Solved Win7Pro64 system suffered BSOD in IE Malware?

R

Rwolf01

Posts: 127   +0
Greetings wizards!

I suffered a BSOD (Blue Screen of Death) while reading the news at sfgate.com. If was preceded by a pop-up telling me that IE had stopped working and gave me the choice to debug or close the application. (This I see every other day or so) The BSOD happened as soon as I clicked 'close'.

To recover I ran CHKDSK, which found & corrected a few minor problems. I then updated and ran an Avira virus scan, which did not find anything unusual. (there are some old false-positives in some diagnostic binaries I got from a reliable source)

I then ran MalwareBytes which found "OpenCandy" in a downloadable Codec package. I accepted the quarantine recommendations for that.

Finally I ran DDS, as instructed in the 4-steps starting point.

The logs push me over the 50k limit, so I'll post them as separate replies.

As always, thank you for being here and dispensing your wisdom to the huddled unwashed masses, yearning to be free....
 
====================| Avira System Scan Log |=====================


Avira Antivirus Suite
Report file date: Sunday, June 15, 2014 02:04

The program is running as an unrestricted full version.
Online services are available.
Licensee : Ralph Wolf
Serial number : 2222585904-PEPWM-0000003
Platform : Windows 7 Professional
Windows version : (Service Pack 1) [6.1.7601]
Boot mode : Normally booted
Username : SYSTEM
Computer name : RWOLF02
Version information:
BUILD.DAT : 14.0.4.672 93716 Bytes 5/27/2014 17:59:00
AVSCAN.EXE : 14.0.4.632 1030736 Bytes 5/20/2014 07:53:37
AVSCANRC.DLL : 14.0.4.620 52304 Bytes 5/20/2014 07:53:37
LUKE.DLL : 14.0.4.620 57936 Bytes 5/20/2014 07:53:55
AVSCPLR.DLL : 14.0.4.620 89680 Bytes 5/20/2014 07:53:37
AVREG.DLL : 14.0.4.632 261200 Bytes 5/20/2014 07:53:35
avlode.dll : 14.0.4.638 583760 Bytes 5/20/2014 07:53:33
avlode.rdf : 14.0.4.22 64276 Bytes 5/15/2014 13:58:29
XBV00008.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:00:42
XBV00009.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:00:42
XBV00010.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:00:42
XBV00011.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:00:42
XBV00012.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:00:42
XBV00013.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:00:42
XBV00014.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:00:42
XBV00015.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:00:42
XBV00016.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:00:42
XBV00017.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:00:42
XBV00018.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:00:42
XBV00019.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:00:43
XBV00020.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:00:43
XBV00021.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:00:43
XBV00022.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:00:43
XBV00023.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:00:43
XBV00024.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:00:43
XBV00025.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:00:43
XBV00026.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:00:43
XBV00027.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:00:43
XBV00028.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:00:43
XBV00029.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:00:43
XBV00030.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:00:43
XBV00031.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:00:43
XBV00032.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:00:44
XBV00033.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:00:44
XBV00034.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:00:44
XBV00035.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:00:44
XBV00036.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:00:44
XBV00037.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:00:44
XBV00038.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:00:44
XBV00039.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:00:44
XBV00040.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:00:44
XBV00041.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:00:44
XBV00098.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:00:59
XBV00099.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:00:59
XBV00100.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:00:59
XBV00101.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:00:59
XBV00102.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:00:59
XBV00103.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:00:59
XBV00104.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:00:59
XBV00105.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:00:59
XBV00106.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:00:59
XBV00107.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:00:59
XBV00108.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:00:59
XBV00109.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:00:59
XBV00110.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:00:59
XBV00111.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:01
XBV00112.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:01
XBV00113.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:02
XBV00114.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:02
XBV00115.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:02
XBV00116.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:02
XBV00117.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:02
XBV00118.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:02
XBV00119.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:02
XBV00120.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:02
XBV00121.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:02
XBV00122.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:02
XBV00123.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:02
XBV00124.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:02
XBV00125.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:02
XBV00126.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:02
XBV00127.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:02
XBV00128.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:03
XBV00129.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:03
XBV00130.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:03
XBV00131.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:03
XBV00132.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:03
XBV00133.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:03
XBV00134.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:03
XBV00135.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:03
XBV00136.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:03
XBV00137.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:03
XBV00138.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:03
XBV00139.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:03
XBV00140.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:03
XBV00141.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:03
XBV00142.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:03
XBV00143.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:04
XBV00144.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:04
XBV00145.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:04
XBV00146.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:04
XBV00147.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:04
XBV00148.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:04
XBV00149.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:04
XBV00150.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:04
XBV00151.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:04
XBV00152.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:04
XBV00153.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:04
XBV00154.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:04
XBV00155.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:04
XBV00156.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:04
XBV00157.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:04
XBV00158.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:05
XBV00159.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:05
XBV00160.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:05
XBV00161.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:05
XBV00162.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:05
XBV00163.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:05
XBV00164.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:05
XBV00165.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:05
XBV00166.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:05
XBV00167.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:05
XBV00168.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:05
XBV00169.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:05
XBV00170.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:05
XBV00171.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:05
XBV00172.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:05
XBV00173.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:05
XBV00174.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:06
XBV00175.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:06
XBV00176.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:06
XBV00177.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:06
XBV00178.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:06
XBV00179.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:06
XBV00180.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:06
XBV00181.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:06
XBV00182.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:06
XBV00183.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:06
XBV00184.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:06
XBV00185.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:06
XBV00186.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:06
XBV00187.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:06
XBV00188.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:06
XBV00189.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:07
XBV00190.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:07
XBV00191.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:07
XBV00192.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:07
XBV00193.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:07
XBV00194.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:07
XBV00195.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:07
XBV00196.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:07
XBV00197.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:07
XBV00198.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:07
XBV00199.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:07
XBV00200.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:07
XBV00201.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:07
XBV00202.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:07
XBV00203.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:07
XBV00204.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:08
XBV00205.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:08
XBV00206.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:08
XBV00207.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:08
XBV00208.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:08
XBV00209.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:08
XBV00210.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:08
XBV00211.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:08
XBV00212.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:08
XBV00213.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:08
XBV00214.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:08
XBV00215.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:08
XBV00216.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:08
XBV00217.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:08
XBV00218.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:08
XBV00219.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:09
XBV00220.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:09
XBV00221.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:09
XBV00222.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:09
XBV00223.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:09
XBV00224.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:09
XBV00225.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:09
XBV00226.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:09
XBV00227.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:09
XBV00228.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:09
XBV00229.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:09
XBV00230.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:10
XBV00231.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:10
XBV00232.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:10
XBV00233.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:10
XBV00234.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:10
XBV00235.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:10
XBV00236.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:10
XBV00237.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:10
XBV00238.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:10
XBV00239.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:10
XBV00240.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:10
XBV00241.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:11
XBV00242.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:12
XBV00243.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:12
XBV00244.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:12
XBV00245.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:12
XBV00246.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:12
XBV00247.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:12
XBV00248.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:12
XBV00249.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:12
XBV00250.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:12
XBV00251.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:12
XBV00252.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:12
XBV00253.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:12
XBV00254.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:12
XBV00255.VDF : 8.11.153.142 2048 Bytes 6/6/2014 10:01:12
XBV00000.VDF : 7.11.70.0 66736640 Bytes 4/4/2013 09:27:05
XBV00001.VDF : 7.11.74.226 2201600 Bytes 4/30/2013 10:00:53
XBV00002.VDF : 7.11.80.60 2751488 Bytes 5/28/2013 09:45:21
XBV00003.VDF : 7.11.85.214 2162688 Bytes 6/21/2013 12:57:22
XBV00004.VDF : 7.11.91.176 3903488 Bytes 7/23/2013 10:27:03
XBV00005.VDF : 7.11.98.186 6822912 Bytes 8/29/2013 08:46:00
XBV00006.VDF : 7.11.139.38 15708672 Bytes 3/27/2014 11:54:35
XBV00007.VDF : 7.11.152.100 4193792 Bytes 6/2/2014 12:05:37
XBV00042.VDF : 8.11.153.142 710656 Bytes 6/6/2014 10:00:45
XBV00043.VDF : 8.11.153.146 297472 Bytes 6/6/2014 10:00:46
XBV00044.VDF : 8.11.153.148 32256 Bytes 6/6/2014 10:00:46
XBV00045.VDF : 8.11.153.150 2048 Bytes 6/6/2014 10:00:46
XBV00046.VDF : 8.11.153.156 43008 Bytes 6/6/2014 10:00:46
XBV00047.VDF : 8.11.153.176 2048 Bytes 6/6/2014 10:00:46
XBV00048.VDF : 8.11.153.178 2048 Bytes 6/7/2014 10:00:46
XBV00049.VDF : 8.11.153.196 27648 Bytes 6/7/2014 10:00:46
XBV00050.VDF : 8.11.153.214 4096 Bytes 6/7/2014 10:00:46
XBV00051.VDF : 8.11.153.218 26624 Bytes 6/7/2014 10:00:47
XBV00052.VDF : 8.11.153.220 2048 Bytes 6/7/2014 10:00:47
XBV00053.VDF : 8.11.153.222 43520 Bytes 6/8/2014 10:00:47
XBV00054.VDF : 8.11.153.226 2048 Bytes 6/8/2014 10:00:47
XBV00055.VDF : 8.11.153.230 37376 Bytes 6/8/2014 10:00:47
XBV00056.VDF : 8.11.153.232 2048 Bytes 6/8/2014 10:00:47
XBV00057.VDF : 8.11.153.234 33792 Bytes 6/9/2014 10:00:47
XBV00058.VDF : 8.11.153.236 2048 Bytes 6/9/2014 10:00:47
XBV00059.VDF : 8.11.153.238 17920 Bytes 6/9/2014 10:00:47
XBV00060.VDF : 8.11.153.240 4608 Bytes 6/9/2014 10:00:53
XBV00061.VDF : 8.11.153.242 3584 Bytes 6/9/2014 10:00:53
XBV00062.VDF : 8.11.153.244 4608 Bytes 6/9/2014 10:00:53
XBV00063.VDF : 8.11.153.246 2048 Bytes 6/9/2014 10:00:54
XBV00064.VDF : 8.11.154.8 11776 Bytes 6/10/2014 10:00:54
XBV00065.VDF : 8.11.154.26 2048 Bytes 6/10/2014 10:00:54
XBV00066.VDF : 8.11.154.44 2560 Bytes 6/10/2014 10:00:54
XBV00067.VDF : 8.11.154.46 253440 Bytes 6/10/2014 10:00:55
XBV00068.VDF : 8.11.154.58 293888 Bytes 6/10/2014 10:00:55
XBV00069.VDF : 8.11.154.60 12288 Bytes 6/10/2014 10:00:55
XBV00070.VDF : 8.11.154.66 9728 Bytes 6/10/2014 10:00:55
XBV00071.VDF : 8.11.154.68 93184 Bytes 6/11/2014 10:00:56
XBV00072.VDF : 8.11.154.86 31232 Bytes 6/11/2014 10:00:56
XBV00073.VDF : 8.11.154.102 4096 Bytes 6/11/2014 10:00:56
XBV00074.VDF : 8.11.154.122 135168 Bytes 6/11/2014 10:00:56
XBV00075.VDF : 8.11.154.126 17408 Bytes 6/11/2014 10:00:57
XBV00076.VDF : 8.11.154.128 139264 Bytes 6/11/2014 10:00:57
XBV00077.VDF : 8.11.154.130 4608 Bytes 6/11/2014 10:00:57
XBV00078.VDF : 8.11.154.134 10752 Bytes 6/11/2014 10:00:57
XBV00079.VDF : 8.11.154.136 8192 Bytes 6/11/2014 10:00:57
XBV00080.VDF : 8.11.154.142 171520 Bytes 6/12/2014 10:00:57
XBV00081.VDF : 8.11.154.144 7168 Bytes 6/12/2014 10:00:58
XBV00082.VDF : 8.11.154.146 153600 Bytes 6/12/2014 14:00:25
XBV00083.VDF : 8.11.154.150 2048 Bytes 6/12/2014 14:00:25
XBV00084.VDF : 8.11.154.152 19968 Bytes 6/12/2014 14:00:25
XBV00085.VDF : 8.11.154.156 138240 Bytes 6/12/2014 18:00:33
XBV00086.VDF : 8.11.154.158 2048 Bytes 6/12/2014 18:00:34
XBV00087.VDF : 8.11.154.162 4096 Bytes 6/12/2014 22:00:31
XBV00088.VDF : 8.11.154.166 183808 Bytes 6/13/2014 10:00:32
XBV00089.VDF : 8.11.154.168 2048 Bytes 6/13/2014 10:00:33
XBV00090.VDF : 8.11.154.184 18432 Bytes 6/13/2014 12:00:28
XBV00091.VDF : 8.11.154.200 19456 Bytes 6/13/2014 14:00:27
XBV00092.VDF : 8.11.154.218 54272 Bytes 6/13/2014 18:00:34
XBV00093.VDF : 8.11.154.220 171008 Bytes 6/14/2014 12:00:36
XBV00094.VDF : 8.11.154.222 2048 Bytes 6/14/2014 12:00:36
XBV00095.VDF : 8.11.154.226 142848 Bytes 6/14/2014 16:00:30
XBV00096.VDF : 8.11.154.228 2048 Bytes 6/14/2014 18:00:37
XBV00097.VDF : 8.11.154.230 2048 Bytes 6/14/2014 18:00:37
LOCAL000.VDF : 8.11.154.230 106263040 Bytes 6/14/2014 18:00:47
Engine version : 8.3.20.10
AEVDF.DLL : 8.3.0.4 118976 Bytes 3/20/2014 15:53:43
AESCRIPT.DLL : 8.1.4.212 528584 Bytes 6/13/2014 10:00:32
AESCN.DLL : 8.3.1.2 135360 Bytes 5/28/2014 16:03:36
AESBX.DLL : 8.2.20.24 1409224 Bytes 5/8/2014 13:20:37
AERDL.DLL : 8.2.0.138 704888 Bytes 12/2/2013 13:56:26
AEPACK.DLL : 8.4.0.24 778440 Bytes 5/13/2014 14:35:36
AEOFFICE.DLL : 8.3.0.4 205000 Bytes 4/17/2014 15:23:09
AEHEUR.DLL : 8.1.4.1112 6738120 Bytes 6/13/2014 10:00:32
AEHELP.DLL : 8.3.1.0 278728 Bytes 5/28/2014 16:03:31
AEGEN.DLL : 8.1.7.28 450752 Bytes 6/6/2014 10:05:33
AEEXP.DLL : 8.4.2.2 237760 Bytes 6/4/2014 14:05:32
AEEMU.DLL : 8.1.3.2 393587 Bytes 8/28/2012 18:07:28
AEDROID.DLL : 8.4.2.24 442568 Bytes 6/4/2014 14:05:33
AECORE.DLL : 8.3.1.4 241864 Bytes 6/6/2014 10:05:33
AEBB.DLL : 8.1.1.4 53619 Bytes 11/5/2012 15:32:13
AVWINLL.DLL : 14.0.4.620 24144 Bytes 5/20/2014 07:53:28
AVPREF.DLL : 14.0.4.632 50256 Bytes 5/20/2014 07:53:34
AVREP.DLL : 14.0.4.620 219216 Bytes 5/20/2014 07:53:35
AVARKT.DLL : 14.0.4.632 225872 Bytes 5/20/2014 07:53:29
AVEVTLOG.DLL : 14.0.4.620 182352 Bytes 5/20/2014 07:53:31
SQLITE3.DLL : 14.0.4.620 452176 Bytes 5/20/2014 07:54:00
AVSMTP.DLL : 14.0.4.620 76368 Bytes 5/20/2014 07:53:38
NETNT.DLL : 14.0.4.620 13392 Bytes 5/20/2014 07:53:55
RCIMAGE.DLL : 14.0.4.620 4786256 Bytes 5/20/2014 07:53:28
RCTEXT.DLL : 14.0.4.620 72784 Bytes 5/20/2014 07:53:28
Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\program files (x86)\avira\antivir desktop\sysscan.avp
Reporting...........................: default
Primary action......................: Interactive
Secondary action....................: Ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Limit recursion depth...............: 20
Smart extensions....................: on
Macrovirus heuristic................: on
File heuristic......................: extended
Start of the scan: Sunday, June 15, 2014 02:04
Start scanning boot sectors:
Boot sector 'HDD0(C:)'
[INFO] No virus was found!
Starting search for hidden objects.
Error in ARK library
The scan of running processes will be started:
Scan process 'svchost.exe' - '53' Module(s) have been scanned
Scan process 'VPDAgent_x64.exe' - '21' Module(s) have been scanned
Scan process 'nvvsvc.exe' - '36' Module(s) have been scanned
Scan process 'svchost.exe' - '40' Module(s) have been scanned
Scan process 'svchost.exe' - '104' Module(s) have been scanned
Scan process 'svchost.exe' - '120' Module(s) have been scanned
Scan process 'svchost.exe' - '91' Module(s) have been scanned
Scan process 'svchost.exe' - '160' Module(s) have been scanned
Scan process 'svchost.exe' - '29' Module(s) have been scanned
Scan process 'svchost.exe' - '99' Module(s) have been scanned
Scan process 'spoolsv.exe' - '100' Module(s) have been scanned
Scan process 'sched.exe' - '60' Module(s) have been scanned
Scan process 'nvxdsync.exe' - '55' Module(s) have been scanned
Scan process 'nvvsvc.exe' - '67' Module(s) have been scanned
Scan process 'svchost.exe' - '64' Module(s) have been scanned
Scan process 'ActiveDelayDeviceService.exe' - '34' Module(s) have been scanned
Scan process 'avguard.exe' - '109' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '74' Module(s) have been scanned
Scan process 'WLANExt.exe' - '81' Module(s) have been scanned
Scan process 'conhost.exe' - '17' Module(s) have been scanned
Scan process 'devmonsrv.exe' - '40' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '37' Module(s) have been scanned
Scan process 'svchost.exe' - '34' Module(s) have been scanned
Scan process 'E_S40STB.EXE' - '22' Module(s) have been scanned
Scan process 'E_S40RPB.EXE' - '18' Module(s) have been scanned
Scan process 'EvtEng.exe' - '66' Module(s) have been scanned
Scan process 'svchost.exe' - '81' Module(s) have been scanned
Scan process 'HeciServer.exe' - '28' Module(s) have been scanned
Scan process 'IntelMeFWService.exe' - '26' Module(s) have been scanned
Scan process 'jhi_service.exe' - '49' Module(s) have been scanned
Scan process 'lkads.exe' - '55' Module(s) have been scanned
Scan process 'sqlservr.exe' - '62' Module(s) have been scanned
Scan process 'nimxs.exe' - '60' Module(s) have been scanned
Scan process 'NeatStartupService.exe' - '50' Module(s) have been scanned
Scan process 'nidmsrv.exe' - '55' Module(s) have been scanned
Scan process 'SystemWebServer.exe' - '105' Module(s) have been scanned
Scan process 'tagsrv.exe' - '75' Module(s) have been scanned
Scan process 'Oasis2Service.exe' - '141' Module(s) have been scanned
Scan process 'PMBDeviceInfoProvider.exe' - '34' Module(s) have been scanned
Scan process 'rndlresolversvc.exe' - '26' Module(s) have been scanned
Scan process 'rpdsvc.exe' - '86' Module(s) have been scanned
Scan process 'avshadow.exe' - '29' Module(s) have been scanned
Scan process 'RealPlayerUpdateSvc.exe' - '58' Module(s) have been scanned
Scan process 'RegSrvc.exe' - '36' Module(s) have been scanned
Scan process 'sqlwriter.exe' - '34' Module(s) have been scanned
Scan process 'VESMgr.exe' - '42' Module(s) have been scanned
Scan process 'WLIDSVC.EXE' - '81' Module(s) have been scanned
Scan process 'VESMgrSub.exe' - '66' Module(s) have been scanned
Scan process 'VESMgrSub.exe' - '73' Module(s) have been scanned
Scan process 'ZeroConfigService.exe' - '85' Module(s) have been scanned
Scan process 'DllHost.exe' - '45' Module(s) have been scanned
Scan process 'unsecapp.exe' - '28' Module(s) have been scanned
Scan process 'obexsrv.exe' - '41' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '49' Module(s) have been scanned
Scan process 'DllHost.exe' - '40' Module(s) have been scanned
Scan process 'lkcitdl.exe' - '58' Module(s) have been scanned
Scan process 'lktsrv.exe' - '57' Module(s) have been scanned
Scan process 'ApplicationWebServer.exe' - '59' Module(s) have been scanned
Scan process 'nimdnsResponder.exe' - '63' Module(s) have been scanned
Scan process 'niDiscSvc.exe' - '46' Module(s) have been scanned
Scan process 'WLIDSvcM.exe' - '18' Module(s) have been scanned
Scan process 'avmailc.exe' - '44' Module(s) have been scanned
Scan process 'AVWEBGRD.EXE' - '68' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '63' Module(s) have been scanned
Scan process 'svchost.exe' - '39' Module(s) have been scanned
Scan process 'PhotoshopElementsFileAgent.exe' - '33' Module(s) have been scanned
Scan process 'BTHSAmpPalService.exe' - '21' Module(s) have been scanned
Scan process 'BTHSSecurityMgr.exe' - '46' Module(s) have been scanned
Scan process 'esrv_svc.exe' - '55' Module(s) have been scanned
Scan process 'IAStorDataMgrSvc.exe' - '55' Module(s) have been scanned
Scan process 'GoogleCrashHandler.exe' - '35' Module(s) have been scanned
Scan process 'GoogleCrashHandler64.exe' - '30' Module(s) have been scanned
Scan process 'RIconMan.exe' - '34' Module(s) have been scanned
Scan process 'LMS.exe' - '34' Module(s) have been scanned
Scan process 'daemonu.exe' - '80' Module(s) have been scanned
Scan process 'VCPerfService.exe' - '43' Module(s) have been scanned
Scan process 'uCamMonitor.exe' - '34' Module(s) have been scanned
Scan process 'SPMService.exe' - '64' Module(s) have been scanned
Scan process 'VSNService.exe' - '58' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '121' Module(s) have been scanned
Scan process 'taskeng.exe' - '29' Module(s) have been scanned
Scan process 'vim.exe' - '60' Module(s) have been scanned
Scan process 'UNS.exe' - '65' Module(s) have been scanned
Scan process 'taskeng.exe' - '34' Module(s) have been scanned
Scan process 'VSNClient.exe' - '70' Module(s) have been scanned
Scan process 'VESGfxMgr.exe' - '27' Module(s) have been scanned
Scan process 'rundll32.exe' - '27' Module(s) have been scanned
Scan process 'Dwm.exe' - '38' Module(s) have been scanned
Scan process 'Explorer.EXE' - '200' Module(s) have been scanned
Scan process 'taskhost.exe' - '60' Module(s) have been scanned
Scan process 'igfxext.exe' - '24' Module(s) have been scanned
Scan process 'igfxsrvc.exe' - '30' Module(s) have been scanned
Scan process 'RAVBg64.exe' - '42' Module(s) have been scanned
Scan process 'RAVBg64.exe' - '42' Module(s) have been scanned
Scan process 'igfxtray.exe' - '28' Module(s) have been scanned
Scan process 'hkcmd.exe' - '26' Module(s) have been scanned
Scan process 'igfxpers.exe' - '39' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '47' Module(s) have been scanned
Scan process 'GoogleUpdate.exe' - '57' Module(s) have been scanned
Scan process 'rpsystray.exe' - '24' Module(s) have been scanned
Scan process 'iusb3mon.exe' - '35' Module(s) have been scanned
Scan process 'ISBMgr.exe' - '46' Module(s) have been scanned
Scan process 'PMBVolumeWatcher.exe' - '68' Module(s) have been scanned
Scan process 'avgnt.exe' - '126' Module(s) have been scanned
Scan process 'jusched.exe' - '36' Module(s) have been scanned
Scan process 'realsched.exe' - '39' Module(s) have been scanned
Scan process 'SYNTPHELPER.EXE' - '17' Module(s) have been scanned
Scan process 'nvtray.exe' - '59' Module(s) have been scanned
Scan process 'svchost.exe' - '62' Module(s) have been scanned
Scan process 'NOTEPAD.EXE' - '30' Module(s) have been scanned
Scan process 'listener.exe' - '26' Module(s) have been scanned
Scan process 'DllHost.exe' - '46' Module(s) have been scanned
Scan process 'esrv.exe' - '48' Module(s) have been scanned
Scan process 'conhost.exe' - '17' Module(s) have been scanned
Scan process 'SPMgr.exe' - '65' Module(s) have been scanned
Scan process 'taskeng.exe' - '34' Module(s) have been scanned
Scan process 'KeyboardShortcuts.exe' - '109' Module(s) have been scanned
Scan process 'IAStorIcon.exe' - '56' Module(s) have been scanned
Scan process 'VCSystemTray.exe' - '141' Module(s) have been scanned
Scan process 'VCService.exe' - '36' Module(s) have been scanned
Scan process 'VCAgent.exe' - '171' Module(s) have been scanned
Scan process 'vds.exe' - '62' Module(s) have been scanned
Scan process 'VCAdmin.exe' - '145' Module(s) have been scanned
Scan process 'vim.exe' - '64' Module(s) have been scanned
Scan process 'svchost.exe' - '29' Module(s) have been scanned
Scan process 'iexplore.exe' - '104' Module(s) have been scanned
Scan process 'IEXPLORE.EXE' - '133' Module(s) have been scanned
Scan process 'FlashUtil64_13_0_0_214_ActiveX.exe' - '67' Module(s) have been scanned
Scan process 'avcenter.exe' - '126' Module(s) have been scanned
Scan process 'avscan.exe' - '127' Module(s) have been scanned
Scan process 'vssvc.exe' - '48' Module(s) have been scanned
Scan process 'svchost.exe' - '29' Module(s) have been scanned
Scan process 'IEXPLORE.EXE' - '107' Module(s) have been scanned
Scan process 'SearchProtocolHost.exe' - '38' Module(s) have been scanned
Scan process 'SearchFilterHost.exe' - '29' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned
Scan process 'csrss.exe' - '18' Module(s) have been scanned
Scan process 'csrss.exe' - '18' Module(s) have been scanned
Scan process 'wininit.exe' - '27' Module(s) have been scanned
Scan process 'winlogon.exe' - '32' Module(s) have been scanned
Scan process 'services.exe' - '37' Module(s) have been scanned
Scan process 'lsass.exe' - '76' Module(s) have been scanned
Scan process 'lsm.exe' - '31' Module(s) have been scanned
Starting to scan executable files (registry):
The registry was scanned ( '2868' files ).

Starting the file scan:
Begin scan in 'C:\'
[0] Archive type: NSIS
--> ProgramFilesDir/winusbcoinstaller2.dll
[1] Archive type: RSRC
--> C:\MyDocs\orion\CmnUtils\DiagUtils\zlib128.zip
[2] Archive type: ZIP
--> zlib-1.2.8/contrib/dotzlib/DotZLib.chm
[3] Archive type: CHM
--> #IDXHDR
[WARNING] The file could not be read!
--> #TOPICS
[WARNING] The file could not be read!
--> #URLTBL
[WARNING] The file could not be read!
--> #URLSTR
[WARNING] The file could not be read!
--> #STRINGS
[WARNING] The file could not be read!
--> C:\MyDocs\orion\CmnUtils\DiagUtils\zlib128\zlib-1.2.8\contrib\dotzlib\DotZLib.chm
[2] Archive type: CHM
--> #IDXHDR
[WARNING] The file could not be read!
--> #TOPICS
[WARNING] The file could not be read!
--> #URLTBL
[WARNING] The file could not be read!
--> #URLSTR
[WARNING] The file could not be read!
--> #STRINGS
[WARNING] The file could not be read!
--> C:\MyDocs\Personal\Diving-Personal\TechDiving\Liquivision\album.zip
[2] Archive type: ZIP
--> V5.5 (SN 3401 +) General Utility Software - OMNITEST 6.04/erase_X1_program.exe
[DETECTION] Is the TR/Buzus.isqza Trojan
[WARNING] Infected files in archives cannot be repaired
--> V5.5 (SN 3401 +) General Utility Software - OMNITEST 6.04/Public_OMNITEST_Software_v6_04.zzz
[3] Archive type: ZIP
--> erase_X1_program.exe
[DETECTION] Is the TR/Buzus.isqza Trojan
[WARNING] Infected files in archives cannot be repaired
--> V5.5 (SN 3401 +) General Utility Software - OMNITEST 6.04/V5.5 General Utility Software - OMNITEST 6.04.zzz
[3] Archive type: ZIP
--> Public_OMNITEST_Software_v6_04.zzz
[4] Archive type: ZIP
--> erase_X1_program.exe
[DETECTION] Is the TR/Buzus.isqza Trojan
[WARNING] Infected files in archives cannot be repaired
--> erase_X1_program.exe
[DETECTION] Is the TR/Buzus.isqza Trojan
[WARNING] Infected files in archives cannot be repaired
C:\MyDocs\Personal\Diving-Personal\TechDiving\Liquivision\album.zip
[DETECTION] Is the TR/Buzus.isqza Trojan
--> C:\MyDocs\Personal\Diving-Personal\TechDiving\Liquivision\X1_V5_5_Diagnostic_SoftwareTake2.zip
[2] Archive type: ZIP
--> X1_V5_5_Diagnostic_Software/erase_X1_program.exe
[DETECTION] Is the TR/Buzus.isqza Trojan
[WARNING] Infected files in archives cannot be repaired
C:\MyDocs\Personal\Diving-Personal\TechDiving\Liquivision\X1_V5_5_Diagnostic_SoftwareTake2.zip
[DETECTION] Is the TR/Buzus.isqza Trojan
C:\MyDocs\Personal\Diving-Personal\TechDiving\Liquivision\album\V5.5 (SN 3401 +) General Utility Software - OMNITEST 6.04\erase_X1_program.exe
[DETECTION] Is the TR/Gendal.KD.371745 Trojan
--> C:\MyDocs\Personal\Diving-Personal\TechDiving\Liquivision\album\V5.5 (SN 3401 +) General Utility Software - OMNITEST 6.04\Public_OMNITEST_Software_v6_04.zip
[2] Archive type: ZIP
--> erase_X1_program.exe
[DETECTION] Is the TR/Buzus.isqza Trojan
[WARNING] Infected files in archives cannot be repaired
C:\MyDocs\Personal\Diving-Personal\TechDiving\Liquivision\album\V5.5 (SN 3401 +) General Utility Software - OMNITEST 6.04\Public_OMNITEST_Software_v6_04.zip
[DETECTION] Is the TR/Buzus.isqza Trojan
--> C:\MyDocs\Personal\Diving-Personal\TechDiving\Liquivision\album\V5.5 (SN 3401 +) General Utility Software - OMNITEST 6.04\V5.5 General Utility Software - OMNITEST 6.04.zip
[2] Archive type: ZIP
--> Public_OMNITEST_Software_v6_04.zzz
[3] Archive type: ZIP
--> erase_X1_program.exe
[DETECTION] Is the TR/Buzus.isqza Trojan
[WARNING] Infected files in archives cannot be repaired
--> erase_X1_program.exe
[DETECTION] Is the TR/Buzus.isqza Trojan
[WARNING] Infected files in archives cannot be repaired
C:\MyDocs\Personal\Diving-Personal\TechDiving\Liquivision\album\V5.5 (SN 3401 +) General Utility Software - OMNITEST 6.04\V5.5 General Utility Software - OMNITEST 6.04.zip
[DETECTION] Is the TR/Buzus.isqza Trojan
Beginning disinfection:
C:\MyDocs\Personal\Diving-Personal\TechDiving\Liquivision\album\V5.5 (SN 3401 +) General Utility Software - OMNITEST 6.04\V5.5 General Utility Software - OMNITEST 6.04.zip
[DETECTION] Is the TR/Buzus.isqza Trojan
[WARNING] The file was ignored.
C:\MyDocs\Personal\Diving-Personal\TechDiving\Liquivision\album\V5.5 (SN 3401 +) General Utility Software - OMNITEST 6.04\Public_OMNITEST_Software_v6_04.zip
[DETECTION] Is the TR/Buzus.isqza Trojan
[WARNING] The file was ignored.
C:\MyDocs\Personal\Diving-Personal\TechDiving\Liquivision\album\V5.5 (SN 3401 +) General Utility Software - OMNITEST 6.04\erase_X1_program.exe
[DETECTION] Is the TR/Gendal.KD.371745 Trojan
[WARNING] The file was ignored.
C:\MyDocs\Personal\Diving-Personal\TechDiving\Liquivision\X1_V5_5_Diagnostic_SoftwareTake2.zip
[DETECTION] Is the TR/Buzus.isqza Trojan
[WARNING] The file was ignored.
C:\MyDocs\Personal\Diving-Personal\TechDiving\Liquivision\album.zip
[DETECTION] Is the TR/Buzus.isqza Trojan
[WARNING] The file was ignored.

End of the scan: Sunday, June 15, 2014 06:19
Used time: 3:58:59 Hour(s)
The scan has been done completely.
69701 Scanned directories
1821486 Files were scanned
13 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 Files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
1821473 Files not concerned
40485 Archives were scanned
13 Warnings
0 Notes
145 Objects were scanned with rootkit scan
0 Hidden objects were found
 
=====================| MalwareBytes Log File |=====================

Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 6/15/2014
Scan Time: 2:17:33 AM
Logfile: MWBlogs.txt
Administrator: Yes
Version: 2.00.2.1012
Malware Database: v2014.06.15.02
Rootkit Database: v2014.06.02.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Rwolf01
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 346350
Time Elapsed: 44 min, 54 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 2
PUP.Optional.OpenCandy, C:\Users\Rwolf02\AppData\Roaming\OpenCandy, Quarantined, [1ca2accc6c0f2c0a108eee9a7191b54b],
PUP.Optional.OpenCandy, C:\Users\Rwolf02\AppData\Roaming\OpenCandy\OpenCandy_49E72EED60914E5B9703E8F564312ACE, Quarantined, [1ca2accc6c0f2c0a108eee9a7191b54b],
Files: 1
PUP.Optional.OpenCandy.A, C:\Users\Rwolf02\Downloads\windows.7.codec.pack.v4.0.8.setup.exe, Quarantined, [685699df2754a29493e4132fc13f2fd1],
Physical Sectors: 0
(No malicious items detected)

(end)
 
======================| DDS: DDS.TXT File |====================

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17126 BrowserJavaVersion: 10.55.2
Run by Rwolf01 at 6:20:58 on 2014-06-15
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8091.5189 [GMT -7:00]
.
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\VPDAgent_x64.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Sony\VAIO Boot Manager\ActiveDelayDeviceService.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Windows\SysWOW64\lkads.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\National Instruments\MAX\nimxs.exe
C:\Program Files (x86)\Neat\exec\NeatStartupService.exe
C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe
C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe
C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe
c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\lkcitdl.exe
C:\Windows\SysWOW64\lktsrv.exe
C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Sony\VAIO Care\VCPerfService.exe
C:\Program Files (x86)\ArcSoft\Magic-I Visual Effects 2\uCamMonitor.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Improvement\vim.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
C:\Program Files (x86)\Sony\VAIO Control Center\VESGfxMgr.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Program Files\Sony\VAIO Care\esrv\esrv.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Sony\Keyboard Shortcuts\KeyboardShortcuts.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
C:\Program Files\Sony\VAIO Care\VCService.exe
C:\Program Files\Sony\VAIO Care\VCAgent.exe
C:\Windows\System32\vds.exe
C:\Program Files\Sony\VAIO Care\VCAdmin.exe
C:\Program Files\Sony\VAIO Improvement\vim.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://sony.msn.com
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Google Update] "C:\Users\Rwolf02\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [PMBVolumeWatcher] c:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe" "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware"
dRun: [EPSON WorkForce 1100 Series (redirected 1)] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIFEA.EXE /FU "C:\Windows\TEMP\E_S1A1A.tmp" /EF "HKCU"
dRun: [EPSON WorkForce 1100 Series (redirected 2)] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIFEA.EXE /FU "C:\Windows\TEMP\E_S31F2.tmp" /EF "HKCU"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\REALPL~1.LNK - C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
LSP: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll
DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} - hxxp://esupport.sony.com/VaioInfo.CAB
DPF: {B8E53531-F29E-4180-AE3E-DF485CC8BE32} - hxxp://palumbicam.stanford.edu/JpegInstV4.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{6588E2D2-D207-44D2-ACC4-CC6F54BBAC79} : DHCPNameServer = 172.26.38.1 172.26.38.2
TCP: Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255}\2427573786D27657563747 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255}\2427573786D27657563747 : DHCPNameServer = 24.205.192.61 24.205.224.36 68.116.46.115
TCP: Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255}\25564625F6F66694E6E6 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255}\25564625F6F66694E6E6 : DHCPNameServer = 192.168.3.1 75.75.76.76 75.75.75.75
TCP: Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255}\2577F6C66603132E08993702960586F6E656 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255}\2577F6C66603132E08993702960586F6E656 : DHCPNameServer = 172.26.38.1 172.26.38.2
TCP: Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255}\3416E646C65624169794E6E6 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255}\3416E646C65624169794E6E6 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255}\348627F6D6563616374733137383 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255}\348627F6D6563616374733137383 : DHCPNameServer = 192.168.255.249
TCP: Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255}\378616175796E61677 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255}\378616175796E61677 : DHCPNameServer = 192.168.11.1
TCP: Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255}\C4F6E656F416B6C4F6467656 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255}\C4F6E656F416B6C4F6467656 : DHCPNameServer = 192.168.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
x64-Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SONYAPO
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: Neat ADF Scanner 2008 - reg copy "HKLM\Software\Wow6432Node\The Neat Company\Neat ADF Scanner 2008" "HKCU\Software\The Neat Company\Neat ADF Scanner 2008" /s /f
x64-mASetup: Send To Neat - reg copy "HKLM\Software\The Neat Company\Send To Neat" "HKCU\Software\The Neat Company\Send To Neat" /s /f
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-3-11 16152]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2013-9-5 30496]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-8-18 55856]
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-8-8 28600]
R2 ActiveDelayDeviceService;ActiveDelayDeviceService;C:\Program Files (x86)\Sony\VAIO Boot Manager\ActiveDelayDeviceService.exe [2012-8-10 78472]
R2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-9-1 169624]
R2 Agent;VPDAgent;C:\Windows\VPDAgent_x64.exe [2013-3-20 148480]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2013-7-29 772064]
R2 AntiVirMailService;Avira Mail Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [2013-8-8 801872]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2013-8-8 430160]
R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2013-8-8 430160]
R2 AntiVirWebService;Avira Web Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe [2013-8-8 1039440]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-8-8 112080]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-12-19 1014096]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-12-19 1104208]
R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-9-12 135984]
R2 ESRV_SVC;Energy Server Service;C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe [2013-2-22 427432]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-8-10 13592]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-8-10 2429544]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448]
R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-8-10 127320]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-8-10 162648]
R2 Neat Startup Service;Neat Startup Service;C:\Program Files (x86)\Neat\exec\NeatStartupService.exe [2013-2-23 5632]
R2 NIApplicationWebServer;NI Application Web Server;C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [2012-5-22 53960]
R2 nimDNSResponder;NI mDNS Responder Service;C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [2012-5-31 258776]
R2 NINetworkDiscovery;NI Network Discovery;C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe [2012-6-6 169192]
R2 Oasis2Service;Oasis2Service;C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2013-7-2 61440]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [2012-2-21 473960]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2014-4-6 39568]
R2 RealPlayer Cloud Service;RealPlayer Cloud Service;C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [2014-5-2 1141848]
R2 RealPlayerUpdateSvc;RealPlayer Update Service;C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [2014-4-7 23552]
R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2013-2-21 258048]
R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-I Visual Effects 2\uCamMonitor.exe [2012-8-10 105024]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-8-10 362840]
R2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2012-8-10 535688]
R2 VSNService;VSNService;C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2012-8-10 978056]
R2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2013-11-20 3674864]
R3 AMPPAL;Intel(r) Centrino(r) Wireless Bluetooth(r) + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2013-7-29 164832]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\System32\drivers\ArcSoftKsUFilter.sys [2012-8-10 19968]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2011-12-13 94720]
R3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2011-12-13 747008]
R3 ibtfltcoex;ibtfltcoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2011-12-14 60416]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-4-4 331264]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-3-11 356120]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-3-11 788760]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2012-2-28 25496]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-8-10 676968]
R3 semav6thermal64ro;semav6thermal64ro;C:\Windows\System32\drivers\semav6thermal64ro.sys [2012-11-15 13792]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2012-1-15 14336]
R3 SIUSBXP;SIUSBXP;C:\Windows\System32\drivers\SiUSBXp.sys [2009-11-3 19456]
R3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2012-5-29 54464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 AMPPALP;Intel(r) Centrino(r) Wireless Bluetooth(r) + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2013-7-29 164832]
S3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-12-19 1304912]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y60x64.sys [2009-6-10 281088]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-6-11 111616]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2012-2-28 34232]
S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\System32\drivers\ivusb.sys [2010-7-29 29720]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2013-11-20 284912]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2012-9-10 22528]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-3-3 19456]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2012-8-10 340072]
S3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-12-1 289952]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2011-5-13 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2011-5-13 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2011-5-13 177640]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-3-3 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-3-3 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 USER_ESRV_SVC;User Energy Server Service;C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe [2013-2-22 427432]
S3 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-12-29 960160]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-12-21 550128]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-8-26 101600]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-17 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 NIApplicationWebServer64;NI Application Web Server (64-bit);C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [2012-5-22 76488]
S4 RsFx0103;RsFx0103 Driver;C:\Windows\System32\drivers\RsFx0103.sys [2009-3-30 311656]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADScriptFile="C:\Windows\notepad.exe" "%1"
FileExt: .inf: inffile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2014-06-15 11:12:21 79064 ----a-w- C:\Windows\System32\drivers\qtoqgw.sys
2014-06-15 09:14:19 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-06-15 09:14:00 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-06-15 09:14:00 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-06-15 09:14:00 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-06-15 09:14:00 -------- d-----w- C:\ProgramData\Malwarebytes
2014-06-15 09:14:00 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-12 16:21:42 -------- d-----w- C:\Users\Rwolf02\AppData\Local\Apps
2014-06-12 13:22:23 -------- d-----w- C:\Program Files (x86)\Seagate
2014-06-11 16:36:49 -------- d-----w- C:\ProgramData\Samsung
2014-06-11 16:36:18 -------- d-----w- C:\Program Files (x86)\Samsung
2014-06-11 16:34:21 770912 ----a-w- C:\Windows\SysWow64\Msfdbqp.dll
2014-06-11 16:34:21 511328 ----a-w- C:\Windows\SysWow64\Synchronization2.dll
2014-06-11 16:34:21 4659712 ----a-w- C:\Windows\SysWow64\Redemption.dll
2014-06-11 16:34:21 397152 ----a-w- C:\Windows\SysWow64\Msfdbse.dll
2014-06-11 16:34:21 253280 ----a-w- C:\Windows\SysWow64\MetaStore2.dll
2014-06-11 16:34:21 230240 ----a-w- C:\Windows\SysWow64\Msfdb.dll
2014-06-11 16:34:21 189792 ----a-w- C:\Windows\SysWow64\SimpleProviders2.dll
2014-06-11 16:34:21 171360 ----a-w- C:\Windows\SysWow64\FileSyncProvider2.dll
2014-06-11 16:34:21 156512 ----a-w- C:\Windows\SysWow64\FeedSync2.dll
2014-06-11 11:34:37 506368 ----a-w- C:\Windows\System32\aepdu.dll
2014-06-11 11:34:37 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-05-23 23:48:06 -------- d-----w- C:\Program Files (x86)\DeepSkyStacker
2014-05-16 15:56:24 1619632 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\OGL.DLL
.
==================== Find3M ====================
.
2014-05-30 10:02:37 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-05-30 10:02:09 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-05-30 09:39:43 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-05-30 09:39:23 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-05-30 09:38:29 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-05-30 09:21:23 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-05-30 09:21:05 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-05-30 09:20:36 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-05-30 09:11:24 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-05-30 09:08:22 5782528 ----a-w- C:\Windows\System32\jscript9.dll
2014-05-30 09:02:39 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-05-30 08:55:36 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-05-30 08:44:28 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-05-30 08:43:06 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-05-30 08:42:16 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-05-30 08:28:33 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-05-30 08:27:56 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-05-30 08:24:19 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-05-30 08:23:22 2040832 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-05-30 08:10:46 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-05-30 07:56:56 2266112 ----a-w- C:\Windows\System32\wininet.dll
2014-05-30 07:56:50 4244992 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-05-30 07:50:09 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-05-30 07:49:38 1964544 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-05-30 07:21:10 1790976 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-05-20 07:53:32 112080 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2014-05-14 18:36:37 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-14 18:36:37 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-05-08 09:32:11 3178496 ----a-w- C:\Windows\System32\rdpcorets.dll
2014-05-08 09:32:11 16384 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
2014-04-25 02:34:59 801280 ----a-w- C:\Windows\System32\usp10.dll
2014-04-25 02:06:17 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2014-04-15 03:13:43 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll
2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-04-05 02:47:20 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2014-04-05 02:47:09 288192 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2014-04-01 05:46:48 130712 ----a-w- C:\Windows\SysWow64\MSSTDFMT.DLL
2014-04-01 05:46:48 1070232 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2014-03-26 14:44:48 2002432 ----a-w- C:\Windows\System32\msxml6.dll
2014-03-26 14:44:48 1882112 ----a-w- C:\Windows\System32\msxml3.dll
2014-03-26 14:41:39 2048 ----a-w- C:\Windows\System32\msxml6r.dll
2014-03-26 14:41:39 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2014-03-26 14:27:50 1389056 ----a-w- C:\Windows\SysWow64\msxml6.dll
2014-03-26 14:27:50 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2014-03-26 14:25:14 2048 ----a-w- C:\Windows\SysWow64\msxml6r.dll
2014-03-26 14:25:14 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
.
============= FINISH: 6:21:27.53 ===============
 
====================| DDS: Attach.txt File |=======================
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume3
Install Date: 8/10/2012 4:12:18 PM
System Uptime: 6/15/2014 1:40:49 AM (5 hours ago)
.
Motherboard: Sony Corporation | | VAIO
Processor: Intel(R) Core(TM) i7-3612QM CPU @ 2.10GHz | N/A | 2101/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 679 GiB total, 138.637 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Bluetooth Device (Personal Area Network)
Device ID: BTH\MS_BTHPAN\7&31428CDE&0&2
Manufacturer: Microsoft
Name: Bluetooth Device (Personal Area Network)
PNP Device ID: BTH\MS_BTHPAN\7&31428CDE&0&2
Service: BthPan
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: MediaPlayer
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??
_USBSTOR#DISK&VEN_BUILDWIN&PROD__MEDIAPLAYER&REV_4.05#9&5D1CE9A&0&2010123456787899&0#
Manufacturer: Buildwin
Name: F:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??
_USBSTOR#DISK&VEN_BUILDWIN&PROD__MEDIAPLAYER&REV_4.05#9&5D1CE9A&0&2010123456787899&0#
Service: WUDFRd
.
==== System Restore Points ===================
.
RP225: 6/1/2014 10:00:47 PM - Windows Backup
RP226: 6/8/2014 10:00:43 PM - Windows Backup
RP227: 6/11/2014 9:34:57 AM - Installed Kies mini
RP228: 6/12/2014 3:00:21 AM - Windows Update
RP229: 6/12/2014 3:47:26 AM - Removed Kies mini
RP230: 6/12/2014 6:22:53 AM - Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
RP231: 6/12/2014 8:28:29 AM - Windows Backup
.
==== Installed Programs ======================
.
ACID Music Studio 8.0
Adobe AIR
Adobe Community Help
Adobe Flash Player 13 ActiveX
Adobe Flash Player 13 Plugin
Adobe Photoshop Elements 10
Adobe Photoshop Lightroom 4.4 64-bit
Adobe Photoshop.com Inspiration Browser
Adobe Premiere Elements 10
Adobe Reader 9.5.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Application Manager for VAIO
ArcSoft Magic-I Visual Effects 2
ArcSoft WebCam Companion 4
AutoCAD 2004
Autodesk Express Viewer
Avira Antivirus Premium
Bonjour
ChromecastApp
Critical Update for Microsoft Visual Studio 2010 Professional - ENU (KB2938807)
Crystal Reports for Visual Studio
CyberLink PowerDVD
D3DX10
Deco Planner 3
DeepSkyStacker
Dolby Home Theater v4
Dotfuscator Software Services - Community Edition
DVD Architect Studio 5.0
Elements 10 Organizer
EPSON WorkForce 1100 Series Printer Uninstall
FDUx86
Garmin MapSource
Garmin USB Drivers
Google Chrome
Google Earth
Google Update Helper
Hotfix for Microsoft Team Foundation Server 2010 Object Model - ENU (KB2736182)
Hotfix for Microsoft Team Foundation Server 2010 Object Model - ENU (KB2890573)
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2529927)
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2542054)
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2548139)
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2549864)
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2635973)
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2736182)
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2890573)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2280741)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2284668)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2295689)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2420513)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2452649)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2455033)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2485545)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982517)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982721)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB983233)
iCloud
ImageJ 1.46r
Intel(R) Management Engine Components
Intel(R) OpenCL CPU Runtime
Intel(R) PRO/Wireless Driver
Intel(R) Processor Graphics
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
Intel(R) Rapid Storage Technology
Intel(R) USB 3.0 eXtensible Host Controller Driver
Intel(R) WiDi
Intel(R) Wireless Display
Intel® PROSet/Wireless Software
Intel® PROSet/Wireless WiFi Software
Intel® Trusted Connect Service Client
iTunes
Japanese Fonts Support For Adobe Reader 9
Java 7 Update 55
Java Auto Updater
Junk Mail filter update
Keyboard_Shortcuts
KUx86
Malwarebytes Anti-Malware version 2.0.2.1012
MapSource - US Topo v3.02
Math Kernel Libraries
Math Kernel Libraries (64-bit)
Media Go
Mesh Runtime
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft ASP.NET MVC 2
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
Microsoft Camera Codec Pack
Microsoft Help Viewer 1.1
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Silverlight 3 SDK
Microsoft Silverlight 4 SDK
Microsoft Silverlight 5.1
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008 (64-bit)
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 R2 Data-Tier Application Framework
Microsoft SQL Server 2008 R2 Data-Tier Application Project
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 R2 Management Objects (x64)
Microsoft SQL Server 2008 R2 Transact-SQL Language Service
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Compact 3.5 SP2 x64 ENU
Microsoft SQL Server Database Publishing Wizard 1.4
Microsoft SQL Server System CLR Types
Microsoft SQL Server System CLR Types (x64)
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime v1.0 SP1 (x64)
Microsoft Sync Framework SDK v1.0 SP1
Microsoft Sync Framework Services v1.0 SP1 (x64)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)
Microsoft Team Foundation Server 2010 Object Model - ENU
Microsoft Visual C++ Compilers 2010 Standard - enu - x64
Microsoft Visual C++ Compilers 2010 Standard - enu - x86
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
Microsoft Visual F# 2.0 Runtime
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio 2010 Office Developer Tools (x64)
Microsoft Visual Studio 2010 Professional - ENU
Microsoft Visual Studio 2010 Service Pack 1
Microsoft Visual Studio 2010 SharePoint Developer Tools
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Microsoft Visual Studio Macro Tools
MSVCRT
MSVCRT Redists
MSVCRT_amd64
MSXML 4.0 SP2 Parser and SDK
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MultiDeco divelog manager 2.68
National Instruments Software
Neat
Neat ADF Scanner 2008 Driver
Neat ADF Scanner Driver
Neat Core Files
Neat Mobile Scanner (Silver) Driver
Neat Mobile Scanner 2008 Driver
Neat Mobile Scanner Driver
NI-DAQmx/LabVIEW shared documentation 9.5.5
NI-DAQmx/LabVIEW shared documentation for 64 Bit Windows 9.5.5
NI-Mesa
NI-RPC 4.3.0f0
NI-RPC 4.3.0f0 for 64 Bit Windows
NI-RPC 4.3.0f0 for Phar Lap ETS
NI .NET Framework 4.0
NI ActiveX Container
NI ActiveX Container (64-bit)
NI Assistant Framework
NI Assistant Framework 64-bit
NI Assistant Framework LabVIEW Code Generator 2012
NI Authentication 12.0.0
NI Authentication 12.0.0 (64-bit)
NI CodeSignAPI
NI Curl 12.0.0
NI Curl 12.0.0 (64-bit)
NI Customer Experience Improvement Program
NI DataSocket 5.0
NI DataSocket 5.0 (64-bit)
NI Distributed System Manager 2012
NI DN 2.0 SP1 installer
NI Error Reporting 2012
NI EulaDepot
NI Example Finder 12.0
NI GMP Windows 32-bit Installer 12.0.0
NI GMP Windows 64-bit Installer 12.0.0
NI Help Assistant
NI Help Assistant (64bit)
NI Instrument IO Assistant for LabVIEW 2012 32-bit
NI LabVIEW 2011 Real-Time NBFifo
NI LabVIEW 2012
NI LabVIEW 2012 (32-bit)
NI LabVIEW 2012 Deployable License
NI LabVIEW 2012 Deployment Framework
NI LabVIEW 2012 Help
NI LabVIEW 2012 Help File
NI LabVIEW 2012 License
NI LabVIEW 2012 Manuals
NI LabVIEW 2012 MeasAppChm File
NI LabVIEW 2012 Real-Time Error Dialog
NI LabVIEW 2012 Real-Time NBFifo
NI LabVIEW 2012 Run-Time Engine Web Server
NI LabVIEW 2012 Scripting Code Generator
NI LabVIEW 2012 Search
NI LabVIEW 2012 Simulation
NI LabVIEW 2012 Variable Web Service
NI LabVIEW 2012 Web Server
NI LabVIEW Broker
NI LabVIEW Broker (64 bit)
NI LabVIEW C Interface
NI LabVIEW Compare Utility 12.0.0
NI LabVIEW MAX XML
NI LabVIEW Merge Utility 12.0.0
NI LabVIEW Run-Time Engine 2011 SP1
NI LabVIEW Run-Time Engine 2012
NI LabVIEW Run-Time Engine Interop 2011
NI LabVIEW Run-Time Engine Interop 2012
NI LabVIEW Web Server for Run-Time Engine
NI LabVIEW Web Services Runtime
NI LabWindows/CVI 2010 LabVIEW DLL Builder
NI LabWindows/CVI 2010 SP1 Analysis Library
NI LabWindows/CVI 2010 SP1 Analysis Library (64-bit)
NI LabWindows/CVI 2010 SP1 Code Generator
NI LabWindows/CVI 2010 SP1 Low-Level Driver (Original)
NI LabWindows/CVI 2010 SP1 Low-Level Driver (Updated)
NI LabWindows/CVI 2010 SP1 Network Variable Library
NI LabWindows/CVI 2010 SP1 Network Variable Library (64-bit)
NI LabWindows/CVI 2010 SP1 Run-Time Engine (64-bit)
NI LabWindows/CVI 2010 SP1 TDM Streaming Library
NI LabWindows/CVI 2010 SP1 TDM Streaming Library (64-bit)
NI LabWindows/CVI Run-Time Engine 2010 SP1
NI LabWindows/CVI Run-Time Engine 2010 SP1 (Updated)
NI License Manager
NI Logos 5.4
NI Logos 5.4 (64-bit)
NI Logos LabVIEW 2012 Support
NI Logos XT Support
NI Logos64 XT Support
NI Math Kernel Libraries
NI Math Kernel Libraries (64-bit)
NI MAX Remote Configuration 64-bit Installer 5.3
NI MAX Remote Configuration Installer 5.3
NI MAX Support for 64 Bit Windows
NI MDF Support
NI mDNS Responder 2.1 for Windows 64-bit
NI mDNS Responder 2.1.0
NI Measurement & Automation Explorer 5.3.0
NI Measurement Studio Recipe Processor
NI MetaSuite Installer
NI MXS 5.3.0
NI MXS 5.3.0 for 64 Bit Windows
NI Network Discovery 5.3
NI Network Discovery 5.3 for Windows 64-bit
NI NI LabVIEW 2011 SP1 Run-Time Engine Non-English Support
NI NI LabVIEW 2012 Run-Time Engine Non-English Support.
NI OPC Support
NI Portable Configuration 5.3.0
NI Portable Configuration for 64 Bit Windows 5.3.0
NI Registration Wizard
NI Remote Provider for MAX 5.3.0
NI Remote PXI Provider for MAX 5.3.0
NI Search Shared
NI SLCP 1.0
NI Software Provider for MAX 5.3.0
NI SSL LabVIEW 2012 Support
NI SSL LabVIEW RTE 2012 Support
NI SSL Support
NI SSL Support (64-bit)
NI System API Client for WIF 5.3.0
NI System API Web-Servce 32-bit 5.3.0
NI System API Windows 32-bit 5.3.0
NI System API Windows 64-bit 5.3.0
NI System Configuration 5.3.0 LabVIEW Support
NI System Configuration LV2012 Support 5.3.0
NI System Configuration Runtime 5.3.0
NI System Configuration Runtime 5.3.0 for Windows 64-bit
NI System State Publisher
NI System State Publisher (64-bit)
NI System Web Server 12.0
NI System Web Server Base 12.0.0
NI System Web Server Base 12.0.0 (64-bit)
NI TDM Excel Add-In 3.4
NI TDM Excel Add-In 3.4 64-bit
NI TDM Streaming 2.4
NI TDM Streaming 2.4 (64-bit)
NI Trace Engine
NI Trace Engine (64-bit)
NI Uninstaller
NI Update Service 2.1
NI USI 2.0.0
NI USI 2.0.0 64-Bit
NI Variable Engine (64-bit)
NI Variable Engine 2.6.0
NI Variable Engine LabVIEW 2012 Support
NI VC2005MSMs x64
NI VC2005MSMs x86
NI VC2008MSMs x64
NI VC2008MSMs x86
NI VC2010MSMs x64
NI VC2010MSMs x86
NI VIPM Helper 2012
NI Web Application Server 12.0
NI Web Application Server 12.0 (64-bit)
NI Web Interface Framework 2012
NI Web Pipeline 2.0.1
NI Web Pipeline 2.0.1 64-bit support
NI Xalan Delay Load 1.10.2
NI Xalan Delay Load 1.10.2 64-bit
NI Xerces Delay Load 2.7.3
NI Xerces Delay Load 2.7.3 64-bit
NVIDIA Control Panel 327.02
NVIDIA Graphics Driver 327.02
NVIDIA Install Application
NVIDIA Optimus 1.14.17
NVIDIA PhysX
NVIDIA PhysX System Software 9.11.1111
NVIDIA Update 1.14.17
NVIDIA Update Components
Oasis2Service
OLYMPUS Digital Camera Updater
OLYMPUS Raw Codec
Paint Shop Pro 7 Anniversary Edition
PDF4Free 2.0
PlayMemories Home
PlayReady PC Runtime amd64
PlayStation(R)Network Downloader
PlayStation(R)Store
PRE10STI64Installer
PrimoPDF -- brought to you by Nitro PDF Software
PSE10 STI Installer
QuickBooks Pro 99
QuickTime
Reader for PC
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer Cloud
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek PCIE Card Reader
RealUpgrade 1.1
Recuva
Remote Keyboard
Remote Play with PlayStation(R)3
Reset NI Config 5.0.0
SAMSUNG USB Driver for Mobile Phones
SeaTools for Windows
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2878233) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880513) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2817565) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2880515) 32-Bit Edition
Security Update for Microsoft Visual Studio 2010 Professional - ENU (KB2644980)
Security Update for Microsoft Visual Studio 2010 Professional - ENU (KB2645410)
Security Update for Microsoft Visual Studio Macro Tools (KB2669970)
Send To Neat
Service Pack 1 for SQL Server 2008 (KB968369) (64-bit)
Skype™ 6.11
SmartSound Common Data
SmartSound Premiere Elements 10 x64 Plugin
SmartSound Sonicfire Pro 5
Sound Forge Audio Studio 10.0
Sql Server Customer Experience Improvement Program
SSLx64
SSLx86
Synaptics Pointing Device Driver
TrackID(TM) with BRAVIA
TriDef 3D (Sony) 2.0.5
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2881065) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
UpdateService
V3DPx86
VAIO - Microsoft Visual C++ 2010 SP1 Runtime 10.0.40219.325
VAIO - PlayMemories Home Plug-in
VAIO - Remote Keyboard
VAIO - Remote Keyboard with PlayStation®3
VAIO - Remote Play with PlayStation®3
VAIO - TrackID™ with BRAVIA
VAIO 3D Portal
VAIO Care
VAIO Control Center
VAIO CPU Fan Diagnostic
VAIO Data Restore Tool
VAIO Easy Connect
VAIO Gate
VAIO Gate Default
VAIO Gesture Control
VAIO Health Report
VAIO Help and Support
VAIO Improvement
VAIO Manual
VAIO OOBE
VAIO Sample Contents
VAIO Satisfaction Survey.
VAIO Smart Network
VAIO Transfer Support
VBMx86
VCCx64
VCCx86
Vegas Movie Studio HD Platinum 11.0
VGClientX64
VGClientX86
VHD
ViewSonic Windows 7 Signed Files
Visual Studio 2010 Prerequisites - English
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
VIx64
VIx86
VMLx86
VPMx64
VSNx64
VSNx86
VSSTx64
VSSTx86
VU5x64
VU5x86
VWSTx86
WCF RIA Services V1.0 SP1
Web Deployment Tool
WIF Core Dependencies Windows 5.3.0
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Driver Package - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009
1.0.0.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
6/15/2014 3:36:07 AM, Error: Schannel [36888] - The following fatal alert was generated: 40.
The internal error state is 107.
6/15/2014 3:36:07 AM, Error: Schannel [36874] - An SSL 3.0 connection request was received
from a remote client application, but none of the cipher suites supported by the client
application are supported by the server. The SSL connection request has failed.
6/14/2014 9:27:14 PM, Error: Service Control Manager [7022] - The VAIO Care Performance
Service service hung on starting.
6/14/2014 9:24:27 PM, Error: Service Control Manager [7022] - The Energy Server Service
service hung on starting.
6/14/2014 9:18:37 PM, Error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless
Zero Configuration Service service terminated unexpectedly. It has done this 1 time(s).
6/14/2014 9:15:17 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer
has rebooted from a bugcheck. The bugcheck was: 0x0000001a (0x0000000000041790,
0xfffffa8001cac760, 0x000000000000ffff, 0x0000000000000000). A dump was saved in: C:\Windows
\MEMORY.DMP. Report Id: 061414-64787-01.
6/13/2014 3:24:26 AM, Error: Schannel [36888] - The following fatal alert was generated: 40.
The internal error state is 252.
6/12/2014 8:12:23 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-
specific permission settings do not grant Local Activation permission for the COM Server
application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-
43CE-924B-0704BD730D5F} to the user RWOLF02\Rwolf01 SID (S-1-5-21-747785638-1536544367-
690633523-1001) from address LocalHost (Using LRPC). This security permission can be modified
using the Component Services administrative tool.
6/12/2014 8:12:22 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-
specific permission settings do not grant Local Activation permission for the COM Server
application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-
4927-A040-7C35AD3180EF} to the user RWOLF02\Rwolf01 SID (S-1-5-21-747785638-1536544367-
690633523-1001) from address LocalHost (Using LRPC). This security permission can be modified
using the Component Services administrative tool.
6/12/2014 8:12:21 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-
specific permission settings do not grant Local Activation permission for the COM Server
application with CLSID {B77C4C36-0154-4C52-AB49-FAA03837E47F} and APPID {EA022610-0748-
4C24-B229-6C507EBDFDBB} to the user RWOLF02\Rwolf01 SID (S-1-5-21-747785638-1536544367-
690633523-1001) from address LocalHost (Using LRPC). This security permission can be modified
using the Component Services administrative tool.
6/12/2014 8:08:46 AM, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted
memory across the previous system power transition. Please check for updated firmware for
your system.
6/12/2014 6:45:35 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and
unusable. Please run the chkdsk utility on the volume E:.
6/12/2014 6:45:25 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds)
was reached while waiting for a transaction response from the LanmanServer service.
6/12/2014 6:44:57 AM, Error: Disk [11] - The driver detected a controller error on \Device
\Harddisk1\DR8.
6/12/2014 6:38:59 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds)
was reached while waiting for a transaction response from the WSearch service.
6/12/2014 6:28:58 AM, Error: Disk [11] - The driver detected a controller error on \Device
\Harddisk1\DR7.
6/12/2014 6:23:00 AM, Error: Disk [11] - The driver detected a controller error on \Device
\Harddisk1\DR6.
6/12/2014 6:18:23 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds)
was reached while waiting for a transaction response from the ShellHWDetection service.
6/12/2014 5:58:01 AM, Error: volsnap [27] - The shadow copies of volume E: were aborted
during detection because a critical control file could not be opened.
6/12/2014 3:43:33 AM, Error: Service Control Manager [7022] - The Windows Update service hung
on starting.
6/12/2014 3:38:58 AM, Error: Service Control Manager [7022] - The NVIDIA Update Service
Daemon service hung on starting.
6/12/2014 11:07:03 AM, Error: NetBT [4321] - The name "ASDF-QWERTY :1d" could not be
registered on the interface with IP address 192.168.0.133. The computer with the IP address
192.168.0.135 did not allow the name to be claimed by this computer.
6/11/2014 10:50:18 AM, Error: Microsoft-Windows-SharedAccess_NAT [30009] - The DHCP allocator
encountered a network error while attempting to reply on IP address 0.0.0.0 to a request from
a client. The data is the error code.
.
==== End Of File ===========================
 
Please accept my sincere apologies. That was a frustrating situation. It was not my system. I was trying to help a friend, but he had unrealistic expectations for how long it would take to fully clean the system. I lost access to the computer when my friend and the laptop left the country to a go study manta rays in Puerto Lopez. (a fishing village in Ecuador)

That doesn't excuse my poor communications though. I should not have let my frustration with the situation affect how I treated you.

This situation is different. I'm working on my own laptop so I can dedicate as much time as it takes to see the debugging process through to completion.

I hope you will see fit to assist me, but I can understand if self-respect prevents you from doing that. If you are unable to help me, please just point me in the right direction and I'll go away quietly...
 
Fair enough but keep in mind that it can't happen again or my ban will be permanent.

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

  • Close all the running programs
  • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

redtarget.gif
Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Download Malwarebytes Anti-Rootkit (MBAR) from HERE
  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
 
I understand completely. Your help is much appreciated.

As instructed, I downloaded and ran RogueKiller. This was run with Avira turned off and immediately after a fresh reboot. I accepted the defaults and deleted a few files (they were checked by default) but did not delete the registry entries it flagged as suspicious.

Just for grins I ran it a second time. The log below is from the second run.

I then created the restore point and ran MBAR. It said 'no problem found' so I only ran it once.

Note: MBAR flagged a suspicious registry entry 'APPInit_DLLs' when it started but the instructions said to leave it alone if I wasn't sure, so that's what I did.

Thanks again for your help. What's next?

- Ralph
 
=================| Rogue Killer Report |==========================

RogueKiller V9.0.2.0 [Jun 3 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Rwolf01 [Admin rights]
Mode : Scan -- Date : 06/16/2014 12:45:15
¤¤¤ Bad processes : 1 ¤¤¤
[Suspicious.Path] (SVC) Agent -- C:\Windows\VPDAgent_x64.exe[-] -> STOPPED
¤¤¤ Registry Entries : 12 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Agent -> FOUND
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Agent -> FOUND
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Agent -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255} | NameServer : 8.8.8.8,8.8.4.4 -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255} | NameServer : 8.8.8.8,8.8.4.4 -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255} | NameServer : 8.8.8.8,8.8.4.4 -> FOUND
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-747785638-1536544367-690633523-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> FOUND
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-747785638-1536544367-690633523-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND
¤¤¤ Scheduled tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ HOSTS File : 0 ¤¤¤
¤¤¤ Antirootkit : 0 ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD7500BPVT-55HXZT3 +++++
--- User ---
[MBR] a20de5fd0b5ea9f7367d1ddee1c603a2
[BSP] c7747c46d8419c4cc17d18f7e18dc41c : Unknown MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097151 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: ASMT 2105 USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
+++++ PhysicalDrive2: Buildwin MediaPlayer USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
+++++ PhysicalDrive3: SD Card +++++
--- User ---
[MBR] 2dd27a2bd9b0b305e974b4defc45b985
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Unknown MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 8192 | Size: 15189 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

============================================
RKreport_SCN_06162014_123437.log - RKreport_DEL_06162014_123847.log
 
===================| MBAR Report |======================

alwarebytes Anti-Rootkit BETA 1.07.0.1012
www.malwarebytes.org
Database version: v2014.06.16.07
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17126
Rwolf01 :: RWOLF02 [administrator]
6/16/2014 12:58:16 PM
mbar-log-2014-06-16 (12-58-16).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 346018
Time elapsed: 13 minute(s), 31 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)

============================================================

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1012
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 11.0.9600.17126
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.095000 GHz
Memory total: 8484319232, free: 4982771712
Downloaded database version: v2014.06.16.07
Downloaded database version: v2014.06.02.01
=======================================
Initializing...
------------ Kernel report ------------
06/16/2014 12:57:44
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\iusb3hcs.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\iaStor.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\wd.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\system32\DRIVERS\nvpciflt.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\iusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\SFEP.sys
\SystemRoot\system32\drivers\tpm.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\AMPPAL.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\iwdbus.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\iusb3hub.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\iBtFltCoex.sys
\SystemRoot\system32\DRIVERS\btmhsf.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\ArcSoftKsUFilter.sys
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\system32\drivers\BthEnum.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\drivers\SiUSBXp.sys
\SystemRoot\system32\drivers\SiLib.sys
\SystemRoot\system32\DRIVERS\btmaux.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\avgntflt.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\NETwsw00.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\RtsPStor.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\rdpdr.sys
\SystemRoot\system32\drivers\tdtcp.sys
\SystemRoot\System32\DRIVERS\tssecsrv.sys
\SystemRoot\System32\Drivers\RDPWD.SYS
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\??\C:\Windows\system32\drivers\semav6thermal64ro.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\system32\drivers\spsys.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\nsi.dll
\Windows\System32\ole32.dll
\Windows\System32\gdi32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\comdlg32.dll
\Windows\System32\urlmon.dll
\Windows\System32\Wldap32.dll
\Windows\System32\psapi.dll
\Windows\System32\wininet.dll
\Windows\System32\msvcrt.dll
\Windows\System32\advapi32.dll
\Windows\System32\shell32.dll
\Windows\System32\setupapi.dll
\Windows\System32\user32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\difxapi.dll
\Windows\System32\iertutil.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\sechost.dll
\Windows\System32\lpk.dll
\Windows\System32\imm32.dll
\Windows\System32\normaliz.dll
\Windows\System32\usp10.dll
\Windows\System32\shlwapi.dll
\Windows\System32\ws2_32.dll
\Windows\System32\msctf.dll
\Windows\System32\imagehlp.dll
\Windows\System32\kernel32.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\userenv.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\wintrust.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\msasn1.dll
\Windows\System32\profapi.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xfffffa800e3ef790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000009c\
Lower Device Object: 0xfffffa800e3c0df0
Lower Device Driver Name: \Driver\RSPCIESTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa800b7ad790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000096\
Lower Device Object: 0xfffffa800b6f6240
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa800af92790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000083\
Lower Device Object: 0xfffffa800af88b60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa800a66a790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa8009393050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800a66a790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800a4b1960, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800a66a790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800938f420, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8009393050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: FE281A1F
GPT Protective MBR Partition information:
Partition 0 type is EFI-GPT (0xee)
Partition is NOT ACTIVE.
Partition starts at LBA: 1 Numsec = 4294967295
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
GPT Partition information:
GPT Header Signature 4546492050415254
GPT Header Revision 65536 Size 92 CRC 87469580
GPT Header CurrentLba = 1 BackupLba 1465149167
GPT Header FirstUsableLba 34 LastUsableLba 1465149134
GPT Header Guid fd5beb73-af2d-4dee-ad96-5c1aa47bf75
GPT Header Contains 128 partition entries starting at LBA 2
GPT Header Partition entry size = 128
Backup GPT header Signature 4546492050415254
Backup GPT header Revision 65536 Size 92 CRC 87469580
Backup GPT header CurrentLba = 1465149167 BackupLba 1
Backup GPT header FirstUsableLba 34 LastUsableLba 1465149134
Backup GPT header Guid fd5beb73-af2d-4dee-ad96-5c1aa47bf75
Backup GPT header Contains 128 partition entries starting at LBA 1465149135
Backup GPT header Partition entry size = 128
Partition 0 Type f4019732-66e-4e12-8273-346c5641494f
Partition ID 1486a58a-9c64-441d-b04b-f78d8450ed4f
FirstLBA 2048 Last LBA 534527
Attributes 1
Partition Name EFI system partition
Partition 1 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID ff7f0e29-645a-4237-81e0-6f2d15321abc
FirstLBA 534528 Last LBA 40624127
Attributes 1
Partition Name Basic data partition
Partition 2 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
Partition ID 251aab2b-c21a-4c97-a75f-5c3d395f68cb
FirstLBA 40624128 Last LBA 41156607
Attributes 0
Partition Name EFI system partition
GPT Partition 2 is bootable
Partition 3 Type e3c9e316-b5c-4db8-817d-f92df0215ae
Partition ID f777c138-a1aa-4899-a3b6-16c5dfe04327
FirstLBA 41156608 Last LBA 41418751
Attributes 0
Partition Name Microsoft reserved partition
Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID 6b28dfe3-f106-445b-adae-b9466b3df158
FirstLBA 41418752 Last LBA 1465147391
Attributes 0
Partition Name Basic data partition
Disk Size: 750156374016 bytes
Sector size: 512 bytes
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xfffffa800af92790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800af922c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800af92790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800af88b60, DeviceName: \Device\00000083\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xfffffa800b7ad790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800afd5310, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800b7ad790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800b6f6240, DeviceName: \Device\00000096\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 512
Drive: 3, DevicePointer: 0xfffffa800e3ef790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800e3ec700, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800e3ef790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800e3c0df0, DeviceName: \Device\0000009c\, DriverName: \Driver\RSPCIESTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 3
Scanning MBR on drive 3...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 0
Partition information:
Partition 0 type is Other (0xc)
Partition is NOT ACTIVE.
Partition starts at LBA: 8192 Numsec = 31108096
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 15931539456 bytes
Sector size: 512 bytes
Done!
Scan finished
=======================================

Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-3-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-3-r.mbam...
Removal finished
 
RK produces two logs.
You posted only one.
I still need to see the second one (after fixes).
 
I thought I posted the second 1, but maybe I got it wrong. For completeness I will (re)post both RK logs below.
 
First Log:


RogueKiller V9.0.2.0 [Jun 3 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Rwolf01 [Admin rights]
Mode : Scan -- Date : 06/16/2014 12:34:37
¤¤¤ Bad processes : 1 ¤¤¤
[Suspicious.Path] (SVC) Agent -- C:\Windows\VPDAgent_x64.exe[-] -> STOPPED
¤¤¤ Registry Entries : 12 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Agent -> FOUND
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Agent -> FOUND
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Agent -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255} | NameServer : 8.8.8.8,8.8.4.4 -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255} | NameServer : 8.8.8.8,8.8.4.4 -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255} | NameServer : 8.8.8.8,8.8.4.4 -> FOUND
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-747785638-1536544367-690633523-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> FOUND
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-747785638-1536544367-690633523-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND
¤¤¤ Scheduled tasks : 0 ¤¤¤
¤¤¤ Files : 4 ¤¤¤
[ZeroAccess][Folder] L -- C:\Windows\Installer\{a88e8a8a-0d88-5328-0708-a6a0b88f9f22}\L -> FOUND
[ZeroAccess][File] @ -- C:\Users\Rwolf02\AppData\Local\{a88e8a8a-0d88-5328-0708-a6a0b88f9f22}\@ -> FOUND
[ZeroAccess][Folder] L -- C:\Users\Rwolf02\AppData\Local\{a88e8a8a-0d88-5328-0708-a6a0b88f9f22}\L -> FOUND
[ZeroAccess][Folder] U -- C:\Users\Rwolf02\AppData\Local\{a88e8a8a-0d88-5328-0708-a6a0b88f9f22}\U -> FOUND
¤¤¤ HOSTS File : 0 ¤¤¤
¤¤¤ Antirootkit : 0 ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD7500BPVT-55HXZT3 +++++
--- User ---
[MBR] a20de5fd0b5ea9f7367d1ddee1c603a2
[BSP] c7747c46d8419c4cc17d18f7e18dc41c : Unknown MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097151 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: ASMT 2105 USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
+++++ PhysicalDrive2: Buildwin MediaPlayer USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
+++++ PhysicalDrive3: SD Card +++++
--- User ---
[MBR] 2dd27a2bd9b0b305e974b4defc45b985
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Unknown MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 8192 | Size: 15189 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )
 
Second log:


RogueKiller V9.0.2.0 [Jun 3 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Rwolf01 [Admin rights]
Mode : Scan -- Date : 06/16/2014 12:45:15
¤¤¤ Bad processes : 1 ¤¤¤
[Suspicious.Path] (SVC) Agent -- C:\Windows\VPDAgent_x64.exe[-] -> STOPPED
¤¤¤ Registry Entries : 12 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Agent -> FOUND
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Agent -> FOUND
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Agent -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255} | NameServer : 8.8.8.8,8.8.4.4 -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255} | NameServer : 8.8.8.8,8.8.4.4 -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255} | NameServer : 8.8.8.8,8.8.4.4 -> FOUND
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-747785638-1536544367-690633523-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> FOUND
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-747785638-1536544367-690633523-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND
¤¤¤ Scheduled tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ HOSTS File : 0 ¤¤¤
¤¤¤ Antirootkit : 0 ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD7500BPVT-55HXZT3 +++++
--- User ---
[MBR] a20de5fd0b5ea9f7367d1ddee1c603a2
[BSP] c7747c46d8419c4cc17d18f7e18dc41c : Unknown MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097151 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: ASMT 2105 USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
+++++ PhysicalDrive2: Buildwin MediaPlayer USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
+++++ PhysicalDrive3: SD Card +++++
--- User ---
[MBR] 2dd27a2bd9b0b305e974b4defc45b985
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Unknown MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 8192 | Size: 15189 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

============================================
RKreport_SCN_06162014_123437.log - RKreport_DEL_06162014_123847.log
 
Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
Downloaded & ran Combofix.
I disabled Avira beforehand but obviously not all the way since it trapped a registry change Combofix was trying to make.
I stopped Combofix, disabled Avira the rest of the way and the reran ComboFix.
It ran to completion and produced the following log file./
Reenabled Avira and Windows Firewall.
 
ComboFix Log;


ComboFix 14-06-16.01 - Rwolf01 06/16/2014 17:54:53.1.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8091.5536 [GMT -7:00]
Running from: c:\users\Rwolf02\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\users\Rwolf02\AppData\Local\assembly\tmp
c:\windows\Downloaded Program Files\Install.inf
.
.
((((((((((((((((((((((((( Files Created from 2014-05-17 to 2014-06-17 )))))))))))))))))))))))))))))))
.
.
2014-06-17 01:09 . 2014-06-17 01:09 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-06-17 01:09 . 2014-06-17 01:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-06-16 21:54 . 2014-06-16 21:54 -------- d-----w- c:\users\Rwolf02\AppData\Roaming\HpUpdate
2014-06-16 21:54 . 2012-10-17 11:31 741480 ------w- c:\windows\system32\HPDiscoPM6412.dll
2014-06-16 21:54 . 2014-06-16 22:26 -------- d-----w- c:\program files (x86)\HP
2014-06-16 21:54 . 2014-06-16 22:18 -------- d-----w- c:\programdata\HP
2014-06-16 21:54 . 2014-06-16 21:54 -------- d-----w- c:\program files\HP
2014-06-16 21:43 . 2014-06-16 22:10 -------- d-----w- c:\users\Rwolf02\AppData\Local\HP
2014-06-16 19:57 . 2014-06-16 20:12 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-06-16 19:28 . 2014-06-16 19:28 -------- d-----w- c:\programdata\RogueKiller
2014-06-15 18:00 . 2014-06-15 18:00 -------- d-----w- c:\users\Rwolf02\AppData\Roaming\Oracle
2014-06-15 09:14 . 2014-06-16 19:57 128728 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-06-15 09:14 . 2014-06-16 19:56 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-06-15 09:14 . 2014-06-15 09:14 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-06-15 09:14 . 2014-06-15 09:14 -------- d-----w- c:\programdata\Malwarebytes
2014-06-15 09:14 . 2014-05-12 14:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-06-15 09:14 . 2014-05-12 14:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-06-12 16:21 . 2014-06-12 16:21 -------- d-----w- c:\users\Rwolf02\AppData\Local\Apps
2014-06-12 13:22 . 2014-06-12 13:22 -------- d-----w- c:\program files (x86)\Seagate
2014-06-11 16:36 . 2014-06-12 10:49 -------- d-----w- c:\programdata\Samsung
2014-06-11 16:36 . 2014-06-12 10:49 -------- d-----w- c:\program files (x86)\Samsung
2014-06-11 16:34 . 2014-06-11 16:34 770912 ----a-w- c:\windows\SysWow64\Msfdbqp.dll
2014-06-11 16:34 . 2014-06-11 16:34 511328 ----a-w- c:\windows\SysWow64\Synchronization2.dll
2014-06-11 16:34 . 2014-06-11 16:34 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll
2014-06-11 16:34 . 2014-06-11 16:34 397152 ----a-w- c:\windows\SysWow64\Msfdbse.dll
2014-06-11 16:34 . 2014-06-11 16:34 253280 ----a-w- c:\windows\SysWow64\MetaStore2.dll
2014-06-11 16:34 . 2014-06-11 16:34 230240 ----a-w- c:\windows\SysWow64\Msfdb.dll
2014-06-11 16:34 . 2014-06-11 16:34 189792 ----a-w- c:\windows\SysWow64\SimpleProviders2.dll
2014-06-11 16:34 . 2014-06-11 16:34 171360 ----a-w- c:\windows\SysWow64\FileSyncProvider2.dll
2014-06-11 16:34 . 2014-06-11 16:34 156512 ----a-w- c:\windows\SysWow64\FeedSync2.dll
2014-06-11 11:35 . 2014-05-30 09:39 548352 ----a-w- c:\windows\system32\vbscript.dll
2014-06-11 11:34 . 2014-06-08 09:13 506368 ----a-w- c:\windows\system32\aepdu.dll
2014-06-11 11:34 . 2014-06-08 09:08 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-05-23 23:48 . 2014-05-23 23:48 -------- d-----w- c:\program files (x86)\DeepSkyStacker
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-12 10:05 . 2012-08-17 19:13 95414520 ----a-w- c:\windows\system32\MRT.exe
2014-05-20 07:53 . 2013-08-09 05:51 130584 ----a-w- c:\windows\system32\drivers\avipbb.sys
2014-05-20 07:53 . 2013-08-09 05:51 112080 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-05-14 18:36 . 2012-08-10 22:00 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-14 18:36 . 2012-08-10 22:00 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-14 10:12 . 2012-09-29 19:44 3642528 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2014-04-12 02:22 . 2014-05-14 05:05 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2014-04-12 02:22 . 2014-05-14 05:05 155072 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-04-12 02:19 . 2014-05-14 05:05 29184 ----a-w- c:\windows\system32\sspisrv.dll
2014-04-12 02:19 . 2014-05-14 05:05 136192 ----a-w- c:\windows\system32\sspicli.dll
2014-04-12 02:19 . 2014-05-14 05:05 28160 ----a-w- c:\windows\system32\secur32.dll
2014-04-12 02:19 . 2014-05-14 05:05 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-04-12 02:19 . 2014-05-14 05:05 31232 ----a-w- c:\windows\system32\lsass.exe
2014-04-12 02:12 . 2014-05-14 05:05 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-04-12 02:10 . 2014-05-14 05:05 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-04-01 05:46 . 2014-04-01 05:46 130712 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL
2014-04-01 05:46 . 2014-04-01 05:46 1070232 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2014-03-25 02:43 . 2014-05-14 05:06 14175744 ----a-w- c:\windows\system32\shell32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Officejet 4620 series (NET)"="c:\program files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe" [2012-10-17 2573416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-05-14 56088]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-03-09 291608]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2011-09-20 60552]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe" [2012-02-21 693608]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-05-20 737872]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2014-05-03 296520]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
RealPlayer Cloud Service UI.lnk - c:\program files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe [2014-5-2 1022048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.355.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.1.355.0\BBSvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 RealPlayerUpdateSvc;RealPlayer Update Service;c:\program files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe;c:\program files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AMPPALP;Intel(r) Centrino(r) Wireless Bluetooth(r) + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1y60x64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys;c:\windows\SYSNATIVE\DRIVERS\ivusb.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SIUSBXP;SIUSBXP;c:\windows\system32\drivers\SiUSBXp.sys;c:\windows\SYSNATIVE\drivers\SiUSBXp.sys [x]
R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 USER_ESRV_SVC;User Energy Server Service;c:\program files\Sony\VAIO Care\esrv\esrv_svc.exe;c:\program files\Sony\VAIO Care\esrv\esrv_svc.exe [x]
R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [x]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [x]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 NIApplicationWebServer64;NI Application Web Server (64-bit);c:\program files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe;c:\program files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [x]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 ActiveDelayDeviceService;ActiveDelayDeviceService;c:\program files (x86)\Sony\VAIO Boot Manager\ActiveDelayDeviceService.exe;c:\program files (x86)\Sony\VAIO Boot Manager\ActiveDelayDeviceService.exe [x]
S2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [x]
S2 Agent;VPDAgent;c:\windows\VPDAgent_x64.exe;c:\windows\VPDAgent_x64.exe [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 AntiVirMailService;Avira Mail Protection;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 ESRV_SVC;Energy Server Service;c:\program files\Sony\VAIO Care\esrv\esrv_svc.exe --AUTO_START --start --address 127.0.0.1;c:\program files\Sony\VAIO Care\esrv\esrv_svc.exe --AUTO_START --start --address 127.0.0.1 [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 Neat Startup Service;Neat Startup Service;c:\program files (x86)\Neat\exec\NeatStartupService.exe;c:\program files (x86)\Neat\exec\NeatStartupService.exe [x]
S2 NIApplicationWebServer;NI Application Web Server;c:\program files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe;c:\program files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [x]
S2 nimDNSResponder;NI mDNS Responder Service;c:\program files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe;c:\program files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [x]
S2 NINetworkDiscovery;NI Network Discovery;c:\program files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe;c:\program files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe [x]
S2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service\Oasis2Service.exe;c:\program files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [x]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 RealPlayer Cloud Service;RealPlayer Cloud Service;c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe;c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [x]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe;c:\program files\Sony\VAIO Care\VCPerfService.exe [x]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-I Visual Effects 2\uCamMonitor.exe;c:\program files (x86)\ArcSoft\Magic-I Visual Effects 2\uCamMonitor.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe;c:\program files\Sony\VAIO Power Management\SPMService.exe [x]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe;c:\program files\Sony\VAIO Smart Network\VSNService.exe [x]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 AMPPAL;Intel(r) Centrino(r) Wireless Bluetooth(r) + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys;c:\windows\SYSNATIVE\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.exe [x]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
S3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 semav6thermal64ro;semav6thermal64ro;c:\windows\system32\drivers\semav6thermal64ro.sys;c:\windows\SYSNATIVE\drivers\semav6thermal64ro.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys;c:\windows\SYSNATIVE\DRIVERS\SFEP.sys [x]
S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe;c:\program files\Sony\VAIO Care\VCService.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-12 18:36 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-06-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-10 18:36]
.
2014-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-21 06:44]
.
2014-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-21 06:44]
.
2014-06-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-747785638-1536544367-690633523-1001Core.job
- c:\users\Rwolf02\AppData\Local\Google\Update\GoogleUpdate.exe [2014-04-30 22:04]
.
2014-06-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-747785638-1536544367-690633523-1001UA.job
- c:\users\Rwolf02\AppData\Local\Google\Update\GoogleUpdate.exe [2014-04-30 22:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-02-20 1158248]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-02-20 1158248]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-04-03 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-04-03 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-04-03 439064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
Trusted Zone: garlic.com\www
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255}\157554254595: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255}\8405D23556475707D29333D2F46666963656A656470243632303: NameServer = 8.8.8.8,8.8.4.4
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{0131D7EF-65FF-478F-8ABD-5ABEE24EC8EF} - c:\programdata\{AA28280A-C4CA-4B4F-9DF1-593032D2F3EC}\VAIO Messenger Setup 2.0.550.0.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\%C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-06-16 18:26:48
ComboFix-quarantined-files.txt 2014-06-17 01:26
.
Pre-Run: 147,175,636,992 bytes free
Post-Run: 150,356,525,056 bytes free
.
- - End Of File - - 91C9992D9E0466A3CC2352CE24B685CD
 
Looks good.

redtarget.gif
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.



redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.



redtarget.gif
Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Okay, I will follow these latest instructions.

However, you should know that I've noticed a new behavior since I ran ComboFix: Most of my shortcuts work fine but if I click on the shortcut to google.com or try to type google.com into the address space manually it 'thinks about it' for a while and then returns a blank white tab named "New tab".

Also the links in your latest email to the download sites for adwcleaner, OTL and JRT did not work. As a workaround I copied your latest email to an SD card, carried it to another machine and opened the email there (using the same version of Outlook) On the alternate machine, the links work fine and got me the new programs.

Note: If I start the chrome browser on the affected system, it finds google.com just fine. Also, I am using Google's free & public DNS servers in the TCP/IP protocol.

Stand by for reports & log files from the 3 latest tools....
 
The new bad behavior of IE went away after running JRT.
After running OTL, it seems like IE loads faster as well. (rather subjective, but it seems 'snappier')

Attached are the logfiles from AdwCleaner, JRT and OTL.
 
AdwCleaner:


# AdwCleaner v3.212 - Report created 16/06/2014 at 22:40:31
# Updated 05/06/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Rwolf01 - RWOLF02
# Running from : C:\Users\Rwolf02\Desktop\adwcleaner_3.212.exe
# Option : Clean
***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17126

-\\ Google Chrome v35.0.1916.153
[ File : C:\Users\Rwolf02\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
[ File : C:\Users\Rwolf02\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\Rwolf02\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\Rwolf02\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\Rwolf02\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\Rwolf02\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\Rwolf02\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\Rwolf02\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\Rwolf02\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\Rwolf02\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\Rwolf02\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\Rwolf02\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\Rwolf02\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\Rwolf02\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************
AdwCleaner[R0].txt - [3161 octets] - [16/06/2014 22:33:48]
AdwCleaner[S0].txt - [2046 octets] - [16/06/2014 22:40:31]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2106 octets] ##########
 
JRT logfile:


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x64
Ran by Rwolf01 on Mon 06/16/2014 at 23:14:44.70
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Empty Folder] C:\Users\Rwolf02\appdata\local\{127B7267-4C61-4286-B0BF-E9259CC8270C}
Successfully deleted: [Empty Folder] C:\Users\Rwolf02\appdata\local\{3952D606-EA32-40E7-9C21-FA2CE68547B4}
Successfully deleted: [Empty Folder] C:\Users\Rwolf02\appdata\local\{48A9998D-6684-4F71-AA76-36FADF6B569B}
Successfully deleted: [Empty Folder] C:\Users\Rwolf02\appdata\local\{7041C0CB-F78C-4792-BABD-5F442D984E4E}
Successfully deleted: [Empty Folder] C:\Users\Rwolf02\appdata\local\{8C6852F1-27D7-4BCB-8EAD-2A409F067DA9}
Successfully deleted: [Empty Folder] C:\Users\Rwolf02\appdata\local\{91F155BB-E378-4147-930F-14606A005673}
Successfully deleted: [Empty Folder] C:\Users\Rwolf02\appdata\local\{9B002008-502C-452D-AD25-2D3A895D886A}
Successfully deleted: [Empty Folder] C:\Users\Rwolf02\appdata\local\{9BF2E81C-6F3C-4E20-8810-01136FCF24C4}
Successfully deleted: [Empty Folder] C:\Users\Rwolf02\appdata\local\{a88e8a8a-0d88-5328-0708-a6a0b88f9f22}
Successfully deleted: [Empty Folder] C:\Users\Rwolf02\appdata\local\{AC6561DA-041E-4E21-9158-9D14E8929FEA}
Successfully deleted: [Empty Folder] C:\Users\Rwolf02\appdata\local\{E60600E7-CD5A-4E8C-B67B-7130B1523AAE}
Successfully deleted: [Empty Folder] C:\Users\Rwolf02\appdata\local\{EF089A2D-ED1E-44B2-AF4C-45C3F10DD8C0}
Successfully deleted: [Empty Folder] C:\Users\Rwolf02\appdata\local\{F18D3A31-82EF-492E-BE5C-D2AAA50E85BD}
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 06/16/2014 at 23:19:56.86
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
OTL.txt (part 1 of 2)

OTL logfile created on: 6/16/2014 11:29:30 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Rwolf02\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17126)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
7.90 Gb Total Physical Memory | 5.60 Gb Available Physical Memory | 70.82% Memory free
15.80 Gb Paging File | 13.01 Gb Available in Paging File | 82.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 678.89 Gb Total Space | 139.82 Gb Free Space | 20.60% Space Free | Partition Type: NTFS
Drive H: | 14.83 Gb Total Space | 14.83 Gb Free Space | 99.98% Space Free | Partition Type: FAT32
Computer Name: RWOLF02 | User Name: Rwolf01 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/06/16 21:54:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rwolf02\Desktop\OTL.exe
PRC - [2014/05/20 00:53:56 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2014/05/20 00:53:39 | 001,039,440 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2014/05/20 00:53:32 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2014/05/20 00:53:31 | 000,737,872 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2014/05/05 15:29:36 | 000,263,048 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
PRC - [2014/05/02 22:06:28 | 001,141,848 | ---- | M] (RealNetworks, Inc.) -- c:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
PRC - [2014/05/02 22:06:26 | 000,296,520 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2014/04/07 03:06:58 | 000,023,552 | ---- | M] () -- C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
PRC - [2014/04/06 23:00:42 | 000,039,568 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2013/09/05 03:35:24 | 001,364,256 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/07/02 23:06:06 | 000,061,440 | ---- | M] (Digital Delivery Networks, Inc.) -- C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe
PRC - [2013/02/23 01:12:44 | 000,005,632 | ---- | M] (The Neat Company) -- C:\Program Files (x86)\Neat\exec\NeatStartupService.exe
PRC - [2012/06/07 23:42:14 | 000,680,624 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe
PRC - [2012/06/06 00:56:56 | 000,169,192 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe
PRC - [2012/06/05 15:09:58 | 000,370,328 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
PRC - [2012/06/05 15:07:08 | 000,060,568 | ---- | M] (National Instruments Corporation) -- C:\Windows\SysWOW64\lktsrv.exe
PRC - [2012/06/05 14:58:56 | 000,050,328 | ---- | M] (National Instruments Corporation) -- C:\Windows\SysWOW64\lkads.exe
PRC - [2012/05/31 17:51:58 | 000,258,776 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
PRC - [2012/05/29 00:54:30 | 000,054,464 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Care\VCService.exe
PRC - [2012/05/23 00:50:12 | 000,051,360 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\MAX\nimxs.exe
PRC - [2012/05/22 10:39:06 | 000,053,952 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe
PRC - [2012/05/22 10:38:06 | 000,053,960 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
PRC - [2012/05/02 13:57:14 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2012/05/02 13:57:12 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2012/04/06 14:37:34 | 000,183,432 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
PRC - [2012/04/06 14:37:32 | 000,065,464 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
PRC - [2012/03/23 01:47:32 | 000,362,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012/03/23 01:47:21 | 000,276,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012/03/23 01:47:05 | 000,127,320 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2012/03/23 01:45:53 | 000,162,648 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/03/20 13:43:37 | 000,477,816 | ---- | M] () -- C:\Program Files (x86)\Sony\Keyboard Shortcuts\KeyboardShortcuts.exe
PRC - [2012/03/09 13:54:33 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2012/02/21 12:41:12 | 000,473,960 | ---- | M] (Sony Corporation) -- c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
PRC - [2012/02/21 12:37:16 | 000,693,608 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
PRC - [2012/01/25 15:23:54 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.EXE
PRC - [2011/12/19 19:16:50 | 001,104,208 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2011/12/19 19:16:44 | 001,014,096 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2011/11/30 18:49:50 | 000,082,592 | ---- | M] (Sony of America Corporation) -- C:\Program Files\Sony\VAIO Care\listener.exe
PRC - [2011/09/20 16:57:56 | 000,060,552 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
PRC - [2011/09/20 16:53:26 | 000,078,472 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Boot Manager\ActiveDelayDeviceService.exe
PRC - [2011/09/01 02:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2011/05/06 16:08:28 | 000,695,136 | ---- | M] (National Instruments, Inc.) -- C:\Windows\SysWOW64\lkcitdl.exe
PRC - [2011/02/23 14:05:04 | 000,105,024 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-I Visual Effects 2\uCamMonitor.exe
========== Modules (No Company Name) ==========
MOD - [2014/05/14 04:57:08 | 000,488,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\712e0def1b5e62189f7f7c1daaebf097\IAStorUtil.ni.dll
MOD - [2014/05/14 04:48:47 | 011,922,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\70dbdd46969daf2bea2443c75b7629d4\System.Web.ni.dll
MOD - [2014/05/14 04:48:42 | 000,774,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\98c91b8d3f1d54c41ada5f37e0935303\System.Runtime.Remoting.ni.dll
MOD - [2014/05/14 03:04:17 | 000,805,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\04824fdbd5dce32530ba44ae012e4fb9\System.Runtime.Remoting.ni.dll
MOD - [2014/02/27 09:53:24 | 000,190,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\75b6a68103e1b76063d9f69b8275ae61\UIAutomationTypes.ni.dll
MOD - [2014/02/27 04:05:30 | 018,813,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a4b45c44490c75bc2fb22780e7ef087d\PresentationFramework.ni.dll
MOD - [2014/02/27 04:05:18 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74542efbeb46445949a39026c501132\PresentationCore.ni.dll
MOD - [2014/02/27 04:05:17 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f4f6ee0df2aa4189bf36e6335cb92761\System.Windows.Forms.ni.dll
MOD - [2014/02/27 04:05:12 | 007,662,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll
MOD - [2014/02/27 04:05:12 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll
MOD - [2014/02/27 04:05:12 | 001,889,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\3fe705796c6a41d4889d9001d1c56af8\System.Xaml.ni.dll
MOD - [2014/02/27 04:05:11 | 001,180,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\0893e0e7137e3b2da905da6216b75344\System.Management.ni.dll
MOD - [2014/02/27 04:05:09 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\acf97bfe2a931d4a47253b26b7218991\WindowsBase.ni.dll
MOD - [2014/02/27 04:05:09 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5cd2aee5e7c07227c694d89219688ab3\System.Drawing.ni.dll
MOD - [2014/02/27 04:05:07 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll
MOD - [2014/02/27 04:05:07 | 000,291,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatiod51afaa5#\edec2d7b3ecaabfc5c72d7615d884f79\PresentationFramework.classic.ni.dll
MOD - [2014/02/27 04:05:06 | 010,060,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll
MOD - [2014/02/27 04:05:01 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2014/02/12 04:49:02 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\16caebfc2bda597384c2f998c28ab38e\IAStorCommon.ni.dll
MOD - [2014/02/12 04:39:03 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014/02/12 04:38:59 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014/02/12 04:38:47 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1d696b2d3de530f7ee971070263667ff\WindowsBase.ni.dll
MOD - [2014/02/12 04:38:43 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll
MOD - [2014/02/12 04:38:41 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll
MOD - [2014/02/12 04:38:40 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014/02/12 04:38:33 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2012/03/20 13:43:38 | 000,026,744 | ---- | M] () -- C:\Program Files (x86)\Sony\Keyboard Shortcuts\Utility.dll
MOD - [2012/03/20 13:43:37 | 000,477,816 | ---- | M] () -- C:\Program Files (x86)\Sony\Keyboard Shortcuts\KeyboardShortcuts.exe
MOD - [2012/03/20 13:43:36 | 000,160,376 | ---- | M] () -- C:\Program Files (x86)\Sony\Keyboard Shortcuts\MessageHook.dll
========== Services (SafeList) ==========
SRV:64bit: - [2014/05/30 02:21:05 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/11/20 19:00:20 | 003,674,864 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV:64bit: - [2013/11/20 18:59:58 | 000,284,912 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2013/11/20 18:59:38 | 000,631,024 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2013/11/20 18:58:50 | 000,154,864 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2013/07/29 05:01:08 | 000,772,064 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/03/04 14:06:26 | 000,258,048 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector)
SRV:64bit: - [2013/02/22 12:02:06 | 000,427,432 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe -- (USER_ESRV_SVC)
SRV:64bit: - [2013/02/22 12:02:06 | 000,427,432 | ---- | M] () [Auto | Running] -- C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe -- (ESRV_SVC)
SRV:64bit: - [2012/09/12 19:07:06 | 000,135,984 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2012/05/29 00:54:30 | 000,054,464 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Care\VCService.exe -- (VCService)
SRV:64bit: - [2012/05/22 10:38:20 | 000,076,488 | ---- | M] (National Instruments Corporation) [Disabled | Stopped] -- C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe -- (NIApplicationWebServer64)
SRV:64bit: - [2012/03/26 09:24:10 | 000,978,056 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe -- (VSNService)
SRV:64bit: - [2012/02/02 22:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV:64bit: - [2012/01/10 13:45:32 | 000,535,688 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV:64bit: - [2011/12/21 13:15:06 | 000,550,128 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV:64bit: - [2011/12/01 10:04:56 | 000,289,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe -- (SpfService)
SRV:64bit: - [2011/08/26 18:47:26 | 000,101,600 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/05/20 00:53:56 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2014/05/20 00:53:39 | 001,039,440 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2014/05/20 00:53:33 | 000,801,872 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2014/05/20 00:53:32 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2014/05/14 11:36:37 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/05/02 22:06:28 | 001,141,848 | ---- | M] (RealNetworks, Inc.) [Auto | Running] -- c:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe -- (RealPlayer Cloud Service)
SRV - [2014/04/07 03:06:58 | 000,023,552 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe -- (RealPlayerUpdateSvc)
SRV - [2014/04/06 23:00:42 | 000,039,568 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013/10/23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/09/05 03:35:24 | 001,364,256 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/07/02 23:06:06 | 000,061,440 | ---- | M] (Digital Delivery Networks, Inc.) [Auto | Running] -- C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe -- (Oasis2Service)
SRV - [2013/02/23 01:12:44 | 000,005,632 | ---- | M] (The Neat Company) [Auto | Running] -- C:\Program Files (x86)\Neat\exec\NeatStartupService.exe -- (Neat Startup Service)
SRV - [2013/02/04 10:01:00 | 000,148,480 | ---- | M] (Two Pilots) [Auto | Running] -- C:\Windows\VPDAgent_x64.exe -- (Agent)
SRV - [2012/06/07 23:42:14 | 000,680,624 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe -- (NITaggerService)
SRV - [2012/06/06 00:56:56 | 000,169,192 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe -- (NINetworkDiscovery)
SRV - [2012/06/05 15:09:58 | 000,370,328 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService)
SRV - [2012/06/05 15:07:08 | 000,060,568 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\lktsrv.exe -- (lkTimeSync)
SRV - [2012/06/05 14:58:56 | 000,050,328 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\lkads.exe -- (lkClassAds)
SRV - [2012/05/31 17:51:58 | 000,258,776 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe -- (nimDNSResponder)
SRV - [2012/05/23 00:50:12 | 000,051,360 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\National Instruments\MAX\nimxs.exe -- (mxssvr)
SRV - [2012/05/22 10:39:06 | 000,053,952 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe -- (niSvcLoc)
SRV - [2012/05/22 10:38:06 | 000,053,960 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe -- (NIApplicationWebServer)
SRV - [2012/05/18 14:25:58 | 000,139,488 | ---- | M] (OPC Foundation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Opcenum.exe -- (OpcEnum)
SRV - [2012/05/02 13:57:14 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2012/04/06 14:37:32 | 000,065,464 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe -- (VAIO Event Service)
SRV - [2012/04/03 13:16:57 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/03/23 01:47:32 | 000,362,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/03/23 01:47:21 | 000,276,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/03/23 01:47:05 | 000,127,320 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R)
SRV - [2012/03/23 01:45:53 | 000,162,648 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012/02/21 13:03:28 | 002,429,544 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2012/02/21 12:41:12 | 000,473,960 | ---- | M] (Sony Corporation) [Auto | Running] -- c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2012/01/25 15:23:54 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/01/25 15:23:54 | 000,192,792 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BBSvc.EXE -- (BBSvc)
SRV - [2011/12/29 16:10:08 | 000,960,160 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2011/12/19 19:16:50 | 001,104,208 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2011/12/19 19:16:48 | 001,304,912 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2011/12/19 19:16:44 | 001,014,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2011/09/23 17:47:22 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)
SRV - [2011/09/20 16:53:26 | 000,078,472 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Boot Manager\ActiveDelayDeviceService.exe -- (ActiveDelayDeviceService)
SRV - [2011/09/01 02:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0)
SRV - [2011/05/06 16:08:28 | 000,695,136 | ---- | M] (National Instruments, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\lkcitdl.exe -- (LkCitadelServer)
SRV - [2011/02/23 14:05:04 | 000,105,024 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-I Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2010/08/02 11:00:00 | 001,427,688 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe -- (NILM License Manager)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/12/17 04:00:00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01)
SRV - [2007/01/11 04:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2014/05/20 00:53:32 | 000,130,584 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2014/05/20 00:53:32 | 000,112,080 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013/11/26 04:51:42 | 011,530,992 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwsw00.sys -- (NETwNs64)
DRV:64bit: - [2013/11/26 00:49:12 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013/10/01 19:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/09/05 03:37:00 | 000,030,496 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2013/07/29 05:01:24 | 000,164,832 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2013/07/29 05:01:24 | 000,164,832 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/11/06 15:28:46 | 000,013,792 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\semav6thermal64ro.sys -- (semav6thermal64ro)
DRV:64bit: - [2012/09/10 10:41:06 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2012/08/23 07:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 07:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/17 19:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/05/02 13:45:04 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2012/04/18 15:05:16 | 000,019,304 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb)
DRV:64bit: - [2012/04/03 13:35:51 | 000,331,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2012/04/03 13:28:02 | 014,748,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/03/18 23:54:51 | 000,423,696 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012/03/09 13:54:13 | 000,788,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012/03/09 13:54:10 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012/03/09 13:54:09 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012/03/02 13:23:51 | 000,676,968 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/28 17:59:50 | 000,034,232 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2012/02/28 17:59:50 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2012/02/21 13:03:47 | 000,340,072 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2012/01/16 02:01:14 | 000,014,336 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2011/12/14 14:26:56 | 000,060,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (ibtfltcoex)
DRV:64bit: - [2011/12/13 11:26:20 | 000,747,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2011/12/13 11:26:18 | 000,094,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2011/05/13 03:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/05/13 03:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011/05/13 03:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 20:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/07/29 00:25:10 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb)
DRV:64bit: - [2010/03/19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/11/03 23:16:10 | 000,019,456 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SiUSBXp.sys -- (SIUSBXP)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 16:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/19 19:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/06/10 13:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/26 14:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
 
OTL.txt (part 2 of 2)


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SNYVDF&pc=MASA&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-747785638-1536544367-690633523-1000\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-747785638-1536544367-690633523-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sfgate.com/
IE - HKU\S-1-5-21-747785638-1536544367-690633523-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-747785638-1536544367-690633523-1001\..\SearchScopes\{AEBA69D8-4D86-4FF2-B8C0-47319A84C524}: "URL" = https://www.google.com/search?q={searchTerms}
IE - HKU\S-1-5-21-747785638-1536544367-690633523-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-747785638-1536544367-690633523-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=17.0.9.17: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=17.0.9: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=17.0.9: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=17.0.9: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=17.0.9.17: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF - HKLM\Software\MozillaPlugins\@sony.com/ReaderDesktop: C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Rwolf02\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Rwolf02\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{53D8DD28-1C83-41F3-B171-C2ED5B3E5DE8}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2014/05/02 22:07:23 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:eek:mniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: First user (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\Rwolf02\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\
CHR - Extension: Google Drive = C:\Users\Rwolf02\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Rwolf02\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\
CHR - Extension: YouTube = C:\Users\Rwolf02\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Cast = C:\Users\Rwolf02\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\14.421.1.1_0\
CHR - Extension: Google Search = C:\Users\Rwolf02\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: RealPlayer Downloader = C:\Users\Rwolf02\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\17.0.9_0\
CHR - Extension: Google Wallet = C:\Users\Rwolf02\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Rwolf02\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2014/06/16 18:09:20 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll File not found
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll (Microsoft Corporation.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] c:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKU\S-1-5-21-747785638-1536544367-690633523-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-747785638-1536544367-690633523-1001..\Run: [HP Officejet 4620 series (NET)] C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKU\S-1-5-21-747785638-1536544367-690633523-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-747785638-1536544367-690633523-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-747785638-1536544367-690633523-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-747785638-1536544367-690633523-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll (National Instruments Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000011 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll (National Instruments Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000011 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-747785638-1536544367-690633523-1001\..Trusted Domains: garlic.com ([www] http in Trusted sites)
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} http://esupport.sony.com/VaioInfo.CAB (VaioInfo.CMClass)
O16 - DPF: {B8E53531-F29E-4180-AE3E-DF485CC8BE32} http://palumbicam.stanford.edu/JpegInstV4.cab (pmjpegaudioV4 Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6588E2D2-D207-44D2-ACC4-CC6F54BBAC79}: DhcpNameServer = 172.26.38.1 172.26.38.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C949C50B-518D-4C25-B993-DBC15FAA9255}: NameServer = 8.8.8.8,8.8.4.4
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/06/16 23:14:41 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/06/16 22:34:02 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
[2014/06/16 22:33:38 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/06/16 22:33:17 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\Rwolf02\Desktop\JRT.exe
[2014/06/16 22:33:17 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Rwolf02\Desktop\OTL.exe
[2014/06/16 20:50:28 | 000,000,000 | ---D | C] -- C:\Users\Rwolf02\AppData\Local\CrashDumps
[2014/06/16 18:27:58 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/06/16 17:50:40 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/06/16 17:50:40 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/06/16 17:50:39 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/06/16 17:50:35 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/06/16 17:50:16 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014/06/16 17:42:52 | 005,206,841 | R--- | C] (Swearware) -- C:\Users\Rwolf02\Desktop\ComboFix.exe
[2014/06/16 14:54:35 | 000,000,000 | ---D | C] -- C:\Users\Rwolf02\AppData\Roaming\HpUpdate
[2014/06/16 14:54:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2014/06/16 14:54:13 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2014/06/16 14:54:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2014/06/16 14:54:12 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2014/06/16 14:43:30 | 000,000,000 | ---D | C] -- C:\Users\Rwolf02\AppData\Local\HP
[2014/06/16 12:57:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2014/06/16 12:28:12 | 000,000,000 | ---D | C] -- C:\ProgramData\RogueKiller
[2014/06/15 11:00:18 | 000,000,000 | ---D | C] -- C:\Users\Rwolf02\AppData\Roaming\Oracle
[2014/06/15 02:14:19 | 000,128,728 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/06/15 02:14:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/06/15 02:14:00 | 000,092,888 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/06/15 02:14:00 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/06/15 02:14:00 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/06/15 02:14:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/06/15 02:14:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/06/14 21:14:47 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2014/06/12 09:21:42 | 000,000,000 | ---D | C] -- C:\Users\Rwolf02\AppData\Local\Apps
[2014/06/12 06:22:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
[2014/06/12 06:22:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Seagate
[2014/06/11 10:34:30 | 000,000,000 | ---D | C] -- C:\Users\Rwolf02\Documents\My Received Files
[2014/06/11 09:36:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2014/06/11 09:36:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung
[2014/06/11 09:34:21 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\SysWow64\Redemption.dll
[2014/05/23 16:48:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DeepSkyStacker
[2014/05/23 16:48:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DeepSkyStacker

========== Files - Modified Within 30 Days ==========

[2014/06/16 23:11:46 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/06/16 22:56:40 | 000,026,368 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/06/16 22:56:40 | 000,026,368 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/06/16 22:55:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-747785638-1536544367-690633523-1001UA.job
[2014/06/16 22:54:36 | 000,876,042 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/06/16 22:54:36 | 000,728,806 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/06/16 22:54:36 | 000,147,732 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/06/16 22:48:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/06/16 22:48:02 | 2068,271,103 | -HS- | M] () -- C:\hiberfil.sys
[2014/06/16 22:36:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/06/16 22:34:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/06/16 21:54:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rwolf02\Desktop\OTL.exe
[2014/06/16 21:54:12 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\Rwolf02\Desktop\JRT.exe
[2014/06/16 21:53:48 | 001,333,465 | ---- | M] () -- C:\Users\Rwolf02\Desktop\adwcleaner_3.212.exe
[2014/06/16 18:09:20 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/06/16 17:42:55 | 005,206,841 | R--- | M] (Swearware) -- C:\Users\Rwolf02\Desktop\ComboFix.exe
[2014/06/16 15:55:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-747785638-1536544367-690633523-1001Core.job
[2014/06/16 14:54:08 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini
[2014/06/16 12:57:44 | 000,128,728 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/06/16 12:56:36 | 000,092,888 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/06/15 02:14:04 | 000,001,102 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/06/14 21:15:23 | 000,524,112 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/06/14 21:14:19 | 864,372,962 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/06/12 06:23:31 | 000,001,397 | ---- | M] () -- C:\Users\Public\Desktop\SeaTools for Windows.lnk
[2014/06/11 09:34:20 | 004,659,712 | ---- | M] (Dmitry Streblechenko) -- C:\Windows\SysWow64\Redemption.dll
[2014/06/05 18:45:43 | 000,395,117 | ---- | M] () -- C:\Users\Rwolf02\Desktop\Cal_Covering_1Q_14.pdf
[2014/05/23 16:48:06 | 000,002,591 | ---- | M] () -- C:\Users\Public\Desktop\DeepSkyStacker.lnk
[2014/05/20 00:53:32 | 000,130,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2014/05/20 00:53:32 | 000,112,080 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys

========== Files Created - No Company Name ==========

[2014/06/16 22:26:31 | 001,333,465 | ---- | C] () -- C:\Users\Rwolf02\Desktop\adwcleaner_3.212.exe
[2014/06/16 17:50:40 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/06/16 17:50:40 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/06/16 17:50:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/06/16 17:50:40 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/06/16 17:50:40 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/06/16 14:54:51 | 000,000,962 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
[2014/06/16 14:54:08 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2014/06/15 02:14:04 | 000,001,102 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/06/14 21:14:19 | 864,372,962 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2014/06/12 06:23:31 | 000,001,397 | ---- | C] () -- C:\Users\Public\Desktop\SeaTools for Windows.lnk
[2014/06/05 18:45:43 | 000,395,117 | ---- | C] () -- C:\Users\Rwolf02\Desktop\Cal_Covering_1Q_14.pdf
[2014/05/23 16:48:06 | 000,002,591 | ---- | C] () -- C:\Users\Public\Desktop\DeepSkyStacker.lnk
[2014/02/24 14:52:28 | 000,007,656 | ---- | C] () -- C:\Users\Rwolf02\AppData\Local\Resmon.ResmonCfg
[2012/11/09 03:46:21 | 000,044,221 | ---- | C] () -- C:\Users\Rwolf02\AppData\Local\RAContactHistory.xml
[2012/08/10 17:39:36 | 000,006,472 | ---- | C] () -- C:\Windows\Icoadb32.dat
[2012/08/10 17:39:36 | 000,000,064 | ---- | C] () -- C:\Windows\QBWCD.INI
[2012/08/10 17:26:01 | 000,676,224 | ---- | C] () -- C:\Windows\SysWow64\OGACheckControl.DLL
[2012/08/10 15:48:00 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dll

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 19:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 19:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/07/04 19:02:30 | 000,000,000 | ---D | M] -- C:\Users\Rwolf02\AppData\Roaming\Autodesk
[2013/09/29 18:17:07 | 000,000,000 | ---D | M] -- C:\Users\Rwolf02\AppData\Roaming\chc
[2012/08/22 13:48:01 | 000,000,000 | ---D | M] -- C:\Users\Rwolf02\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2013/10/14 05:31:21 | 000,000,000 | ---D | M] -- C:\Users\Rwolf02\AppData\Roaming\GARMIN
[2013/09/09 10:13:14 | 000,000,000 | ---D | M] -- C:\Users\Rwolf02\AppData\Roaming\GoPro
[2012/08/10 16:50:01 | 000,000,000 | ---D | M] -- C:\Users\Rwolf02\AppData\Roaming\iolo
[2012/11/19 01:51:11 | 000,000,000 | ---D | M] -- C:\Users\Rwolf02\AppData\Roaming\MultiDeco
[2013/03/20 03:22:32 | 000,000,000 | ---D | M] -- C:\Users\Rwolf02\AppData\Roaming\Neat
[2012/08/18 02:09:38 | 000,000,000 | ---D | M] -- C:\Users\Rwolf02\AppData\Roaming\No Company Name
[2013/03/20 03:22:29 | 000,000,000 | ---D | M] -- C:\Users\Rwolf02\AppData\Roaming\Nuance
[2014/06/15 11:00:18 | 000,000,000 | ---D | M] -- C:\Users\Rwolf02\AppData\Roaming\Oracle
[2012/11/09 03:46:10 | 000,000,000 | ---D | M] -- C:\Users\Rwolf02\AppData\Roaming\PeerNetworking
[2014/05/14 17:00:11 | 000,000,000 | ---D | M] -- C:\Users\Rwolf02\AppData\Roaming\PrimoPDF
[2014/02/23 19:52:49 | 000,000,000 | ---D | M] -- C:\Users\Rwolf02\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2013/11/22 18:00:45 | 105,792,079 | ---- | M] ()(C:\Windows\SysWow64\???V) -- C:\Windows\SysWow64\쓃ϔ荜V
[2013/11/14 12:58:56 | 105,792,079 | ---- | C] ()(C:\Windows\SysWow64\???V) -- C:\Windows\SysWow64\쓃ϔ荜V
[2013/11/09 14:25:13 | 103,387,443 | ---- | M] ()(C:\Windows\SysWow64\???§) -- C:\Windows\SysWow64\൷풚荜§
[2013/10/28 01:46:02 | 103,387,443 | ---- | C] ()(C:\Windows\SysWow64\???§) -- C:\Windows\SysWow64\൷풚荜§
[2013/09/23 21:23:04 | 098,843,276 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\佤葤‘
[2013/09/23 21:23:04 | 098,843,276 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\佤葤‘
[2013/09/14 15:15:53 | 097,600,188 | ---- | M] ()(C:\Windows\SysWow64\???) -- C:\Windows\SysWow64\Ӫⷍ葤
[2013/09/12 15:39:10 | 097,600,188 | ---- | C] ()(C:\Windows\SysWow64\???) -- C:\Windows\SysWow64\Ӫⷍ葤
< End of report >
 
You must log in or register to reply here.

Similar threads

Bunchy
BSOD
Replies
6
Views
1K
Bunchy
Bunchy
Steve
Gamers are ditching Radeon graphics cards over driver issues
10 11 12
Replies
289
Views
43K
TRMat
T
N
Windows 7 not booting in normal, safe ok. BSOD flash.
Replies
1
Views
2K
holdum323
holdum323

Latest posts

Back