Solved Bad Image error upon boot and opening programs

Alzm10

Posts: 24   +0
Hi
I'm having an issue with a friends Sony vaio laptop. Its had error dialogue boxes popping up, usually when I open a program, and during start up.

It usually says on boot:

[program].exe - Bad Image
c:\program~1\BEARAH~1\MediaBar\ Datamngr\x64\datamngr.dll is either not designed to run on windows or it contains an error.Try installing the program again using the original install media or contact sys admin.
Or:
c:\program~1\BEARAH~1\MediaBar\ Datamngr\x64\IEBHO.dll is either not designed to run on windows or it contains an error.Try installing the program again using the original install media or contact sys admin.

It all started after a Malwarebytes scan and reboot.
It's a sony Vaio VPCEE25FX
Windows 7 SP1

Thanks in advance for the help!
 
Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.[/B][/COLOR]
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17344
Run by Estevan at 17:54:22 on 2014-10-27
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.2059 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\PROGRA~2\CONSER~2\bar\1.bin\4nbarsvc.exe
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe
C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\PROGRA~2\RADIOP~2\bar\1.bin\4ebarsvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Sony\VAIO Care\VCPerfService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Sony\VAIO Care\ESRV\esrv.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\Apvfb.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
C:\Program Files\Sony\VAIO Update\vuagent.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
C:\Program Files\Sony\VAIO Care\VCService.exe
C:\Program Files\Sony\VAIO Care\VCAdmin.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Sony\VAIO Care\VCAgent.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\PROGRA~1\Sony\VAIOCA~1\Iolo\IOLOTO~1.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.bearshare.com
uSearch Bar = Preserve
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
uURLSearchHooks: <No Name>: {8bc67b0f-a721-45e0-a0b6-db0121b0aade} - C:\Program Files (x86)\RadioPI_4e\bar\1.bin\4eSrcAs.dll
uURLSearchHooks: <No Name>: {752929fc-c897-4620-9fa8-0303247277e2} - C:\Program Files (x86)\ConservativeTalkNow_4n\bar\1.bin\4nSrcAs.dll
mWinlogon: Userinit = userinit.exe
BHO: Toolbar BHO: {35fd2bab-ab2b-494f-b5bf-8755ec043784} - C:\Program Files (x86)\RadioPI_4e\bar\1.bin\4ebar.dll
BHO: Search Assistant BHO: {4adc9c1b-9c50-4c2d-a471-5c06d8de7e80} - C:\Program Files (x86)\RadioPI_4e\bar\1.bin\4eSrcAs.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Search Assistant BHO: {af77c74d-a46e-4671-afa0-1a09b1d4be39} - C:\Program Files (x86)\ConservativeTalkNow_4n\bar\1.bin\4nSrcAs.dll
BHO: DataMngr: {B939CF93-F2CB-443d-956C-DC523D85C9DB} - C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\BrowserConnection.dll
BHO: Wincore Mediabar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Toolbar BHO: {e5af9d32-01d7-47b8-9eb6-87d9afce744f} - C:\Program Files (x86)\ConservativeTalkNow_4n\bar\1.bin\4nbar.dll
TB: ConservativeTalkNow: {533329C9-CA91-42A2-8792-7F91C7B4172A} - C:\Program Files (x86)\ConservativeTalkNow_4n\bar\1.bin\4nbar.dll
TB: RadioPI: {92926B63-5116-4C6F-A33E-378767B8D15F} - C:\Program Files (x86)\RadioPI_4e\bar\1.bin\4ebar.dll
TB: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
TB: ConservativeTalkNow: {533329c9-ca91-42a2-8792-7f91c7b4172a} - C:\Program Files (x86)\ConservativeTalkNow_4n\bar\1.bin\4nbar.dll
TB: RadioPI: {92926b63-5116-4c6f-a33e-378767b8d15f} - C:\Program Files (x86)\RadioPI_4e\bar\1.bin\4ebar.dll
TB: Wincore Mediabar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll
DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} - hxxps://webiq005.webiqonline.com/WebIQ/DataServer/DataServer.dll?Handler=GetEngineDistribution&EDID={896A23A1-5821-4609-A6C6-6D5536C585C9}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{30625CBE-05E0-49E4-8016-F1FA70204A25} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{30625CBE-05E0-49E4-8016-F1FA70204A25}\05255434943594F4E4255405149425F5E4564777F627B6 : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{30625CBE-05E0-49E4-8016-F1FA70204A25}\14364796F6E6475636 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{30625CBE-05E0-49E4-8016-F1FA70204A25}\65562796A7F6E602D496649623230303022373548302355636572756 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{30625CBE-05E0-49E4-8016-F1FA70204A25}\E4544574541425 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C95AAEC7-CC43-41C3-BA80-5AA2B163F007} : DHCPNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\datamngr.dll C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: DataMngr: {B939CF93-F2CB-443d-956C-DC523D85C9DB} - C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\x64\BrowserConnection.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [Apoint] C:\Program Files (x86)\Apoint\Apoint.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2010-5-14 73856]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2010-5-14 28800]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-7-17 269008]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-2-5 55280]
R2 6077757b;6077757b;C:\Windows\System32\drivers\regi.sys [2010-2-5 14112]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-4-7 202752]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-4-29 361984]
R2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
R2 ConservativeTalkNow_4nService;ConservativeTalkNowService;C:\PROGRA~2\CONSER~2\bar\1.bin\4nbarsvc.exe [2011-8-4 42504]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2012-9-9 168448]
R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2012-9-9 131072]
R2 ESRV_SVC;Energy Server Service;C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [2013-11-1 377768]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-9-27 125584]
R2 Oasis2Service;Oasis2Service;C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [2010-6-24 46080]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]
R2 RadioPI_4eService;RadioPI Service;C:\PROGRA~2\RADIOP~2\bar\1.bin\4ebarsvc.exe [2011-9-3 34864]
R2 SampleCollector;Intel(R) System Behavior Tracker Collector Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2013-11-1 266168]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-2-5 108400]
R2 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-2-5 422768]
R2 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-2-5 67952]
R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-6-9 5024576]
R2 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-3-18 852336]
R2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-2-19 529776]
R2 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-2-19 386416]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2014-10-8 46136]
R3 MSSQL$DDNI;SQL Server (DDNI);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\sqlservr.exe [2009-3-30 43010392]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-8-22 368624]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-2-5 242720]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-4-7 346144]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2010-4-8 12032]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
R3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe [2010-2-8 302448]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-2-5 38456]
R3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2014-7-2 59240]
R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update\VUAgent.exe [2014-6-5 1642544]
R3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 regi;regi;C:\Windows\System32\drivers\regi.sys [2010-2-5 14112]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-7-24 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-10-18 111616]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-10-26 129752]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-10-10 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-10-10 56832]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-2-18 51712]
S3 USER_ESRV_SVC;User Energy Server Service;C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [2013-11-1 377768]
S3 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2010-2-5 574320]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-2-19 115568]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-8-2 1255736]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-3-30 47128]
S4 SQLAgent$DDNI;SQL Server Agent (DDNI);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 366936]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-10-27 22:44:48 11627712 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{365091BC-6B97-4C01-90BB-6254B2A68458}\mpengine.dll
2014-10-27 03:44:04 -------- d-----w- C:\Users\Estevan\AppData\Local\Deployment
2014-10-26 18:11:10 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-10-26 18:10:43 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-10-26 18:10:43 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-10-26 18:10:43 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-10-26 18:10:43 -------- d-----w- C:\ProgramData\Malwarebytes
2014-10-26 18:10:43 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-26 18:10:12 -------- d-----w- C:\Users\Estevan\AppData\Local\Programs
2014-10-26 14:07:58 11627712 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-10-18 15:19:29 3241472 ----a-w- C:\Windows\System32\msi.dll
2014-10-18 15:19:28 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-10-18 15:19:03 3179520 ----a-w- C:\Windows\System32\rdpcorets.dll
2014-10-18 15:17:46 6584320 ----a-w- C:\Windows\System32\mstscax.dll
2014-10-18 15:17:43 5703168 ----a-w- C:\Windows\SysWow64\mstscax.dll
2014-10-18 15:17:39 77312 ----a-w- C:\Windows\System32\packager.dll
2014-10-18 15:17:39 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2014-10-18 15:13:20 -------- d-----w- C:\Users\Estevan\AppData\Local\MOVband
2014-10-11 03:33:07 16384 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
2014-10-11 00:26:44 19456 ----a-w- C:\Windows\System32\drivers\rdpvideominiport.sys
2014-10-11 00:26:35 192000 ----a-w- C:\Windows\SysWow64\rdpendp_winip.dll
2014-10-11 00:26:34 243200 ----a-w- C:\Windows\System32\rdpudd.dll
2014-10-11 00:26:34 228864 ----a-w- C:\Windows\System32\rdpendp_winip.dll
2014-10-10 23:48:19 1188440 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7AB38678-8E71-4C10-A0B1-217A7AA77CC6}\gapaengine.dll
2014-10-10 23:41:21 2777088 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2014-10-10 23:41:21 2285056 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
2014-10-10 23:39:36 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2014-10-10 23:39:23 -------- dc----w- C:\Program Files\Microsoft Security Client
2014-10-10 23:19:30 99480 ----a-w- C:\Windows\SysWow64\infocardapi.dll
2014-10-10 23:19:30 619672 ----a-w- C:\Windows\SysWow64\icardagt.exe
2014-10-10 23:19:30 171160 ----a-w- C:\Windows\System32\infocardapi.dll
2014-10-10 23:19:30 1389208 ----a-w- C:\Windows\System32\icardagt.exe
2014-10-10 23:19:26 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
2014-10-10 23:19:26 8856 ----a-w- C:\Windows\System32\icardres.dll
2014-10-10 23:18:50 35480 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe
2014-10-10 23:18:50 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe
2014-10-10 12:41:58 1719296 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2014-10-10 12:41:58 1380864 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2014-10-10 12:41:58 1354240 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2014-10-10 12:41:57 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2014-10-10 12:41:57 1389568 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2014-10-10 12:41:53 793600 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
2014-10-10 12:41:53 1031168 ----a-w- C:\Windows\System32\TSWorkspace.dll
2014-10-10 12:41:24 504320 ----a-w- C:\Windows\System32\msihnd.dll
2014-10-10 12:41:24 337408 ----a-w- C:\Windows\SysWow64\msihnd.dll
2014-10-10 12:41:24 1941504 ----a-w- C:\Windows\System32\authui.dll
2014-10-10 12:41:24 1805824 ----a-w- C:\Windows\SysWow64\authui.dll
2014-10-10 12:41:24 112064 ----a-w- C:\Windows\System32\consent.exe
2014-10-10 12:40:23 340992 ----a-w- C:\Windows\System32\schannel.dll
2014-10-10 12:40:23 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2014-10-10 12:40:22 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2014-10-10 12:40:22 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2014-10-10 12:40:22 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2014-10-10 12:40:22 210944 ----a-w- C:\Windows\System32\wdigest.dll
2014-10-10 12:40:21 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2014-10-10 12:40:21 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2014-10-10 12:33:44 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-10-10 12:33:44 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-10-10 12:33:44 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-10-10 12:33:43 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-10-10 12:33:43 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-10-10 12:32:31 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-10-10 12:32:31 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-10-10 12:32:23 11578928 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{633406E7-4DAA-43AF-AC44-273199A9C9CF}\mpengine.dll
2014-10-09 02:08:41 -------- d-----w- C:\Users\Estevan\AppData\Local\AMD
2014-10-09 02:04:20 -------- d-----w- C:\Program Files (x86)\AMD AVT
2014-10-09 02:04:15 -------- d-----w- C:\Program Files (x86)\AMD APP
2014-10-09 02:04:08 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2014-10-09 02:04:08 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2014-10-09 02:02:54 -------- d-----w- C:\ProgramData\AMD
2014-10-09 02:02:52 46136 ----a-w- C:\Windows\System32\drivers\amdiox64.sys
2014-10-09 02:02:48 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2014-10-09 01:59:35 -------- dc----w- C:\Program Files\ATI Technologies
2014-10-09 01:58:10 -------- dc----w- C:\AMD
2014-10-08 22:54:43 2002432 ----a-w- C:\Windows\System32\msxml6.dll
2014-10-08 22:54:43 1882112 ----a-w- C:\Windows\System32\msxml3.dll
2014-10-08 22:54:42 2048 ----a-w- C:\Windows\SysWow64\msxml6r.dll
2014-10-08 22:54:42 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2014-10-08 22:54:42 2048 ----a-w- C:\Windows\System32\msxml6r.dll
2014-10-08 22:54:42 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2014-10-08 22:54:42 1389056 ----a-w- C:\Windows\SysWow64\msxml6.dll
2014-10-08 22:54:42 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2014-10-08 22:54:40 801280 ----a-w- C:\Windows\System32\usp10.dll
2014-10-08 22:54:40 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2014-10-08 22:54:39 288192 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2014-10-08 22:54:39 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2014-10-08 22:47:58 2620928 ----a-w- C:\Windows\System32\wucltux.dll
2014-10-08 22:47:21 97792 ----a-w- C:\Windows\System32\wudriver.dll
2014-10-08 22:47:21 92672 ----a-w- C:\Windows\SysWow64\wudriver.dll
2014-10-08 22:46:59 36864 ----a-w- C:\Windows\System32\wuapp.exe
2014-10-08 22:46:59 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
2014-10-08 22:46:59 198600 ----a-w- C:\Windows\System32\wuwebv.dll
2014-10-08 22:46:59 179656 ----a-w- C:\Windows\SysWow64\wuwebv.dll
.
==================== Find3M ====================
.
2014-10-26 14:28:01 952 --sha-w- C:\ProgramData\KGyGaAvL.sys
2014-10-10 02:05:59 276480 ----a-w- C:\Windows\System32\generaltel.dll
2014-10-10 02:05:42 507392 ----a-w- C:\Windows\System32\aepdu.dll
2014-10-10 02:00:38 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-10-08 23:28:25 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-10-08 23:28:25 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-10-08 22:54:00 13792 ----a-w- C:\Windows\System32\drivers\semav6thermal64ro.sys
2014-09-29 00:58:48 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-09-25 22:32:04 2017280 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-09-25 22:31:02 2108416 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-09-25 02:08:38 371712 ----a-w- C:\Windows\System32\qdvd.dll
2014-09-25 01:40:50 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-09-22 06:42:39 278152 ------w- C:\Windows\System32\MpSigStub.exe
2014-09-19 01:56:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-09-19 01:55:49 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-09-19 01:40:43 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-09-19 01:40:03 547328 ----a-w- C:\Windows\System32\vbscript.dll
2014-09-19 01:39:58 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-09-19 01:38:27 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-09-19 01:36:57 5829632 ----a-w- C:\Windows\System32\jscript9.dll
2014-09-19 01:26:00 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-09-19 01:25:49 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-09-19 01:25:12 4201472 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-09-19 01:25:09 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-09-19 01:18:02 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-09-19 01:14:57 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-09-19 01:06:47 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-09-19 01:02:07 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-09-19 01:01:47 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-09-19 01:01:03 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-09-19 00:59:40 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-09-19 00:50:16 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-09-19 00:49:31 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-09-19 00:40:12 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-09-19 00:36:23 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-09-19 00:33:18 2309632 ----a-w- C:\Windows\System32\wininet.dll
2014-09-19 00:18:55 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-09-18 23:59:11 1810944 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-09-09 22:11:04 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-09-09 21:47:10 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-09-04 05:23:20 424448 ----a-w- C:\Windows\System32\rastls.dll
2014-09-04 05:04:15 372736 ----a-w- C:\Windows\SysWow64\rastls.dll
.
============= FINISH: 17:55:08.56 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 7/31/2010 12:43:30 AM
System Uptime: 10/27/2014 5:32:44 PM (0 hours ago)
.
Motherboard: Sony Corporation | | VAIO
Processor: AMD Athlon(tm) II P320 Dual-Core Processor | N/A | 2100/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 288 GiB total, 229.675 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: regi
Device ID: ROOT\LEGACY_REGI\0000
Manufacturer:
Name: regi
PNP Device ID: ROOT\LEGACY_REGI\0000
Service: regi
.
==== System Restore Points ===================
.
RP389: 10/8/2014 5:44:38 PM - Windows Update
RP390: 10/8/2014 5:45:21 PM - Windows Update
RP391: 10/8/2014 9:51:20 PM - Removed Joint Operations: Typhoon Rising
RP392: 10/8/2014 10:29:37 PM - Windows Update
RP393: 10/10/2014 3:01:09 AM - Windows Update
RP394: 10/10/2014 6:17:33 PM - Windows Update
RP395: 10/11/2014 3:00:16 AM - Windows Update
RP396: 10/18/2014 10:04:40 AM - Windows Update
RP397: 10/19/2014 3:00:15 AM - Windows Update
RP398: 10/26/2014 8:54:22 AM - Removed MOVband SYNC
RP399: 10/26/2014 9:06:17 AM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
64 Bit HP CIO Components Installer
Acrobat.com
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 15 ActiveX
Adobe Reader X (10.1.8)
Alps Pointing-device for VAIO
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Fuel
AMD Media Foundation Decoders
AMD USB Filter Driver
AMD VISION Engine Control Center
Application Manager for VAIO
ArcSoft WebCam Companion 3
Bonjour
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon MP Navigator EX 2.0
Canon MP620 series MP Drivers
Canon MP620 series User Registration
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Click to Call with Skype
Click to Disc MergeModules x64
ConservativeTalkNow
Corel WinDVD
D3DX10
DJ_AIO_06_F2400_SW_Min
EasyBits GO
EPSON NX330 Series Printer Uninstall
Evernote
Feedback Tool
Google Chrome
Google Update Helper
Hamster Free Video Converter
HP Deskjet 1000 J110 series Help
HP Deskjet F2400 All-in-One Driver 14.0 Rel. 6
Inkjet Printer/Scanner Extended Survey Program
InterActual Player
iTunes
Java Auto Updater
Java(TM) 6 Update 18
Java(TM) 6 Update 18 (64-bit)
Junk Mail filter update
Malwarebytes Anti-Malware version 2.0.3.1025
Media Gallery
Media Gallery MergeModules x64
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Starter 2010 - English
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
MSI_SPF_x64
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Oasis2Service 1.0
Onefog DesktopShooter
OOBE
PlayReady PC Runtime amd64
PMB
PMB VAIO Edition Guide
PMB VAIO Edition plug-in (Click to Disc)
PMB VAIO Edition plug-in (VAIO Image Optimizer)
PMB VAIO Edition plug-in (VAIO Movie Story)
QuickTime
RadioPI
Realtek HDMI Audio Driver for ATI
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Safari
Scan
Search Toolbar
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2878233) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2883031) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office OneNote 2007 (KB2596857) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2883032) 32-Bit Edition
Service Pack 1 for SQL Server 2008 (KB968369)
Setting Utility Series
Sid Meier's Civil War Collection
SmartWi Connection Utility
Sony Home Network Library
Sql Server Customer Experience Improvement Program
TeamViewer 9
Toolbox
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VAIO Care
VAIO Care Recovery
VAIO Content Monitoring Settings
VAIO Control Center
VAIO Data Restore Tool
VAIO DVD Menu Data
VAIO Entertainment Platform
VAIO Event Service
VAIO Gate
VAIO Gate Default
VAIO Hardware Diagnostics
VAIO Health Report
VAIO Help and Support
VAIO Help and Support Update
VAIO Manual
VAIO Media plus
VAIO Media plus Opening Movie
VAIO Messenger
VAIO Movie Story MergeModules x64
VAIO Movie Story Template Data
VAIO Original Function Settings
VAIO Power Management
VAIO Sample Contents
VAIO Survey
VAIO Transfer Support
VAIO Update
VAIO Wallpaper Contents
VGClientX64
VGClientX86
VMp MergeModule x64
VoiceOver Kit
VU5x64
VU5x86
WebIQ Technology Engine
WIDCOMM Bluetooth Software
Wincore MediaBar
Windows Driver Package - Broadcom Bluetooth (09/09/2009 6.2.0.9405)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
Xvid 1.2.1 final uninstall
.
==== Event Viewer Messages From Past Week ========
.
10/27/2014 5:34:29 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
10/27/2014 5:34:28 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
10/27/2014 5:33:28 PM, Error: Service Control Manager [7000] - The regi service failed to start due to the following error: The system cannot find the file specified.
10/26/2014 10:00:37 AM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
.
==== End Of File ===========================
 
I'm waiting on Malwarebytes to finish and ill post the log as soon as its done. For some reason it won't show the log from the scan yesterday.
 
p22003888.gif
 
Malwarebytes finished and said it found around 800 threat and quarantined everything. I let it go through a restart and after it boot I followed the instruction to get the log but after it exported this is all that is shows in the .txt file:

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Use second option to get a log...

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.
If it lists 800 or so items attach it instead of pasting it in (as an exception).
 
I've tried that and there isn't anything in the log. I'll try and paste a screen shot to show.
 
Ok, let's leave it.

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

  • Close all the running programs
  • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

redtarget.gif
Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Download
51a5f31352b88-icon_MBAR.png
Malwarebytes Anti-Rootkit to your desktop.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click "Next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
    • "mbar-log-{date} (xx-xx-xx).txt"
    • "system-log.txt"
 
RogueKiller V10.0.3.0 [Oct 22 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Estevan [Administrator]
Mode : Delete -- Date : 10/27/2014 21:03:40

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 8 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3067653732-3291335556-3345723209-1004\Software\Microsoft\Internet Explorer\Main | Start Page : http://search.bearshare.com -> Not selected
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3067653732-3291335556-3345723209-1004\Software\Microsoft\Internet Explorer\Main | Start Page : http://search.bearshare.com -> Not selected
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Not selected
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HM321HI SATA Disk Device +++++
--- User ---
[MBR] cd1671021dc7131398d2ce3ff7ec64de
[BSP] bb9040e268d6342def6e3ad1684b6fa6 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 9815 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 20105216 | Size: 100 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 20310016 | Size: 295327 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_10272014_204803.log
 
Malwarebytes Anti-Rootkit BETA 1.07.0.1012
www.malwarebytes.org

Database version: v2014.10.27.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17358
Estevan :: PRECISIONREPAIR [administrator]

10/27/2014 9:10:24 PM
mbar-log-2014-10-27 (21-10-24).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 368280
Time elapsed: 16 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)




---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1012

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17358

Java version: 1.6.0_18

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 2.094000 GHz
Memory total: 4021182464, free: 1659330560

Downloaded database version: v2014.10.27.09
Downloaded database version: v2014.10.22.01
=======================================
Initializing...
Done!
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 361D9106

Partition information:

Partition 0 type is Other (0x27)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 20101120

Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 20105216 Numsec = 204800
Partition file system is NTFS
Partition is bootable

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 20310016 Numsec = 604830384

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 320072933376 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)...
Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-20105216-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
 
Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
ComboFix 14-10-27.01 - Estevan 10/27/2014 21:45:27.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.1770 [GMT -5:00]
Running from: c:\users\Estevan\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\RadioPI_4eEI
c:\program files (x86)\Search Toolbar
c:\program files (x86)\Search Toolbar\icon.ico
c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe
c:\program files (x86)\Search Toolbar\SearchToolbarUpdater.exe
.
.
((((((((((((((((((((((((( Files Created from 2014-09-28 to 2014-10-28 )))))))))))))))))))))))))))))))
.
.
2014-10-28 02:54 . 2014-10-28 02:54 -------- d-----w- c:\users\Home\AppData\Local\temp
2014-10-28 02:54 . 2014-10-28 02:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-10-28 02:10 . 2014-10-28 02:30 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-10-28 01:41 . 2014-10-28 01:41 34808 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-10-28 01:41 . 2014-10-28 01:41 -------- d-----w- c:\programdata\RogueKiller
2014-10-28 01:37 . 2014-10-28 01:37 75888 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{365091BC-6B97-4C01-90BB-6254B2A68458}\offreg.dll
2014-10-27 22:44 . 2014-10-14 19:59 11627712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{365091BC-6B97-4C01-90BB-6254B2A68458}\mpengine.dll
2014-10-27 03:44 . 2014-10-27 03:44 -------- d-----w- c:\users\Estevan\AppData\Local\Deployment
2014-10-26 18:11 . 2014-10-28 01:30 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-26 18:10 . 2014-10-28 02:09 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-10-26 18:10 . 2014-10-28 00:07 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-10-26 18:10 . 2014-10-26 18:10 -------- d-----w- c:\programdata\Malwarebytes
2014-10-26 18:10 . 2014-10-01 16:11 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-10-26 18:10 . 2014-10-01 16:11 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-10-26 18:10 . 2014-10-26 18:10 -------- d-----w- c:\users\Estevan\AppData\Local\Programs
2014-10-26 14:07 . 2014-10-14 19:59 11627712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-10-18 15:19 . 2014-09-18 02:00 3241472 ----a-w- c:\windows\system32\msi.dll
2014-10-18 15:19 . 2014-09-18 01:32 2363904 ----a-w- c:\windows\SysWow64\msi.dll
2014-10-18 15:19 . 2014-08-29 02:07 3179520 ----a-w- c:\windows\system32\rdpcorets.dll
2014-10-18 15:17 . 2014-09-05 02:11 6584320 ----a-w- c:\windows\system32\mstscax.dll
2014-10-18 15:17 . 2014-09-05 01:52 5703168 ----a-w- c:\windows\SysWow64\mstscax.dll
2014-10-18 15:17 . 2014-09-13 01:58 77312 ----a-w- c:\windows\system32\packager.dll
2014-10-18 15:17 . 2014-09-13 01:40 67072 ----a-w- c:\windows\SysWow64\packager.dll
2014-10-18 15:13 . 2014-10-18 15:13 -------- d-----w- c:\users\Estevan\AppData\Local\MOVband
2014-10-11 03:33 . 2014-05-08 09:32 16384 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2014-10-11 00:26 . 2012-08-23 14:10 19456 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2014-10-11 00:26 . 2012-08-23 11:12 192000 ----a-w- c:\windows\SysWow64\rdpendp_winip.dll
2014-10-11 00:26 . 2012-08-23 14:13 243200 ----a-w- c:\windows\system32\rdpudd.dll
2014-10-11 00:26 . 2012-08-23 10:51 228864 ----a-w- c:\windows\system32\rdpendp_winip.dll
2014-10-10 23:48 . 2014-09-10 21:30 1188440 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7AB38678-8E71-4C10-A0B1-217A7AA77CC6}\gapaengine.dll
2014-10-10 23:41 . 2014-06-27 02:08 2777088 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2014-10-10 23:41 . 2014-06-27 01:45 2285056 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2014-10-10 23:39 . 2014-10-11 02:49 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2014-10-10 23:39 . 2014-10-11 02:49 -------- dc----w- c:\program files\Microsoft Security Client
2014-10-10 23:19 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2014-10-10 23:19 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2014-10-10 23:19 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2014-10-10 23:19 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2014-10-10 23:19 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2014-10-10 23:19 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2014-10-10 23:18 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2014-10-10 23:18 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-10-10 12:41 . 2014-06-03 10:02 1719296 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2014-10-10 12:41 . 2014-06-03 10:02 1380864 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2014-10-10 12:41 . 2014-06-03 10:02 1354240 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2014-10-10 12:41 . 2014-06-03 10:02 1389568 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2014-10-10 12:41 . 2014-06-03 09:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2014-10-10 12:41 . 2014-08-01 11:53 1031168 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-10-10 12:41 . 2014-08-01 11:35 793600 ----a-w- c:\windows\SysWow64\TSWorkspace.dll
2014-10-10 12:41 . 2014-06-03 10:02 112064 ----a-w- c:\windows\system32\consent.exe
2014-10-10 12:41 . 2014-06-03 10:02 504320 ----a-w- c:\windows\system32\msihnd.dll
2014-10-10 12:41 . 2014-06-03 10:02 1941504 ----a-w- c:\windows\system32\authui.dll
2014-10-10 12:41 . 2014-06-03 09:29 337408 ----a-w- c:\windows\SysWow64\msihnd.dll
2014-10-10 12:41 . 2014-06-03 09:29 1805824 ----a-w- c:\windows\SysWow64\authui.dll
2014-10-10 12:40 . 2014-05-30 08:08 340992 ----a-w- c:\windows\system32\schannel.dll
2014-10-10 12:40 . 2014-05-30 07:52 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2014-10-10 12:40 . 2014-05-30 08:08 210944 ----a-w- c:\windows\system32\wdigest.dll
2014-10-10 12:40 . 2014-05-30 08:08 314880 ----a-w- c:\windows\system32\msv1_0.dll
2014-10-10 12:40 . 2014-05-30 08:08 307200 ----a-w- c:\windows\system32\ncrypt.dll
2014-10-10 12:40 . 2014-05-30 07:52 259584 ----a-w- c:\windows\SysWow64\msv1_0.dll
2014-10-10 12:40 . 2014-05-30 07:52 172032 ----a-w- c:\windows\SysWow64\wdigest.dll
2014-10-10 12:40 . 2014-05-30 07:52 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2014-10-10 12:33 . 2014-07-07 02:06 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-10-10 12:33 . 2014-07-07 02:06 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-10-10 12:33 . 2014-07-07 01:40 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-10-10 12:33 . 2014-07-07 01:40 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-10-10 12:33 . 2014-07-07 01:39 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-10-10 12:32 . 2014-08-23 02:07 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-10-10 12:32 . 2014-08-23 01:45 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-10-10 12:32 . 2014-09-15 07:08 11578928 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{633406E7-4DAA-43AF-AC44-273199A9C9CF}\mpengine.dll
2014-10-09 02:08 . 2014-10-09 02:08 -------- d-----w- c:\users\Estevan\AppData\Local\AMD
2014-10-09 02:08 . 2014-10-09 02:08 -------- d-----w- c:\programdata\ATI
2014-10-09 02:04 . 2014-10-09 02:04 -------- d-----w- c:\program files (x86)\AMD AVT
2014-10-09 02:04 . 2014-10-09 02:04 -------- d-----w- c:\program files (x86)\AMD APP
2014-10-09 02:04 . 2014-10-09 02:04 -------- d-----w- c:\program files\Common Files\ATI Technologies
2014-10-09 02:04 . 2014-10-09 02:04 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2014-10-09 02:02 . 2014-10-09 02:04 -------- d-----w- c:\programdata\AMD
2014-10-09 02:02 . 2010-02-18 14:18 46136 ----a-w- c:\windows\system32\drivers\amdiox64.sys
2014-10-09 02:02 . 2014-10-09 03:26 -------- d-----w- c:\program files (x86)\ATI Technologies
2014-10-09 01:59 . 2014-10-09 02:03 -------- dc----w- c:\program files\ATI Technologies
2014-10-09 01:58 . 2014-10-09 01:58 -------- dc----w- C:\AMD
2014-10-08 22:54 . 2014-03-26 14:44 2002432 ----a-w- c:\windows\system32\msxml6.dll
2014-10-08 22:54 . 2014-03-26 14:44 1882112 ----a-w- c:\windows\system32\msxml3.dll
2014-10-08 22:54 . 2014-03-26 14:41 2048 ----a-w- c:\windows\system32\msxml6r.dll
2014-10-08 22:54 . 2014-03-26 14:41 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-10-08 22:54 . 2014-03-26 14:27 1389056 ----a-w- c:\windows\SysWow64\msxml6.dll
2014-10-08 22:54 . 2014-03-26 14:27 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll
2014-10-08 22:54 . 2014-03-26 14:25 2048 ----a-w- c:\windows\SysWow64\msxml6r.dll
2014-10-08 22:54 . 2014-03-26 14:25 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2014-10-08 22:54 . 2014-04-25 02:34 801280 ----a-w- c:\windows\system32\usp10.dll
2014-10-08 22:54 . 2014-04-25 02:06 626688 ----a-w- c:\windows\SysWow64\usp10.dll
2014-10-08 22:54 . 2014-04-05 02:47 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys
2014-10-08 22:54 . 2014-04-05 02:47 288192 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2014-10-08 22:47 . 2014-05-14 16:23 44512 ----a-w- c:\windows\system32\wups2.dll
2014-10-08 22:47 . 2014-05-14 16:23 58336 ----a-w- c:\windows\system32\wuauclt.exe
2014-10-08 22:47 . 2014-05-14 16:23 2477536 ----a-w- c:\windows\system32\wuaueng.dll
2014-10-08 22:47 . 2014-05-14 16:21 2620928 ----a-w- c:\windows\system32\wucltux.dll
2014-10-08 22:47 . 2014-05-14 16:23 38880 ----a-w- c:\windows\system32\wups.dll
2014-10-08 22:47 . 2014-05-14 16:23 36320 ----a-w- c:\windows\SysWow64\wups.dll
2014-10-08 22:47 . 2014-05-14 16:23 700384 ----a-w- c:\windows\system32\wuapi.dll
2014-10-08 22:47 . 2014-05-14 16:23 581600 ----a-w- c:\windows\SysWow64\wuapi.dll
2014-10-08 22:47 . 2014-05-14 16:20 97792 ----a-w- c:\windows\system32\wudriver.dll
2014-10-08 22:47 . 2014-05-14 16:17 92672 ----a-w- c:\windows\SysWow64\wudriver.dll
2014-10-08 22:46 . 2014-05-14 14:23 198600 ----a-w- c:\windows\system32\wuwebv.dll
2014-10-08 22:46 . 2014-05-14 14:23 179656 ----a-w- c:\windows\SysWow64\wuwebv.dll
2014-10-08 22:46 . 2014-05-14 14:20 36864 ----a-w- c:\windows\system32\wuapp.exe
2014-10-08 22:46 . 2014-05-14 14:17 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-26 14:28 . 2010-07-31 19:53 952 --sha-w- c:\programdata\KGyGaAvL.sys
2014-10-19 08:00 . 2010-08-02 23:03 103265616 ----a-w- c:\windows\system32\MRT.exe
2014-10-08 23:28 . 2012-09-19 09:36 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-10-08 23:28 . 2011-10-14 06:42 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-10-08 22:54 . 2014-06-10 00:56 13792 ----a-w- c:\windows\system32\drivers\semav6thermal64ro.sys
2014-10-08 22:42 . 2012-07-24 15:40 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-09-22 06:42 . 2010-07-31 17:59 278152 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{35fd2bab-ab2b-494f-b5bf-8755ec043784}]
2011-09-04 02:25 706512 ----a-w- c:\progra~2\RADIOP~2\bar\1.bin\4ebar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{4adc9c1b-9c50-4c2d-a471-5c06d8de7e80}]
2011-09-04 02:25 59344 ----a-w- c:\program files (x86)\RadioPI_4e\bar\1.bin\4eSrcAs.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{92926b63-5116-4c6f-a33e-378767b8d15f}"= "c:\program files (x86)\RadioPI_4e\bar\1.bin\4ebar.dll" [2011-09-04 706512]
.
[HKEY_CLASSES_ROOT\clsid\{92926b63-5116-4c6f-a33e-378767b8d15f}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 regi;regi;c:\windows\system32\drivers\regi.sys;c:\windows\SYSNATIVE\drivers\regi.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 USER_ESRV_SVC;User Energy Server Service;c:\program files\Sony\VAIO Care\ESRV\esrv_svc.exe;c:\program files\Sony\VAIO Care\ESRV\esrv_svc.exe [x]
R3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe;c:\program files\Sony\VAIO Power Management\SPMService.exe [x]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 SQLAgent$DDNI;SQL Server Agent (DDNI);c:\program files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\SQLAGENT.EXE;c:\program files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\SQLAGENT.EXE [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S2 6077757b;6077757b;c:\windows\system32\drivers\regi.sys;c:\windows\SYSNATIVE\drivers\regi.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [x]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [x]
S2 ESRV_SVC;Energy Server Service;c:\program files\Sony\VAIO Care\ESRV\esrv_svc.exe --AUTO_START --start --address 127.0.0.1;c:\program files\Sony\VAIO Care\ESRV\esrv_svc.exe --AUTO_START --start --address 127.0.0.1 [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe;c:\program files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [x]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [x]
S2 RadioPI_4eService;RadioPI Service;c:\progra~2\RADIOP~2\bar\1.bin\4ebarsvc.exe;c:\progra~2\RADIOP~2\bar\1.bin\4ebarsvc.exe [x]
S2 SampleCollector;Intel(R) System Behavior Tracker Collector Service;c:\program files\Sony\VAIO Care\VCPerfService.exe;c:\program files\Sony\VAIO Care\VCPerfService.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [x]
S2 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [x]
S2 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [x]
S2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [x]
S2 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 MSSQL$DDNI;SQL Server (DDNI);c:\program files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\sqlservr.exe;c:\program files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\sqlservr.exe [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys;c:\windows\SYSNATIVE\drivers\SFEP.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe;c:\program files\Sony\VAIO Care\VCService.exe [x]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update\vuagent.exe;c:\program files\Sony\VAIO Update\vuagent.exe [x]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys;c:\windows\SYSNATIVE\drivers\WSDScan.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-10-27 03:46 1089352 ----a-w- c:\program files (x86)\Google\Chrome\Application\38.0.2125.104\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-10-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-19 23:28]
.
2014-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-27 03:44]
.
2014-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-27 03:44]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 1331288]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.bearshare.com
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-10 - (no file)
HKLM-Run-Apoint - c:\program files (x86)\Apoint\Apoint.exe
AddRemove-Search Toolbar - c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=10000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\%C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3067653732-3291335556-3345723209-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3067653732-3291335556-3345723209-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-10-27 22:00:06
ComboFix-quarantined-files.txt 2014-10-28 03:00
.
Pre-Run: 248,204,361,728 bytes free
Post-Run: 249,327,706,112 bytes free
.
- - End Of File - - 61DD295D3660442BF504FFF7411AAF9D
A36C5E4F47E84449FF07ED3517B43A31
 
Looks good.

redtarget.gif
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.



redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.



redtarget.gif
Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
 
# AdwCleaner v4.002 - Report created 27/10/2014 at 22:12:24
# DB v2014-10-26.6
# Updated 27/10/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Estevan - PRECISIONREPAIR
# Running from : C:\Users\Estevan\Desktop\adwcleaner_4.002.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\BearShare Applications
Folder Deleted : C:\Users\Estevan\AppData\Local\PackageAware
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\Users\Estevan\AppData\LocalLow\wincorebsband
Folder Deleted : C:\Users\Estevan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Folder Deleted : C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{10E9E863-3913-40D0-903D-D46DEB18C982}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0F9AF7E3-3853-473F-A49B-E470A3A41501}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10E9E863-3913-40D0-903D-D46DEB18C982}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DADF82FD-0783-4CA9-98AA-615F657A2A9E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0F9AF7E3-3853-473F-A49B-E470A3A41501}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DADF82FD-0783-4CA9-98AA-615F657A2A9E}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
Key Deleted : HKLM\SOFTWARE\bearsharemediabartb
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17344

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Google Chrome v38.0.2125.104


*************************

AdwCleaner[R0].txt - [2807 octets] - [27/10/2014 22:08:52]
AdwCleaner[S0].txt - [2728 octets] - [27/10/2014 22:12:24]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2788 octets] ##########
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.21.2014:1)
OS: Windows 7 Home Premium x64
Ran by Estevan on Mon 10/27/2014 at 22:20:16.28
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RadioPI_4e.DynamicBarButton
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RadioPI_4e.DynamicBarButton.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RadioPI_4e.FeedManager
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RadioPI_4e.FeedManager.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RadioPI_4e.HTMLMenu
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RadioPI_4e.HTMLMenu.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RadioPI_4e.HTMLPanel
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RadioPI_4e.HTMLPanel.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RadioPI_4e.MultipleButton
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RadioPI_4e.MultipleButton.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RadioPI_4e.PseudoTransparentPlugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RadioPI_4e.PseudoTransparentPlugin.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RadioPI_4e.Radio
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RadioPI_4e.Radio.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RadioPI_4e.RadioSettings
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RadioPI_4e.RadioSettings.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RadioPI_4e.ScriptButton
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RadioPI_4e.ScriptButton.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RadioPI_4e.SettingsPlugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RadioPI_4e.SettingsPlugin.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RadioPI_4e.ThirdPartyInstaller
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RadioPI_4e.ThirdPartyInstaller.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RadioPI_4e.UrlAlertButton
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RadioPI_4e.UrlAlertButton.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RadioPI_4e.XMLSessionPlugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RadioPI_4e.XMLSessionPlugin.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35fd2bab-ab2b-494f-b5bf-8755ec043784}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{35fd2bab-ab2b-494f-b5bf-8755ec043784}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4adc9c1b-9c50-4c2d-a471-5c06d8de7e80}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4adc9c1b-9c50-4c2d-a471-5c06d8de7e80}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35fd2bab-ab2b-494f-b5bf-8755ec043784}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{35fd2bab-ab2b-494f-b5bf-8755ec043784}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4adc9c1b-9c50-4c2d-a471-5c06d8de7e80}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{4adc9c1b-9c50-4c2d-a471-5c06d8de7e80}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35fd2bab-ab2b-494f-b5bf-8755ec043784}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{35fd2bab-ab2b-494f-b5bf-8755ec043784}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4adc9c1b-9c50-4c2d-a471-5c06d8de7e80}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{4adc9c1b-9c50-4c2d-a471-5c06d8de7e80}



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Estevan\appdata\local\{041EBD89-385C-41C0-8F7C-6139B6FD950D}
Successfully deleted: [Empty Folder] C:\Users\Estevan\appdata\local\{0814B9A4-782B-4092-8F6A-E9239231D423}
Successfully deleted: [Empty Folder] C:\Users\Estevan\appdata\local\{0CAFC385-F041-4395-9C73-C6EF8F352230}
Successfully deleted: [Empty Folder] C:\Users\Estevan\appdata\local\{0E5ED2A9-C046-46AF-9156-931E73E4FB0D}
Successfully deleted: [Empty Folder] C:\Users\Estevan\appdata\local\{0FC45620-FB4E-47ED-8A7A-BDF5AB56D058}
Successfully deleted: [Empty Folder] C:\Users\Estevan\appdata\local\{1570D64E-4E8B-438B-93C1-0AB2C89BDC58}
Successfully deleted: [Empty Folder] C:\Users\Estevan\appdata\local\{17632130-25BE-4184-9239-BD83E6BFC9BA}
Successfully deleted: [Empty Folder] C:\Users\Estevan\appdata\local\{17B29395-5536-4057-8250-AA01A878B19F}
Successfully deleted: [Empty Folder] C:\Users\Estevan\appdata\local\{17DAAAEC-8A0B-4318-A499-1714C1BB6C7A}
Successfully deleted: [Empty Folder] C:\Users\Estevan\appdata\local\{1E53A7C4-34E8-442B-B3FE-9066479C2F1F}
Successfully deleted: [Empty Folder] C:\Users\Estevan\appdata\local\{25BA9936-6EA4-4D83-B5DC-4C9EE1E83730}
Successfully deleted: [Empty Folder] C:\Users\Estevan\appdata\local\{308EEB17-BD52-452E-A3FF-C9382B0DB56D}
Successfully deleted: [Empty Folder] C:\Users\Estevan\appdata\local\{3629DF38-2987-451D-AE7A-544C4A9832EC}
Successfully deleted: [Empty Folder] C:\Users\Estevan\appdata\local\{378456FC-80D3-49FC-8A7D-42BDE8C0054C}
Successfully deleted: [Empty Folder] C:\Users\Estevan\appdata\local\{391234DE-474C-413F-B0CE-D88623F82EB2}
Successfully deleted: [Empty Folder] C:\Users\Estevan\appdata\local\{52366AEA-664C-4643-84EE-3FD6191E218C}
Successfully deleted: [Empty Folder] C:\Users\Estevan\appdata\local\{549FDBA3-B1AE-4E86-B53B-9490B28493A3}
Successfully deleted: [Empty Folder] C:\Users\Estevan\appdata\local\{5DA758D1-73D6-4657-B153-6CEC2BD90A22}
Successfully deleted: [Empty Folder] C:\Users\Estevan\appdata\local\{62ED3346-21FE-4C86-BC45-2D1EA8FA8E9F}
Successfully deleted: [Empty Folder] C:\Users\Estevan\appdata\local\{6499844A-0CA2-45A2-B3B0-AE05E70C64D7}
Successfully deleted: [Empty Folder] C:\Users\Estevan\appdata\local\{6BED8082-ECB1-4558-A694-0D0302AAE8CF}
Successfully deleted: [Empty Folder] C:\Users\Estevan\appdata\local\{6FE12FBE-B764-4921-8E3F-6974CA0947DC}
Successfully deleted: [Empty Folder] C:\Users\Estevan\appdata\local\{73D06ED9-A839-49EE-BCC8-74B4750F18B1}
Successfully deleted: [Empty Folder] C:\Users\Estevan\appdata\local\{73D64998-C185-40BD-8A80-0FC0C42FB69D}
Successfully deleted: [Empty Folder] C:\Users\Estevan\appdata\local\{7572AEAC-8062-43F1-9B9C-6FDD88B9935B}
Successfully deleted: [Empty Folder] C:\Users\Estevan\appdata\local\{78575F55-C03C-45E3-8631-781F265B7FDC}
Successfully deleted: [Empty Folder] C:\Users\Estevan\appdata\local\{A00AAA8B-7B36-4F57-836F-C6E0FDA3A6E9}
Successfully deleted: [Empty Folder] C:\Users\Estevan\appdata\local\{A583C455-B19A-4C0F-94DF-C9E72EF3FA4D}
Successfully deleted: [Empty Folder] C:\Users\Estevan\appdata\local\{BA7C38FB-63B8-4340-83A3-FAABF7618015}
Successfully deleted: [Empty Folder] C:\Users\Estevan\appdata\local\{BC8EC263-6995-4E0E-874B-1462DE5C51EA}
Successfully deleted: [Empty Folder] C:\Users\Estevan\appdata\local\{BCCCED6F-9439-48A1-A1CD-032F7B7A73EA}
Successfully deleted: [Empty Folder] C:\Users\Estevan\appdata\local\{BCFF3245-027E-48ED-B2CF-75AEA3EF38CE}
Successfully deleted: [Empty Folder] C:\Users\Estevan\appdata\local\{BD124E33-3F46-4018-829F-50CC8D5E9D18}
Successfully deleted: [Empty Folder] C:\Users\Estevan\appdata\local\{C5CB6EC1-408F-45A2-979E-0C0217F71BFE}
Successfully deleted: [Empty Folder] C:\Users\Estevan\appdata\local\{C6583972-46D9-4DC8-AE30-3116344AB4F4}
Successfully deleted: [Empty Folder] C:\Users\Estevan\appdata\local\{CE834E3D-5036-4D48-8202-E61C5F31AAAA}
Successfully deleted: [Empty Folder] C:\Users\Estevan\appdata\local\{D53D9443-1D78-4685-A09D-6C45C1A4FBE7}
Successfully deleted: [Empty Folder] C:\Users\Estevan\appdata\local\{DBB3B124-5EBA-4637-9D9D-BCB4F12A804A}
Successfully deleted: [Empty Folder] C:\Users\Estevan\appdata\local\{DEE0E0CD-DF0B-49BB-A375-B423B36960FE}
Successfully deleted: [Empty Folder] C:\Users\Estevan\appdata\local\{DFA4384B-A4D4-47BA-9885-785AD5BB54B6}
Successfully deleted: [Empty Folder] C:\Users\Estevan\appdata\local\{E094F9A6-84B2-484B-B65B-936609700DE9}
Successfully deleted: [Empty Folder] C:\Users\Estevan\appdata\local\{E2E350FB-4B51-43E3-A1CC-F828EF1B6894}
Successfully deleted: [Empty Folder] C:\Users\Estevan\appdata\local\{E323B993-5D54-4A99-A719-9751B1C15CF1}
Successfully deleted: [Empty Folder] C:\Users\Estevan\appdata\local\{E3629FD7-AE10-4D89-82FF-EC18A2B79423}
Successfully deleted: [Empty Folder] C:\Users\Estevan\appdata\local\{E78C925E-CD66-4DA3-8447-C9C7829C0E5B}
Successfully deleted: [Empty Folder] C:\Users\Estevan\appdata\local\{F1794938-3A67-4220-AD49-A15CCA910F66}
Successfully deleted: [Empty Folder] C:\Users\Estevan\appdata\local\{FCB895B7-58B5-4BE4-9003-5A02F33C7A9D}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 10/27/2014 at 22:26:05.22
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-10-2014 01
Ran by Estevan (administrator) on PRECISIONREPAIR on 27-10-2014 22:29:34
Running from C:\Users\Estevan\Desktop
Loaded Profile: Estevan (Available profiles: Estevan)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
(ALPS) C:\Program Files\Apoint\Apvfb.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
(Sony Corporation) C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
() C:\Program Files\Sony\VAIO Care\listener.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\sqlservr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [226160 2010-07-30] (Alps Electric Co., Ltd.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages =
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7SNNT
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?source...&oe={outputEncoding}&rlz=1I7SNNT_enUS390US391
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM-x32 - RadioPI - {92926b63-5116-4c6f-a33e-378767b8d15f} - C:\Program Files (x86)\RadioPI_4e\bar\1.bin\4ebar.dll (RadioPI)
DPF: HKLM-x32 {315B0BFB-2BD4-481B-80A3-A9B80727C61B} https://webiq005.webiqonline.com/We...n&EDID={896A23A1-5821-4609-A6C6-6D5536C585C9}
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @RadioPI_4e.com/Plugin -> C:\Program Files (x86)\RadioPI_4e\bar\1.bin\NP4eStub.dll (RadioPI)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [4effxtbr@RadioPI_4e.com] - C:\Program Files (x86)\RadioPI_4e\bar\1.bin
FF Extension: RadioPI - C:\Program Files (x86)\RadioPI_4e\bar\1.bin [2011-09-03]

Chrome:
=======
CHR Profile: C:\Users\Estevan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Estevan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-26]
CHR Extension: (Google Docs) - C:\Users\Estevan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-26]
CHR Extension: (Google Drive) - C:\Users\Estevan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-26]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Estevan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-26]
CHR Extension: (YouTube) - C:\Users\Estevan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-26]
CHR Extension: (Google Search) - C:\Users\Estevan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-26]
CHR Extension: (Google Sheets) - C:\Users\Estevan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-26]
CHR Extension: (Google Wallet) - C:\Users\Estevan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-26]
CHR Extension: (Gmail) - C:\Users\Estevan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-26]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2009-09-28] (ArcSoft Inc.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-04-29] (Advanced Micro Devices, Inc.) [File not signed]
R2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)
S3 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [103808 2008-01-22] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 MSSQL$DDNI; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\sqlservr.exe [43010392 2009-03-30] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 Oasis2Service; C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [46080 2010-06-24] () [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
S2 RadioPI_4eService; C:\Program Files (x86)\RadioPI_4e\bar\1.bin\4ebarsvc.exe [34864 2011-09-03] (RadioPI)
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [266168 2013-11-01] (Intel Corporation)
S4 SQLAgent$DDNI; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\SQLAGENT.EXE [366936 2009-03-30] (Microsoft Corporation)
S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [69632 2010-04-08] (Sony Corporation) [File not signed]
R2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [852336 2010-03-18] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-27] (Sony Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 6077757b; C:\Windows\system32\drivers\regi.sys [14112 2007-04-17] (InterVideo)
R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-27] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-10-27] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [51712 2011-02-18] (Apple, Inc.) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U2 IAStorDataMgrSvc; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-27 22:29 - 2014-10-27 22:30 - 00015336 _____ () C:\Users\Estevan\Desktop\FRST.txt
2014-10-27 22:29 - 2014-10-27 22:29 - 00000000 ___DC () C:\FRST
2014-10-27 22:26 - 2014-10-27 22:26 - 00009579 _____ () C:\Users\Estevan\Desktop\JRT.txt
2014-10-27 22:20 - 2014-10-27 22:20 - 00000000 ____D () C:\Windows\ERUNT
2014-10-27 22:08 - 2014-10-27 22:12 - 00000000 ___DC () C:\AdwCleaner
2014-10-27 22:07 - 2014-10-27 22:07 - 02113024 _____ (Farbar) C:\Users\Estevan\Desktop\FRST64.exe
2014-10-27 22:07 - 2014-10-27 22:07 - 01998336 _____ () C:\Users\Estevan\Desktop\adwcleaner_4.002.exe
2014-10-27 22:07 - 2014-10-27 22:07 - 01706144 _____ (Thisisu) C:\Users\Estevan\Downloads\JRT.exe
2014-10-27 22:00 - 2014-10-27 22:00 - 00030140 ____C () C:\ComboFix.txt
2014-10-27 21:42 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-10-27 21:42 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-10-27 21:42 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-10-27 21:42 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-10-27 21:42 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-10-27 21:42 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-10-27 21:42 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-10-27 21:42 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-10-27 21:40 - 2014-10-27 22:00 - 00000000 ___DC () C:\Qoobox
2014-10-27 21:39 - 2014-10-27 22:14 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-10-27 21:39 - 2014-10-27 21:56 - 00000000 ____D () C:\Windows\erdnt
2014-10-27 21:35 - 2014-10-27 21:36 - 05591695 ____R (Swearware) C:\Users\Estevan\Downloads\ComboFix.exe
2014-10-27 21:10 - 2014-10-27 21:30 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-10-27 21:08 - 2014-10-27 21:30 - 00000000 ____D () C:\Users\Estevan\Desktop\mbar
2014-10-27 20:41 - 2014-10-27 20:41 - 00034808 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-10-27 20:41 - 2014-10-27 20:41 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-10-27 20:38 - 2014-10-27 20:38 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Estevan\Desktop\mbar-1.07.0.1012.exe
2014-10-27 20:37 - 2014-10-27 20:37 - 16281688 _____ () C:\Users\Estevan\Desktop\RogueKiller.exe
2014-10-27 19:54 - 2014-10-27 19:54 - 00000058 _____ () C:\Users\Estevan\Desktop\123.txt
2014-10-27 19:47 - 2014-10-27 19:47 - 00000049 _____ () C:\Users\Estevan\Desktop\MWB 10-27-2014 scan.txt
2014-10-27 19:39 - 2014-10-27 19:39 - 00000049 _____ () C:\Users\Estevan\Desktop\malware scan1938.txt
2014-10-27 19:07 - 2014-10-27 19:07 - 00001116 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-27 19:07 - 2014-10-27 19:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-27 17:55 - 2014-10-27 17:55 - 00029244 _____ () C:\Users\Estevan\Desktop\dds.txt
2014-10-27 17:55 - 2014-10-27 17:55 - 00012656 _____ () C:\Users\Estevan\Desktop\attach.txt
2014-10-27 17:52 - 2014-10-27 17:52 - 00688992 ____R (Swearware) C:\Users\Estevan\Desktop\dds.com
2014-10-27 17:51 - 2014-10-27 17:51 - 05591695 _____ (Swearware) C:\Users\Estevan\Desktop\ComboFix.exe
2014-10-26 22:46 - 2014-10-26 22:46 - 00002269 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-26 22:46 - 2014-10-26 22:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-10-26 22:44 - 2014-10-27 22:14 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-26 22:44 - 2014-10-27 21:49 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-26 22:44 - 2014-10-26 22:44 - 00003896 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-26 22:44 - 2014-10-26 22:44 - 00003644 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-26 22:44 - 2014-10-26 22:44 - 00000000 ____D () C:\Users\Estevan\AppData\Local\Deployment
2014-10-26 13:11 - 2014-10-27 22:17 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-26 13:10 - 2014-10-27 21:09 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-26 13:10 - 2014-10-27 19:07 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-26 13:10 - 2014-10-26 13:10 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-26 13:10 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-26 13:10 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-26 13:09 - 2014-10-26 13:10 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Estevan\Downloads\mbam-setup-2.0.3.1025.exe
2014-10-26 09:25 - 2014-10-26 09:25 - 00347816 _____ (Microsoft Corporation) C:\Users\Estevan\Downloads\MicrosoftFixit.dvd.RNP.1337764312178882.1.1.Run.exe
2014-10-18 10:20 - 2014-10-09 21:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-18 10:20 - 2014-10-09 21:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-18 10:20 - 2014-10-09 21:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-18 10:20 - 2014-10-06 21:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-18 10:20 - 2014-10-06 21:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-18 10:20 - 2014-09-28 19:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-18 10:20 - 2014-09-25 17:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-18 10:20 - 2014-09-25 17:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-18 10:20 - 2014-09-25 17:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-18 10:20 - 2014-09-25 17:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-18 10:20 - 2014-09-25 17:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-18 10:20 - 2014-09-25 17:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-18 10:20 - 2014-09-25 17:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-18 10:20 - 2014-09-18 21:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-18 10:20 - 2014-09-18 20:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-18 10:20 - 2014-09-18 20:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-18 10:20 - 2014-09-18 20:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-18 10:20 - 2014-09-18 20:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-18 10:20 - 2014-09-18 20:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-18 10:20 - 2014-09-18 20:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-18 10:20 - 2014-09-18 20:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-18 10:20 - 2014-09-18 20:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-18 10:20 - 2014-09-18 20:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-18 10:20 - 2014-09-18 20:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-18 10:20 - 2014-09-18 20:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-18 10:20 - 2014-09-18 20:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-18 10:20 - 2014-09-18 20:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-18 10:20 - 2014-09-18 20:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-18 10:20 - 2014-09-18 20:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-18 10:20 - 2014-09-18 20:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-18 10:20 - 2014-09-18 20:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-18 10:20 - 2014-09-18 20:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-18 10:20 - 2014-09-18 20:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-18 10:20 - 2014-09-18 20:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-18 10:20 - 2014-09-18 20:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-18 10:20 - 2014-09-18 20:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-18 10:20 - 2014-09-18 20:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-18 10:20 - 2014-09-18 20:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-18 10:20 - 2014-09-18 20:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-18 10:20 - 2014-09-18 19:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-18 10:20 - 2014-09-18 19:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-18 10:20 - 2014-09-18 19:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-18 10:20 - 2014-09-18 19:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-18 10:20 - 2014-09-18 19:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-18 10:20 - 2014-09-18 19:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-18 10:20 - 2014-09-18 19:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-18 10:20 - 2014-09-18 19:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-18 10:20 - 2014-09-18 19:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-18 10:20 - 2014-09-18 19:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-18 10:20 - 2014-09-18 19:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-18 10:20 - 2014-09-18 19:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-18 10:20 - 2014-09-18 19:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-18 10:20 - 2014-09-18 19:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-18 10:20 - 2014-09-18 19:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-18 10:20 - 2014-09-18 19:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-18 10:20 - 2014-09-18 19:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-18 10:20 - 2014-09-18 18:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-18 10:20 - 2014-09-18 18:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-18 10:20 - 2014-09-18 18:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-18 10:20 - 2014-09-18 18:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-18 10:20 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-10-18 10:20 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-10-18 10:20 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-10-18 10:20 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-10-18 10:20 - 2014-07-08 21:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-10-18 10:20 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-10-18 10:20 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-10-18 10:20 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-10-18 10:20 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-10-18 10:20 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-10-18 10:20 - 2014-07-08 17:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-10-18 10:20 - 2014-07-08 17:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-10-18 10:20 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-18 10:20 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-18 10:20 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-18 10:20 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-18 10:20 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-18 10:20 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-18 10:19 - 2014-09-17 21:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-18 10:19 - 2014-09-17 20:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-18 10:19 - 2014-08-28 21:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-18 10:18 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-18 10:18 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-18 10:18 - 2014-07-16 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-18 10:18 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-18 10:18 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-18 10:18 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-18 10:18 - 2014-07-16 21:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-18 10:18 - 2014-07-16 21:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-18 10:18 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-18 10:18 - 2014-07-16 20:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-18 10:18 - 2014-07-16 20:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-18 10:18 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-18 10:18 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-18 10:17 - 2014-09-12 20:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-18 10:17 - 2014-09-12 20:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-18 10:17 - 2014-09-04 21:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-18 10:17 - 2014-09-04 20:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-18 10:13 - 2014-10-18 10:13 - 00000000 ____D () C:\Users\Estevan\AppData\Local\MOVband
2014-10-18 10:11 - 2014-10-18 10:11 - 00501536 _____ () C:\Users\Estevan\Downloads\setup (1).exe
2014-10-10 22:33 - 2014-05-08 04:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-10-10 20:04 - 2013-10-01 21:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-10-10 20:04 - 2013-10-01 21:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-10-10 20:04 - 2013-10-01 21:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-10-10 20:04 - 2013-10-01 20:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-10-10 20:04 - 2013-10-01 20:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-10-10 20:04 - 2013-10-01 20:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-10-10 20:04 - 2013-10-01 20:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-10-10 20:04 - 2013-10-01 19:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-10-10 20:04 - 2013-10-01 19:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-10-10 20:04 - 2013-10-01 19:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-10-10 20:04 - 2013-10-01 19:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-10-10 20:04 - 2013-10-01 19:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-10-10 20:04 - 2013-10-01 18:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-10-10 20:04 - 2013-10-01 18:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-10 20:04 - 2013-10-01 18:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-10-10 20:04 - 2013-10-01 17:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-10 19:26 - 2012-08-23 09:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-10-10 19:26 - 2012-08-23 09:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-10-10 19:26 - 2012-08-23 06:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-10-10 19:26 - 2012-08-23 05:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-10-10 18:41 - 2014-06-26 21:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-10-10 18:41 - 2014-06-26 20:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-10-10 18:40 - 2014-10-10 21:52 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-10-10 18:39 - 2014-10-10 21:49 - 00002127 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-10-10 18:39 - 2014-10-10 21:49 - 00000000 ___DC () C:\Program Files\Microsoft Security Client
2014-10-10 18:39 - 2014-10-10 21:49 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-10-10 18:19 - 2014-06-30 17:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-10-10 18:19 - 2014-06-30 17:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-10-10 18:19 - 2014-03-09 16:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-10-10 18:19 - 2014-03-09 16:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-10-10 18:19 - 2014-03-09 16:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-10-10 18:19 - 2014-03-09 16:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-10-10 18:18 - 2014-06-06 01:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-10-10 18:18 - 2014-06-06 01:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-10-10 07:41 - 2014-08-01 06:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-10-10 07:41 - 2014-08-01 06:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-10-10 07:41 - 2014-06-03 05:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-10-10 07:41 - 2014-06-03 05:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-10-10 07:41 - 2014-06-03 05:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-10-10 07:41 - 2014-06-03 04:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-10-10 07:41 - 2014-06-03 04:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-10-10 07:40 - 2014-05-30 03:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-10-10 07:40 - 2014-05-30 03:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-10-10 07:40 - 2014-05-30 03:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-10-10 07:40 - 2014-05-30 03:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-10-10 07:40 - 2014-05-30 02:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-10-10 07:40 - 2014-05-30 02:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-10-10 07:40 - 2014-05-30 02:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-10-10 07:40 - 2014-05-30 02:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-10-10 07:39 - 2014-09-24 21:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-10 07:39 - 2014-09-24 20:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-10-10 07:39 - 2014-09-09 17:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-10-10 07:39 - 2014-09-09 16:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-10-10 07:39 - 2014-07-13 21:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-10-10 07:39 - 2014-07-13 20:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-10-10 07:39 - 2014-06-24 21:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-10-10 07:39 - 2014-06-24 20:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-10-10 07:39 - 2014-06-23 22:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-10-10 07:39 - 2014-06-23 21:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-10-10 07:39 - 2014-06-17 21:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-10-10 07:39 - 2014-06-17 20:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-10-10 07:39 - 2014-06-15 21:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-10-10 07:39 - 2014-06-06 05:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-10-10 07:39 - 2014-06-06 04:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-10-10 07:39 - 2014-05-30 01:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-10-10 07:33 - 2014-07-06 21:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-10-10 07:33 - 2014-07-06 21:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-10-10 07:33 - 2014-07-06 20:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-10-10 07:33 - 2014-07-06 20:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-10-10 07:33 - 2014-07-06 20:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-10-10 07:32 - 2014-08-22 21:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-10-10 07:32 - 2014-08-22 20:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-10-09 19:57 - 2014-10-09 19:57 - 00966008 _____ () C:\Users\Estevan\Downloads\A2DOTH-00238620-1042 (3).EXE
2014-10-08 22:26 - 2014-10-08 22:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
2014-10-08 22:12 - 2014-10-08 22:14 - 132408680 _____ () C:\Users\Estevan\Downloads\Unconfirmed 469004.crdownload
2014-10-08 22:08 - 2014-10-08 22:15 - 132408680 _____ () C:\Users\Estevan\Downloads\ATDVID-00223561-0042.EXE
2014-10-08 21:47 - 2014-10-08 21:47 - 15859048 _____ () C:\Users\Estevan\Downloads\REDAUD-00221101-0042.EXE
2014-10-08 21:47 - 2014-10-08 21:47 - 00966008 _____ () C:\Users\Estevan\Downloads\A2DOTH-00238620-1042 (2).EXE
2014-10-08 21:41 - 2014-10-08 21:41 - 00966008 _____ () C:\Users\Estevan\Downloads\A2DOTH-00238620-1042 (1).EXE
2014-10-08 21:37 - 2014-10-08 21:37 - 00966008 _____ () C:\Users\Estevan\Downloads\A2DOTH-00238620-1042.EXE
2014-10-08 21:08 - 2014-10-08 21:08 - 00000000 ____D () C:\Users\Estevan\AppData\Local\AMD
2014-10-08 21:08 - 2014-10-08 21:08 - 00000000 ____D () C:\ProgramData\ATI
2014-10-08 21:04 - 2014-10-08 21:04 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies
2014-10-08 21:04 - 2014-10-08 21:04 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-10-08 21:04 - 2014-10-08 21:04 - 00000000 ____D () C:\Program Files (x86)\AMD APP
2014-10-08 21:03 - 2014-10-08 21:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
2014-10-08 21:02 - 2014-10-08 22:26 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2014-10-08 21:02 - 2014-10-08 21:04 - 00000000 ____D () C:\ProgramData\AMD
2014-10-08 21:02 - 2010-02-18 09:18 - 00046136 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdiox64.sys
2014-10-08 21:01 - 2014-10-08 21:01 - 00016840 _____ () C:\Windows\SysWOW64\CCCInstall_201410082101537927.log
2014-10-08 20:59 - 2014-10-08 21:03 - 00000000 ___DC () C:\Program Files\ATI Technologies
2014-10-08 20:58 - 2014-10-08 20:58 - 00000000 ___DC () C:\AMD
2014-10-08 20:56 - 2014-10-08 20:56 - 00891224 _____ (AMD) C:\Users\Estevan\Downloads\amddriverdownloader.exe
2014-10-08 20:53 - 2014-10-08 20:53 - 02938144 _____ (LionSea Software co., ltd ) C:\Users\Estevan\Downloads\setup.exe
2014-10-08 18:53 - 2014-10-08 18:53 - 04958328 _____ () C:\Users\Estevan\Downloads\ISBSYS-00267862-1040 (1).EXE
2014-10-08 17:56 - 2014-10-08 17:56 - 00003148 _____ () C:\Windows\System32\Tasks\USER_ESRV_SVC
2014-10-08 17:56 - 2014-10-08 17:56 - 00002037 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care.lnk
2014-10-08 17:56 - 2014-10-08 17:56 - 00000000 __RHD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care
2014-10-08 17:54 - 2014-04-24 21:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-10-08 17:54 - 2014-04-24 21:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-10-08 17:54 - 2014-04-04 21:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-10-08 17:54 - 2014-04-04 21:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-10-08 17:54 - 2014-03-26 09:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-10-08 17:54 - 2014-03-26 09:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-10-08 17:54 - 2014-03-26 09:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-10-08 17:54 - 2014-03-26 09:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-10-08 17:54 - 2014-03-26 09:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-10-08 17:54 - 2014-03-26 09:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-10-08 17:54 - 2014-03-26 09:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-10-08 17:54 - 2014-03-26 09:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-10-08 17:47 - 2014-05-14 11:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-10-08 17:47 - 2014-05-14 11:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-10-08 17:47 - 2014-05-14 11:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-10-08 17:47 - 2014-05-14 11:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-10-08 17:47 - 2014-05-14 11:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-10-08 17:47 - 2014-05-14 11:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-10-08 17:47 - 2014-05-14 11:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-10-08 17:47 - 2014-05-14 11:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-10-08 17:47 - 2014-05-14 11:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-10-08 17:47 - 2014-05-14 11:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-10-08 17:46 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-10-08 17:46 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-10-08 17:46 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-10-08 17:46 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-27 22:28 - 2012-09-19 04:36 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-27 22:23 - 2009-07-13 23:45 - 00022976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-27 22:23 - 2009-07-13 23:45 - 00022976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-27 22:22 - 2010-05-25 05:22 - 01154841 _____ () C:\Windows\WindowsUpdate.log
2014-10-27 22:19 - 2009-07-14 00:13 - 00892192 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-27 22:14 - 2014-06-05 18:40 - 00005470 _____ () C:\Windows\setupact.log
2014-10-27 22:14 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-27 22:13 - 2014-06-05 18:40 - 00365302 _____ () C:\Windows\PFRO.log
2014-10-27 22:00 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default
2014-10-27 21:55 - 2009-07-13 21:34 - 00000215 ____C () C:\Windows\system.ini
2014-10-27 20:29 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\tracing
2014-10-27 19:41 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\L2Schemas
2014-10-27 19:11 - 2010-07-31 00:51 - 00003962 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{48F012EB-8DE1-4C18-AB67-E74E50F65D0F}
2014-10-26 22:46 - 2010-07-31 00:50 - 00000000 ____D () C:\Users\Estevan\AppData\Local\Google
2014-10-26 22:46 - 2010-02-05 21:18 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-26 22:44 - 2010-10-01 23:16 - 00000000 ____D () C:\Users\Estevan\AppData\Local\Apps\2.0
2014-10-26 09:28 - 2010-07-31 14:53 - 00000952 ___SH () C:\ProgramData\KGyGaAvL.sys
2014-10-19 04:23 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-10-19 03:31 - 2009-07-13 23:45 - 00333456 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-19 03:29 - 2014-06-09 19:12 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-19 03:09 - 2010-08-10 06:07 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-19 03:05 - 2013-10-19 15:53 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-19 03:00 - 2010-08-02 18:03 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-10 22:12 - 2009-07-13 22:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-10 22:10 - 2013-10-19 16:18 - 00000000 ___DC () C:\Program Files\Microsoft Silverlight
2014-10-10 22:10 - 2013-10-19 16:18 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-10-10 22:06 - 2010-04-13 13:09 - 00000000 ____D () C:\Program Files\Windows Journal
2014-10-10 22:06 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-10 22:06 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-10 22:05 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-10-10 19:20 - 2010-02-05 20:52 - 00884742 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-10-10 19:09 - 2013-10-19 16:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-10-09 19:58 - 2014-06-09 19:52 - 00026550 _____ () C:\Windows\DPINST.LOG
2014-10-09 19:57 - 2014-06-05 18:18 - 00000000 _____ () C:\Windows\Model.log
2014-10-09 19:57 - 2010-08-11 20:01 - 00000021 _____ () C:\Windows\Model.txt
2014-10-08 21:50 - 2012-08-07 17:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameSpy Arcade
2014-10-08 21:50 - 2012-08-07 17:54 - 00000000 ____D () C:\Program Files (x86)\GameSpy Arcade
2014-10-08 19:03 - 2014-06-09 19:56 - 00000000 ____D () C:\ProgramData\iolo
2014-10-08 19:00 - 2010-09-01 14:52 - 00000000 ____D () C:\Users\Estevan\AppData\Local\Sony Corporation
2014-10-08 18:59 - 2010-08-11 19:57 - 00000000 ____D () C:\Update
2014-10-08 18:28 - 2012-09-19 04:36 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-08 18:28 - 2012-09-19 04:36 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-10-08 18:28 - 2011-10-14 01:42 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-08 17:56 - 2011-10-05 07:25 - 00000000 ____D () C:\Windows\System32\Tasks\Sony Corporation
2014-10-08 17:54 - 2014-06-09 19:56 - 00013792 _____ () C:\Windows\system32\Drivers\semav6thermal64ro.sys
2014-10-08 17:53 - 2010-02-05 21:12 - 00000000 ____D () C:\Program Files\Sony

Some content of TEMP:
====================
C:\Users\Estevan\AppData\Local\Temp\Quarantine.exe
C:\Users\Estevan\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-26 08:44

==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-10-2014 01
Ran by Estevan at 2014-10-27 22:31:05
Running from C:\Users\Estevan\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.0.2.12610 - Adobe Systems Inc.)
Adobe Flash Player 10 Plugin (HKLM-x32\...\{0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1}) (Version: 10.0.32.18 - Adobe Systems, Inc.)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Reader X (10.1.8) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.8 - Adobe Systems Incorporated)
Alps Pointing-device for VAIO (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: - ALPS ELECTRIC CO., LTD.)
AMD Accelerated Video Transcoding (Version: 12.5.100.30429 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.937.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{37FCE154-7F59-74F0-3A35-BF503CEB230B}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.80430.0002 - Advanced Micro Devices, Inc.) Hidden
AMD USB Filter Driver (HKLM-x32\...\{987B04C4-B5AC-4AD6-A7E9-8D681085B850}) (Version: 1.0.15.94 - Advanced Micro Devices, Inc.)
AMD VISION Engine Control Center (x32 Version: 2013.0429.2313.39747 - Advanced Micro Devices, Inc.) Hidden
Application Manager for VAIO (HKLM-x32\...\Application Manager for VAIO) (Version: - )
ArcSoft WebCam Companion 3 (HKLM-x32\...\{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}) (Version: 3.0.21.278 - ArcSoft)
Bonjour (HKLM\...\{0E543634-7E25-4B8F-8D5B-97880E5E5088}) (Version: 2.0.5.0 - Apple Inc.)
Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version: - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: - )
Canon MP Navigator EX 2.0 (HKLM-x32\...\MP Navigator EX 2.0) (Version: - )
Canon MP620 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP620_series) (Version: - )
Canon MP620 series User Registration (HKLM-x32\...\Canon MP620 series User Registration) (Version: - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - )
Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version: - )
ccc-core-static (x32 Version: 2010.0302.2233.40412 - ATI) Hidden
Click to Call with Skype (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.6.8153 - Skype Technologies S.A.)
Click to Disc MergeModules x64 (Version: 1.0.14230 - Sony Corporation) Hidden
Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.5.538 - Corel Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DJ_AIO_06_F2400_SW_Min (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
EasyBits GO (HKCU\...\Game Organizer) (Version: - EasyBits Media)
EPSON NX330 Series Printer Uninstall (HKLM\...\EPSON NX330 Series) (Version: - SEIKO EPSON Corporation)
Evernote (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 3.5.2.1525 - Evernote Corp.)
Feedback Tool (HKLM-x32\...\{90024193-9F13-4877-89D5-A1CDF0CBBF28}) (Version: 1.1.0 - Microsoft Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Hamster Free Video Converter (HKLM-x32\...\{7E350663-86D3-466A-AB79-28156A9ABF6E}_is1) (Version: 2.0.1.26 - Hamster Soft)
HP Deskjet 1000 J110 series Help (HKLM-x32\...\{DDDFCC77-7F9C-45E9-B38E-721BA599BA0C}) (Version: 140.0.65.65 - Hewlett Packard)
HP Deskjet F2400 All-in-One Driver 14.0 Rel. 6 (HKLM\...\{819CA3BC-2FF8-4811-B42F-421F7BFD3559}) (Version: 14.0 - HP)
Inkjet Printer/Scanner Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: - )
InterActual Player (HKLM-x32\...\InterActual Player) (Version: - )
iTunes (HKLM\...\{18155797-EF2E-4699-9A16-FE787C4C10DB}) (Version: 10.2.2.14 - Apple Inc.)
Java Auto Updater (x32 Version: 2.0.2.1 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 18 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416018FF}) (Version: 6.0.180 - Sun Microsystems, Inc.)
Java(TM) 6 Update 18 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216018FF}) (Version: 6.0.180 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Media Gallery (x32 Version: 1.2.0.15040 - Sony Corporation) Hidden
Media Gallery MergeModules x64 (Version: 1.0.14250 - Sony Corporation) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 (HKLM-x32\...\Microsoft SQL Server 10 Release) (Version: - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (HKLM-x32\...\{BA4DA261-CB60-4690-B202-44998DFC6986}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
MSI_SPF_x64 (Version: 1.0.0 - Sony Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Oasis2Service 1.0 (HKLM-x32\...\{E50FC5DB-7CBD-407D-A46E-0C13E45BC386}) (Version: 1.0.0 - DDNi)
Onefog DesktopShooter (HKLM-x32\...\Onefog DesktopShooter_is1) (Version: - Onefog Games)
OOBE (x32 Version: 3.00.0215 - Sony Corporation) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PMB (x32 Version: 5.1.02.03310 - Sony Corporation) Hidden
PMB VAIO Edition Guide (x32 Version: 1.1.00.14080 - Sony Corporation) Hidden
PMB VAIO Edition plug-in (Click to Disc) (x32 Version: 3.1.00.15080 - Sony Corporation) Hidden
PMB VAIO Edition plug-in (VAIO Image Optimizer) (x32 Version: 1.1.00.15040 - Sony Corporation) Hidden
PMB VAIO Edition plug-in (VAIO Movie Story) (x32 Version: 2.1.00.15080 - Sony Corporation) Hidden
QuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
RadioPI (HKLM-x32\...\RadioPI_4ebar Uninstall) (Version: - RadioPI)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6034 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6069 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30116 - Realtek Semiconductor Corp.)
Safari (HKLM-x32\...\{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}) (Version: 5.33.21.1 - Apple Inc.)
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Search Toolbar (HKLM-x32\...\Search Toolbar) (Version: 1.2 - Zugo Ltd) <==== ATTENTION
Service Pack 1 for SQL Server 2008 (KB968369) (HKLM-x32\...\KB968369) (Version: 10.1.2531.0 - Microsoft Corporation)
Setting Utility Series (x32 Version: 5.2.0.15250 - Sony Corporation) Hidden
Sid Meier's Civil War Collection (HKLM-x32\...\Sid Meier's Civil War Collection) (Version: - )
SmartWi Connection Utility (HKLM-x32\...\{9B5F85CA-90D4-4AFC-BB37-32477FD0D2B9}) (Version: 4.10.4.20100121.2442 - Sony Corporation)
Sony Home Network Library (x32 Version: 2.1.0.14240 - Sony Corporation) Hidden
Sql Server Customer Experience Improvement Program (x32 Version: 10.1.2531.0 - Microsoft Corporation) Hidden
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.28223 - TeamViewer)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VAIO Care (HKLM\...\{55A60C1D-BEBF-4249-BFB2-F4E5C2E77988}) (Version: 8.4.1.07021 - Sony Corporation)
VAIO Care Recovery (HKLM\...\{6ED1750E-F44F-4635-8F0D-B76B9262B7FB}) (Version: 1.1.1.13230 - Sony Corporation)
VAIO Content Monitoring Settings (x32 Version: 2.5.0.13220 - Sony Corporation) Hidden
VAIO Control Center (x32 Version: 4.2.0.15020 - Sony Corporation) Hidden
VAIO Data Restore Tool (x32 Version: 1.3.0.13150 - Sony Corporation) Hidden
VAIO DVD Menu Data (x32 Version: 2.1.00.13210 - Sony Corporation) Hidden
VAIO Entertainment Platform (x32 Version: 3.7.0.16080 - Sony Corporation) Hidden
VAIO Event Service (x32 Version: 5.2.0.15020 - Sony Corporation) Hidden
VAIO Gate (x32 Version: 2.4.2.02200 - Sony Corporation) Hidden
VAIO Gate Default (x32 Version: 2.0.0.04160 - Sony Corporation) Hidden
VAIO Hardware Diagnostics (x32 Version: 3.9.1 - Sony Corporation) Hidden
VAIO Health Report (HKLM-x32\...\VAIO Health Report1.0) (Version: 1.0 - Sony Electronics)
VAIO Help and Support (HKLM-x32\...\{07182027-A63E-4E86-B96F-452EB9D61360}) (Version: 11.00.0225 - Sony Corporation)
VAIO Help and Support Update (HKLM-x32\...\{8BFCA5E2-BF46-4CC3-8444-D3CA686D3F94}) (Version: 1.00.0309 - Sony Corporation)
VAIO Manual (x32 Version: 1.0.0.03290 - Sony Corporation) Hidden
VAIO Media plus (x32 Version: 2.1.0.15040 - Sony Corporation) Hidden
VAIO Media plus Opening Movie (x32 Version: 2.1.0.14080 - Sony Corporation) Hidden
VAIO Messenger (HKLM-x32\...\VAIO Messenger) (Version: 2.0.213.0 - DDNi)
VAIO Messenger (x32 Version: 2.0.213.0 - DDNi) Hidden
VAIO Movie Story MergeModules x64 (Version: 1.0.14240 - Sony Corporation) Hidden
VAIO Movie Story Template Data (x32 Version: 2.1.00.14040 - Sony Corporation) Hidden
VAIO Original Function Settings (x32 Version: 2.1.0.13120 - Sony Corporation) Hidden
VAIO Power Management (x32 Version: 5.1.0.15250 - Sony Corporation) Hidden
VAIO Sample Contents (x32 Version: 1.2.0.16080 - Sony Corporation) Hidden
VAIO Survey (x32 Version: 6.00.1028 - Sony Corporation) Hidden
VAIO Transfer Support (x32 Version: 1.1.2.06030 - Sony Corporation) Hidden
VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 7.0.0.14270 - Sony Corporation)
VAIO Wallpaper Contents (x32 Version: 2.1.0.14090 - Sony Corporation) Hidden
VGClientX64 (Version: 1.0.0 - Sony Corporation) Hidden
VGClientX86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VMp MergeModule x64 (Version: 1.0.0 - Default Company Name) Hidden
VoiceOver Kit (HKLM-x32\...\{7C5B4583-7CBF-4289-B195-03B553959DEA}) (Version: 1.40.128.0 - Apple Inc.)
VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden
WebIQ Technology Engine (HKLM-x32\...\{0F2F77E4-4053-4108-B153-81F0B42EDCF4}) (Version: 1.5.7100 - Usability Sciences Corporation)
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.500 - Broadcom Corporation)
Windows Driver Package - Broadcom Bluetooth (09/09/2009 6.2.0.9405) (HKLM\...\930E4792BDAEAFB62A9514EE7578775658A5D07C) (Version: 09/09/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Xvid 1.2.1 final uninstall (HKLM-x32\...\Xvid_is1) (Version: 1.2 - Xvid team (Koepi))

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points =========================

10-10-2014 08:01:09 Windows Update
10-10-2014 23:17:33 Windows Update
11-10-2014 08:00:16 Windows Update
18-10-2014 15:04:40 Windows Update
19-10-2014 08:00:15 Windows Update
26-10-2014 13:54:22 Removed MOVband SYNC
26-10-2014 14:06:17 Windows Update
28-10-2014 01:39:22 trojan hunt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2014-10-27 21:55 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {080A942B-E202-498A-A5DD-5E92445DE56A} - System32\Tasks\Sony Corporation\VAIO Care\ActiveStatusCollect => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-07-02] (Sony Corporation)
Task: {10320390-F75F-4A5C-A86F-44E403EB2EFA} - System32\Tasks\Sony Corporation\VAIO Care\GetPOTInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-07-02] (Sony Corporation)
Task: {16F0A2C4-729F-44F9-BF78-2DA580AE35EE} - System32\Tasks\Sony\VAIO Survey => C:\Program Files (x86)\Sony\VAIO Survey\VAIO Sat Survey.exe [2009-10-26] ()
Task: {1755F1AF-59B6-4D22-A27A-9795FFF2C089} - System32\Tasks\{480FF431-A3C2-4107-BA3F-C65AABD796FA} => C:\Program Files (x86)\Skype\Phone\Skype.exe
Task: {1AC6CFD6-AEA2-4F11-A295-2EBC8FACF22F} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2012-02-20] (Sony Corporation)
Task: {21B2C25A-2C5B-4EA9-97AF-5563A29EDEA9} - System32\Tasks\Sony Corporation\VAIO Care\VCSelfHeal => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-07-02] (Sony Corporation)
Task: {231E1D56-AB0F-4A7A-BB64-22725BD889C8} - System32\Tasks\Sony Corporation\VAIO Care\UpdateSolution => C:\Program Files\Sony\VAIO Care\Solution.Updater.exe [2014-06-25] (Sony Corporation)
Task: {308AD868-1A9C-4CE2-BB79-6E0033823072} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-07-02] (Sony Corporation)
Task: {399EB672-2EF0-44F8-AABA-8A550056661C} - System32\Tasks\USER_ESRV_SVC => Wscript.exe //B //NoLogo "C:\Program Files\Sony\VAIO Care\ESRV\task.vbs"
Task: {47B02703-876A-4C7C-B7CC-1704FDF2031B} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {4F63624C-6D4B-49CF-A5D6-D33D6DA13C87} - System32\Tasks\Sony\Java Update => C:\Program Files\Java\jre6\bin\jusched.exe
Task: {5BCBA550-7DC5-425B-AF8A-80ED4D8D00C4} - System32\Tasks\Sony Corporation\VAIO Update\Launch Application => C:\Program Files\SONY\VAIO Update\ShellExeProxy.exe [2014-01-27] (Sony Corporation)
Task: {606850F6-55EC-409B-8E1D-2A458AC19A50} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-07-02] (Sony Corporation)
Task: {64361707-C3AD-4F34-A1F6-6155CF5C0755} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-26] (Google Inc.)
Task: {76479AA9-479A-4BEC-A399-9E27DCE04E19} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2014-02-28] (Sony Corporation)
Task: {81A488CC-8316-4451-84A5-4A0ACF9452FA} - System32\Tasks\Sony Corporation\VAIO Care\CheckSystemInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-07-02] (Sony Corporation)
Task: {8FF61CA2-8B58-412D-B374-D21BB67B20CF} - System32\Tasks\Sony Corporation\VAIO Care\DeployCRMflag => C:\Program Files\Sony\VAIO Care\DeployCRMflag.exe [2014-01-16] (Sony Corporation)
Task: {95ABCCB4-CB73-4E26-9B5F-6522B3EA591C} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2014-02-27] (Sony Corporation)
Task: {A3AB0A12-A7D7-4A7B-BCB9-44E3D69A7E2E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-08] (Adobe Systems Incorporated)
Task: {BA1DE20A-07A0-40ED-8E27-490075B19DE0} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-07-02] (Sony Corporation)
Task: {BB0AF418-0538-4691-841C-08DCCA16D8E0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-26] (Google Inc.)
Task: {BC2ED770-ABC6-4317-A84B-2F80014DB162} - System32\Tasks\Sony Corporation\VAIO Care\UploadPOT => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-07-02] (Sony Corporation)
Task: {C0CFCF93-8895-448F-91EC-C419F03F8606} - System32\Tasks\Sony Corporation\VAIO Care\VCRLog => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-07-02] (Sony Corporation)
Task: {D999C970-E19B-469D-8ADF-6F2B1073F1B6} - System32\Tasks\VAIO Care Support => C:\Program Files\Sony\VAIO Care\VCSpt.exe
Task: {DAEA6B5F-83DF-46C5-9737-BC3375F4056F} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-07-02] (Sony Corporation)
Task: {DD8760EC-9E10-4EAE-80AC-BF5C5B61842B} - System32\Tasks\Sony Corporation\VAIO Gate\StartExecuteProxy => C:\Program Files\Sony\VAIO Gate\ExecutionProxy.exe [2012-02-20] (Sony Corporation)
Task: {F3E91642-B74B-4D17-9C8F-25F5789BCA8D} - System32\Tasks\VAIO Health Report => C:\Program Files (x86)\Sony\VAIO Health Report\VAIOHealthReport.exe [2013-06-20] (Sony Electronics)
Task: {F9CB8D37-BEC2-4BC9-B5E6-45095D4DAF8C} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate Restart => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2012-02-20] (Sony Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-04-29 23:25 - 2013-04-29 23:25 - 00073728 ____C () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2010-06-24 17:40 - 2010-06-24 17:40 - 00046080 _____ () C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe
2013-11-01 14:59 - 2013-11-01 14:59 - 00062464 _____ () C:\Program Files\Sony\VAIO Care\listener.exe
2010-06-24 17:40 - 2010-06-24 17:40 - 00049152 _____ () C:\Program Files (x86)\DDNi\Oasis2Service 1.0\DdniCore.dll
2010-06-24 17:40 - 2010-06-24 17:40 - 00033280 _____ () C:\Program Files (x86)\DDNi\Oasis2Service 1.0\AspUpdate.dll
2010-02-05 21:52 - 2010-02-24 17:59 - 00135168 _____ () C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\Extension\MrsMpegParser.dll
2010-02-05 22:00 - 2010-03-02 19:22 - 00013824 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESBasePS.dll
2010-02-05 22:00 - 2010-03-02 19:22 - 00013312 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSubPS.dll
2010-02-05 21:52 - 2010-02-24 17:59 - 00379904 _____ () C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\sqlite3.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VAIO Messenger.lnk => C:\Windows\pss\VAIO Messenger.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Estevan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: CanonSolutionMenu => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon
MSCONFIG\startupreg: ConservativeTalkNow_4n Browser Plugin Loader => C:\PROGRA~2\CONSER~2\bar\1.bin\4nbrmon.exe
MSCONFIG\startupreg: DATAMNGR => C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\DATAMN~1.EXE
MSCONFIG\startupreg: EPSON0C0A45 (Epson Stylus NX330) => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHAA.EXE /FU "C:\Users\Estevan\AppData\Local\Temp\E_SF6E1.tmp" /EF "HKCU"
MSCONFIG\startupreg: Intuit SyncManager => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: PMBVolumeWatcher => C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RadioPI_4e Browser Plugin Loader => C:\PROGRA~2\RADIOP~2\bar\1.bin\4ebrmon.exe
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: SHTtray.exe => C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe
MSCONFIG\startupreg: SmartWiHelper => "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

========================= Accounts: ==========================

Administrator (S-1-5-21-3067653732-3291335556-3345723209-500 - Administrator - Disabled)
Estevan (S-1-5-21-3067653732-3291335556-3345723209-1004 - Administrator - Enabled) => C:\Users\Estevan
Guest (S-1-5-21-3067653732-3291335556-3345723209-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3067653732-3291335556-3345723209-1008 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: regi
Description: regi
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: regi
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/27/2014 10:29:41 PM) (Source: MSSQL$DDNI) (EventID: 17207) (User: )
Description: FileMgr::StartLogFiles: Operating system error 2(The system cannot find the file specified.) occurred while creating or opening file 'C:\ProgramData\DDNi\Oasis\Data\Oasis2_log.ldf'. Diagnose and correct the operating system error, and retry the operation.

Error: (10/27/2014 10:29:41 PM) (Source: MSSQL$DDNI) (EventID: 17204) (User: )
Description: FCB::Open failed: Could not open file C:\ProgramData\DDNi\Oasis\Data\Oasis2.mdf for file number 1. OS error: 2(The system cannot find the file specified.).


System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2014-10-27 21:53:48.129
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-10-27 21:53:47.864
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-10-26 09:28:25.789
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-10-26 09:28:25.453
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-10-26 09:28:24.949
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-10-26 09:28:24.511
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-10-26 09:28:23.375
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-10-26 09:28:23.090
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-10-26 09:28:22.516
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\gpapi.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-10-26 09:28:22.109
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\gpapi.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: AMD Athlon(tm) II P320 Dual-Core Processor
Percentage of memory in use: 38%
Total physical RAM: 3834.9 MB
Available physical RAM: 2365.21 MB
Total Pagefile: 7667.98 MB
Available Pagefile: 5834.25 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (hard drive) (Fixed) (Total:288.41 GB) (Free:232.13 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 361D9106)
Partition 1: (Not Active) - (Size=9.6 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=288.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================
 
redtarget.gif
Uninstall Search Toolbar.

redtarget.gif
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    427 bytes · Views: 3
Back