XBV00220.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:09
    XBV00221.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:09
    XBV00222.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:09
    XBV00223.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:09
    XBV00224.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:09
    XBV00225.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:09
    XBV00226.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:09
    XBV00227.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:09
    XBV00228.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:09
    XBV00229.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:09
    XBV00230.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:10
    XBV00231.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:10
    XBV00232.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:10
    XBV00233.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:10
    XBV00234.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:10
    XBV00235.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:10
    XBV00236.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:10
    XBV00237.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:10
    XBV00238.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:10
    XBV00239.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:10
    XBV00240.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:10
    XBV00241.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:11
    XBV00242.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:12
    XBV00243.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:12
    XBV00244.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:12
    XBV00245.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:12
    XBV00246.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:12
    XBV00247.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:12
    XBV00248.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:12
    XBV00249.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:12
    XBV00250.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:12
    XBV00251.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:12
    XBV00252.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:12
    XBV00253.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:12
    XBV00254.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:12
    XBV00255.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:12
    XBV00000.VDF : 7.11.70.0 66736640 Bytes 4/4/2013 09:27:05
    XBV00001.VDF : 7.11.74.226 2201600 Bytes 4/30/2013 10:00:53
    XBV00002.VDF : 7.11.80.60 2751488 Bytes 5/28/2013 09:45:21
    XBV00003.VDF : 7.11.85.214 2162688 Bytes 6/21/2013 12:57:22
    XBV00004.VDF : 7.11.91.176 3903488 Bytes 7/23/2013 10:27:03
    XBV00005.VDF : 7.11.98.186 6822912 Bytes 8/29/2013 08:46:00
    XBV00006.VDF : 7.11.139.38 15708672 Bytes 3/27/2014 11:54:35
    XBV00007.VDF : 7.11.152.100 4193792 Bytes 6/2/2014 12:05:37
    XBV00042.VDF : 8.11.153.142 710656 Bytes 6/6/2014 10:00:45
    XBV00043.VDF : 8.11.153.146 297472 Bytes 6/6/2014 10:00:46
    XBV00044.VDF : 8.11.153.148 32256 Bytes 6/6/2014 10:00:46
    XBV00045.VDF : 8.11.153.150 2048 Bytes 6/6/2014 10:00:46
    XBV00046.VDF : 8.11.153.156 43008 Bytes 6/6/2014 10:00:46
    XBV00047.VDF : 8.11.153.176 2048 Bytes 6/6/2014 10:00:46
    XBV00048.VDF : 8.11.153.178 2048 Bytes 6/7/2014 10:00:46
    XBV00049.VDF : 8.11.153.196 27648 Bytes 6/7/2014 10:00:46
    XBV00050.VDF : 8.11.153.214 4096 Bytes 6/7/2014 10:00:46
    XBV00051.VDF : 8.11.153.218 26624 Bytes 6/7/2014 10:00:47
    XBV00052.VDF : 8.11.153.220 2048 Bytes 6/7/2014 10:00:47
    XBV00053.VDF : 8.11.153.222 43520 Bytes 6/8/2014 10:00:47
    XBV00054.VDF : 8.11.153.226 2048 Bytes 6/8/2014 10:00:47
    XBV00055.VDF : 8.11.153.230 37376 Bytes 6/8/2014 10:00:47
    XBV00056.VDF : 8.11.153.232 2048 Bytes 6/8/2014 10:00:47
    XBV00057.VDF : 8.11.153.234 33792 Bytes 6/9/2014 10:00:47
    XBV00058.VDF : 8.11.153.236 2048 Bytes 6/9/2014 10:00:47
    XBV00059.VDF : 8.11.153.238 17920 Bytes 6/9/2014 10:00:47
    XBV00060.VDF : 8.11.153.240 4608 Bytes 6/9/2014 10:00:53
    XBV00061.VDF : 8.11.153.242 3584 Bytes 6/9/2014 10:00:53
    XBV00062.VDF : 8.11.153.244 4608 Bytes 6/9/2014 10:00:53
    XBV00063.VDF : 8.11.153.246 2048 Bytes 6/9/2014 10:00:54
    XBV00064.VDF : 8.11.154.8 11776 Bytes 6/10/2014 10:00:54
    XBV00065.VDF : 8.11.154.26 2048 Bytes 6/10/2014 10:00:54
    XBV00066.VDF : 8.11.154.44 2560 Bytes 6/10/2014 10:00:54
    XBV00067.VDF : 8.11.154.46 253440 Bytes 6/10/2014 10:00:55
    XBV00068.VDF : 8.11.154.58 293888 Bytes 6/10/2014 10:00:55
    XBV00069.VDF : 8.11.154.60 12288 Bytes 6/10/2014 10:00:55
    XBV00070.VDF : 8.11.154.66 9728 Bytes 6/10/2014 10:00:55
    XBV00071.VDF : 8.11.154.68 93184 Bytes 6/11/2014 10:00:56
    XBV00072.VDF : 8.11.154.86 31232 Bytes 6/11/2014 10:00:56
    XBV00073.VDF : 8.11.154.102 4096 Bytes 6/11/2014 10:00:56
    XBV00074.VDF : 8.11.154.122 135168 Bytes 6/11/2014 10:00:56
    XBV00075.VDF : 8.11.154.126 17408 Bytes 6/11/2014 10:00:57
    XBV00076.VDF : 8.11.154.128 139264 Bytes 6/11/2014 10:00:57
    XBV00077.VDF : 8.11.154.130 4608 Bytes 6/11/2014 10:00:57
    XBV00078.VDF : 8.11.154.134 10752 Bytes 6/11/2014 10:00:57
    XBV00079.VDF : 8.11.154.136 8192 Bytes 6/11/2014 10:00:57
    XBV00080.VDF : 8.11.154.142 171520 Bytes 6/12/2014 10:00:57
    XBV00081.VDF : 8.11.154.144 7168 Bytes 6/12/2014 10:00:58
    XBV00082.VDF : 8.11.154.146 153600 Bytes 6/12/2014 14:00:25
    XBV00083.VDF : 8.11.154.150 2048 Bytes 6/12/2014 14:00:25
    XBV00084.VDF : 8.11.154.152 19968 Bytes 6/12/2014 14:00:25
    XBV00085.VDF : 8.11.154.156 138240 Bytes 6/12/2014 18:00:33
    XBV00086.VDF : 8.11.154.158 2048 Bytes 6/12/2014 18:00:34
    XBV00087.VDF : 8.11.154.162 4096 Bytes 6/12/2014 22:00:31
    XBV00088.VDF : 8.11.154.166 183808 Bytes 6/13/2014 10:00:32
    XBV00089.VDF : 8.11.154.168 2048 Bytes 6/13/2014 10:00:33
    XBV00090.VDF : 8.11.154.184 18432 Bytes 6/13/2014 12:00:28
    XBV00091.VDF : 8.11.154.200 19456 Bytes 6/13/2014 14:00:27
    XBV00092.VDF : 8.11.154.218 54272 Bytes 6/13/2014 18:00:34
    XBV00093.VDF : 8.11.154.220 171008 Bytes 6/14/2014 12:00:36
    XBV00094.VDF : 8.11.154.222 2048 Bytes 6/14/2014 12:00:36
    XBV00095.VDF : 8.11.154.226 142848 Bytes 6/14/2014 16:00:30
    XBV00096.VDF : 8.11.154.228 2048 Bytes 6/14/2014 18:00:37
    XBV00097.VDF : 8.11.154.230 2048 Bytes 6/14/2014 18:00:37
    LOCAL000.VDF : 8.11.154.230 106263040 Bytes 6/14/2014 18:00:47
    Engine version : 8.3.20.10
    AEVDF.DLL : 8.3.0.4 118976 Bytes 3/20/2014 15:53:43
    AESCRIPT.DLL : 8.1.4.212 528584 Bytes 6/13/2014 10:00:32
    AESCN.DLL : 8.3.1.2 135360 Bytes 5/28/2014 16:03:36
    AESBX.DLL : 8.2.20.24 1409224 Bytes 5/8/2014 13:20:37
    AERDL.DLL : 8.2.0.138 704888 Bytes 12/2/2013 13:56:26
    AEPACK.DLL : 8.4.0.24 778440 Bytes 5/13/2014 14:35:36
    AEOFFICE.DLL : 8.3.0.4 205000 Bytes 4/17/2014 15:23:09
    AEHEUR.DLL : 8.1.4.1112 6738120 Bytes 6/13/2014 10:00:32
    AEHELP.DLL : 8.3.1.0 278728 Bytes 5/28/2014 16:03:31
    AEGEN.DLL : 8.1.7.28 450752 Bytes 6/6/2014 10:05:33
    AEEXP.DLL : 8.4.2.2 237760 Bytes 6/4/2014 14:05:32
    AEEMU.DLL : 8.1.3.2 393587 Bytes 8/28/2012 18:07:28
    AEDROID.DLL : 8.4.2.24 442568 Bytes 6/4/2014 14:05:33
    AECORE.DLL : 8.3.1.4 241864 Bytes 6/6/2014 10:05:33
    AEBB.DLL : 8.1.1.4 53619 Bytes 11/5/2012 15:32:13
    AVWINLL.DLL : 14.0.4.620 24144 Bytes 5/20/2014 07:53:28
    AVPREF.DLL : 14.0.4.632 50256 Bytes 5/20/2014 07:53:34
    AVREP.DLL : 14.0.4.620 219216 Bytes 5/20/2014 07:53:35
    AVARKT.DLL : 14.0.4.632 225872 Bytes 5/20/2014 07:53:29
    AVEVTLOG.DLL : 14.0.4.620 182352 Bytes 5/20/2014 07:53:31
    SQLITE3.DLL : 14.0.4.620 452176 Bytes 5/20/2014 07:54:00
    AVSMTP.DLL : 14.0.4.620 76368 Bytes 5/20/2014 07:53:38
    NETNT.DLL : 14.0.4.620 13392 Bytes 5/20/2014 07:53:55
    RCIMAGE.DLL : 14.0.4.620 4786256 Bytes 5/20/2014 07:53:28
    RCTEXT.DLL : 14.0.4.620 72784 Bytes 5/20/2014 07:53:28
    Configuration settings for the scan:
    Jobname.............................: Complete system scan
    Configuration file..................: C:\program files (x86)\avira\antivir desktop\sysscan.avp
    Reporting...........................: default
    Primary action......................: Interactive
    Secondary action....................: Ignore
    Scan master boot sector.............: on
    Scan boot sector....................: on
    Boot sectors........................: C:,
    Process scan........................: on
    Extended process scan...............: on
    Scan registry.......................: on
    Search for rootkits.................: on
    Integrity checking of system files..: off
    Scan all files......................: All files
    Scan archives.......................: on
    Limit recursion depth...............: 20
    Smart extensions....................: on
    Macrovirus heuristic................: on
    File heuristic......................: extended
    Start of the scan: Sunday, June 15, 2014 02:04
    Start scanning boot sectors:
    Boot sector 'HDD0(C:)'
    [INFO] No virus was found!
    Starting search for hidden objects.
    Error in ARK library
    The scan of running processes will be started:
    Scan process 'svchost.exe' - '53' Module(s) have been scanned
    Scan process 'VPDAgent_x64.exe' - '21' Module(s) have been scanned
    Scan process 'nvvsvc.exe' - '36' Module(s) have been scanned
    Scan process 'svchost.exe' - '40' Module(s) have been scanned
    Scan process 'svchost.exe' - '104' Module(s) have been scanned
    Scan process 'svchost.exe' - '120' Module(s) have been scanned
    Scan process 'svchost.exe' - '91' Module(s) have been scanned
    Scan process 'svchost.exe' - '160' Module(s) have been scanned
    Scan process 'svchost.exe' - '29' Module(s) have been scanned
    Scan process 'svchost.exe' - '99' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '100' Module(s) have been scanned
    Scan process 'sched.exe' - '60' Module(s) have been scanned
    Scan process 'nvxdsync.exe' - '55' Module(s) have been scanned
    Scan process 'nvvsvc.exe' - '67' Module(s) have been scanned
    Scan process 'svchost.exe' - '64' Module(s) have been scanned
    Scan process 'ActiveDelayDeviceService.exe' - '34' Module(s) have been scanned
    Scan process 'avguard.exe' - '109' Module(s) have been scanned
    Scan process 'AppleMobileDeviceService.exe' - '74' Module(s) have been scanned
    Scan process 'WLANExt.exe' - '81' Module(s) have been scanned
    Scan process 'conhost.exe' - '17' Module(s) have been scanned
    Scan process 'devmonsrv.exe' - '40' Module(s) have been scanned
    Scan process 'mDNSResponder.exe' - '37' Module(s) have been scanned
    Scan process 'svchost.exe' - '34' Module(s) have been scanned
    Scan process 'E_S40STB.EXE' - '22' Module(s) have been scanned
    Scan process 'E_S40RPB.EXE' - '18' Module(s) have been scanned
    Scan process 'EvtEng.exe' - '66' Module(s) have been scanned
    Scan process 'svchost.exe' - '81' Module(s) have been scanned
    Scan process 'HeciServer.exe' - '28' Module(s) have been scanned
    Scan process 'IntelMeFWService.exe' - '26' Module(s) have been scanned
    Scan process 'jhi_service.exe' - '49' Module(s) have been scanned
    Scan process 'lkads.exe' - '55' Module(s) have been scanned
    Scan process 'sqlservr.exe' - '62' Module(s) have been scanned
    Scan process 'nimxs.exe' - '60' Module(s) have been scanned
    Scan process 'NeatStartupService.exe' - '50' Module(s) have been scanned
    Scan process 'nidmsrv.exe' - '55' Module(s) have been scanned
    Scan process 'SystemWebServer.exe' - '105' Module(s) have been scanned
    Scan process 'tagsrv.exe' - '75' Module(s) have been scanned
    Scan process 'Oasis2Service.exe' - '141' Module(s) have been scanned
    Scan process 'PMBDeviceInfoProvider.exe' - '34' Module(s) have been scanned
    Scan process 'rndlresolversvc.exe' - '26' Module(s) have been scanned
    Scan process 'rpdsvc.exe' - '86' Module(s) have been scanned
    Scan process 'avshadow.exe' - '29' Module(s) have been scanned
    Scan process 'RealPlayerUpdateSvc.exe' - '58' Module(s) have been scanned
    Scan process 'RegSrvc.exe' - '36' Module(s) have been scanned
    Scan process 'sqlwriter.exe' - '34' Module(s) have been scanned
    Scan process 'VESMgr.exe' - '42' Module(s) have been scanned
    Scan process 'WLIDSVC.EXE' - '81' Module(s) have been scanned
    Scan process 'VESMgrSub.exe' - '66' Module(s) have been scanned
    Scan process 'VESMgrSub.exe' - '73' Module(s) have been scanned
    Scan process 'ZeroConfigService.exe' - '85' Module(s) have been scanned
    Scan process 'DllHost.exe' - '45' Module(s) have been scanned
    Scan process 'unsecapp.exe' - '28' Module(s) have been scanned
    Scan process 'obexsrv.exe' - '41' Module(s) have been scanned
    Scan process 'wmiprvse.exe' - '49' Module(s) have been scanned
    Scan process 'DllHost.exe' - '40' Module(s) have been scanned
    Scan process 'lkcitdl.exe' - '58' Module(s) have been scanned
    Scan process 'lktsrv.exe' - '57' Module(s) have been scanned
    Scan process 'ApplicationWebServer.exe' - '59' Module(s) have been scanned
    Scan process 'nimdnsResponder.exe' - '63' Module(s) have been scanned
    Scan process 'niDiscSvc.exe' - '46' Module(s) have been scanned
    Scan process 'WLIDSvcM.exe' - '18' Module(s) have been scanned
    Scan process 'avmailc.exe' - '44' Module(s) have been scanned
    Scan process 'AVWEBGRD.EXE' - '68' Module(s) have been scanned
    Scan process 'SearchIndexer.exe' - '63' Module(s) have been scanned
    Scan process 'svchost.exe' - '39' Module(s) have been scanned
    Scan process 'PhotoshopElementsFileAgent.exe' - '33' Module(s) have been scanned
    Scan process 'BTHSAmpPalService.exe' - '21' Module(s) have been scanned
    Scan process 'BTHSSecurityMgr.exe' - '46' Module(s) have been scanned
    Scan process 'esrv_svc.exe' - '55' Module(s) have been scanned
    Scan process 'IAStorDataMgrSvc.exe' - '55' Module(s) have been scanned
    Scan process 'GoogleCrashHandler.exe' - '35' Module(s) have been scanned
    Scan process 'GoogleCrashHandler64.exe' - '30' Module(s) have been scanned
    Scan process 'RIconMan.exe' - '34' Module(s) have been scanned
    Scan process 'LMS.exe' - '34' Module(s) have been scanned
    Scan process 'daemonu.exe' - '80' Module(s) have been scanned
    Scan process 'VCPerfService.exe' - '43' Module(s) have been scanned
    Scan process 'uCamMonitor.exe' - '34' Module(s) have been scanned
    Scan process 'SPMService.exe' - '64' Module(s) have been scanned
    Scan process 'VSNService.exe' - '58' Module(s) have been scanned
    Scan process 'wmpnetwk.exe' - '121' Module(s) have been scanned
    Scan process 'taskeng.exe' - '29' Module(s) have been scanned
    Scan process 'vim.exe' - '60' Module(s) have been scanned
    Scan process 'UNS.exe' - '65' Module(s) have been scanned
    Scan process 'taskeng.exe' - '34' Module(s) have been scanned
    Scan process 'VSNClient.exe' - '70' Module(s) have been scanned
    Scan process 'VESGfxMgr.exe' - '27' Module(s) have been scanned
    Scan process 'rundll32.exe' - '27' Module(s) have been scanned
    Scan process 'Dwm.exe' - '38' Module(s) have been scanned
    Scan process 'Explorer.EXE' - '200' Module(s) have been scanned
    Scan process 'taskhost.exe' - '60' Module(s) have been scanned
    Scan process 'igfxext.exe' - '24' Module(s) have been scanned
    Scan process 'igfxsrvc.exe' - '30' Module(s) have been scanned
    Scan process 'RAVBg64.exe' - '42' Module(s) have been scanned
    Scan process 'RAVBg64.exe' - '42' Module(s) have been scanned
    Scan process 'igfxtray.exe' - '28' Module(s) have been scanned
    Scan process 'hkcmd.exe' - '26' Module(s) have been scanned
    Scan process 'igfxpers.exe' - '39' Module(s) have been scanned
    Scan process 'SynTPEnh.exe' - '47' Module(s) have been scanned
    Scan process 'GoogleUpdate.exe' - '57' Module(s) have been scanned
    Scan process 'rpsystray.exe' - '24' Module(s) have been scanned
    Scan process 'iusb3mon.exe' - '35' Module(s) have been scanned
    Scan process 'ISBMgr.exe' - '46' Module(s) have been scanned
    Scan process 'PMBVolumeWatcher.exe' - '68' Module(s) have been scanned
    Scan process 'avgnt.exe' - '126' Module(s) have been scanned
    Scan process 'jusched.exe' - '36' Module(s) have been scanned
    Scan process 'realsched.exe' - '39' Module(s) have been scanned
    Scan process 'SYNTPHELPER.EXE' - '17' Module(s) have been scanned
    Scan process 'nvtray.exe' - '59' Module(s) have been scanned
    Scan process 'svchost.exe' - '62' Module(s) have been scanned
    Scan process 'NOTEPAD.EXE' - '30' Module(s) have been scanned
    Scan process 'listener.exe' - '26' Module(s) have been scanned
    Scan process 'DllHost.exe' - '46' Module(s) have been scanned
    Scan process 'esrv.exe' - '48' Module(s) have been scanned
    Scan process 'conhost.exe' - '17' Module(s) have been scanned
    Scan process 'SPMgr.exe' - '65' Module(s) have been scanned
    Scan process 'taskeng.exe' - '34' Module(s) have been scanned
    Scan process 'KeyboardShortcuts.exe' - '109' Module(s) have been scanned
    Scan process 'IAStorIcon.exe' - '56' Module(s) have been scanned
    Scan process 'VCSystemTray.exe' - '141' Module(s) have been scanned
    Scan process 'VCService.exe' - '36' Module(s) have been scanned
    Scan process 'VCAgent.exe' - '171' Module(s) have been scanned
    Scan process 'vds.exe' - '62' Module(s) have been scanned
    Scan process 'VCAdmin.exe' - '145' Module(s) have been scanned
    Scan process 'vim.exe' - '64' Module(s) have been scanned
    Scan process 'svchost.exe' - '29' Module(s) have been scanned
    Scan process 'iexplore.exe' - '104' Module(s) have been scanned
    Scan process 'IEXPLORE.EXE' - '133' Module(s) have been scanned
    Scan process 'FlashUtil64_13_0_0_214_ActiveX.exe' - '67' Module(s) have been scanned
    Scan process 'avcenter.exe' - '126' Module(s) have been scanned
    Scan process 'avscan.exe' - '127' Module(s) have been scanned
    Scan process 'vssvc.exe' - '48' Module(s) have been scanned
    Scan process 'svchost.exe' - '29' Module(s) have been scanned
    Scan process 'IEXPLORE.EXE' - '107' Module(s) have been scanned
    Scan process 'SearchProtocolHost.exe' - '38' Module(s) have been scanned
    Scan process 'SearchFilterHost.exe' - '29' Module(s) have been scanned
    Scan process 'smss.exe' - '2' Module(s) have been scanned
    Scan process 'csrss.exe' - '18' Module(s) have been scanned
    Scan process 'csrss.exe' - '18' Module(s) have been scanned
    Scan process 'wininit.exe' - '27' Module(s) have been scanned
    Scan process 'winlogon.exe' - '32' Module(s) have been scanned
    Scan process 'services.exe' - '37' Module(s) have been scanned
    Scan process 'lsass.exe' - '76' Module(s) have been scanned
    Scan process 'lsm.exe' - '31' Module(s) have been scanned
    Starting to scan executable files (registry):
    The registry was scanned ( '2868' files ).

    Starting the file scan:
    Begin scan in 'C:\'
    [0] Archive type: NSIS
    --> ProgramFilesDir/winusbcoinstaller2.dll
    [1] Archive type: RSRC
    --> C:\MyDocs\orion\CmnUtils\DiagUtils\zlib128.zip
    [2] Archive type: ZIP
    --> zlib-1.2.8/contrib/dotzlib/DotZLib.chm
    [3] Archive type: CHM
    --> #IDXHDR
    [WARNING] The file could not be read!
    --> #TOPICS
    [WARNING] The file could not be read!
    --> #URLTBL
    [WARNING] The file could not be read!
    --> #URLSTR
    [WARNING] The file could not be read!
    --> #STRINGS
    [WARNING] The file could not be read!
    --> C:\MyDocs\orion\CmnUtils\DiagUtils\zlib128\zlib-1.2.8\contrib\dotzlib\DotZLib.chm
    [2] Archive type: CHM
    --> #IDXHDR
    [WARNING] The file could not be read!
    --> #TOPICS
    [WARNING] The file could not be read!
    --> #URLTBL
    [WARNING] The file could not be read!
    --> #URLSTR
    [WARNING] The file could not be read!
    --> #STRINGS
    [WARNING] The file could not be read!
    --> C:\MyDocs\Personal\Diving-Personal\TechDiving\Liquivision\album.zip
    [2] Archive type: ZIP
    --> V5.5 (SN 3401 +) General Utility Software - OMNITEST 6.04/erase_X1_program.exe
    [DETECTION] Is the TR/Buzus.isqza Trojan
    [WARNING] Infected files in archives cannot be repaired
    --> V5.5 (SN 3401 +) General Utility Software - OMNITEST 6.04/Public_OMNITEST_Software_v6_04.zzz
    [3] Archive type: ZIP
    --> erase_X1_program.exe
    [DETECTION] Is the TR/Buzus.isqza Trojan
    [WARNING] Infected files in archives cannot be repaired
    --> V5.5 (SN 3401 +) General Utility Software - OMNITEST 6.04/V5.5 General Utility Software - OMNITEST 6.04.zzz
    [3] Archive type: ZIP
    --> Public_OMNITEST_Software_v6_04.zzz
    [4] Archive type: ZIP
    --> erase_X1_program.exe
    [DETECTION] Is the TR/Buzus.isqza Trojan
    [WARNING] Infected files in archives cannot be repaired
    --> erase_X1_program.exe
    [DETECTION] Is the TR/Buzus.isqza Trojan
    [WARNING] Infected files in archives cannot be repaired
    C:\MyDocs\Personal\Diving-Personal\TechDiving\Liquivision\album.zip
    [DETECTION] Is the TR/Buzus.isqza Trojan
    --> C:\MyDocs\Personal\Diving-Personal\TechDiving\Liquivision\X1_V5_5_Diagnostic_SoftwareTake2.zip
    [2] Archive type: ZIP
    --> X1_V5_5_Diagnostic_Software/erase_X1_program.exe
    [DETECTION] Is the TR/Buzus.isqza Trojan
    [WARNING] Infected files in archives cannot be repaired
    C:\MyDocs\Personal\Diving-Personal\TechDiving\Liquivision\X1_V5_5_Diagnostic_SoftwareTake2.zip
    [DETECTION] Is the TR/Buzus.isqza Trojan
    C:\MyDocs\Personal\Diving-Personal\TechDiving\Liquivision\album\V5.5 (SN 3401 +) General Utility Software - OMNITEST 6.04\erase_X1_program.exe
    [DETECTION] Is the TR/Gendal.KD.371745 Trojan
    --> C:\MyDocs\Personal\Diving-Personal\TechDiving\Liquivision\album\V5.5 (SN 3401 +) General Utility Software - OMNITEST 6.04\Public_OMNITEST_Software_v6_04.zip
    [2] Archive type: ZIP
    --> erase_X1_program.exe
    [DETECTION] Is the TR/Buzus.isqza Trojan
    [WARNING] Infected files in archives cannot be repaired
    C:\MyDocs\Personal\Diving-Personal\TechDiving\Liquivision\album\V5.5 (SN 3401 +) General Utility Software - OMNITEST 6.04\Public_OMNITEST_Software_v6_04.zip
    [DETECTION] Is the TR/Buzus.isqza Trojan
    --> C:\MyDocs\Personal\Diving-Personal\TechDiving\Liquivision\album\V5.5 (SN 3401 +) General Utility Software - OMNITEST 6.04\V5.5 General Utility Software - OMNITEST 6.04.zip
    [2] Archive type: ZIP
    --> Public_OMNITEST_Software_v6_04.zzz
    [3] Archive type: ZIP
    --> erase_X1_program.exe
    [DETECTION] Is the TR/Buzus.isqza Trojan
    [WARNING] Infected files in archives cannot be repaired
    --> erase_X1_program.exe
    [DETECTION] Is the TR/Buzus.isqza Trojan
    [WARNING] Infected files in archives cannot be repaired
    C:\MyDocs\Personal\Diving-Personal\TechDiving\Liquivision\album\V5.5 (SN 3401 +) General Utility Software - OMNITEST 6.04\V5.5 General Utility Software - OMNITEST 6.04.zip
    [DETECTION] Is the TR/Buzus.isqza Trojan
    Beginning disinfection:
    C:\MyDocs\Personal\Diving-Personal\TechDiving\Liquivision\album\V5.5 (SN 3401 +) General Utility Software - OMNITEST 6.04\V5.5 General Utility Software - OMNITEST 6.04.zip
    [DETECTION] Is the TR/Buzus.isqza Trojan
    [WARNING] The file was ignored.
    C:\MyDocs\Personal\Diving-Personal\TechDiving\Liquivision\album\V5.5 (SN 3401 +) General Utility Software - OMNITEST 6.04\Public_OMNITEST_Software_v6_04.zip
    [DETECTION] Is the TR/Buzus.isqza Trojan
    [WARNING] The file was ignored.
    C:\MyDocs\Personal\Diving-Personal\TechDiving\Liquivision\album\V5.5 (SN 3401 +) General Utility Software - OMNITEST 6.04\erase_X1_program.exe
    [DETECTION] Is the TR/Gendal.KD.371745 Trojan
    [WARNING] The file was ignored.
    C:\MyDocs\Personal\Diving-Personal\TechDiving\Liquivision\X1_V5_5_Diagnostic_SoftwareTake2.zip
    [DETECTION] Is the TR/Buzus.isqza Trojan
    [WARNING] The file was ignored.
    C:\MyDocs\Personal\Diving-Personal\TechDiving\Liquivision\album.zip
    [DETECTION] Is the TR/Buzus.isqza Trojan
    [WARNING] The file was ignored.

    End of the scan: Sunday, June 15, 2014 06:19
    Used time: 3:58:59 Hour(s)
    The scan has been done completely.
    69701 Scanned directories
    1821486 Files were scanned
    13 Viruses and/or unwanted programs were found
    0 Files were classified as suspicious
    0 Files were deleted
    0 Viruses and unwanted programs were repaired
    0 Files were moved to quarantine
    0 Files were renamed
    0 Files cannot be scanned
    1821473 Files not concerned
    40485 Archives were scanned
    13 Warnings
    0 Notes
    145 Objects were scanned with rootkit scan
    0 Hidden objects were found
     
  3. Rwolf01

    Rwolf01 TS Rookie Topic Starter Posts: 91

    =====================| MalwareBytes Log File |=====================

    Malwarebytes Anti-Malware
    www.malwarebytes.org
    Scan Date: 6/15/2014
    Scan Time: 2:17:33 AM
    Logfile: MWBlogs.txt
    Administrator: Yes
    Version: 2.00.2.1012
    Malware Database: v2014.06.15.02
    Rootkit Database: v2014.06.02.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled
    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: Rwolf01
    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 346350
    Time Elapsed: 44 min, 54 sec
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled
    Processes: 0
    (No malicious items detected)
    Modules: 0
    (No malicious items detected)
    Registry Keys: 0
    (No malicious items detected)
    Registry Values: 0
    (No malicious items detected)
    Registry Data: 0
    (No malicious items detected)
    Folders: 2
    PUP.Optional.OpenCandy, C:\Users\Rwolf02\AppData\Roaming\OpenCandy, Quarantined, [1ca2accc6c0f2c0a108eee9a7191b54b],
    PUP.Optional.OpenCandy, C:\Users\Rwolf02\AppData\Roaming\OpenCandy\OpenCandy_49E72EED60914E5B9703E8F564312ACE, Quarantined, [1ca2accc6c0f2c0a108eee9a7191b54b],
    Files: 1
    PUP.Optional.OpenCandy.A, C:\Users\Rwolf02\Downloads\windows.7.codec.pack.v4.0.8.setup.exe, Quarantined, [685699df2754a29493e4132fc13f2fd1],
    Physical Sectors: 0
    (No malicious items detected)

    (end)
     
  4. Rwolf01

    Rwolf01 TS Rookie Topic Starter Posts: 91

    ======================| DDS: DDS.TXT File |====================

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 11.0.9600.17126 BrowserJavaVersion: 10.55.2
    Run by Rwolf01 at 6:20:58 on 2014-06-15
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8091.5189 [GMT -7:00]
    .
    AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
    SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\VPDAgent_x64.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Sony\VAIO Boot Manager\ActiveDelayDeviceService.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\system32\WLANExt.exe
    C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
    C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Intel\iCLS Client\HeciServer.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    C:\Windows\SysWOW64\lkads.exe
    c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
    C:\Program Files (x86)\National Instruments\MAX\nimxs.exe
    C:\Program Files (x86)\Neat\exec\NeatStartupService.exe
    C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
    C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe
    C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe
    C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe
    c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
    C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
    C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
    C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
    C:\Windows\SysWOW64\DllHost.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\SysWOW64\DllHost.exe
    C:\Windows\SysWOW64\lkcitdl.exe
    C:\Windows\SysWOW64\lktsrv.exe
    C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
    C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
    C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
    C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
    C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
    C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
    C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
    C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    C:\Program Files\Sony\VAIO Care\VCPerfService.exe
    C:\Program Files (x86)\ArcSoft\Magic-I Visual Effects 2\uCamMonitor.exe
    C:\Program Files\Sony\VAIO Power Management\SPMService.exe
    C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Sony\VAIO Improvement\vim.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
    C:\Program Files (x86)\Sony\VAIO Control Center\VESGfxMgr.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\igfxext.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
    C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
    C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\Sony\VAIO Care\listener.exe
    C:\Program Files\Sony\VAIO Care\esrv\esrv.exe
    C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Sony\Keyboard Shortcuts\KeyboardShortcuts.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
    C:\Program Files\Sony\VAIO Care\VCService.exe
    C:\Program Files\Sony\VAIO Care\VCAgent.exe
    C:\Windows\System32\vds.exe
    C:\Program Files\Sony\VAIO Care\VCAdmin.exe
    C:\Program Files\Sony\VAIO Improvement\vim.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uDefault_Page_URL = hxxp://sony.msn.com
    mWinlogon: Userinit = userinit.exe
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    uRun: [Google Update] "C:\Users\Rwolf02\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
    mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
    mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
    mRun: [PMBVolumeWatcher] c:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
    mRunOnce: [Malwarebytes Anti-Malware (cleanup)] "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe" "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware"
    dRun: [EPSON WorkForce 1100 Series (redirected 1)] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIFEA.EXE /FU "C:\Windows\TEMP\E_S1A1A.tmp" /EF "HKCU"
    dRun: [EPSON WorkForce 1100 Series (redirected 2)] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIFEA.EXE /FU "C:\Windows\TEMP\E_S31F2.tmp" /EF "HKCU"
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\REALPL~1.LNK - C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    LSP: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll
    DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} - hxxp://esupport.sony.com/VaioInfo.CAB
    DPF: {B8E53531-F29E-4180-AE3E-DF485CC8BE32} - hxxp://palumbicam.stanford.edu/JpegInstV4.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{6588E2D2-D207-44D2-ACC4-CC6F54BBAC79} : DHCPNameServer = 172.26.38.1 172.26.38.2
    TCP: Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255} : NameServer = 8.8.8.8,8.8.4.4
    TCP: Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255}\2427573786D27657563747 : NameServer = 8.8.8.8,8.8.4.4
    TCP: Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255}\2427573786D27657563747 : DHCPNameServer = 24.205.192.61 24.205.224.36 68.116.46.115
    TCP: Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255}\25564625F6F66694E6E6 : NameServer = 8.8.8.8,8.8.4.4
    TCP: Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255}\25564625F6F66694E6E6 : DHCPNameServer = 192.168.3.1 75.75.76.76 75.75.75.75
    TCP: Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255}\2577F6C66603132E08993702960586F6E656 : NameServer = 8.8.8.8,8.8.4.4
    TCP: Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255}\2577F6C66603132E08993702960586F6E656 : DHCPNameServer = 172.26.38.1 172.26.38.2
    TCP: Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255}\3416E646C65624169794E6E6 : NameServer = 8.8.8.8,8.8.4.4
    TCP: Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255}\3416E646C65624169794E6E6 : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255}\348627F6D6563616374733137383 : NameServer = 8.8.8.8,8.8.4.4
    TCP: Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255}\348627F6D6563616374733137383 : DHCPNameServer = 192.168.255.249
    TCP: Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255}\378616175796E61677 : NameServer = 8.8.8.8,8.8.4.4
    TCP: Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255}\378616175796E61677 : DHCPNameServer = 192.168.11.1
    TCP: Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255}\C4F6E656F416B6C4F6467656 : NameServer = 8.8.8.8,8.8.4.4
    TCP: Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255}\C4F6E656F416B6C4F6467656 : DHCPNameServer = 192.168.0.1
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
    x64-Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4
    x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SONYAPO
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    x64-mASetup: Neat ADF Scanner 2008 - reg copy "HKLM\Software\Wow6432Node\The Neat Company\Neat ADF Scanner 2008" "HKCU\Software\The Neat Company\Neat ADF Scanner 2008" /s /f
    x64-mASetup: Send To Neat - reg copy "HKLM\Software\The Neat Company\Send To Neat" "HKCU\Software\The Neat Company\Send To Neat" /s /f
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-3-11 16152]
    R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2013-9-5 30496]
    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-8-18 55856]
    R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-8-8 28600]
    R2 ActiveDelayDeviceService;ActiveDelayDeviceService;C:\Program Files (x86)\Sony\VAIO Boot Manager\ActiveDelayDeviceService.exe [2012-8-10 78472]
    R2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-9-1 169624]
    R2 Agent;VPDAgent;C:\Windows\VPDAgent_x64.exe [2013-3-20 148480]
    R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2013-7-29 772064]
    R2 AntiVirMailService;Avira Mail Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [2013-8-8 801872]
    R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2013-8-8 430160]
    R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2013-8-8 430160]
    R2 AntiVirWebService;Avira Web Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe [2013-8-8 1039440]
    R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-8-8 112080]
    R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-12-19 1014096]
    R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-12-19 1104208]
    R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-9-12 135984]
    R2 ESRV_SVC;Energy Server Service;C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe [2013-2-22 427432]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-8-10 13592]
    R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-8-10 2429544]
    R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448]
    R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-8-10 127320]
    R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-8-10 162648]
    R2 Neat Startup Service;Neat Startup Service;C:\Program Files (x86)\Neat\exec\NeatStartupService.exe [2013-2-23 5632]
    R2 NIApplicationWebServer;NI Application Web Server;C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [2012-5-22 53960]
    R2 nimDNSResponder;NI mDNS Responder Service;C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [2012-5-31 258776]
    R2 NINetworkDiscovery;NI Network Discovery;C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe [2012-6-6 169192]
    R2 Oasis2Service;Oasis2Service;C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2013-7-2 61440]
    R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [2012-2-21 473960]
    R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2014-4-6 39568]
    R2 RealPlayer Cloud Service;RealPlayer Cloud Service;C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [2014-5-2 1141848]
    R2 RealPlayerUpdateSvc;RealPlayer Update Service;C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [2014-4-7 23552]
    R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2013-2-21 258048]
    R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-I Visual Effects 2\uCamMonitor.exe [2012-8-10 105024]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-8-10 362840]
    R2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2012-8-10 535688]
    R2 VSNService;VSNService;C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2012-8-10 978056]
    R2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2013-11-20 3674864]
    R3 AMPPAL;Intel(r) Centrino(r) Wireless Bluetooth(r) + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2013-7-29 164832]
    R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\System32\drivers\ArcSoftKsUFilter.sys [2012-8-10 19968]
    R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2011-12-13 94720]
    R3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2011-12-13 747008]
    R3 ibtfltcoex;ibtfltcoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2011-12-14 60416]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-4-4 331264]
    R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-3-11 356120]
    R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-3-11 788760]
    R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2012-2-28 25496]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-8-10 676968]
    R3 semav6thermal64ro;semav6thermal64ro;C:\Windows\System32\drivers\semav6thermal64ro.sys [2012-11-15 13792]
    R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2012-1-15 14336]
    R3 SIUSBXP;SIUSBXP;C:\Windows\System32\drivers\SiUSBXp.sys [2009-11-3 19456]
    R3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2012-5-29 54464]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
    S3 AMPPALP;Intel(r) Centrino(r) Wireless Bluetooth(r) + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2013-7-29 164832]
    S3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-12-19 1304912]
    S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y60x64.sys [2009-6-10 281088]
    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-6-11 111616]
    S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2012-2-28 34232]
    S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\System32\drivers\ivusb.sys [2010-7-29 29720]
    S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2013-11-20 284912]
    S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2012-9-10 22528]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-3-3 19456]
    S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2012-8-10 340072]
    S3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-12-1 289952]
    S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2011-5-13 157672]
    S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2011-5-13 16872]
    S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2011-5-13 177640]
    S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-3-3 56832]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-3-3 30208]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
    S3 USER_ESRV_SVC;User Energy Server Service;C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe [2013-2-22 427432]
    S3 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-12-29 960160]
    S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-12-21 550128]
    S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-8-26 101600]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-17 1255736]
    S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
    S4 NIApplicationWebServer64;NI Application Web Server (64-bit);C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [2012-5-22 76488]
    S4 RsFx0103;RsFx0103 Driver;C:\Windows\System32\drivers\RsFx0103.sys [2009-3-30 311656]
    S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== File Associations ===============
    .
    FileExt: .scr: AutoCADScriptFile="C:\Windows\notepad.exe" "%1"
    FileExt: .inf: inffile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
    .
    =============== Created Last 30 ================
    .
    2014-06-15 11:12:21 79064 ----a-w- C:\Windows\System32\drivers\qtoqgw.sys
    2014-06-15 09:14:19 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
    2014-06-15 09:14:00 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
    2014-06-15 09:14:00 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
    2014-06-15 09:14:00 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2014-06-15 09:14:00 -------- d-----w- C:\ProgramData\Malwarebytes
    2014-06-15 09:14:00 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-06-12 16:21:42 -------- d-----w- C:\Users\Rwolf02\AppData\Local\Apps
    2014-06-12 13:22:23 -------- d-----w- C:\Program Files (x86)\Seagate
    2014-06-11 16:36:49 -------- d-----w- C:\ProgramData\Samsung
    2014-06-11 16:36:18 -------- d-----w- C:\Program Files (x86)\Samsung
    2014-06-11 16:34:21 770912 ----a-w- C:\Windows\SysWow64\Msfdbqp.dll
    2014-06-11 16:34:21 511328 ----a-w- C:\Windows\SysWow64\Synchronization2.dll
    2014-06-11 16:34:21 4659712 ----a-w- C:\Windows\SysWow64\Redemption.dll
    2014-06-11 16:34:21 397152 ----a-w- C:\Windows\SysWow64\Msfdbse.dll
    2014-06-11 16:34:21 253280 ----a-w- C:\Windows\SysWow64\MetaStore2.dll
    2014-06-11 16:34:21 230240 ----a-w- C:\Windows\SysWow64\Msfdb.dll
    2014-06-11 16:34:21 189792 ----a-w- C:\Windows\SysWow64\SimpleProviders2.dll
    2014-06-11 16:34:21 171360 ----a-w- C:\Windows\SysWow64\FileSyncProvider2.dll
    2014-06-11 16:34:21 156512 ----a-w- C:\Windows\SysWow64\FeedSync2.dll
    2014-06-11 11:34:37 506368 ----a-w- C:\Windows\System32\aepdu.dll
    2014-06-11 11:34:37 424448 ----a-w- C:\Windows\System32\aeinv.dll
    2014-05-23 23:48:06 -------- d-----w- C:\Program Files (x86)\DeepSkyStacker
    2014-05-16 15:56:24 1619632 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\OGL.DLL
    .
    ==================== Find3M ====================
    .
    2014-05-30 10:02:37 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
    2014-05-30 10:02:09 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
    2014-05-30 09:39:43 548352 ----a-w- C:\Windows\System32\vbscript.dll
    2014-05-30 09:39:23 66048 ----a-w- C:\Windows\System32\iesetup.dll
    2014-05-30 09:38:29 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
    2014-05-30 09:21:23 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
    2014-05-30 09:21:05 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
    2014-05-30 09:20:36 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
    2014-05-30 09:11:24 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
    2014-05-30 09:08:22 5782528 ----a-w- C:\Windows\System32\jscript9.dll
    2014-05-30 09:02:39 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2014-05-30 08:55:36 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
    2014-05-30 08:44:28 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2014-05-30 08:43:06 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2014-05-30 08:42:16 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
    2014-05-30 08:28:33 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2014-05-30 08:27:56 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
    2014-05-30 08:24:19 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
    2014-05-30 08:23:22 2040832 ----a-w- C:\Windows\System32\inetcpl.cpl
    2014-05-30 08:10:46 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
    2014-05-30 07:56:56 2266112 ----a-w- C:\Windows\System32\wininet.dll
    2014-05-30 07:56:50 4244992 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2014-05-30 07:50:09 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
    2014-05-30 07:49:38 1964544 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2014-05-30 07:21:10 1790976 ----a-w- C:\Windows\SysWow64\wininet.dll
    2014-05-20 07:53:32 112080 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
    2014-05-14 18:36:37 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-05-14 18:36:37 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2014-05-08 09:32:11 3178496 ----a-w- C:\Windows\System32\rdpcorets.dll
    2014-05-08 09:32:11 16384 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
    2014-04-25 02:34:59 801280 ----a-w- C:\Windows\System32\usp10.dll
    2014-04-25 02:06:17 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
    2014-04-15 03:13:43 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
    2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
    2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll
    2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
    2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll
    2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
    2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
    2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    2014-04-05 02:47:20 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2014-04-05 02:47:09 288192 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
    2014-04-01 05:46:48 130712 ----a-w- C:\Windows\SysWow64\MSSTDFMT.DLL
    2014-04-01 05:46:48 1070232 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
    2014-03-26 14:44:48 2002432 ----a-w- C:\Windows\System32\msxml6.dll
    2014-03-26 14:44:48 1882112 ----a-w- C:\Windows\System32\msxml3.dll
    2014-03-26 14:41:39 2048 ----a-w- C:\Windows\System32\msxml6r.dll
    2014-03-26 14:41:39 2048 ----a-w- C:\Windows\System32\msxml3r.dll
    2014-03-26 14:27:50 1389056 ----a-w- C:\Windows\SysWow64\msxml6.dll
    2014-03-26 14:27:50 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2014-03-26 14:25:14 2048 ----a-w- C:\Windows\SysWow64\msxml6r.dll
    2014-03-26 14:25:14 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
    .
    ============= FINISH: 6:21:27.53 ===============
     
  5. Rwolf01

    Rwolf01 TS Rookie Topic Starter Posts: 91

    ====================| DDS: Attach.txt File |=======================
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume3
    Install Date: 8/10/2012 4:12:18 PM
    System Uptime: 6/15/2014 1:40:49 AM (5 hours ago)
    .
    Motherboard: Sony Corporation | | VAIO
    Processor: Intel(R) Core(TM) i7-3612QM CPU @ 2.10GHz | N/A | 2101/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 679 GiB total, 138.637 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Bluetooth Device (Personal Area Network)
    Device ID: BTH\MS_BTHPAN\7&31428CDE&0&2
    Manufacturer: Microsoft
    Name: Bluetooth Device (Personal Area Network)
    PNP Device ID: BTH\MS_BTHPAN\7&31428CDE&0&2
    Service: BthPan
    .
    Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
    Description: MediaPlayer
    Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??
    _USBSTOR#DISK&VEN_BUILDWIN&PROD__MEDIAPLAYER&REV_4.05#9&5D1CE9A&0&2010123456787899&0#
    Manufacturer: Buildwin
    Name: F:\
    PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??
    _USBSTOR#DISK&VEN_BUILDWIN&PROD__MEDIAPLAYER&REV_4.05#9&5D1CE9A&0&2010123456787899&0#
    Service: WUDFRd
    .
    ==== System Restore Points ===================
    .
    RP225: 6/1/2014 10:00:47 PM - Windows Backup
    RP226: 6/8/2014 10:00:43 PM - Windows Backup
    RP227: 6/11/2014 9:34:57 AM - Installed Kies mini
    RP228: 6/12/2014 3:00:21 AM - Windows Update
    RP229: 6/12/2014 3:47:26 AM - Removed Kies mini
    RP230: 6/12/2014 6:22:53 AM - Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
    RP231: 6/12/2014 8:28:29 AM - Windows Backup
    .
    ==== Installed Programs ======================
    .
    ACID Music Studio 8.0
    Adobe AIR
    Adobe Community Help
    Adobe Flash Player 13 ActiveX
    Adobe Flash Player 13 Plugin
    Adobe Photoshop Elements 10
    Adobe Photoshop Lightroom 4.4 64-bit
    Adobe Photoshop.com Inspiration Browser
    Adobe Premiere Elements 10
    Adobe Reader 9.5.5
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Application Manager for VAIO
    ArcSoft Magic-I Visual Effects 2
    ArcSoft WebCam Companion 4
    AutoCAD 2004
    Autodesk Express Viewer
    Avira Antivirus Premium
    Bonjour
    ChromecastApp
    Critical Update for Microsoft Visual Studio 2010 Professional - ENU (KB2938807)
    Crystal Reports for Visual Studio
    CyberLink PowerDVD
    D3DX10
    Deco Planner 3
    DeepSkyStacker
    Dolby Home Theater v4
    Dotfuscator Software Services - Community Edition
    DVD Architect Studio 5.0
    Elements 10 Organizer
    EPSON WorkForce 1100 Series Printer Uninstall
    FDUx86
    Garmin MapSource
    Garmin USB Drivers
    Google Chrome
    Google Earth
    Google Update Helper
    Hotfix for Microsoft Team Foundation Server 2010 Object Model - ENU (KB2736182)
    Hotfix for Microsoft Team Foundation Server 2010 Object Model - ENU (KB2890573)
    Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2529927)
    Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2542054)
    Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2548139)
    Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2549864)
    Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2635973)
    Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2736182)
    Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2890573)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2280741)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2284668)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2295689)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2420513)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2452649)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2455033)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2485545)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982517)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982721)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB983233)
    iCloud
    ImageJ 1.46r
    Intel(R) Management Engine Components
    Intel(R) OpenCL CPU Runtime
    Intel(R) PRO/Wireless Driver
    Intel(R) Processor Graphics
    Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed
    Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
    Intel(R) Rapid Storage Technology
    Intel(R) USB 3.0 eXtensible Host Controller Driver
    Intel(R) WiDi
    Intel(R) Wireless Display
    Intel® PROSet/Wireless Software
    Intel® PROSet/Wireless WiFi Software
    Intel® Trusted Connect Service Client
    iTunes
    Japanese Fonts Support For Adobe Reader 9
    Java 7 Update 55
    Java Auto Updater
    Junk Mail filter update
    Keyboard_Shortcuts
    KUx86
    Malwarebytes Anti-Malware version 2.0.2.1012
    MapSource - US Topo v3.02
    Math Kernel Libraries
    Math Kernel Libraries (64-bit)
    Media Go
    Mesh Runtime
    Microsoft .NET Framework 4 Multi-Targeting Pack
    Microsoft .NET Framework 4.5.1
    Microsoft Application Error Reporting
    Microsoft ASP.NET MVC 2
    Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
    Microsoft Camera Codec Pack
    Microsoft Help Viewer 1.1
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Office 64-bit Components 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional Plus 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared 64-bit MUI (English) 2007
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Silverlight 3 SDK
    Microsoft Silverlight 4 SDK
    Microsoft Silverlight 5.1
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server 2008 (64-bit)
    Microsoft SQL Server 2008 Browser
    Microsoft SQL Server 2008 Common Files
    Microsoft SQL Server 2008 Database Engine Services
    Microsoft SQL Server 2008 Database Engine Shared
    Microsoft SQL Server 2008 Native Client
    Microsoft SQL Server 2008 R2 Data-Tier Application Framework
    Microsoft SQL Server 2008 R2 Data-Tier Application Project
    Microsoft SQL Server 2008 R2 Management Objects
    Microsoft SQL Server 2008 R2 Management Objects (x64)
    Microsoft SQL Server 2008 R2 Transact-SQL Language Service
    Microsoft SQL Server 2008 RsFx Driver
    Microsoft SQL Server 2008 Setup Support Files
    Microsoft SQL Server Compact 3.5 SP2 ENU
    Microsoft SQL Server Compact 3.5 SP2 x64 ENU
    Microsoft SQL Server Database Publishing Wizard 1.4
    Microsoft SQL Server System CLR Types
    Microsoft SQL Server System CLR Types (x64)
    Microsoft SQL Server VSS Writer
    Microsoft Sync Framework Runtime v1.0 SP1 (x64)
    Microsoft Sync Framework SDK v1.0 SP1
    Microsoft Sync Framework Services v1.0 SP1 (x64)
    Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)
    Microsoft Team Foundation Server 2010 Object Model - ENU
    Microsoft Visual C++ Compilers 2010 Standard - enu - x64
    Microsoft Visual C++ Compilers 2010 Standard - enu - x86
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
    Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
    Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
    Microsoft Visual F# 2.0 Runtime
    Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
    Microsoft Visual Studio 2010 Office Developer Tools (x64)
    Microsoft Visual Studio 2010 Professional - ENU
    Microsoft Visual Studio 2010 Service Pack 1
    Microsoft Visual Studio 2010 SharePoint Developer Tools
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    Microsoft Visual Studio Macro Tools
    MSVCRT
    MSVCRT Redists
    MSVCRT_amd64
    MSXML 4.0 SP2 Parser and SDK
    MSXML 4.0 SP3 Parser
    MSXML 4.0 SP3 Parser (KB2721691)
    MSXML 4.0 SP3 Parser (KB2758694)
    MultiDeco divelog manager 2.68
    National Instruments Software
    Neat
    Neat ADF Scanner 2008 Driver
    Neat ADF Scanner Driver
    Neat Core Files
    Neat Mobile Scanner (Silver) Driver
    Neat Mobile Scanner 2008 Driver
    Neat Mobile Scanner Driver
    NI-DAQmx/LabVIEW shared documentation 9.5.5
    NI-DAQmx/LabVIEW shared documentation for 64 Bit Windows 9.5.5
    NI-Mesa
    NI-RPC 4.3.0f0
    NI-RPC 4.3.0f0 for 64 Bit Windows
    NI-RPC 4.3.0f0 for Phar Lap ETS
    NI .NET Framework 4.0
    NI ActiveX Container
    NI ActiveX Container (64-bit)
    NI Assistant Framework
    NI Assistant Framework 64-bit
    NI Assistant Framework LabVIEW Code Generator 2012
    NI Authentication 12.0.0
    NI Authentication 12.0.0 (64-bit)
    NI CodeSignAPI
    NI Curl 12.0.0
    NI Curl 12.0.0 (64-bit)
    NI Customer Experience Improvement Program
    NI DataSocket 5.0
    NI DataSocket 5.0 (64-bit)
    NI Distributed System Manager 2012
    NI DN 2.0 SP1 installer
    NI Error Reporting 2012
    NI EulaDepot
    NI Example Finder 12.0
    NI GMP Windows 32-bit Installer 12.0.0
    NI GMP Windows 64-bit Installer 12.0.0
    NI Help Assistant
    NI Help Assistant (64bit)
    NI Instrument IO Assistant for LabVIEW 2012 32-bit
    NI LabVIEW 2011 Real-Time NBFifo
    NI LabVIEW 2012
    NI LabVIEW 2012 (32-bit)
    NI LabVIEW 2012 Deployable License
    NI LabVIEW 2012 Deployment Framework
    NI LabVIEW 2012 Help
    NI LabVIEW 2012 Help File
    NI LabVIEW 2012 License
    NI LabVIEW 2012 Manuals
    NI LabVIEW 2012 MeasAppChm File
    NI LabVIEW 2012 Real-Time Error Dialog
    NI LabVIEW 2012 Real-Time NBFifo
    NI LabVIEW 2012 Run-Time Engine Web Server
    NI LabVIEW 2012 Scripting Code Generator
    NI LabVIEW 2012 Search
    NI LabVIEW 2012 Simulation
    NI LabVIEW 2012 Variable Web Service
    NI LabVIEW 2012 Web Server
    NI LabVIEW Broker
    NI LabVIEW Broker (64 bit)
    NI LabVIEW C Interface
    NI LabVIEW Compare Utility 12.0.0
    NI LabVIEW MAX XML
    NI LabVIEW Merge Utility 12.0.0
    NI LabVIEW Run-Time Engine 2011 SP1
    NI LabVIEW Run-Time Engine 2012
    NI LabVIEW Run-Time Engine Interop 2011
    NI LabVIEW Run-Time Engine Interop 2012
    NI LabVIEW Web Server for Run-Time Engine
    NI LabVIEW Web Services Runtime
    NI LabWindows/CVI 2010 LabVIEW DLL Builder
    NI LabWindows/CVI 2010 SP1 Analysis Library
    NI LabWindows/CVI 2010 SP1 Analysis Library (64-bit)
    NI LabWindows/CVI 2010 SP1 Code Generator
    NI LabWindows/CVI 2010 SP1 Low-Level Driver (Original)
    NI LabWindows/CVI 2010 SP1 Low-Level Driver (Updated)
    NI LabWindows/CVI 2010 SP1 Network Variable Library
    NI LabWindows/CVI 2010 SP1 Network Variable Library (64-bit)
    NI LabWindows/CVI 2010 SP1 Run-Time Engine (64-bit)
    NI LabWindows/CVI 2010 SP1 TDM Streaming Library
    NI LabWindows/CVI 2010 SP1 TDM Streaming Library (64-bit)
    NI LabWindows/CVI Run-Time Engine 2010 SP1
    NI LabWindows/CVI Run-Time Engine 2010 SP1 (Updated)
    NI License Manager
    NI Logos 5.4
    NI Logos 5.4 (64-bit)
    NI Logos LabVIEW 2012 Support
    NI Logos XT Support
    NI Logos64 XT Support
    NI Math Kernel Libraries
    NI Math Kernel Libraries (64-bit)
    NI MAX Remote Configuration 64-bit Installer 5.3
    NI MAX Remote Configuration Installer 5.3
    NI MAX Support for 64 Bit Windows
    NI MDF Support
    NI mDNS Responder 2.1 for Windows 64-bit
    NI mDNS Responder 2.1.0
    NI Measurement & Automation Explorer 5.3.0
    NI Measurement Studio Recipe Processor
    NI MetaSuite Installer
    NI MXS 5.3.0
    NI MXS 5.3.0 for 64 Bit Windows
    NI Network Discovery 5.3
    NI Network Discovery 5.3 for Windows 64-bit
    NI NI LabVIEW 2011 SP1 Run-Time Engine Non-English Support
    NI NI LabVIEW 2012 Run-Time Engine Non-English Support.
    NI OPC Support
    NI Portable Configuration 5.3.0
    NI Portable Configuration for 64 Bit Windows 5.3.0
    NI Registration Wizard
    NI Remote Provider for MAX 5.3.0
    NI Remote PXI Provider for MAX 5.3.0
    NI Search Shared
    NI SLCP 1.0
    NI Software Provider for MAX 5.3.0
    NI SSL LabVIEW 2012 Support
    NI SSL LabVIEW RTE 2012 Support
    NI SSL Support
    NI SSL Support (64-bit)
    NI System API Client for WIF 5.3.0
    NI System API Web-Servce 32-bit 5.3.0
    NI System API Windows 32-bit 5.3.0
    NI System API Windows 64-bit 5.3.0
    NI System Configuration 5.3.0 LabVIEW Support
    NI System Configuration LV2012 Support 5.3.0
    NI System Configuration Runtime 5.3.0
    NI System Configuration Runtime 5.3.0 for Windows 64-bit
    NI System State Publisher
    NI System State Publisher (64-bit)
    NI System Web Server 12.0
    NI System Web Server Base 12.0.0
    NI System Web Server Base 12.0.0 (64-bit)
    NI TDM Excel Add-In 3.4
    NI TDM Excel Add-In 3.4 64-bit
    NI TDM Streaming 2.4
    NI TDM Streaming 2.4 (64-bit)
    NI Trace Engine
    NI Trace Engine (64-bit)
    NI Uninstaller
    NI Update Service 2.1
    NI USI 2.0.0
    NI USI 2.0.0 64-Bit
    NI Variable Engine (64-bit)
    NI Variable Engine 2.6.0
    NI Variable Engine LabVIEW 2012 Support
    NI VC2005MSMs x64
    NI VC2005MSMs x86
    NI VC2008MSMs x64
    NI VC2008MSMs x86
    NI VC2010MSMs x64
    NI VC2010MSMs x86
    NI VIPM Helper 2012
    NI Web Application Server 12.0
    NI Web Application Server 12.0 (64-bit)
    NI Web Interface Framework 2012
    NI Web Pipeline 2.0.1
    NI Web Pipeline 2.0.1 64-bit support
    NI Xalan Delay Load 1.10.2
    NI Xalan Delay Load 1.10.2 64-bit
    NI Xerces Delay Load 2.7.3
    NI Xerces Delay Load 2.7.3 64-bit
    NVIDIA Control Panel 327.02
    NVIDIA Graphics Driver 327.02
    NVIDIA Install Application
    NVIDIA Optimus 1.14.17
    NVIDIA PhysX
    NVIDIA PhysX System Software 9.11.1111
    NVIDIA Update 1.14.17
    NVIDIA Update Components
    Oasis2Service
    OLYMPUS Digital Camera Updater
    OLYMPUS Raw Codec
    Paint Shop Pro 7 Anniversary Edition
    PDF4Free 2.0
    PlayMemories Home
    PlayReady PC Runtime amd64
    PlayStation(R)Network Downloader
    PlayStation(R)Store
    PRE10STI64Installer
    PrimoPDF -- brought to you by Nitro PDF Software
    PSE10 STI Installer
    QuickBooks Pro 99
    QuickTime
    Reader for PC
    RealDownloader
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealNetworks - Microsoft Visual C++ 2010 Runtime
    RealPlayer Cloud
    Realtek Ethernet Controller Driver
    Realtek High Definition Audio Driver
    Realtek PCIE Card Reader
    RealUpgrade 1.1
    Recuva
    Remote Keyboard
    Remote Play with PlayStation(R)3
    Reset NI Config 5.0.0
    SAMSUNG USB Driver for Mobile Phones
    SeaTools for Windows
    Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2878233) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2880513) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2817565) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2880515) 32-Bit Edition
    Security Update for Microsoft Visual Studio 2010 Professional - ENU (KB2644980)
    Security Update for Microsoft Visual Studio 2010 Professional - ENU (KB2645410)
    Security Update for Microsoft Visual Studio Macro Tools (KB2669970)
    Send To Neat
    Service Pack 1 for SQL Server 2008 (KB968369) (64-bit)
    Skype™ 6.11
    SmartSound Common Data
    SmartSound Premiere Elements 10 x64 Plugin
    SmartSound Sonicfire Pro 5
    Sound Forge Audio Studio 10.0
    Sql Server Customer Experience Improvement Program
    SSLx64
    SSLx86
    Synaptics Pointing Device Driver
    TrackID(TM) with BRAVIA
    TriDef 3D (Sony) 2.0.5
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2881065) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    UpdateService
    V3DPx86
    VAIO - Microsoft Visual C++ 2010 SP1 Runtime 10.0.40219.325
    VAIO - PlayMemories Home Plug-in
    VAIO - Remote Keyboard
    VAIO - Remote Keyboard with PlayStation®3
    VAIO - Remote Play with PlayStation®3
    VAIO - TrackID™ with BRAVIA
    VAIO 3D Portal
    VAIO Care
    VAIO Control Center
    VAIO CPU Fan Diagnostic
    VAIO Data Restore Tool
    VAIO Easy Connect
    VAIO Gate
    VAIO Gate Default
    VAIO Gesture Control
    VAIO Health Report
    VAIO Help and Support
    VAIO Improvement
    VAIO Manual
    VAIO OOBE
    VAIO Sample Contents
    VAIO Satisfaction Survey.
    VAIO Smart Network
    VAIO Transfer Support
    VBMx86
    VCCx64
    VCCx86
    Vegas Movie Studio HD Platinum 11.0
    VGClientX64
    VGClientX86
    VHD
    ViewSonic Windows 7 Signed Files
    Visual Studio 2010 Prerequisites - English
    Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
    VIx64
    VIx86
    VMLx86
    VPMx64
    VSNx64
    VSNx86
    VSSTx64
    VSSTx86
    VU5x64
    VU5x86
    VWSTx86
    WCF RIA Services V1.0 SP1
    Web Deployment Tool
    WIF Core Dependencies Windows 5.3.0
    Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
    Windows Driver Package - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009
    1.0.0.0)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    .
    ==== Event Viewer Messages From Past Week ========
    .
    6/15/2014 3:36:07 AM, Error: Schannel [36888] - The following fatal alert was generated: 40.
    The internal error state is 107.
    6/15/2014 3:36:07 AM, Error: Schannel [36874] - An SSL 3.0 connection request was received
    from a remote client application, but none of the cipher suites supported by the client
    application are supported by the server. The SSL connection request has failed.
    6/14/2014 9:27:14 PM, Error: Service Control Manager [7022] - The VAIO Care Performance
    Service service hung on starting.
    6/14/2014 9:24:27 PM, Error: Service Control Manager [7022] - The Energy Server Service
    service hung on starting.
    6/14/2014 9:18:37 PM, Error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless
    Zero Configuration Service service terminated unexpectedly. It has done this 1 time(s).
    6/14/2014 9:15:17 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer
    has rebooted from a bugcheck. The bugcheck was: 0x0000001a (0x0000000000041790,
    0xfffffa8001cac760, 0x000000000000ffff, 0x0000000000000000). A dump was saved in: C:\Windows
    \MEMORY.DMP. Report Id: 061414-64787-01.
    6/13/2014 3:24:26 AM, Error: Schannel [36888] - The following fatal alert was generated: 40.
    The internal error state is 252.
    6/12/2014 8:12:23 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-
    specific permission settings do not grant Local Activation permission for the COM Server
    application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-
    43CE-924B-0704BD730D5F} to the user RWOLF02\Rwolf01 SID (S-1-5-21-747785638-1536544367-
    690633523-1001) from address LocalHost (Using LRPC). This security permission can be modified
    using the Component Services administrative tool.
    6/12/2014 8:12:22 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-
    specific permission settings do not grant Local Activation permission for the COM Server
    application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-
    4927-A040-7C35AD3180EF} to the user RWOLF02\Rwolf01 SID (S-1-5-21-747785638-1536544367-
    690633523-1001) from address LocalHost (Using LRPC). This security permission can be modified
    using the Component Services administrative tool.
    6/12/2014 8:12:21 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-
    specific permission settings do not grant Local Activation permission for the COM Server
    application with CLSID {B77C4C36-0154-4C52-AB49-FAA03837E47F} and APPID {EA022610-0748-
    4C24-B229-6C507EBDFDBB} to the user RWOLF02\Rwolf01 SID (S-1-5-21-747785638-1536544367-
    690633523-1001) from address LocalHost (Using LRPC). This security permission can be modified
    using the Component Services administrative tool.
    6/12/2014 8:08:46 AM, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted
    memory across the previous system power transition. Please check for updated firmware for
    your system.
    6/12/2014 6:45:35 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and
    unusable. Please run the chkdsk utility on the volume E:.
    6/12/2014 6:45:25 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds)
    was reached while waiting for a transaction response from the LanmanServer service.
    6/12/2014 6:44:57 AM, Error: Disk [11] - The driver detected a controller error on \Device
    \Harddisk1\DR8.
    6/12/2014 6:38:59 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds)
    was reached while waiting for a transaction response from the WSearch service.
    6/12/2014 6:28:58 AM, Error: Disk [11] - The driver detected a controller error on \Device
    \Harddisk1\DR7.
    6/12/2014 6:23:00 AM, Error: Disk [11] - The driver detected a controller error on \Device
    \Harddisk1\DR6.
    6/12/2014 6:18:23 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds)
    was reached while waiting for a transaction response from the ShellHWDetection service.
    6/12/2014 5:58:01 AM, Error: volsnap [27] - The shadow copies of volume E: were aborted
    during detection because a critical control file could not be opened.
    6/12/2014 3:43:33 AM, Error: Service Control Manager [7022] - The Windows Update service hung
    on starting.
    6/12/2014 3:38:58 AM, Error: Service Control Manager [7022] - The NVIDIA Update Service
    Daemon service hung on starting.
    6/12/2014 11:07:03 AM, Error: NetBT [4321] - The name "ASDF-QWERTY :1d" could not be
    registered on the interface with IP address 192.168.0.133. The computer with the IP address
    192.168.0.135 did not allow the name to be claimed by this computer.
    6/11/2014 10:50:18 AM, Error: Microsoft-Windows-SharedAccess_NAT [30009] - The DHCP allocator
    encountered a network error while attempting to reply on IP address 0.0.0.0 to a request from
    a client. The data is the error code.
    .
    ==== End Of File ===========================
     
  6. Broni

    Broni Malware Annihilator Posts: 47,986   +271

  7. Rwolf01

    Rwolf01 TS Rookie Topic Starter Posts: 91

    Please accept my sincere apologies. That was a frustrating situation. It was not my system. I was trying to help a friend, but he had unrealistic expectations for how long it would take to fully clean the system. I lost access to the computer when my friend and the laptop left the country to a go study manta rays in Puerto Lopez. (a fishing village in Ecuador)

    That doesn't excuse my poor communications though. I should not have let my frustration with the situation affect how I treated you.

    This situation is different. I'm working on my own laptop so I can dedicate as much time as it takes to see the debugging process through to completion.

    I hope you will see fit to assist me, but I can understand if self-respect prevents you from doing that. If you are unable to help me, please just point me in the right direction and I'll go away quietly...
     
  8. Broni

    Broni Malware Annihilator Posts: 47,986   +271

    Fair enough but keep in mind that it can't happen again or my ban will be permanent.

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
     
  9. Rwolf01

    Rwolf01 TS Rookie Topic Starter Posts: 91

    I understand completely. Your help is much appreciated.

    As instructed, I downloaded and ran RogueKiller. This was run with Avira turned off and immediately after a fresh reboot. I accepted the defaults and deleted a few files (they were checked by default) but did not delete the registry entries it flagged as suspicious.

    Just for grins I ran it a second time. The log below is from the second run.

    I then created the restore point and ran MBAR. It said 'no problem found' so I only ran it once.

    Note: MBAR flagged a suspicious registry entry 'APPInit_DLLs' when it started but the instructions said to leave it alone if I wasn't sure, so that's what I did.

    Thanks again for your help. What's next?

    - Ralph
     
  10. Rwolf01

    Rwolf01 TS Rookie Topic Starter Posts: 91

    =================| Rogue Killer Report |==========================

    RogueKiller V9.0.2.0 [Jun 3 2014] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com
    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Rwolf01 [Admin rights]
    Mode : Scan -- Date : 06/16/2014 12:45:15
    ¤¤¤ Bad processes : 1 ¤¤¤
    [Suspicious.Path] (SVC) Agent -- C:\Windows\VPDAgent_x64.exe[-] -> STOPPED
    ¤¤¤ Registry Entries : 12 ¤¤¤
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Agent -> FOUND
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Agent -> FOUND
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Agent -> FOUND
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255} | NameServer : 8.8.8.8,8.8.4.4 -> FOUND
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255} | NameServer : 8.8.8.8,8.8.4.4 -> FOUND
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255} | NameServer : 8.8.8.8,8.8.4.4 -> FOUND
    [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-747785638-1536544367-690633523-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> FOUND
    [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-747785638-1536544367-690633523-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> FOUND
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND
    ¤¤¤ Scheduled tasks : 0 ¤¤¤
    ¤¤¤ Files : 0 ¤¤¤
    ¤¤¤ HOSTS File : 0 ¤¤¤
    ¤¤¤ Antirootkit : 0 ¤¤¤
    ¤¤¤ Web browsers : 0 ¤¤¤
    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: WDC WD7500BPVT-55HXZT3 +++++
    --- User ---
    [MBR] a20de5fd0b5ea9f7367d1ddee1c603a2
    [BSP] c7747c46d8419c4cc17d18f7e18dc41c : Unknown MBR Code
    Partition table:
    0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097151 MB
    User = LL1 ... OK
    User = LL2 ... OK
    +++++ PhysicalDrive1: ASMT 2105 USB Device +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )
    +++++ PhysicalDrive2: Buildwin MediaPlayer USB Device +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )
    +++++ PhysicalDrive3: SD Card +++++
    --- User ---
    [MBR] 2dd27a2bd9b0b305e974b4defc45b985
    [BSP] df4f83c1f72e36823a12b0dfc7617313 : Unknown MBR Code
    Partition table:
    0 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 8192 | Size: 15189 MB
    User = LL1 ... OK
    Error reading LL2 MBR! ([32] The request is not supported. )

    ============================================
    RKreport_SCN_06162014_123437.log - RKreport_DEL_06162014_123847.log
     
  11. Rwolf01

    Rwolf01 TS Rookie Topic Starter Posts: 91

    ===================| MBAR Report |======================

    alwarebytes Anti-Rootkit BETA 1.07.0.1012
    www.malwarebytes.org
    Database version: v2014.06.16.07
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 11.0.9600.17126
    Rwolf01 :: RWOLF02 [administrator]
    6/16/2014 12:58:16 PM
    mbar-log-2014-06-16 (12-58-16).txt
    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Objects scanned: 346018
    Time elapsed: 13 minute(s), 31 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    Physical Sectors Detected: 0
    (No malicious items detected)
    (end)

    ============================================================

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.07.0.1012
    (c) Malwarebytes Corporation 2011-2012
    OS version: 6.1.7601 Windows 7 Service Pack 1 x64
    Account is Administrative
    Internet Explorer version: 11.0.9600.17126
    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 2.095000 GHz
    Memory total: 8484319232, free: 4982771712
    Downloaded database version: v2014.06.16.07
    Downloaded database version: v2014.06.02.01
    =======================================
    Initializing...
    ------------ Kernel report ------------
    06/16/2014 12:57:44
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_GenuineIntel.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\ACPI.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\system32\drivers\vdrvroot.sys
    \SystemRoot\system32\DRIVERS\iusb3hcs.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\DRIVERS\compbatt.sys
    \SystemRoot\system32\DRIVERS\BATTC.SYS
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\drivers\iaStor.sys
    \SystemRoot\system32\drivers\amdxata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\System32\Drivers\PxHlpa64.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\drivers\wd.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\system32\DRIVERS\nvpciflt.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\drivers\disk.sys
    \SystemRoot\system32\drivers\CLASSPNP.SYS
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\system32\drivers\rdprefmp.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\vwififlt.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\DRIVERS\termdd.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\system32\DRIVERS\mssmbios.sys
    \SystemRoot\System32\drivers\discache.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\blbdrive.sys
    \SystemRoot\system32\DRIVERS\avkmgr.sys
    \SystemRoot\system32\DRIVERS\avipbb.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\system32\DRIVERS\igdkmd64.sys
    \SystemRoot\System32\Drivers\fastfat.SYS
    \SystemRoot\system32\DRIVERS\iusb3xhc.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\DRIVERS\HECIx64.sys
    \SystemRoot\system32\drivers\usbehci.sys
    \SystemRoot\system32\drivers\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\CmBatt.sys
    \SystemRoot\system32\DRIVERS\i8042prt.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\SynTP.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\SFEP.sys
    \SystemRoot\system32\drivers\tpm.sys
    \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    \SystemRoot\system32\DRIVERS\wmiacpi.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\DRIVERS\AMPPAL.sys
    \SystemRoot\system32\DRIVERS\CompositeBus.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\DRIVERS\rdpbus.sys
    \SystemRoot\system32\DRIVERS\swenum.sys
    \SystemRoot\system32\DRIVERS\ks.sys
    \SystemRoot\system32\DRIVERS\iwdbus.sys
    \SystemRoot\system32\DRIVERS\umbus.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\DRIVERS\iusb3hub.sys
    \SystemRoot\system32\drivers\RTKVHD64.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\ksthunk.sys
    \SystemRoot\system32\DRIVERS\IntcDAud.sys
    \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_iaStor.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\system32\DRIVERS\iBtFltCoex.sys
    \SystemRoot\system32\DRIVERS\btmhsf.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\System32\Drivers\BTHUSB.sys
    \SystemRoot\System32\Drivers\bthport.sys
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\System32\Drivers\usbvideo.sys
    \SystemRoot\system32\DRIVERS\ArcSoftKsUFilter.sys
    \SystemRoot\system32\DRIVERS\rfcomm.sys
    \SystemRoot\system32\drivers\BthEnum.sys
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\system32\drivers\SiUSBXp.sys
    \SystemRoot\system32\drivers\SiLib.sys
    \SystemRoot\system32\DRIVERS\btmaux.sys
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\system32\drivers\usbaudio.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\system32\drivers\luafv.sys
    \SystemRoot\system32\DRIVERS\avgntflt.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\nwifi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\system32\DRIVERS\NETwsw00.sys
    \SystemRoot\system32\DRIVERS\vwifibus.sys
    \SystemRoot\system32\DRIVERS\RtsPStor.sys
    \SystemRoot\system32\DRIVERS\Rt64win7.sys
    \SystemRoot\system32\DRIVERS\vwifimp.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\System32\drivers\rdpdr.sys
    \SystemRoot\system32\drivers\tdtcp.sys
    \SystemRoot\System32\DRIVERS\tssecsrv.sys
    \SystemRoot\System32\Drivers\RDPWD.SYS
    \SystemRoot\system32\drivers\WudfPf.sys
    \SystemRoot\system32\DRIVERS\WUDFRd.sys
    \??\C:\Windows\system32\drivers\semav6thermal64ro.sys
    \SystemRoot\system32\DRIVERS\asyncmac.sys
    \SystemRoot\system32\drivers\spsys.sys
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    \Windows\System32\autochk.exe
    \Windows\System32\nsi.dll
    \Windows\System32\ole32.dll
    \Windows\System32\gdi32.dll
    \Windows\System32\clbcatq.dll
    \Windows\System32\comdlg32.dll
    \Windows\System32\urlmon.dll
    \Windows\System32\Wldap32.dll
    \Windows\System32\psapi.dll
    \Windows\System32\wininet.dll
    \Windows\System32\msvcrt.dll
    \Windows\System32\advapi32.dll
    \Windows\System32\shell32.dll
    \Windows\System32\setupapi.dll
    \Windows\System32\user32.dll
    \Windows\System32\oleaut32.dll
    \Windows\System32\difxapi.dll
    \Windows\System32\iertutil.dll
    \Windows\System32\rpcrt4.dll
    \Windows\System32\sechost.dll
    \Windows\System32\lpk.dll
    \Windows\System32\imm32.dll
    \Windows\System32\normaliz.dll
    \Windows\System32\usp10.dll
    \Windows\System32\shlwapi.dll
    \Windows\System32\ws2_32.dll
    \Windows\System32\msctf.dll
    \Windows\System32\imagehlp.dll
    \Windows\System32\kernel32.dll
    \Windows\System32\crypt32.dll
    \Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
    \Windows\System32\KernelBase.dll
    \Windows\System32\userenv.dll
    \Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    \Windows\System32\comctl32.dll
    \Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
    \Windows\System32\devobj.dll
    \Windows\System32\wintrust.dll
    \Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
    \Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
    \Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
    \Windows\System32\cfgmgr32.dll
    \Windows\System32\msasn1.dll
    \Windows\System32\profapi.dll
    \Windows\SysWOW64\normaliz.dll
    ----------- End -----------
    Done!
    <<<1>>>
    Upper Device Name: \Device\Harddisk3\DR3
    Upper Device Object: 0xfffffa800e3ef790
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\0000009c\
    Lower Device Object: 0xfffffa800e3c0df0
    Lower Device Driver Name: \Driver\RSPCIESTOR\
    <<<1>>>
    Upper Device Name: \Device\Harddisk2\DR2
    Upper Device Object: 0xfffffa800b7ad790
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\00000096\
    Lower Device Object: 0xfffffa800b6f6240
    Lower Device Driver Name: \Driver\USBSTOR\
    <<<1>>>
    Upper Device Name: \Device\Harddisk1\DR1
    Upper Device Object: 0xfffffa800af92790
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\00000083\
    Lower Device Object: 0xfffffa800af88b60
    Lower Device Driver Name: \Driver\USBSTOR\
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xfffffa800a66a790
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IAAStorageDevice-1\
    Lower Device Object: 0xfffffa8009393050
    Lower Device Driver Name: \Driver\iaStor\
    <<<2>>>
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xfffffa800a66a790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa800a4b1960, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa800a66a790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa800938f420, DeviceName: Unknown, DriverName: \Driver\ACPI\
    DevicePointer: 0xfffffa8009393050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    Done!
    Drive 0
    This is a System drive
    Scanning MBR on drive 0...
    Inspecting partition table:
    This drive is a GPT Drive.
    MBR Signature: 55AA
    Disk Signature: FE281A1F
    GPT Protective MBR Partition information:
    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1 Numsec = 4294967295
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    GPT Partition information:
    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 87469580
    GPT Header CurrentLba = 1 BackupLba 1465149167
    GPT Header FirstUsableLba 34 LastUsableLba 1465149134
    GPT Header Guid fd5beb73-af2d-4dee-ad96-5c1aa47bf75
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128
    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 87469580
    Backup GPT header CurrentLba = 1465149167 BackupLba 1
    Backup GPT header FirstUsableLba 34 LastUsableLba 1465149134
    Backup GPT header Guid fd5beb73-af2d-4dee-ad96-5c1aa47bf75
    Backup GPT header Contains 128 partition entries starting at LBA 1465149135
    Backup GPT header Partition entry size = 128
    Partition 0 Type f4019732-66e-4e12-8273-346c5641494f
    Partition ID 1486a58a-9c64-441d-b04b-f78d8450ed4f
    FirstLBA 2048 Last LBA 534527
    Attributes 1
    Partition Name EFI system partition
    Partition 1 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID ff7f0e29-645a-4237-81e0-6f2d15321abc
    FirstLBA 534528 Last LBA 40624127
    Attributes 1
    Partition Name Basic data partition
    Partition 2 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
    Partition ID 251aab2b-c21a-4c97-a75f-5c3d395f68cb
    FirstLBA 40624128 Last LBA 41156607
    Attributes 0
    Partition Name EFI system partition
    GPT Partition 2 is bootable
    Partition 3 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID f777c138-a1aa-4899-a3b6-16c5dfe04327
    FirstLBA 41156608 Last LBA 41418751
    Attributes 0
    Partition Name Microsoft reserved partition
    Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 6b28dfe3-f106-445b-adae-b9466b3df158
    FirstLBA 41418752 Last LBA 1465147391
    Attributes 0
    Partition Name Basic data partition
    Disk Size: 750156374016 bytes
    Sector size: 512 bytes
    Done!
    Physical Sector Size: 0
    Drive: 1, DevicePointer: 0xfffffa800af92790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa800af922c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa800af92790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa800af88b60, DeviceName: \Device\00000083\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    Physical Sector Size: 0
    Drive: 2, DevicePointer: 0xfffffa800b7ad790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa800afd5310, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa800b7ad790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa800b6f6240, DeviceName: \Device\00000096\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    Physical Sector Size: 512
    Drive: 3, DevicePointer: 0xfffffa800e3ef790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa800e3ec700, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa800e3ef790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa800e3c0df0, DeviceName: \Device\0000009c\, DriverName: \Driver\RSPCIESTOR\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    Drive 3
    Scanning MBR on drive 3...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 0
    Partition information:
    Partition 0 type is Other (0xc)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 8192 Numsec = 31108096
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Disk Size: 15931539456 bytes
    Sector size: 512 bytes
    Done!
    Scan finished
    =======================================

    Removal queue found; removal started
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-3-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-3-r.mbam...
    Removal finished
     
     
  12. Broni

    Broni Malware Annihilator Posts: 47,986   +271

    RK produces two logs.
    You posted only one.
    I still need to see the second one (after fixes).
     
  13. Rwolf01

    Rwolf01 TS Rookie Topic Starter Posts: 91

    I thought I posted the second 1, but maybe I got it wrong. For completeness I will (re)post both RK logs below.
     
  14. Rwolf01

    Rwolf01 TS Rookie Topic Starter Posts: 91

    First Log:


    RogueKiller V9.0.2.0 [Jun 3 2014] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com
    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Rwolf01 [Admin rights]
    Mode : Scan -- Date : 06/16/2014 12:34:37
    ¤¤¤ Bad processes : 1 ¤¤¤
    [Suspicious.Path] (SVC) Agent -- C:\Windows\VPDAgent_x64.exe[-] -> STOPPED
    ¤¤¤ Registry Entries : 12 ¤¤¤
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Agent -> FOUND
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Agent -> FOUND
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Agent -> FOUND
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255} | NameServer : 8.8.8.8,8.8.4.4 -> FOUND
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255} | NameServer : 8.8.8.8,8.8.4.4 -> FOUND
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255} | NameServer : 8.8.8.8,8.8.4.4 -> FOUND
    [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-747785638-1536544367-690633523-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> FOUND
    [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-747785638-1536544367-690633523-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> FOUND
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND
    ¤¤¤ Scheduled tasks : 0 ¤¤¤
    ¤¤¤ Files : 4 ¤¤¤
    [ZeroAccess][Folder] L -- C:\Windows\Installer\{a88e8a8a-0d88-5328-0708-a6a0b88f9f22}\L -> FOUND
    [ZeroAccess][File] @ -- C:\Users\Rwolf02\AppData\Local\{a88e8a8a-0d88-5328-0708-a6a0b88f9f22}\@ -> FOUND
    [ZeroAccess][Folder] L -- C:\Users\Rwolf02\AppData\Local\{a88e8a8a-0d88-5328-0708-a6a0b88f9f22}\L -> FOUND
    [ZeroAccess][Folder] U -- C:\Users\Rwolf02\AppData\Local\{a88e8a8a-0d88-5328-0708-a6a0b88f9f22}\U -> FOUND
    ¤¤¤ HOSTS File : 0 ¤¤¤
    ¤¤¤ Antirootkit : 0 ¤¤¤
    ¤¤¤ Web browsers : 0 ¤¤¤
    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: WDC WD7500BPVT-55HXZT3 +++++
    --- User ---
    [MBR] a20de5fd0b5ea9f7367d1ddee1c603a2
    [BSP] c7747c46d8419c4cc17d18f7e18dc41c : Unknown MBR Code
    Partition table:
    0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097151 MB
    User = LL1 ... OK
    User = LL2 ... OK
    +++++ PhysicalDrive1: ASMT 2105 USB Device +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )
    +++++ PhysicalDrive2: Buildwin MediaPlayer USB Device +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )
    +++++ PhysicalDrive3: SD Card +++++
    --- User ---
    [MBR] 2dd27a2bd9b0b305e974b4defc45b985
    [BSP] df4f83c1f72e36823a12b0dfc7617313 : Unknown MBR Code
    Partition table:
    0 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 8192 | Size: 15189 MB
    User = LL1 ... OK
    Error reading LL2 MBR! ([32] The request is not supported. )
     
  15. Rwolf01

    Rwolf01 TS Rookie Topic Starter Posts: 91

    Second log:


    RogueKiller V9.0.2.0 [Jun 3 2014] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com
    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Rwolf01 [Admin rights]
    Mode : Scan -- Date : 06/16/2014 12:45:15
    ¤¤¤ Bad processes : 1 ¤¤¤
    [Suspicious.Path] (SVC) Agent -- C:\Windows\VPDAgent_x64.exe[-] -> STOPPED
    ¤¤¤ Registry Entries : 12 ¤¤¤
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Agent -> FOUND
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Agent -> FOUND
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Agent -> FOUND
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255} | NameServer : 8.8.8.8,8.8.4.4 -> FOUND
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255} | NameServer : 8.8.8.8,8.8.4.4 -> FOUND
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255} | NameServer : 8.8.8.8,8.8.4.4 -> FOUND
    [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-747785638-1536544367-690633523-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> FOUND
    [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-747785638-1536544367-690633523-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> FOUND
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND
    ¤¤¤ Scheduled tasks : 0 ¤¤¤
    ¤¤¤ Files : 0 ¤¤¤
    ¤¤¤ HOSTS File : 0 ¤¤¤
    ¤¤¤ Antirootkit : 0 ¤¤¤
    ¤¤¤ Web browsers : 0 ¤¤¤
    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: WDC WD7500BPVT-55HXZT3 +++++
    --- User ---
    [MBR] a20de5fd0b5ea9f7367d1ddee1c603a2
    [BSP] c7747c46d8419c4cc17d18f7e18dc41c : Unknown MBR Code
    Partition table:
    0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097151 MB
    User = LL1 ... OK
    User = LL2 ... OK
    +++++ PhysicalDrive1: ASMT 2105 USB Device +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )
    +++++ PhysicalDrive2: Buildwin MediaPlayer USB Device +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )
    +++++ PhysicalDrive3: SD Card +++++
    --- User ---
    [MBR] 2dd27a2bd9b0b305e974b4defc45b985
    [BSP] df4f83c1f72e36823a12b0dfc7617313 : Unknown MBR Code
    Partition table:
    0 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 8192 | Size: 15189 MB
    User = LL1 ... OK
    Error reading LL2 MBR! ([32] The request is not supported. )

    ============================================
    RKreport_SCN_06162014_123437.log - RKreport_DEL_06162014_123847.log
     
  16. Broni

    Broni Malware Annihilator Posts: 47,986   +271

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  17. Rwolf01

    Rwolf01 TS Rookie Topic Starter Posts: 91

    Downloaded & ran Combofix.
    I disabled Avira beforehand but obviously not all the way since it trapped a registry change Combofix was trying to make.
    I stopped Combofix, disabled Avira the rest of the way and the reran ComboFix.
    It ran to completion and produced the following log file./
    Reenabled Avira and Windows Firewall.
     
  18. Rwolf01

    Rwolf01 TS Rookie Topic Starter Posts: 91

    ComboFix Log;


    ComboFix 14-06-16.01 - Rwolf01 06/16/2014 17:54:53.1.8 - x64
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8091.5536 [GMT -7:00]
    Running from: c:\users\Rwolf02\Desktop\ComboFix.exe
    AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
    SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\Roaming
    c:\users\Rwolf02\AppData\Local\assembly\tmp
    c:\windows\Downloaded Program Files\Install.inf
    .
    .
    ((((((((((((((((((((((((( Files Created from 2014-05-17 to 2014-06-17 )))))))))))))))))))))))))))))))
    .
    .
    2014-06-17 01:09 . 2014-06-17 01:09 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2014-06-17 01:09 . 2014-06-17 01:09 -------- d-----w- c:\users\Default\AppData\Local\temp
    2014-06-16 21:54 . 2014-06-16 21:54 -------- d-----w- c:\users\Rwolf02\AppData\Roaming\HpUpdate
    2014-06-16 21:54 . 2012-10-17 11:31 741480 ------w- c:\windows\system32\HPDiscoPM6412.dll
    2014-06-16 21:54 . 2014-06-16 22:26 -------- d-----w- c:\program files (x86)\HP
    2014-06-16 21:54 . 2014-06-16 22:18 -------- d-----w- c:\programdata\HP
    2014-06-16 21:54 . 2014-06-16 21:54 -------- d-----w- c:\program files\HP
    2014-06-16 21:43 . 2014-06-16 22:10 -------- d-----w- c:\users\Rwolf02\AppData\Local\HP
    2014-06-16 19:57 . 2014-06-16 20:12 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
    2014-06-16 19:28 . 2014-06-16 19:28 -------- d-----w- c:\programdata\RogueKiller
    2014-06-15 18:00 . 2014-06-15 18:00 -------- d-----w- c:\users\Rwolf02\AppData\Roaming\Oracle
    2014-06-15 09:14 . 2014-06-16 19:57 128728 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-06-15 09:14 . 2014-06-16 19:56 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-06-15 09:14 . 2014-06-15 09:14 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
    2014-06-15 09:14 . 2014-06-15 09:14 -------- d-----w- c:\programdata\Malwarebytes
    2014-06-15 09:14 . 2014-05-12 14:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
    2014-06-15 09:14 . 2014-05-12 14:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
    2014-06-12 16:21 . 2014-06-12 16:21 -------- d-----w- c:\users\Rwolf02\AppData\Local\Apps
    2014-06-12 13:22 . 2014-06-12 13:22 -------- d-----w- c:\program files (x86)\Seagate
    2014-06-11 16:36 . 2014-06-12 10:49 -------- d-----w- c:\programdata\Samsung
    2014-06-11 16:36 . 2014-06-12 10:49 -------- d-----w- c:\program files (x86)\Samsung
    2014-06-11 16:34 . 2014-06-11 16:34 770912 ----a-w- c:\windows\SysWow64\Msfdbqp.dll
    2014-06-11 16:34 . 2014-06-11 16:34 511328 ----a-w- c:\windows\SysWow64\Synchronization2.dll
    2014-06-11 16:34 . 2014-06-11 16:34 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll
    2014-06-11 16:34 . 2014-06-11 16:34 397152 ----a-w- c:\windows\SysWow64\Msfdbse.dll
    2014-06-11 16:34 . 2014-06-11 16:34 253280 ----a-w- c:\windows\SysWow64\MetaStore2.dll
    2014-06-11 16:34 . 2014-06-11 16:34 230240 ----a-w- c:\windows\SysWow64\Msfdb.dll
    2014-06-11 16:34 . 2014-06-11 16:34 189792 ----a-w- c:\windows\SysWow64\SimpleProviders2.dll
    2014-06-11 16:34 . 2014-06-11 16:34 171360 ----a-w- c:\windows\SysWow64\FileSyncProvider2.dll
    2014-06-11 16:34 . 2014-06-11 16:34 156512 ----a-w- c:\windows\SysWow64\FeedSync2.dll
    2014-06-11 11:35 . 2014-05-30 09:39 548352 ----a-w- c:\windows\system32\vbscript.dll
    2014-06-11 11:34 . 2014-06-08 09:13 506368 ----a-w- c:\windows\system32\aepdu.dll
    2014-06-11 11:34 . 2014-06-08 09:08 424448 ----a-w- c:\windows\system32\aeinv.dll
    2014-05-23 23:48 . 2014-05-23 23:48 -------- d-----w- c:\program files (x86)\DeepSkyStacker
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-06-12 10:05 . 2012-08-17 19:13 95414520 ----a-w- c:\windows\system32\MRT.exe
    2014-05-20 07:53 . 2013-08-09 05:51 130584 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2014-05-20 07:53 . 2013-08-09 05:51 112080 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2014-05-14 18:36 . 2012-08-10 22:00 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-05-14 18:36 . 2012-08-10 22:00 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2014-05-14 10:12 . 2012-09-29 19:44 3642528 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
    2014-04-12 02:22 . 2014-05-14 05:05 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2014-04-12 02:22 . 2014-05-14 05:05 155072 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2014-04-12 02:19 . 2014-05-14 05:05 29184 ----a-w- c:\windows\system32\sspisrv.dll
    2014-04-12 02:19 . 2014-05-14 05:05 136192 ----a-w- c:\windows\system32\sspicli.dll
    2014-04-12 02:19 . 2014-05-14 05:05 28160 ----a-w- c:\windows\system32\secur32.dll
    2014-04-12 02:19 . 2014-05-14 05:05 1460736 ----a-w- c:\windows\system32\lsasrv.dll
    2014-04-12 02:19 . 2014-05-14 05:05 31232 ----a-w- c:\windows\system32\lsass.exe
    2014-04-12 02:12 . 2014-05-14 05:05 22016 ----a-w- c:\windows\SysWow64\secur32.dll
    2014-04-12 02:10 . 2014-05-14 05:05 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
    2014-04-01 05:46 . 2014-04-01 05:46 130712 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL
    2014-04-01 05:46 . 2014-04-01 05:46 1070232 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
    2014-03-25 02:43 . 2014-05-14 05:06 14175744 ----a-w- c:\windows\system32\shell32.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HP Officejet 4620 series (NET)"="c:\program files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe" [2012-10-17 2573416]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-05-14 56088]
    "USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-03-09 291608]
    "ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2011-09-20 60552]
    "PMBVolumeWatcher"="c:\program files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe" [2012-02-21 693608]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
    "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-05-20 737872]
    "TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2014-05-03 296520]
    "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    RealPlayer Cloud Service UI.lnk - c:\program files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe [2014-5-2 1022048]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
    .
    R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.355.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.1.355.0\BBSvc.exe [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 RealPlayerUpdateSvc;RealPlayer Update Service;c:\program files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe;c:\program files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R3 AMPPALP;Intel(r) Centrino(r) Wireless Bluetooth(r) + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
    R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
    R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1y60x64.sys [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
    R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys;c:\windows\SYSNATIVE\DRIVERS\ivusb.sys [x]
    R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
    R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
    R3 SIUSBXP;SIUSBXP;c:\windows\system32\drivers\SiUSBXp.sys;c:\windows\SYSNATIVE\drivers\SiUSBXp.sys [x]
    R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [x]
    R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
    R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
    R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
    R3 USER_ESRV_SVC;User Energy Server Service;c:\program files\Sony\VAIO Care\esrv\esrv_svc.exe;c:\program files\Sony\VAIO Care\esrv\esrv_svc.exe [x]
    R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [x]
    R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [x]
    R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
    R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
    R4 NIApplicationWebServer64;NI Application Web Server (64-bit);c:\program files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe;c:\program files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [x]
    R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0103.sys [x]
    R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
    S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
    S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
    S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
    S2 ActiveDelayDeviceService;ActiveDelayDeviceService;c:\program files (x86)\Sony\VAIO Boot Manager\ActiveDelayDeviceService.exe;c:\program files (x86)\Sony\VAIO Boot Manager\ActiveDelayDeviceService.exe [x]
    S2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [x]
    S2 Agent;VPDAgent;c:\windows\VPDAgent_x64.exe;c:\windows\VPDAgent_x64.exe [x]
    S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
    S2 AntiVirMailService;Avira Mail Protection;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [x]
    S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
    S2 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
    S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
    S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
    S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
    S2 ESRV_SVC;Energy Server Service;c:\program files\Sony\VAIO Care\esrv\esrv_svc.exe --AUTO_START --start --address 127.0.0.1;c:\program files\Sony\VAIO Care\esrv\esrv_svc.exe --AUTO_START --start --address 127.0.0.1 [x]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
    S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
    S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
    S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
    S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
    S2 Neat Startup Service;Neat Startup Service;c:\program files (x86)\Neat\exec\NeatStartupService.exe;c:\program files (x86)\Neat\exec\NeatStartupService.exe [x]
    S2 NIApplicationWebServer;NI Application Web Server;c:\program files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe;c:\program files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [x]
    S2 nimDNSResponder;NI mDNS Responder Service;c:\program files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe;c:\program files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [x]
    S2 NINetworkDiscovery;NI Network Discovery;c:\program files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe;c:\program files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe [x]
    S2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service\Oasis2Service.exe;c:\program files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [x]
    S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [x]
    S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
    S2 RealPlayer Cloud Service;RealPlayer Cloud Service;c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe;c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [x]
    S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe;c:\program files\Sony\VAIO Care\VCPerfService.exe [x]
    S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-I Visual Effects 2\uCamMonitor.exe;c:\program files (x86)\ArcSoft\Magic-I Visual Effects 2\uCamMonitor.exe [x]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
    S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe;c:\program files\Sony\VAIO Power Management\SPMService.exe [x]
    S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe;c:\program files\Sony\VAIO Smart Network\VSNService.exe [x]
    S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
    S3 AMPPAL;Intel(r) Centrino(r) Wireless Bluetooth(r) + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
    S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys;c:\windows\SYSNATIVE\DRIVERS\ArcSoftKsUFilter.sys [x]
    S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.exe [x]
    S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
    S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
    S3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
    S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
    S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
    S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
    S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
    S3 semav6thermal64ro;semav6thermal64ro;c:\windows\system32\drivers\semav6thermal64ro.sys;c:\windows\SYSNATIVE\drivers\semav6thermal64ro.sys [x]
    S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys;c:\windows\SYSNATIVE\DRIVERS\SFEP.sys [x]
    S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe;c:\program files\Sony\VAIO Care\VCService.exe [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2014-06-12 18:36 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-06-17 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-10 18:36]
    .
    2014-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-21 06:44]
    .
    2014-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-21 06:44]
    .
    2014-06-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-747785638-1536544367-690633523-1001Core.job
    - c:\users\Rwolf02\AppData\Local\Google\Update\GoogleUpdate.exe [2014-04-30 22:04]
    .
    2014-06-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-747785638-1536544367-690633523-1001UA.job
    - c:\users\Rwolf02\AppData\Local\Google\Update\GoogleUpdate.exe [2014-04-30 22:04]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-02-20 1158248]
    "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-02-20 1158248]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-04-03 170264]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-04-03 398616]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2012-04-03 439064]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=c:\windows\System32\nvinitx.dll
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
    Trusted Zone: garlic.com\www
    TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
    TCP: Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255}\157554254595: NameServer = 8.8.8.8,8.8.4.4
    TCP: Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255}\8405D23556475707D29333D2F46666963656A656470243632303: NameServer = 8.8.8.8,8.8.4.4
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    AddRemove-{0131D7EF-65FF-478F-8ABD-5ABEE24EC8EF} - c:\programdata\{AA28280A-C4CA-4B4F-9DF1-593032D2F3EC}\VAIO Messenger Setup 2.0.550.0.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
    "ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\%C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.13"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2014-06-16 18:26:48
    ComboFix-quarantined-files.txt 2014-06-17 01:26
    .
    Pre-Run: 147,175,636,992 bytes free
    Post-Run: 150,356,525,056 bytes free
    .
    - - End Of File - - 91C9992D9E0466A3CC2352CE24B685CD
     
  19. Broni

    Broni Malware Annihilator Posts: 47,986   +271

    Looks good.

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.



    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.



    [​IMG] Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  20. Rwolf01

    Rwolf01 TS Rookie Topic Starter Posts: 91

    Okay, I will follow these latest instructions.

    However, you should know that I've noticed a new behavior since I ran ComboFix: Most of my shortcuts work fine but if I click on the shortcut to google.com or try to type google.com into the address space manually it 'thinks about it' for a while and then returns a blank white tab named "New tab".

    Also the links in your latest email to the download sites for adwcleaner, OTL and JRT did not work. As a workaround I copied your latest email to an SD card, carried it to another machine and opened the email there (using the same version of Outlook) On the alternate machine, the links work fine and got me the new programs.

    Note: If I start the chrome browser on the affected system, it finds google.com just fine. Also, I am using Google's free & public DNS servers in the TCP/IP protocol.

    Stand by for reports & log files from the 3 latest tools....
     
  21. Rwolf01

    Rwolf01 TS Rookie Topic Starter Posts: 91

    The new bad behavior of IE went away after running JRT.
    After running OTL, it seems like IE loads faster as well. (rather subjective, but it seems 'snappier')

    Attached are the logfiles from AdwCleaner, JRT and OTL.
     
  22. Rwolf01

    Rwolf01 TS Rookie Topic Starter Posts: 91

    AdwCleaner:


    # AdwCleaner v3.212 - Report created 16/06/2014 at 22:40:31
    # Updated 05/06/2014 by Xplode
    # Operating System : Windows 7 Professional Service Pack 1 (64 bits)
    # Username : Rwolf01 - RWOLF02
    # Running from : C:\Users\Rwolf02\Desktop\adwcleaner_3.212.exe
    # Option : Clean
    ***** [ Services ] *****

    ***** [ Files / Folders ] *****

    ***** [ Shortcuts ] *****

    ***** [ Registry ] *****
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
    ***** [ Browsers ] *****
    -\\ Internet Explorer v11.0.9600.17126

    -\\ Google Chrome v35.0.1916.153
    [ File : C:\Users\Rwolf02\AppData\Local\Google\Chrome\User Data\Default\preferences ]
    Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
    [ File : C:\Users\Rwolf02\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    [ File : C:\Users\Rwolf02\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    [ File : C:\Users\Rwolf02\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    [ File : C:\Users\Rwolf02\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    [ File : C:\Users\Rwolf02\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    [ File : C:\Users\Rwolf02\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    [ File : C:\Users\Rwolf02\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    [ File : C:\Users\Rwolf02\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    [ File : C:\Users\Rwolf02\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    [ File : C:\Users\Rwolf02\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    [ File : C:\Users\Rwolf02\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    [ File : C:\Users\Rwolf02\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    [ File : C:\Users\Rwolf02\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    *************************
    AdwCleaner[R0].txt - [3161 octets] - [16/06/2014 22:33:48]
    AdwCleaner[S0].txt - [2046 octets] - [16/06/2014 22:40:31]
    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2106 octets] ##########
     
  23. Rwolf01

    Rwolf01 TS Rookie Topic Starter Posts: 91

    JRT logfile:


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.1.4 (04.06.2014:1)
    OS: Windows 7 Professional x64
    Ran by Rwolf01 on Mon 06/16/2014 at 23:14:44.70
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    ~~~ Services
    ~~~ Registry Values
    ~~~ Registry Keys
    ~~~ Files
    ~~~ Folders
    Successfully deleted: [Empty Folder] C:\Users\Rwolf02\appdata\local\{127B7267-4C61-4286-B0BF-E9259CC8270C}
    Successfully deleted: [Empty Folder] C:\Users\Rwolf02\appdata\local\{3952D606-EA32-40E7-9C21-FA2CE68547B4}
    Successfully deleted: [Empty Folder] C:\Users\Rwolf02\appdata\local\{48A9998D-6684-4F71-AA76-36FADF6B569B}
    Successfully deleted: [Empty Folder] C:\Users\Rwolf02\appdata\local\{7041C0CB-F78C-4792-BABD-5F442D984E4E}
    Successfully deleted: [Empty Folder] C:\Users\Rwolf02\appdata\local\{8C6852F1-27D7-4BCB-8EAD-2A409F067DA9}
    Successfully deleted: [Empty Folder] C:\Users\Rwolf02\appdata\local\{91F155BB-E378-4147-930F-14606A005673}
    Successfully deleted: [Empty Folder] C:\Users\Rwolf02\appdata\local\{9B002008-502C-452D-AD25-2D3A895D886A}
    Successfully deleted: [Empty Folder] C:\Users\Rwolf02\appdata\local\{9BF2E81C-6F3C-4E20-8810-01136FCF24C4}
    Successfully deleted: [Empty Folder] C:\Users\Rwolf02\appdata\local\{a88e8a8a-0d88-5328-0708-a6a0b88f9f22}
    Successfully deleted: [Empty Folder] C:\Users\Rwolf02\appdata\local\{AC6561DA-041E-4E21-9158-9D14E8929FEA}
    Successfully deleted: [Empty Folder] C:\Users\Rwolf02\appdata\local\{E60600E7-CD5A-4E8C-B67B-7130B1523AAE}
    Successfully deleted: [Empty Folder] C:\Users\Rwolf02\appdata\local\{EF089A2D-ED1E-44B2-AF4C-45C3F10DD8C0}
    Successfully deleted: [Empty Folder] C:\Users\Rwolf02\appdata\local\{F18D3A31-82EF-492E-BE5C-D2AAA50E85BD}
    ~~~ Event Viewer Logs were cleared
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Mon 06/16/2014 at 23:19:56.86
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  24. Rwolf01

    Rwolf01 TS Rookie Topic Starter Posts: 91

    OTL.txt (part 1 of 2)

    OTL logfile created on: 6/16/2014 11:29:30 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Rwolf02\Desktop
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.11.9600.17126)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
    7.90 Gb Total Physical Memory | 5.60 Gb Available Physical Memory | 70.82% Memory free
    15.80 Gb Paging File | 13.01 Gb Available in Paging File | 82.36% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 678.89 Gb Total Space | 139.82 Gb Free Space | 20.60% Space Free | Partition Type: NTFS
    Drive H: | 14.83 Gb Total Space | 14.83 Gb Free Space | 99.98% Space Free | Partition Type: FAT32
    Computer Name: RWOLF02 | User Name: Rwolf01 | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
    ========== Processes (SafeList) ==========
    PRC - [2014/06/16 21:54:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rwolf02\Desktop\OTL.exe
    PRC - [2014/05/20 00:53:56 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    PRC - [2014/05/20 00:53:39 | 001,039,440 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
    PRC - [2014/05/20 00:53:32 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    PRC - [2014/05/20 00:53:31 | 000,737,872 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    PRC - [2014/05/05 15:29:36 | 000,263,048 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
    PRC - [2014/05/02 22:06:28 | 001,141,848 | ---- | M] (RealNetworks, Inc.) -- c:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
    PRC - [2014/05/02 22:06:26 | 000,296,520 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    PRC - [2014/04/07 03:06:58 | 000,023,552 | ---- | M] () -- C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
    PRC - [2014/04/06 23:00:42 | 000,039,568 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    PRC - [2013/09/05 03:35:24 | 001,364,256 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    PRC - [2013/07/02 23:06:06 | 000,061,440 | ---- | M] (Digital Delivery Networks, Inc.) -- C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe
    PRC - [2013/02/23 01:12:44 | 000,005,632 | ---- | M] (The Neat Company) -- C:\Program Files (x86)\Neat\exec\NeatStartupService.exe
    PRC - [2012/06/07 23:42:14 | 000,680,624 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe
    PRC - [2012/06/06 00:56:56 | 000,169,192 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe
    PRC - [2012/06/05 15:09:58 | 000,370,328 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
    PRC - [2012/06/05 15:07:08 | 000,060,568 | ---- | M] (National Instruments Corporation) -- C:\Windows\SysWOW64\lktsrv.exe
    PRC - [2012/06/05 14:58:56 | 000,050,328 | ---- | M] (National Instruments Corporation) -- C:\Windows\SysWOW64\lkads.exe
    PRC - [2012/05/31 17:51:58 | 000,258,776 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
    PRC - [2012/05/29 00:54:30 | 000,054,464 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Care\VCService.exe
    PRC - [2012/05/23 00:50:12 | 000,051,360 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\MAX\nimxs.exe
    PRC - [2012/05/22 10:39:06 | 000,053,952 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe
    PRC - [2012/05/22 10:38:06 | 000,053,960 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
    PRC - [2012/05/02 13:57:14 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    PRC - [2012/05/02 13:57:12 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    PRC - [2012/04/06 14:37:34 | 000,183,432 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
    PRC - [2012/04/06 14:37:32 | 000,065,464 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
    PRC - [2012/03/23 01:47:32 | 000,362,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2012/03/23 01:47:21 | 000,276,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2012/03/23 01:47:05 | 000,127,320 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    PRC - [2012/03/23 01:45:53 | 000,162,648 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
    PRC - [2012/03/20 13:43:37 | 000,477,816 | ---- | M] () -- C:\Program Files (x86)\Sony\Keyboard Shortcuts\KeyboardShortcuts.exe
    PRC - [2012/03/09 13:54:33 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    PRC - [2012/02/21 12:41:12 | 000,473,960 | ---- | M] (Sony Corporation) -- c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
    PRC - [2012/02/21 12:37:16 | 000,693,608 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
    PRC - [2012/01/25 15:23:54 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.EXE
    PRC - [2011/12/19 19:16:50 | 001,104,208 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
    PRC - [2011/12/19 19:16:44 | 001,014,096 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
    PRC - [2011/11/30 18:49:50 | 000,082,592 | ---- | M] (Sony of America Corporation) -- C:\Program Files\Sony\VAIO Care\listener.exe
    PRC - [2011/09/20 16:57:56 | 000,060,552 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
    PRC - [2011/09/20 16:53:26 | 000,078,472 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Boot Manager\ActiveDelayDeviceService.exe
    PRC - [2011/09/01 02:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
    PRC - [2011/05/06 16:08:28 | 000,695,136 | ---- | M] (National Instruments, Inc.) -- C:\Windows\SysWOW64\lkcitdl.exe
    PRC - [2011/02/23 14:05:04 | 000,105,024 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-I Visual Effects 2\uCamMonitor.exe
    ========== Modules (No Company Name) ==========
    MOD - [2014/05/14 04:57:08 | 000,488,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\712e0def1b5e62189f7f7c1daaebf097\IAStorUtil.ni.dll
    MOD - [2014/05/14 04:48:47 | 011,922,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\70dbdd46969daf2bea2443c75b7629d4\System.Web.ni.dll
    MOD - [2014/05/14 04:48:42 | 000,774,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\98c91b8d3f1d54c41ada5f37e0935303\System.Runtime.Remoting.ni.dll
    MOD - [2014/05/14 03:04:17 | 000,805,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\04824fdbd5dce32530ba44ae012e4fb9\System.Runtime.Remoting.ni.dll
    MOD - [2014/02/27 09:53:24 | 000,190,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\75b6a68103e1b76063d9f69b8275ae61\UIAutomationTypes.ni.dll
    MOD - [2014/02/27 04:05:30 | 018,813,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a4b45c44490c75bc2fb22780e7ef087d\PresentationFramework.ni.dll
    MOD - [2014/02/27 04:05:18 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74542efbeb46445949a39026c501132\PresentationCore.ni.dll
    MOD - [2014/02/27 04:05:17 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f4f6ee0df2aa4189bf36e6335cb92761\System.Windows.Forms.ni.dll
    MOD - [2014/02/27 04:05:12 | 007,662,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll
    MOD - [2014/02/27 04:05:12 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll
    MOD - [2014/02/27 04:05:12 | 001,889,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\3fe705796c6a41d4889d9001d1c56af8\System.Xaml.ni.dll
    MOD - [2014/02/27 04:05:11 | 001,180,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\0893e0e7137e3b2da905da6216b75344\System.Management.ni.dll
    MOD - [2014/02/27 04:05:09 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\acf97bfe2a931d4a47253b26b7218991\WindowsBase.ni.dll
    MOD - [2014/02/27 04:05:09 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5cd2aee5e7c07227c694d89219688ab3\System.Drawing.ni.dll
    MOD - [2014/02/27 04:05:07 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll
    MOD - [2014/02/27 04:05:07 | 000,291,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatiod51afaa5#\edec2d7b3ecaabfc5c72d7615d884f79\PresentationFramework.classic.ni.dll
    MOD - [2014/02/27 04:05:06 | 010,060,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll
    MOD - [2014/02/27 04:05:01 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
    MOD - [2014/02/12 04:49:02 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\16caebfc2bda597384c2f998c28ab38e\IAStorCommon.ni.dll
    MOD - [2014/02/12 04:39:03 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
    MOD - [2014/02/12 04:38:59 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
    MOD - [2014/02/12 04:38:47 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1d696b2d3de530f7ee971070263667ff\WindowsBase.ni.dll
    MOD - [2014/02/12 04:38:43 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll
    MOD - [2014/02/12 04:38:41 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll
    MOD - [2014/02/12 04:38:40 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
    MOD - [2014/02/12 04:38:33 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
    MOD - [2012/03/20 13:43:38 | 000,026,744 | ---- | M] () -- C:\Program Files (x86)\Sony\Keyboard Shortcuts\Utility.dll
    MOD - [2012/03/20 13:43:37 | 000,477,816 | ---- | M] () -- C:\Program Files (x86)\Sony\Keyboard Shortcuts\KeyboardShortcuts.exe
    MOD - [2012/03/20 13:43:36 | 000,160,376 | ---- | M] () -- C:\Program Files (x86)\Sony\Keyboard Shortcuts\MessageHook.dll
    ========== Services (SafeList) ==========
    SRV:64bit: - [2014/05/30 02:21:05 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
    SRV:64bit: - [2013/11/20 19:00:20 | 003,674,864 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
    SRV:64bit: - [2013/11/20 18:59:58 | 000,284,912 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
    SRV:64bit: - [2013/11/20 18:59:38 | 000,631,024 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
    SRV:64bit: - [2013/11/20 18:58:50 | 000,154,864 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
    SRV:64bit: - [2013/07/29 05:01:08 | 000,772,064 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
    SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2013/03/04 14:06:26 | 000,258,048 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector)
    SRV:64bit: - [2013/02/22 12:02:06 | 000,427,432 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe -- (USER_ESRV_SVC)
    SRV:64bit: - [2013/02/22 12:02:06 | 000,427,432 | ---- | M] () [Auto | Running] -- C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe -- (ESRV_SVC)
    SRV:64bit: - [2012/09/12 19:07:06 | 000,135,984 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
    SRV:64bit: - [2012/05/29 00:54:30 | 000,054,464 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Care\VCService.exe -- (VCService)
    SRV:64bit: - [2012/05/22 10:38:20 | 000,076,488 | ---- | M] (National Instruments Corporation) [Disabled | Stopped] -- C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe -- (NIApplicationWebServer64)
    SRV:64bit: - [2012/03/26 09:24:10 | 000,978,056 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe -- (VSNService)
    SRV:64bit: - [2012/02/02 22:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
    SRV:64bit: - [2012/01/10 13:45:32 | 000,535,688 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
    SRV:64bit: - [2011/12/21 13:15:06 | 000,550,128 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
    SRV:64bit: - [2011/12/01 10:04:56 | 000,289,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe -- (SpfService)
    SRV:64bit: - [2011/08/26 18:47:26 | 000,101,600 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
    SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV - [2014/05/20 00:53:56 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2014/05/20 00:53:39 | 001,039,440 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
    SRV - [2014/05/20 00:53:33 | 000,801,872 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
    SRV - [2014/05/20 00:53:32 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2014/05/14 11:36:37 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2014/05/02 22:06:28 | 001,141,848 | ---- | M] (RealNetworks, Inc.) [Auto | Running] -- c:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe -- (RealPlayer Cloud Service)
    SRV - [2014/04/07 03:06:58 | 000,023,552 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe -- (RealPlayerUpdateSvc)
    SRV - [2014/04/06 23:00:42 | 000,039,568 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
    SRV - [2013/10/23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2013/09/05 03:35:24 | 001,364,256 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
    SRV - [2013/07/02 23:06:06 | 000,061,440 | ---- | M] (Digital Delivery Networks, Inc.) [Auto | Running] -- C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe -- (Oasis2Service)
    SRV - [2013/02/23 01:12:44 | 000,005,632 | ---- | M] (The Neat Company) [Auto | Running] -- C:\Program Files (x86)\Neat\exec\NeatStartupService.exe -- (Neat Startup Service)
    SRV - [2013/02/04 10:01:00 | 000,148,480 | ---- | M] (Two Pilots) [Auto | Running] -- C:\Windows\VPDAgent_x64.exe -- (Agent)
    SRV - [2012/06/07 23:42:14 | 000,680,624 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe -- (NITaggerService)
    SRV - [2012/06/06 00:56:56 | 000,169,192 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe -- (NINetworkDiscovery)
    SRV - [2012/06/05 15:09:58 | 000,370,328 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService)
    SRV - [2012/06/05 15:07:08 | 000,060,568 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\lktsrv.exe -- (lkTimeSync)
    SRV - [2012/06/05 14:58:56 | 000,050,328 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\lkads.exe -- (lkClassAds)
    SRV - [2012/05/31 17:51:58 | 000,258,776 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe -- (nimDNSResponder)
    SRV - [2012/05/23 00:50:12 | 000,051,360 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\National Instruments\MAX\nimxs.exe -- (mxssvr)
    SRV - [2012/05/22 10:39:06 | 000,053,952 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe -- (niSvcLoc)
    SRV - [2012/05/22 10:38:06 | 000,053,960 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe -- (NIApplicationWebServer)
    SRV - [2012/05/18 14:25:58 | 000,139,488 | ---- | M] (OPC Foundation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Opcenum.exe -- (OpcEnum)
    SRV - [2012/05/02 13:57:14 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
    SRV - [2012/04/06 14:37:32 | 000,065,464 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe -- (VAIO Event Service)
    SRV - [2012/04/03 13:16:57 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
    SRV - [2012/03/23 01:47:32 | 000,362,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
    SRV - [2012/03/23 01:47:21 | 000,276,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2012/03/23 01:47:05 | 000,127,320 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R)
    SRV - [2012/03/23 01:45:53 | 000,162,648 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
    SRV - [2012/02/21 13:03:28 | 002,429,544 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
    SRV - [2012/02/21 12:41:12 | 000,473,960 | ---- | M] (Sony Corporation) [Auto | Running] -- c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
    SRV - [2012/01/25 15:23:54 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.EXE -- (BBUpdate)
    SRV - [2012/01/25 15:23:54 | 000,192,792 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BBSvc.EXE -- (BBSvc)
    SRV - [2011/12/29 16:10:08 | 000,960,160 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
    SRV - [2011/12/19 19:16:50 | 001,104,208 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
    SRV - [2011/12/19 19:16:48 | 001,304,912 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
    SRV - [2011/12/19 19:16:44 | 001,014,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
    SRV - [2011/09/23 17:47:22 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)
    SRV - [2011/09/20 16:53:26 | 000,078,472 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Boot Manager\ActiveDelayDeviceService.exe -- (ActiveDelayDeviceService)
    SRV - [2011/09/01 02:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0)
    SRV - [2011/05/06 16:08:28 | 000,695,136 | ---- | M] (National Instruments, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\lkcitdl.exe -- (LkCitadelServer)
    SRV - [2011/02/23 14:05:04 | 000,105,024 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-I Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
    SRV - [2010/08/02 11:00:00 | 001,427,688 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe -- (NILM License Manager)
    SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
    SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2007/12/17 04:00:00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01)
    SRV - [2007/01/11 04:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01)
    ========== Driver Services (SafeList) ==========
    DRV:64bit: - [2014/05/20 00:53:32 | 000,130,584 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
    DRV:64bit: - [2014/05/20 00:53:32 | 000,112,080 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
    DRV:64bit: - [2013/11/26 04:51:42 | 011,530,992 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwsw00.sys -- (NETwNs64)
    DRV:64bit: - [2013/11/26 00:49:12 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
    DRV:64bit: - [2013/10/01 19:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2013/09/05 03:37:00 | 000,030,496 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
    DRV:64bit: - [2013/07/29 05:01:24 | 000,164,832 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
    DRV:64bit: - [2013/07/29 05:01:24 | 000,164,832 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
    DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2012/11/06 15:28:46 | 000,013,792 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\semav6thermal64ro.sys -- (semav6thermal64ro)
    DRV:64bit: - [2012/09/10 10:41:06 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
    DRV:64bit: - [2012/08/23 07:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2012/08/23 07:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2012/07/17 19:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
    DRV:64bit: - [2012/05/02 13:45:04 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2012/04/18 15:05:16 | 000,019,304 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb)
    DRV:64bit: - [2012/04/03 13:35:51 | 000,331,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
    DRV:64bit: - [2012/04/03 13:28:02 | 014,748,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2012/03/18 23:54:51 | 000,423,696 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2012/03/09 13:54:13 | 000,788,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
    DRV:64bit: - [2012/03/09 13:54:10 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
    DRV:64bit: - [2012/03/09 13:54:09 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
    DRV:64bit: - [2012/03/02 13:23:51 | 000,676,968 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/02/28 17:59:50 | 000,034,232 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
    DRV:64bit: - [2012/02/28 17:59:50 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
    DRV:64bit: - [2012/02/21 13:03:47 | 000,340,072 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
    DRV:64bit: - [2012/01/16 02:01:14 | 000,014,336 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
    DRV:64bit: - [2011/12/14 14:26:56 | 000,060,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (ibtfltcoex)
    DRV:64bit: - [2011/12/13 11:26:20 | 000,747,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
    DRV:64bit: - [2011/12/13 11:26:18 | 000,094,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
    DRV:64bit: - [2011/05/13 03:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
    DRV:64bit: - [2011/05/13 03:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
    DRV:64bit: - [2011/05/13 03:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
    DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 20:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/07/29 00:25:10 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb)
    DRV:64bit: - [2010/03/19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2009/11/03 23:16:10 | 000,019,456 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SiUSBXp.sys -- (SIUSBXP)
    DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 17:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
    DRV:64bit: - [2009/07/13 16:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
    DRV:64bit: - [2009/06/19 19:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
    DRV:64bit: - [2009/06/10 13:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress)
    DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/26 14:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
    DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
    DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    ========== Standard Registry (SafeList) ==========
     
  25. Rwolf01

    Rwolf01 TS Rookie Topic Starter Posts: 91

    OTL.txt (part 2 of 2)


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SNYVDF&pc=MASA&src=IE-SearchBox
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-747785638-1536544367-690633523-1000\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-747785638-1536544367-690633523-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sfgate.com/
    IE - HKU\S-1-5-21-747785638-1536544367-690633523-1001\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-747785638-1536544367-690633523-1001\..\SearchScopes\{AEBA69D8-4D86-4FF2-B8C0-47319A84C524}: "URL" = https://www.google.com/search?q={searchTerms}
    IE - HKU\S-1-5-21-747785638-1536544367-690633523-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-747785638-1536544367-690633523-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=17.0.9.17: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=17.0.9: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=17.0.9: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=17.0.9: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=17.0.9.17: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
    FF - HKLM\Software\MozillaPlugins\@sony.com/ReaderDesktop: C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)
    FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Rwolf02\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Rwolf02\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{53D8DD28-1C83-41F3-B171-C2ED5B3E5DE8}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2014/05/02 22:07:23 | 000,000,000 | ---D | M]


    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:eek:mniboxStartMarginParameter}ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
    CHR - homepage: http://www.google.com/
    CHR - plugin: First user (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
    CHR - plugin: Error reading preferences file
    CHR - Extension: Google Docs = C:\Users\Rwolf02\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\
    CHR - Extension: Google Drive = C:\Users\Rwolf02\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
    CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Rwolf02\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\
    CHR - Extension: YouTube = C:\Users\Rwolf02\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
    CHR - Extension: Google Cast = C:\Users\Rwolf02\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\14.421.1.1_0\
    CHR - Extension: Google Search = C:\Users\Rwolf02\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
    CHR - Extension: RealPlayer Downloader = C:\Users\Rwolf02\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\17.0.9_0\
    CHR - Extension: Google Wallet = C:\Users\Rwolf02\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
    CHR - Extension: Gmail = C:\Users\Rwolf02\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2014/06/16 18:09:20 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)
    O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll File not found
    O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll (Microsoft Corporation.)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
    O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
    O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
    O4 - HKLM..\Run: [PMBVolumeWatcher] c:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Sony Corporation)
    O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
    O4 - HKU\S-1-5-21-747785638-1536544367-690633523-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-747785638-1536544367-690633523-1001..\Run: [HP Officejet 4620 series (NET)] C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
    O4 - HKU\S-1-5-21-747785638-1536544367-690633523-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-747785638-1536544367-690633523-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-747785638-1536544367-690633523-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-747785638-1536544367-690633523-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll (National Instruments Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000011 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll (National Instruments Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000011 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O15 - HKU\S-1-5-21-747785638-1536544367-690633523-1001\..Trusted Domains: garlic.com ([www] http in Trusted sites)
    O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} http://esupport.sony.com/VaioInfo.CAB (VaioInfo.CMClass)
    O16 - DPF: {B8E53531-F29E-4180-AE3E-DF485CC8BE32} http://palumbicam.stanford.edu/JpegInstV4.cab (pmjpegaudioV4 Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6588E2D2-D207-44D2-ACC4-CC6F54BBAC79}: DhcpNameServer = 172.26.38.1 172.26.38.2
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255}: NameServer = 8.8.8.8,8.8.4.4
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
    O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2014/06/16 23:14:41 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
    [2014/06/16 22:34:02 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
    [2014/06/16 22:33:38 | 000,000,000 | ---D | C] -- C:\AdwCleaner
    [2014/06/16 22:33:17 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\Rwolf02\Desktop\JRT.exe
    [2014/06/16 22:33:17 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Rwolf02\Desktop\OTL.exe
    [2014/06/16 20:50:28 | 000,000,000 | ---D | C] -- C:\Users\Rwolf02\AppData\Local\CrashDumps
    [2014/06/16 18:27:58 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2014/06/16 17:50:40 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2014/06/16 17:50:40 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2014/06/16 17:50:39 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2014/06/16 17:50:35 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2014/06/16 17:50:16 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2014/06/16 17:42:52 | 005,206,841 | R--- | C] (Swearware) -- C:\Users\Rwolf02\Desktop\ComboFix.exe
    [2014/06/16 14:54:35 | 000,000,000 | ---D | C] -- C:\Users\Rwolf02\AppData\Roaming\HpUpdate
    [2014/06/16 14:54:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
    [2014/06/16 14:54:13 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
    [2014/06/16 14:54:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
    [2014/06/16 14:54:12 | 000,000,000 | ---D | C] -- C:\Program Files\HP
    [2014/06/16 14:43:30 | 000,000,000 | ---D | C] -- C:\Users\Rwolf02\AppData\Local\HP
    [2014/06/16 12:57:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    [2014/06/16 12:28:12 | 000,000,000 | ---D | C] -- C:\ProgramData\RogueKiller
    [2014/06/15 11:00:18 | 000,000,000 | ---D | C] -- C:\Users\Rwolf02\AppData\Roaming\Oracle
    [2014/06/15 02:14:19 | 000,128,728 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
    [2014/06/15 02:14:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    [2014/06/15 02:14:00 | 000,092,888 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
    [2014/06/15 02:14:00 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
    [2014/06/15 02:14:00 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2014/06/15 02:14:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
    [2014/06/15 02:14:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2014/06/14 21:14:47 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
    [2014/06/12 09:21:42 | 000,000,000 | ---D | C] -- C:\Users\Rwolf02\AppData\Local\Apps
    [2014/06/12 06:22:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
    [2014/06/12 06:22:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Seagate
    [2014/06/11 10:34:30 | 000,000,000 | ---D | C] -- C:\Users\Rwolf02\Documents\My Received Files
    [2014/06/11 09:36:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
    [2014/06/11 09:36:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung
    [2014/06/11 09:34:21 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\SysWow64\Redemption.dll
    [2014/05/23 16:48:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DeepSkyStacker
    [2014/05/23 16:48:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DeepSkyStacker

    ========== Files - Modified Within 30 Days ==========

    [2014/06/16 23:11:46 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2014/06/16 22:56:40 | 000,026,368 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2014/06/16 22:56:40 | 000,026,368 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2014/06/16 22:55:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-747785638-1536544367-690633523-1001UA.job
    [2014/06/16 22:54:36 | 000,876,042 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2014/06/16 22:54:36 | 000,728,806 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2014/06/16 22:54:36 | 000,147,732 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2014/06/16 22:48:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2014/06/16 22:48:02 | 2068,271,103 | -HS- | M] () -- C:\hiberfil.sys
    [2014/06/16 22:36:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2014/06/16 22:34:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2014/06/16 21:54:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rwolf02\Desktop\OTL.exe
    [2014/06/16 21:54:12 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\Rwolf02\Desktop\JRT.exe
    [2014/06/16 21:53:48 | 001,333,465 | ---- | M] () -- C:\Users\Rwolf02\Desktop\adwcleaner_3.212.exe
    [2014/06/16 18:09:20 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2014/06/16 17:42:55 | 005,206,841 | R--- | M] (Swearware) -- C:\Users\Rwolf02\Desktop\ComboFix.exe
    [2014/06/16 15:55:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-747785638-1536544367-690633523-1001Core.job
    [2014/06/16 14:54:08 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini
    [2014/06/16 12:57:44 | 000,128,728 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
    [2014/06/16 12:56:36 | 000,092,888 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
    [2014/06/15 02:14:04 | 000,001,102 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2014/06/14 21:15:23 | 000,524,112 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2014/06/14 21:14:19 | 864,372,962 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2014/06/12 06:23:31 | 000,001,397 | ---- | M] () -- C:\Users\Public\Desktop\SeaTools for Windows.lnk
    [2014/06/11 09:34:20 | 004,659,712 | ---- | M] (Dmitry Streblechenko) -- C:\Windows\SysWow64\Redemption.dll
    [2014/06/05 18:45:43 | 000,395,117 | ---- | M] () -- C:\Users\Rwolf02\Desktop\Cal_Covering_1Q_14.pdf
    [2014/05/23 16:48:06 | 000,002,591 | ---- | M] () -- C:\Users\Public\Desktop\DeepSkyStacker.lnk
    [2014/05/20 00:53:32 | 000,130,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
    [2014/05/20 00:53:32 | 000,112,080 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys

    ========== Files Created - No Company Name ==========

    [2014/06/16 22:26:31 | 001,333,465 | ---- | C] () -- C:\Users\Rwolf02\Desktop\adwcleaner_3.212.exe
    [2014/06/16 17:50:40 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2014/06/16 17:50:40 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2014/06/16 17:50:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2014/06/16 17:50:40 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2014/06/16 17:50:40 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2014/06/16 14:54:51 | 000,000,962 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
    [2014/06/16 14:54:08 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
    [2014/06/15 02:14:04 | 000,001,102 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2014/06/14 21:14:19 | 864,372,962 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2014/06/12 06:23:31 | 000,001,397 | ---- | C] () -- C:\Users\Public\Desktop\SeaTools for Windows.lnk
    [2014/06/05 18:45:43 | 000,395,117 | ---- | C] () -- C:\Users\Rwolf02\Desktop\Cal_Covering_1Q_14.pdf
    [2014/05/23 16:48:06 | 000,002,591 | ---- | C] () -- C:\Users\Public\Desktop\DeepSkyStacker.lnk
    [2014/02/24 14:52:28 | 000,007,656 | ---- | C] () -- C:\Users\Rwolf02\AppData\Local\Resmon.ResmonCfg
    [2012/11/09 03:46:21 | 000,044,221 | ---- | C] () -- C:\Users\Rwolf02\AppData\Local\RAContactHistory.xml
    [2012/08/10 17:39:36 | 000,006,472 | ---- | C] () -- C:\Windows\Icoadb32.dat
    [2012/08/10 17:39:36 | 000,000,064 | ---- | C] () -- C:\Windows\QBWCD.INI
    [2012/08/10 17:26:01 | 000,676,224 | ---- | C] () -- C:\Windows\SysWow64\OGACheckControl.DLL
    [2012/08/10 15:48:00 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dll

    ========== ZeroAccess Check ==========

    [2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 19:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 19:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2013/07/04 19:02:30 | 000,000,000 | ---D | M] -- C:\Users\Rwolf02\AppData\Roaming\Autodesk
    [2013/09/29 18:17:07 | 000,000,000 | ---D | M] -- C:\Users\Rwolf02\AppData\Roaming\chc
    [2012/08/22 13:48:01 | 000,000,000 | ---D | M] -- C:\Users\Rwolf02\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2013/10/14 05:31:21 | 000,000,000 | ---D | M] -- C:\Users\Rwolf02\AppData\Roaming\GARMIN
    [2013/09/09 10:13:14 | 000,000,000 | ---D | M] -- C:\Users\Rwolf02\AppData\Roaming\GoPro
    [2012/08/10 16:50:01 | 000,000,000 | ---D | M] -- C:\Users\Rwolf02\AppData\Roaming\iolo
    [2012/11/19 01:51:11 | 000,000,000 | ---D | M] -- C:\Users\Rwolf02\AppData\Roaming\MultiDeco
    [2013/03/20 03:22:32 | 000,000,000 | ---D | M] -- C:\Users\Rwolf02\AppData\Roaming\Neat
    [2012/08/18 02:09:38 | 000,000,000 | ---D | M] -- C:\Users\Rwolf02\AppData\Roaming\No Company Name
    [2013/03/20 03:22:29 | 000,000,000 | ---D | M] -- C:\Users\Rwolf02\AppData\Roaming\Nuance
    [2014/06/15 11:00:18 | 000,000,000 | ---D | M] -- C:\Users\Rwolf02\AppData\Roaming\Oracle
    [2012/11/09 03:46:10 | 000,000,000 | ---D | M] -- C:\Users\Rwolf02\AppData\Roaming\PeerNetworking
    [2014/05/14 17:00:11 | 000,000,000 | ---D | M] -- C:\Users\Rwolf02\AppData\Roaming\PrimoPDF
    [2014/02/23 19:52:49 | 000,000,000 | ---D | M] -- C:\Users\Rwolf02\AppData\Roaming\Windows Live Writer

    ========== Purity Check ==========



    ========== Files - Unicode (All) ==========
    [2013/11/22 18:00:45 | 105,792,079 | ---- | M] ()(C:\Windows\SysWow64\???V) -- C:\Windows\SysWow64\쓃ϔ荜V
    [2013/11/14 12:58:56 | 105,792,079 | ---- | C] ()(C:\Windows\SysWow64\???V) -- C:\Windows\SysWow64\쓃ϔ荜V
    [2013/11/09 14:25:13 | 103,387,443 | ---- | M] ()(C:\Windows\SysWow64\???§) -- C:\Windows\SysWow64\൷풚荜§
    [2013/10/28 01:46:02 | 103,387,443 | ---- | C] ()(C:\Windows\SysWow64\???§) -- C:\Windows\SysWow64\൷풚荜§
    [2013/09/23 21:23:04 | 098,843,276 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\佤葤‘
    [2013/09/23 21:23:04 | 098,843,276 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\佤葤‘
    [2013/09/14 15:15:53 | 097,600,188 | ---- | M] ()(C:\Windows\SysWow64\???) -- C:\Windows\SysWow64\Ӫⷍ葤
    [2013/09/12 15:39:10 | 097,600,188 | ---- | C] ()(C:\Windows\SysWow64\???) -- C:\Windows\SysWow64\Ӫⷍ葤
    < End of report >
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.