Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer constantly runs; power options not working


  • This topic is locked This topic is locked
25 replies to this topic

#1 Foxy88

Foxy88

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:59 PM

Posted 23 February 2014 - 04:50 PM

Recently my computer refuses to abide by the power options whether on battery or plugged in (won't go to sleep or shut off hard disks). I have read multiple forums and troubleshooting guides to fix this issue with no luck. While troubleshooting, I noticed my computer's hard drive "I'm thinking" light is contantly flickering. I have shutdown multiple processes with no luck. I have started in safe mode with no luck. This started about a month ago and it doesn't correspond to anything I have downloaded or have changed to my computer. Any other issues you may discover unrelated to this topic that may help my computer will be greatly appreciated also. Thank you in advance.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16533
Run by Paul at 12:37:56 on 2014-02-23
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3767.983 [GMT -9:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe
C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Windows\System32\alg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
C:\Program Files\Sony\VAIO Update\VUAgent.exe
C:\Program Files\Sony\VAIO Care\VCPerfService.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Sony\VAIO Care\VCService.exe
C:\Program Files\Sony\VAIO Care\VCAgent.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_12_0_0_70_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\System32\vds.exe
C:\Program Files\Sony\VAIO Care\VCAdmin.exe
C:\Users\Paul\Downloads\OTL.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://mail.aol.com/38366-111/aol-6/en-us/Suite.aspx
uSearch Bar = Preserve
BHO: PE_IE_Helper Class: {0941C58F-E461-4E03-BD7D-44C27392ADE1} - C:\Program Files (x86)\IBM\Lotus Forms\Viewer\3.5\PEhelper.dll
BHO: Slick Savings: {34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} -
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - LocalServer32 - <no file>
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [ANT Agent] C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe
mRun: [IAStorIcon] "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe"
mRun: [SmartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup
mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [PMBVolumeWatcher] "C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [WD Drive Unlocker] C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
mRun: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ACTIVC~1.LNK - C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SONYMS~1.LNK - C:\Program Files (x86)\Sony\MSS\3.0.271\SSScheduler.exe
uPolicies-Explorer: NoViewOnDrive = dword:0
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoDevMgrUpdate = dword:0
uPolicies-Explorer: NoWindowsUpdate = dword:0
uPolicies-System: NoDispAppearancePage = dword:0
uPolicies-System: NoDispSettingsPage = dword:0
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoViewOnDrive = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDevMgrUpdate = dword:0
mPolicies-Explorer: NoWindowsUpdate = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: NoDispAppearancePage = dword:0
mPolicies-System: NoDispSettingsPage = dword:0
mPolicies-Explorer: NoViewOnDrive = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDevMgrUpdate = dword:0
mPolicies-Explorer: NoWindowsUpdate = dword:0
mPolicies-System: NoDispAppearancePage = dword:0
mPolicies-System: NoDispSettingsPage = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: garmin.com
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.1.0.0/GarminAxControl_32.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 209.165.131.12 209.165.131.13 192.168.1.1
TCP: Interfaces\{0E37588F-0867-4D56-8CF9-459548D4F801} : DHCPNameServer = 172.16.192.1
TCP: Interfaces\{8A356BB9-7671-4C5D-9FEF-891007EDCCF0} : NameServer = 172.26.38.1 172.26.38.2
TCP: Interfaces\{C73F9B3D-0556-45E9-A89B-35650EE4151C} : NameServer = 172.26.38.1 172.26.38.2
TCP: Interfaces\{EC280D09-8534-48A1-8F15-4B7417B1FBDE} : NameServer = 172.26.38.1 172.26.38.2
TCP: Interfaces\{F3BAD375-4F4A-4066-9AD1-1176AFB621B2} : DHCPNameServer = 209.165.131.12 209.165.131.13 192.168.1.1
TCP: Interfaces\{F3BAD375-4F4A-4066-9AD1-1176AFB621B2}\2375942554637353 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{F3BAD375-4F4A-4066-9AD1-1176AFB621B2}\34963736F67393437373 : DHCPNameServer = 209.165.131.12 209.165.131.13 192.168.1.1
TCP: Interfaces\{F3BAD375-4F4A-4066-9AD1-1176AFB621B2}\C696E6B6379737 : DHCPNameServer = 192.168.1.1 68.105.28.11 68.105.29.11
TCP: Interfaces\{F3BAD375-4F4A-4066-9AD1-1176AFB621B2}\D696461647C616E64796362626 : DHCPNameServer = 10.71.0.1
TCP: Interfaces\{FF9D71F2-FD65-4BC0-93D8-D67F0BD90109} : DHCPNameServer = 172.20.50.75 212.77.192.60 212.77.192.59
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Handler: x-excid - {9D6CC632-1337-4a33-9214-2DA092E776F4} - c:\Windows\Downloaded Program Files\mimectl.dll
Handler: x-owacid2 - {5B290518-830E-4C57-A66B-E4F748900C27} - C:\Program Files (x86)\Microsoft\SMIME Client (2010)\mimectl.dll
Notify: VESWinlogon - VESWinlogon.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Slick Savings: {34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} -
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>
x64-Run: [NvCplDaemon] "RUNDLL32.EXE" C:\Windows\System32\NvCpl.dll,NvStartup
x64-Run: [RtHDVCpl] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [acevents] "C:\Program Files\ActivIdentity\ActivClient\acevents.exe"
x64-Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Handler: x-excid - {9D6CC632-1337-4a33-9214-2DA092E776F4} - <orphaned>
x64-Handler: x-owacid2 - {5B290518-830E-4C57-A66B-E4F748900C27} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-mASetup: {12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\Windows\System32\ieudinit.exe
.
============= SERVICES / DRIVERS ===============
.
R0 shpf;Sony HDD Protection Filter Driver;C:\Windows\System32\drivers\shpf.sys [2009-11-25 25120]
R2 ac.sharedstore;ActivIdentity Shared Store Service;C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-6-3 277032]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-11-25 13336]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]
R2 rimspci;rimspci;C:\Windows\System32\drivers\rimssne64.sys [2009-11-25 93696]
R2 risdsnpe;risdsnpe;C:\Windows\System32\drivers\risdsne64.sys [2009-11-25 76800]
R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2012-8-6 156672]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-11-25 2314240]
R2 WDBackup;WD Backup;C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [2012-12-20 1155088]
R2 WDDriveService;WD Drive Manager;C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [2012-9-6 248248]
R2 WDRulesService;WD Rules;C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [2012-12-20 1178128]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\System32\drivers\ArcSoftKsUFilter.sys [2009-12-16 19968]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-11-25 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2013-1-7 158976]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-1-7 317440]
R3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-11-14 111216]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2009-11-25 11392]
R3 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2009-12-16 571248]
R3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2012-10-12 54760]
R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update\VUAgent.exe [2012-12-9 1369136]
R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2009-10-15 36760]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 LiveUpdateSvc;LiveUpdate;C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2014-2-9 2151200]
S3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2009-11-25 52264]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2009-11-25 35104]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\System32\drivers\ew_hwusbdev.sys [2010-7-27 117248]
S3 ew_usbenumfilter;huawei_CompositeFilter;C:\Windows\System32\drivers\ew_usbenumfilter.sys [2010-3-20 13952]
S3 ewusbnet;HUAWEI USB-NDIS miniport;C:\Windows\System32\drivers\ewusbnet.sys [2010-8-31 256000]
S3 MSSQL$DDNI;SQL Server (DDNI);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\sqlservr.exe [2011-9-22 43028328]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-7-19 340240]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2009-10-19 6956032]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-17 19456]
S3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\Windows\System32\drivers\RTL8187.sys [2010-1-7 448512]
S3 S3XXx64;SCR3xx USB SmartCardReader64;C:\Windows\System32\drivers\S3XXx64.sys [2013-6-5 73984]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-11-13 56832]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-9-27 864000]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-5-19 549616]
S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-10-25 387896]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-10-25 101152]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-10-10 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 McComponentHostServiceSony;McAfee Security Scan Component Host Service for Sony;C:\Program Files (x86)\Sony\MSS\3.0.271\McCHSvc.exe [2012-3-30 237328]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-3-30 47128]
S4 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-9-10 108400]
S4 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-10-12 423280]
S4 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-9-10 67952]
S4 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-9-27 303872]
S4 SQLAgent$DDNI;SQL Server Agent (DDNI);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\SQLAGENT.EXE [2011-9-22 370024]
S4 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2009-12-16 104960]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\Windows\SysWow64\NOTEPAD.EXE %1
FileExt: .ini: inifile=C:\Windows\SysWow64\NOTEPAD.EXE %1
FileExt: .inf: inffile=C:\Windows\SysWow64\NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2014-02-23 19:14:47 388096 ----a-r- C:\Users\Paul\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2014-02-23 19:14:47 -------- d-----w- C:\Program Files (x86)\Trend Micro
2014-02-23 19:01:03 0 ----a-w- C:\Windows\SysWow64\REN55FC.tmp
2014-02-23 19:01:03 0 ----a-w- C:\Windows\SysWow64\REN55FB.tmp
2014-02-23 18:50:00 -------- d-----w- C:\Users\Paul\AppData\Local\lptmp978825813
2014-02-23 18:46:15 -------- d-----w- C:\ProgramData\Oracle
2014-02-23 18:46:03 0 ----a-w- C:\Windows\SysWow64\RENF0BB.tmp
2014-02-23 18:46:03 0 ----a-w- C:\Windows\SysWow64\RENF0BA.tmp
2014-02-23 01:02:11 17858952 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2014-02-23 00:02:22 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1AD1A39F-C8DB-4808-8BEC-461D4CB91596}\offreg.dll
2014-02-21 21:17:22 10536864 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1AD1A39F-C8DB-4808-8BEC-461D4CB91596}\mpengine.dll
2014-02-14 17:40:23 -------- d-----w- C:\Users\Paul\AppData\Roaming\IObit
2014-02-14 17:19:06 -------- d-----w- C:\Users\Paul\AppData\Local\ElevatedDiagnostics
2014-02-12 16:28:07 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2014-02-12 16:27:57 6573056 ----a-w- C:\Windows\System32\mstscax.dll
2014-02-12 16:27:57 5693440 ----a-w- C:\Windows\SysWow64\mstscax.dll
2014-02-09 21:35:12 -------- d-----w- C:\Users\Paul\AppData\Local\Slick Savings
2014-02-09 21:35:11 -------- d-----w- C:\ProgramData\ProductData
2014-02-09 21:34:47 -------- d-----w- C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2014-02-09 21:34:46 -------- d-----w- C:\Program Files (x86)\Common Files\Spigot
2014-02-09 21:34:43 -------- d-----w- C:\ProgramData\IObit
2014-02-09 21:34:25 -------- d-----w- C:\Program Files (x86)\IObit
2014-02-09 21:32:07 -------- d-----w- C:\Program Files\CCleaner
2014-02-06 02:57:55 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-06 02:57:55 -------- d-----w- C:\Program Files\iTunes
2014-02-06 02:57:55 -------- d-----w- C:\Program Files (x86)\iTunes
2014-02-06 02:56:28 -------- d-----w- C:\Program Files\Bonjour
2014-02-06 02:56:28 -------- d-----w- C:\Program Files (x86)\Bonjour
.
==================== Find3M  ====================
.
2014-02-23 01:02:24 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-23 01:02:24 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-02-05 10:00:21 2334720 ----a-w- C:\Windows\System32\jscript9.dll
2014-02-05 09:54:06 1392128 ----a-w- C:\Windows\System32\wininet.dll
2014-02-05 09:52:51 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-02-05 09:51:59 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-02-05 09:51:52 599040 ----a-w- C:\Windows\System32\vbscript.dll
2014-02-05 09:50:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2014-02-05 08:56:17 1806848 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-02-05 08:50:39 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-02-05 08:49:56 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-02-05 08:48:40 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-02-05 08:48:27 421376 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-02-05 08:47:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-12-24 23:09:41 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2013-12-18 15:13:56 270496 ------w- C:\Windows\System32\MpSigStub.exe
2013-12-11 16:37:44 10395072 ----a-w- C:\Program Files (x86)\Common Files\wruninstall.exe
2013-12-06 02:30:08 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2013-12-06 02:30:08 1882112 ----a-w- C:\Windows\System32\msxml3.dll
2013-12-06 02:02:08 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2013-12-06 02:02:08 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2013-12-04 02:27:33 485888 ----a-w- C:\Windows\System32\secproc_isv.dll
2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp_isv.dll
2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp.dll
2013-12-04 02:27:16 488448 ----a-w- C:\Windows\System32\secproc.dll
2013-12-04 02:26:32 528384 ----a-w- C:\Windows\System32\msdrm.dll
2013-12-04 02:16:51 658432 ----a-w- C:\Windows\System32\RMActivate_isv.exe
2013-12-04 02:16:51 626176 ----a-w- C:\Windows\System32\RMActivate.exe
2013-12-04 02:16:50 552960 ----a-w- C:\Windows\System32\RMActivate_ssp_isv.exe
2013-12-04 02:16:48 553984 ----a-w- C:\Windows\System32\RMActivate_ssp.exe
2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp_isv.dll
2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp.dll
2013-12-04 02:03:20 423936 ----a-w- C:\Windows\SysWow64\secproc_isv.dll
2013-12-04 02:03:08 428032 ----a-w- C:\Windows\SysWow64\secproc.dll
2013-12-04 02:02:06 390144 ----a-w- C:\Windows\SysWow64\msdrm.dll
2013-12-04 01:54:14 510976 ----a-w- C:\Windows\SysWow64\RMActivate_ssp.exe
2013-12-04 01:54:10 594944 ----a-w- C:\Windows\SysWow64\RMActivate_isv.exe
2013-12-04 01:54:09 572416 ----a-w- C:\Windows\SysWow64\RMActivate.exe
2013-12-04 01:54:06 508928 ----a-w- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
2013-11-27 01:41:37 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2013-11-27 01:41:15 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2013-11-27 01:41:11 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2013-11-27 01:41:11 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2013-11-27 01:41:09 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2013-11-27 01:41:06 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2013-11-27 01:41:03 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2013-11-26 11:40:00 376768 ----a-w- C:\Windows\System32\drivers\netio.sys
2013-11-26 10:32:56 3156480 ----a-w- C:\Windows\System32\win32k.sys
2013-11-26 08:16:50 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
2013-10-19 00:19:18 50053120 ----a-w- C:\Program Files (x86)\GUT7E0A.tmp
.
============= FINISH: 12:38:42.42 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:59 PM

Posted 24 February 2014 - 03:10 PM

Hi and Welcome!!   
 
My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
  • Please be sure to subscribe to the topic if you have not already done so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.

 
Having said that....   YBCQLm4.gif   Let's get going!!  
----------


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#3 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:59 PM

Posted 24 February 2014 - 03:11 PM

81mYIKe.jpg  AdwCleaner
 
Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

----------
 

LlJESjW.jpgMalwarebytes Anti-Rootkit
 
Please download Malwarebytes Anti-Rootkit and save it to your desktop.

  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Scan your system for malware
  • If malware is found, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.

If there is no malware found, please let me know as well.
----------


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#4 Foxy88

Foxy88
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:59 PM

Posted 24 February 2014 - 09:05 PM

Jeff-

Thank you for your help!

 

# AdwCleaner v3.019 - Report created 24/02/2014 at 16:11:12
# Updated 17/02/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Paul - PAUL-VAIO
# Running from : C:\Users\Paul\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Found C:\Program Files (x86)\Common Files\Spigot
Folder Found C:\ProgramData\~0
Folder Found C:\ProgramData\Partner
Folder Found C:\Users\Paul\AppData\Local\PackageAware
Folder Found C:\Users\Paul\AppData\Local\Slick Savings

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\Search Settings
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : [x64] HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16533

*************************

AdwCleaner[R0].txt - [2797 octets] - [24/02/2014 16:11:12]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2857 octets] ##########

 

 

The Malwarebytes Anti-Rootkit program found no malware.



#5 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:59 PM

Posted 25 February 2014 - 07:27 AM

ComboFix
 
Download Combofix from either of the links below, and save it to your desktop.  
Link 1
Link 2
 
**Note:  It is important that it is saved directly to your desktop**
If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.


 
--------------------------------------------------------------------
 
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
 
--------------------------------------------------------------------
 
Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.

  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#6 Foxy88

Foxy88
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:59 PM

Posted 25 February 2014 - 07:59 PM

ComboFix 14-02-24.02 - Paul 02/25/2014   7:27.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3767.1912 [GMT -9:00]
Running from: c:\users\Paul\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
.
.
(((((((((((((((((((((((((   Files Created from 2014-01-25 to 2014-02-25  )))))))))))))))))))))))))))))))
.
.
2014-02-25 16:36 . 2014-02-25 16:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-02-25 01:36 . 2014-02-25 01:36 -------- d-----w- c:\programdata\Malwarebytes
2014-02-25 01:36 . 2014-02-25 02:04 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-02-25 01:36 . 2014-02-25 01:36 119000 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-02-25 01:35 . 2014-02-25 01:35 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-02-25 01:11 . 2014-02-25 01:11 -------- d-----w- C:\AdwCleaner
2014-02-23 19:14 . 2014-02-23 19:14 388096 ----a-r- c:\users\Paul\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2014-02-23 19:14 . 2014-02-23 19:14 -------- d-----w- c:\program files (x86)\Trend Micro
2014-02-23 19:01 . 2014-02-23 19:01 0 ----a-w- c:\windows\SysWow64\REN55FC.tmp
2014-02-23 19:01 . 2014-02-23 19:01 0 ----a-w- c:\windows\SysWow64\REN55FB.tmp
2014-02-23 18:50 . 2014-02-23 18:50 -------- d-----w- c:\users\Paul\AppData\Local\lptmp978825813
2014-02-23 18:46 . 2014-02-23 18:53 -------- d-----w- c:\programdata\Oracle
2014-02-23 18:46 . 2014-02-23 18:46 0 ----a-w- c:\windows\SysWow64\RENF0BB.tmp
2014-02-23 18:46 . 2014-02-23 18:46 0 ----a-w- c:\windows\SysWow64\RENF0BA.tmp
2014-02-23 01:02 . 2014-02-23 01:02 17858952 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-02-23 00:02 . 2014-02-25 02:45 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1AD1A39F-C8DB-4808-8BEC-461D4CB91596}\offreg.dll
2014-02-21 21:17 . 2014-02-06 09:01 10536864 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1AD1A39F-C8DB-4808-8BEC-461D4CB91596}\mpengine.dll
2014-02-14 17:40 . 2014-02-14 17:40 -------- d-----w- c:\users\Paul\AppData\Roaming\IObit
2014-02-14 17:19 . 2014-02-14 17:30 -------- d-----w- c:\users\Paul\AppData\Local\ElevatedDiagnostics
2014-02-12 16:28 . 2013-12-24 23:09 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2014-02-12 16:27 . 2013-11-26 23:29 5693440 ----a-w- c:\windows\SysWow64\mstscax.dll
2014-02-12 16:27 . 2013-11-26 22:49 6573056 ----a-w- c:\windows\system32\mstscax.dll
2014-02-09 21:35 . 2014-02-09 21:35 -------- d-----w- c:\users\Paul\AppData\Local\Slick Savings
2014-02-09 21:35 . 2014-02-09 21:35 -------- d-----w- c:\programdata\ProductData
2014-02-09 21:34 . 2014-02-09 21:34 -------- d-----w- c:\programdata\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2014-02-09 21:34 . 2014-02-09 21:42 -------- d-----w- c:\program files (x86)\Common Files\Spigot
2014-02-09 21:34 . 2014-02-09 21:36 -------- d-----w- c:\programdata\IObit
2014-02-09 21:34 . 2014-02-09 21:41 -------- d-----w- c:\program files (x86)\IObit
2014-02-09 21:32 . 2014-02-09 21:32 -------- d-----w- c:\program files\CCleaner
2014-02-06 02:57 . 2014-02-06 02:58 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-06 02:57 . 2014-02-06 02:58 -------- d-----w- c:\program files\iTunes
2014-02-06 02:57 . 2014-02-06 02:58 -------- d-----w- c:\program files (x86)\iTunes
2014-02-06 02:56 . 2014-02-06 02:56 -------- d-----w- c:\program files (x86)\Apple Software Update
2014-02-06 02:56 . 2014-02-06 02:56 -------- d-----w- c:\program files\Common Files\Apple
2014-02-06 02:56 . 2014-02-06 02:56 -------- d-----w- c:\program files\Bonjour
2014-02-06 02:56 . 2014-02-06 02:56 -------- d-----w- c:\program files (x86)\Bonjour
2014-02-06 02:56 . 2014-02-06 02:57 -------- d-----w- c:\program files (x86)\Common Files\Apple
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-23 01:02 . 2012-04-15 19:36 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-23 01:02 . 2011-05-18 23:35 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-12 16:44 . 2010-10-10 18:34 88567024 ----a-w- c:\windows\system32\MRT.exe
2013-12-18 15:13 . 2010-10-19 01:31 270496 ------w- c:\windows\system32\MpSigStub.exe
2013-12-11 16:37 . 2012-11-17 06:03 10395072 ----a-w- c:\program files (x86)\Common Files\wruninstall.exe
2013-10-19 00:19 . 2013-10-19 00:19 50053120 ----a-w- c:\program files (x86)\GUT7E0A.tmp
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"ANT Agent"="c:\program files (x86)\Garmin\ANT Agent\ANT Agent.exe" [2013-02-16 14731776]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-11-20 284696]
"SmartWiHelper"="c:\program files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" [2009-10-05 80384]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2009-08-27 320880]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2009-10-24 597792]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-01-20 43848]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"WD Drive Unlocker"="c:\program files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe" [2012-06-14 1688008]
"WD Quick View"="c:\program files (x86)\Western Digital\WD Quick View\WDDMStatus.exe" [2012-12-20 5237256]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-01-21 152392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ActivClient Agent.lnk - c:\program files\ActivIdentity\ActivClient\acsagent.exe [2009-6-3 164904]
Sony MSS.lnk - c:\program files (x86)\Sony\MSS\3.0.271\SSScheduler.exe [2012-3-13 274328]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe "c:\programdata\Best Buy pc app\Best Buy pc app.application" [2010-9-21 9216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-12-01 03:20 98304 ------w- c:\windows\System32\VESWinlogon.dll
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]
R3 MSSQL$DDNI;SQL Server (DDNI);c:\program files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\sqlservr.exe;c:\program files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\sqlservr.exe [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtl8187.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8187.sys [x]
R3 S3XXx64;SCR3xx USB SmartCardReader64;c:\windows\system32\DRIVERS\S3XXx64.sys;c:\windows\SYSNATIVE\DRIVERS\S3XXx64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [x]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [x]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [x]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R4 McComponentHostServiceSony;McAfee Security Scan Component Host Service for Sony;c:\program files (x86)\Sony\MSS\3.0.271\McCHSvc.exe;c:\program files (x86)\Sony\MSS\3.0.271\McCHSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [x]
R4 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [x]
R4 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [x]
R4 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [x]
R4 SQLAgent$DDNI;SQL Server Agent (DDNI);c:\program files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\SQLAGENT.EXE;c:\program files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\SQLAGENT.EXE [x]
R4 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [x]
S0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\DRIVERS\shpf.sys;c:\windows\SYSNATIVE\DRIVERS\shpf.sys [x]
S2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [x]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys;c:\windows\SYSNATIVE\drivers\rimssne64.sys [x]
S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys;c:\windows\SYSNATIVE\drivers\risdsne64.sys [x]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe;c:\program files\Sony\VAIO Care\VCPerfService.exe [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 WDBackup;WD Backup;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [x]
S2 WDDriveService;WD Drive Manager;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [x]
S2 WDRulesService;WD Rules;c:\program files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe;c:\program files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [x]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys;c:\windows\SYSNATIVE\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys;c:\windows\SYSNATIVE\drivers\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys;c:\windows\SYSNATIVE\drivers\SFEP.sys [x]
S3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe;c:\program files\Sony\VAIO Power Management\SPMService.exe [x]
S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe;c:\program files\Sony\VAIO Care\VCService.exe [x]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update\VUAgent.exe;c:\program files\Sony\VAIO Update\VUAgent.exe [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 01:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-02 16395880]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-10-09 9636896]
"acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-12-04 196648]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-12-04 485416]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 2327952]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-07-19 1931024]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-01-08 169096]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-01-08 393864]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-01-08 418440]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://mail.aol.com/38366-111/aol-6/en-us/Suite.aspx
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: af.mil\jber.mail.us
Trusted Zone: af.mil\owa.elmendorf
Trusted Zone: af.mil\webmail.afmc
Trusted Zone: af.mil\www.my
Trusted Zone: garmin.com
TCP: DhcpNameServer = 209.165.131.12 209.165.131.13 192.168.1.1
TCP: Interfaces\{8A356BB9-7671-4C5D-9FEF-891007EDCCF0}: NameServer = 172.26.38.1 172.26.38.2
TCP: Interfaces\{C73F9B3D-0556-45E9-A89B-35650EE4151C}: NameServer = 172.26.38.1 172.26.38.2
TCP: Interfaces\{EC280D09-8534-48A1-8F15-4B7417B1FBDE}: NameServer = 172.26.38.1 172.26.38.2
Handler: x-owacid2 - {5B290518-830E-4C57-A66B-E4F748900C27} - c:\program files (x86)\Microsoft\SMIME Client (2010)\mimectl.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.1.0.0/GarminAxControl_32.CAB
.
.
------- File Associations -------
.
inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %*
txtfile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} - c:\users\Paul\AppData\Roaming\Slick Savings\Coupons.dll
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=10000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"&\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\%C3 & Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
   76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
   b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
   2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:ef,5a,12,ec,57,f7,cb,01
.
[HKEY_USERS\S-1-5-21-3196128469-3788443982-4118194652-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3196128469-3788443982-4118194652-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-02-25  07:39:22
ComboFix-quarantined-files.txt  2014-02-25 16:39
.
Pre-Run: 200,867,536,896 bytes free
Post-Run: 200,770,285,568 bytes free
.
- - End Of File - - AAF1AECBB73F09422691F421D09C64B0
 



#7 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:59 PM

Posted 25 February 2014 - 08:17 PM

Please go to: VirusTotal
On the page you'll find a "Choose File" button.
Click on the Choose File button.
In the Choose File to Upload window which opens, copy and paste this into the File Name box.
 
c:\program files (x86)\GUT7E0A.tmp
 
Next, click the Open button.
Then click the "Scan It!" button just below.
This will scan the file. Please be patient.
If you get a message saying File has already been analyzed: click Reanalyze file now
Once scanned, copy and paste the link to the results page in your next reply.
----------
 

SystemLook
 
Please use either of the following links:
Download Mirror 1
Download Mirror 2

  • Right-click and Run as Administrator SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :dir
    c:\users\Paul\AppData\Local\lptmp978825813 /s
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#8 Foxy88

Foxy88
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:59 PM

Posted 25 February 2014 - 09:04 PM

https://www.virustotal.com/en/file/0c32ef86c4466312f0572bc1025baf47af7c5a26e334d375ecdf58ceacb8e047/analysis/1393380017/

 

Detection ratio was 0/50

 

SystemLook 30.07.11 by jpshortstuff
Log created at 17:03 on 25/02/2014 by Paul
Administrator - Elevation successful

========== dir ==========

c:\users\Paul\AppData\Local\lptmp978825813 - Parameters: "/s"

---Files---
lp_languages.zip --a---- 3939502 bytes [18:50 23/02/2014] [18:50 23/02/2014]

c:\users\Paul\AppData\Local\lptmp978825813\languages d------ [18:50 23/02/2014]

c:\users\Paul\AppData\Local\lptmp978825813\languages\af_ZA d------ [18:50 23/02/2014]
af_ZA.xpm --a---- 4898 bytes [18:50 23/02/2014] [18:50 23/02/2014]
lastpass.mo --a---- 63261 bytes [18:50 23/02/2014] [18:50 23/02/2014]

c:\users\Paul\AppData\Local\lptmp978825813\languages\ar_EG d------ [18:50 23/02/2014]
ar_EG.xpm --a---- 4798 bytes [18:50 23/02/2014] [18:50 23/02/2014]
lastpass.mo --a---- 2593 bytes [18:50 23/02/2014] [18:50 23/02/2014]

c:\users\Paul\AppData\Local\lptmp978825813\languages\ar_SA d------ [18:50 23/02/2014]
ar_SA.xpm --a---- 2719 bytes [18:50 23/02/2014] [18:50 23/02/2014]
lastpass.mo --a---- 73650 bytes [18:50 23/02/2014] [18:50 23/02/2014]

c:\users\Paul\AppData\Local\lptmp978825813\languages\az_AZ d------ [18:50 23/02/2014]
az_AZ.xpm --a---- 5072 bytes [18:50 23/02/2014] [18:50 23/02/2014]
lastpass.mo --a---- 35897 bytes [18:50 23/02/2014] [18:50 23/02/2014]

c:\users\Paul\AppData\Local\lptmp978825813\languages\be_BY d------ [18:50 23/02/2014]
be_BY.xpm --a---- 4804 bytes [18:50 23/02/2014] [18:50 23/02/2014]
lastpass.mo --a---- 7596 bytes [18:50 23/02/2014] [18:50 23/02/2014]

c:\users\Paul\AppData\Local\lptmp978825813\languages\bg_BG d------ [18:50 23/02/2014]
bg_BG.xpm --a---- 4752 bytes [18:50 23/02/2014] [18:50 23/02/2014]
lastpass.mo --a---- 92977 bytes [18:50 23/02/2014] [18:50 23/02/2014]

c:\users\Paul\AppData\Local\lptmp978825813\languages\bn_BD d------ [18:50 23/02/2014]
bn_BD.xpm --a---- 4796 bytes [18:50 23/02/2014] [18:50 23/02/2014]
lastpass.mo --a---- 6890 bytes [18:50 23/02/2014] [18:50 23/02/2014]

c:\users\Paul\AppData\Local\lptmp978825813\languages\bs_BA d------ [18:50 23/02/2014]
bs_BA.xpm --a---- 4862 bytes [18:50 23/02/2014] [18:50 23/02/2014]
lastpass.mo --a---- 72375 bytes [18:50 23/02/2014] [18:50 23/02/2014]

c:\users\Paul\AppData\Local\lptmp978825813\languages\ca_ES d------ [18:50 23/02/2014]
ca_ES.xpm --a---- 4754 bytes [18:50 23/02/2014] [18:50 23/02/2014]
lastpass.mo --a---- 37762 bytes [18:50 23/02/2014] [18:50 23/02/2014]

c:\users\Paul\AppData\Local\lptmp978825813\languages\cs_CZ d------ [18:50 23/02/2014]
cs_CZ.xpm --a---- 4830 bytes [18:50 23/02/2014] [18:50 23/02/2014]
lastpass.mo --a---- 71296 bytes [18:50 23/02/2014] [18:50 23/02/2014]

c:\users\Paul\AppData\Local\lptmp978825813\languages\da_DK d------ [18:50 23/02/2014]
da_DK.xpm --a---- 2457 bytes [18:50 23/02/2014] [18:50 23/02/2014]
lastpass.mo --a---- 63735 bytes [18:50 23/02/2014] [18:50 23/02/2014]

c:\users\Paul\AppData\Local\lptmp978825813\languages\de_DE d------ [18:50 23/02/2014]
de_DE.xpm --a---- 3043 bytes [18:50 23/02/2014] [18:50 23/02/2014]
lastpass.mo --a---- 74960 bytes [18:50 23/02/2014] [18:50 23/02/2014]
messages.mo --a---- 44224 bytes [18:50 23/02/2014] [18:50 23/02/2014]
wxstd.mo --a---- 17128 bytes [18:50 23/02/2014] [18:50 23/02/2014]

c:\users\Paul\AppData\Local\lptmp978825813\languages\el_GR d------ [18:50 23/02/2014]
el_GR.xpm --a---- 2925 bytes [18:50 23/02/2014] [18:50 23/02/2014]
lastpass.mo --a---- 97966 bytes [18:50 23/02/2014] [18:50 23/02/2014]

c:\users\Paul\AppData\Local\lptmp978825813\languages\en_AU d------ [18:50 23/02/2014]
en_AU.xpm --a---- 4906 bytes [18:50 23/02/2014] [18:50 23/02/2014]
lastpass.mo --a---- 1764 bytes [18:50 23/02/2014] [18:50 23/02/2014]

c:\users\Paul\AppData\Local\lptmp978825813\languages\en_GB d------ [18:50 23/02/2014]
en_GB.xpm --a---- 5012 bytes [18:50 23/02/2014] [18:50 23/02/2014]
lastpass.mo --a---- 67264 bytes [18:50 23/02/2014] [18:50 23/02/2014]

c:\users\Paul\AppData\Local\lptmp978825813\languages\en_US d------ [18:50 23/02/2014]
en_US.xpm --a---- 2659 bytes [18:50 23/02/2014] [18:50 23/02/2014]
lastpass.mo --a---- 69947 bytes [18:50 23/02/2014] [18:50 23/02/2014]

c:\users\Paul\AppData\Local\lptmp978825813\languages\eo_US d------ [18:50 23/02/2014]
eo_US.xpm --a---- 4778 bytes [18:50 23/02/2014] [18:50 23/02/2014]
lastpass.mo --a---- 19663 bytes [18:50 23/02/2014] [18:50 23/02/2014]

c:\users\Paul\AppData\Local\lptmp978825813\languages\es_ES d------ [18:50 23/02/2014]
es_ES.xpm --a---- 2682 bytes [18:50 23/02/2014] [18:50 23/02/2014]
lastpass.mo --a---- 72428 bytes [18:50 23/02/2014] [18:50 23/02/2014]

c:\users\Paul\AppData\Local\lptmp978825813\languages\es_MX d------ [18:50 23/02/2014]
es_MX.xpm --a---- 4802 bytes [18:50 23/02/2014] [18:50 23/02/2014]
lastpass.mo --a---- 68706 bytes [18:50 23/02/2014] [18:50 23/02/2014]

c:\users\Paul\AppData\Local\lptmp978825813\languages\et_EE d------ [18:50 23/02/2014]
et_EE.xpm --a---- 4937 bytes [18:50 23/02/2014] [18:50 23/02/2014]
lastpass.mo --a---- 43274 bytes [18:50 23/02/2014] [18:50 23/02/2014]

c:\users\Paul\AppData\Local\lptmp978825813\languages\fa_IR d------ [18:50 23/02/2014]
fa_IR.xpm --a---- 2855 bytes [18:50 23/02/2014] [18:50 23/02/2014]
lastpass.mo --a---- 84177 bytes [18:50 23/02/2014] [18:50 23/02/2014]
messages.mo --a---- 10774 bytes [18:50 23/02/2014] [18:50 23/02/2014]

c:\users\Paul\AppData\Local\lptmp978825813\languages\fi_FI d------ [18:50 23/02/2014]
fi_FI.xpm --a---- 2521 bytes [18:50 23/02/2014] [18:50 23/02/2014]
lastpass.mo --a---- 68303 bytes [18:50 23/02/2014] [18:50 23/02/2014]

c:\users\Paul\AppData\Local\lptmp978825813\languages\fr_CA d------ [18:50 23/02/2014]
fr_CA.xpm --a---- 4774 bytes [18:50 23/02/2014] [18:50 23/02/2014]
lastpass.mo --a---- 74695 bytes [18:50 23/02/2014] [18:50 23/02/2014]

c:\users\Paul\AppData\Local\lptmp978825813\languages\fr_FR d------ [18:50 23/02/2014]
fr_FR.xpm --a---- 2558 bytes [18:50 23/02/2014] [18:50 23/02/2014]
lastpass.mo --a---- 74747 bytes [18:50 23/02/2014] [18:50 23/02/2014]
messages.mo --a---- 39684 bytes [18:50 23/02/2014] [18:50 23/02/2014]

c:\users\Paul\AppData\Local\lptmp978825813\languages\ga_IE d------ [18:50 23/02/2014]
ga_IE.xpm --a---- 4995 bytes [18:50 23/02/2014] [18:50 23/02/2014]
lastpass.mo --a---- 2523 bytes [18:50 23/02/2014] [18:50 23/02/2014]

c:\users\Paul\AppData\Local\lptmp978825813\languages\gl_ES d------ [18:50 23/02/2014]
gl_ES.xpm --a---- 4862 bytes [18:50 23/02/2014] [18:50 23/02/2014]
lastpass.mo --a---- 21584 bytes [18:50 23/02/2014] [18:50 23/02/2014]

c:\users\Paul\AppData\Local\lptmp978825813\languages\gu_IN d------ [18:50 23/02/2014]
gu_IN.xpm --a---- 2968 bytes [18:50 23/02/2014] [18:50 23/02/2014]
lastpass.mo --a---- 1427 bytes [18:50 23/02/2014] [18:50 23/02/2014]

c:\users\Paul\AppData\Local\lptmp978825813\languages\he_IL d------ [18:50 23/02/2014]
he_IL.xpm --a---- 1703 bytes [18:50 23/02/2014] [18:50 23/02/2014]
lastpass.mo --a---- 77881 bytes [18:50 23/02/2014] [18:50 23/02/2014]
messages.mo --a---- 34313 bytes [18:50 23/02/2014] [18:50 23/02/2014]

c:\users\Paul\AppData\Local\lptmp978825813\languages\hi_IN d------ [18:50 23/02/2014]
hi_IN.xpm --a---- 2968 bytes [18:50 23/02/2014] [18:50 23/02/2014]
lastpass.mo --a---- 7038 bytes [18:50 23/02/2014] [18:50 23/02/2014]

c:\users\Paul\AppData\Local\lptmp978825813\languages\hr_HR d------ [18:50 23/02/2014]
hr_HR.xpm --a---- 2564 bytes [18:50 23/02/2014] [18:50 23/02/2014]
lastpass.mo --a---- 69175 bytes [18:50 23/02/2014] [18:50 23/02/2014]

c:\users\Paul\AppData\Local\lptmp978825813\languages\hu_HU d------ [18:50 23/02/2014]
hu_HU.xpm --a---- 2405 bytes [18:50 23/02/2014] [18:50 23/02/2014]
lastpass.mo --a---- 74289 bytes [18:50 23/02/2014] [18:50 23/02/2014]

c:\users\Paul\AppData\Local\lptmp978825813\languages\id_ID d------ [18:50 23/02/2014]
id_ID.xpm --a---- 4744 bytes [18:50 23/02/2014] [18:50 23/02/2014]
lastpass.mo --a---- 58962 bytes [18:50 23/02/2014] [18:50 23/02/2014]

c:\users\Paul\AppData\Local\lptmp978825813\languages\is_IS d------ [18:50 23/02/2014]
is_IS.xpm --a---- 2567 bytes [18:50 23/02/2014] [18:50 23/02/2014]
lastpass.mo --a---- 33443 bytes [18:50 23/02/2014] [18:50 23/02/2014]

c:\users\Paul\AppData\Local\lptmp978825813\languages\it_IT d------ [18:50 23/02/2014]
it_IT.xpm --a---- 2293 bytes [18:50 23/02/2014] [18:50 23/02/2014]
lastpass.mo --a---- 70756 bytes [18:50 23/02/2014] [18:50 23/02/2014]

c:\users\Paul\AppData\Local\lptmp978825813\languages\ja_JP d------ [18:50 23/02/2014]
ja_JP.xpm --a---- 1523 bytes [18:50 23/02/2014] [18:50 23/02/2014]
lastpass.mo --a---- 77997 bytes [18:50 23/02/2014] [18:50 23/02/2014]

c:\users\Paul\AppData\Local\lptmp978825813\languages\ka_GE d------ [18:50 23/02/2014]
ka_GE.xpm --a---- 4975 bytes [18:50 23/02/2014] [18:50 23/02/2014]
lastpass.mo --a---- 85520 bytes [18:50 23/02/2014] [18:50 23/02/2014]

c:\users\Paul\AppData\Local\lptmp978825813\languages\kn_IN d------ [18:50 23/02/2014]
kn_IN.xpm --a---- 5038 bytes [18:50 23/02/2014] [18:50 23/02/2014]
lastpass.mo --a---- 412 bytes [18:50 23/02/2014] [18:50 23/02/2014]

c:\users\Paul\AppData\Local\lptmp978825813\languages\ko_KR d------ [18:50 23/02/2014]
ko_KR.xpm --a---- 2449 bytes [18:50 23/02/2014] [18:50 23/02/2014]
lastpass.mo --a---- 77637 bytes [18:50 23/02/2014] [18:50 23/02/2014]

c:\users\Paul\AppData\Local\lptmp978825813\languages\lt_LT d------ [18:50 23/02/2014]
lastpass.mo --a---- 73584 bytes [18:50 23/02/2014] [18:50 23/02/2014]
lt_LT.xpm --a---- 3070 bytes [18:50 23/02/2014] [18:50 23/02/2014]

c:\users\Paul\AppData\Local\lptmp978825813\languages\lv_LV d------ [18:50 23/02/2014]
lastpass.mo --a---- 11048 bytes [18:50 23/02/2014] [18:50 23/02/2014]
lv_LV.xpm --a---- 4744 bytes [18:50 23/02/2014] [18:50 23/02/2014]

c:\users\Paul\AppData\Local\lptmp978825813\languages\mg_MG d------ [18:50 23/02/2014]
lastpass.mo --a---- 3959 bytes [18:50 23/02/2014] [18:50 23/02/2014]
mg_MG.xpm --a---- 4992 bytes [18:50 23/02/2014] [18:50 23/02/2014]

c:\users\Paul\AppData\Local\lptmp978825813\languages\mk_MK d------ [18:50 23/02/2014]
lastpass.mo --a---- 6680 bytes [18:50 23/02/2014] [18:50 23/02/2014]
mk_MK.xpm --a---- 5057 bytes [18:50 23/02/2014] [18:50 23/02/2014]

c:\users\Paul\AppData\Local\lptmp978825813\languages\ml_IN d------ [18:50 23/02/2014]
lastpass.mo --a---- 412 bytes [18:50 23/02/2014] [18:50 23/02/2014]
ml_IN.xpm --a---- 5038 bytes [18:50 23/02/2014] [18:50 23/02/2014]

c:\users\Paul\AppData\Local\lptmp978825813\languages\mr_IN d------ [18:50 23/02/2014]
lastpass.mo --a---- 610 bytes [18:50 23/02/2014] [18:50 23/02/2014]
mr_IN.xpm --a---- 2968 bytes [18:50 23/02/2014] [18:50 23/02/2014]

c:\users\Paul\AppData\Local\lptmp978825813\languages\ms_MY d------ [18:50 23/02/2014]
lastpass.mo --a---- 14085 bytes [18:50 23/02/2014] [18:50 23/02/2014]
ms_MY.xpm --a---- 2425 bytes [18:50 23/02/2014] [18:50 23/02/2014]

c:\users\Paul\AppData\Local\lptmp978825813\languages\nb_NO d------ [18:50 23/02/2014]
lastpass.mo --a---- 69800 bytes [18:50 23/02/2014] [18:50 23/02/2014]
nb_NO.xpm --a---- 2503 bytes [18:50 23/02/2014] [18:50 23/02/2014]

c:\users\Paul\AppData\Local\lptmp978825813\languages\nl_NL d------ [18:50 23/02/2014]
junk.html --a---- 124 bytes [18:50 23/02/2014] [18:50 23/02/2014]
lastpass.mo --a---- 71275 bytes [18:50 23/02/2014] [18:50 23/02/2014]
messages.mo --a---- 40948 bytes [18:50 23/02/2014] [18:50 23/02/2014]
nl_NL.xpm --a---- 2676 bytes [18:50 23/02/2014] [18:50 23/02/2014]

c:\users\Paul\AppData\Local\lptmp978825813\languages\nn_NO d------ [18:50 23/02/2014]
lastpass.mo --a---- 38362 bytes [18:50 23/02/2014] [18:50 23/02/2014]
nn_NO.xpm --a---- 2503 bytes [18:50 23/02/2014] [18:50 23/02/2014]

c:\users\Paul\AppData\Local\lptmp978825813\languages\pa_IN d------ [18:50 23/02/2014]
lastpass.mo --a---- 767 bytes [18:50 23/02/2014] [18:50 23/02/2014]
pa_IN.xpm --a---- 2968 bytes [18:50 23/02/2014] [18:50 23/02/2014]

c:\users\Paul\AppData\Local\lptmp978825813\languages\pl_PL d------ [18:50 23/02/2014]
lastpass.mo --a---- 70735 bytes [18:50 23/02/2014] [18:50 23/02/2014]
pl_PL.xpm --a---- 2202 bytes [18:50 23/02/2014] [18:50 23/02/2014]

c:\users\Paul\AppData\Local\lptmp978825813\languages\pt_BR d------ [18:50 23/02/2014]
lastpass.mo --a---- 70479 bytes [18:50 23/02/2014] [18:50 23/02/2014]
pt_BR.xpm --a---- 2860 bytes [18:50 23/02/2014] [18:50 23/02/2014]

c:\users\Paul\AppData\Local\lptmp978825813\languages\pt_PT d------ [18:50 23/02/2014]
lastpass.mo --a---- 72752 bytes [18:50 23/02/2014] [18:50 23/02/2014]
pt_PT.xpm --a---- 5024 bytes [18:50 23/02/2014] [18:50 23/02/2014]

c:\users\Paul\AppData\Local\lptmp978825813\languages\ro_RO d------ [18:50 23/02/2014]
lastpass.mo --a---- 60141 bytes [18:50 23/02/2014] [18:50 23/02/2014]
ro_RO.xpm --a---- 2926 bytes [18:50 23/02/2014] [18:50 23/02/2014]

c:\users\Paul\AppData\Local\lptmp978825813\languages\ru_RU d------ [18:50 23/02/2014]
lastpass.mo --a---- 92329 bytes [18:50 23/02/2014] [18:50 23/02/2014]
ru_RU.xpm --a---- 2667 bytes [18:50 23/02/2014] [18:50 23/02/2014]

c:\users\Paul\AppData\Local\lptmp978825813\languages\si_LK d------ [18:50 23/02/2014]
lastpass.mo --a---- 4220 bytes [18:50 23/02/2014] [18:50 23/02/2014]
si_LK.xpm --a---- 5054 bytes [18:50 23/02/2014] [18:50 23/02/2014]

c:\users\Paul\AppData\Local\lptmp978825813\languages\sk_SK d------ [18:50 23/02/2014]
lastpass.mo --a---- 60704 bytes [18:50 23/02/2014] [18:50 23/02/2014]
sk_SK.xpm --a---- 2939 bytes [18:50 23/02/2014] [18:50 23/02/2014]

c:\users\Paul\AppData\Local\lptmp978825813\languages\sl_SI d------ [18:50 23/02/2014]
lastpass.mo --a---- 23861 bytes [18:50 23/02/2014] [18:50 23/02/2014]
sl_SI.xpm --a---- 2887 bytes [18:50 23/02/2014] [18:50 23/02/2014]

c:\users\Paul\AppData\Local\lptmp978825813\languages\sq_AL d------ [18:50 23/02/2014]
lastpass.mo --a---- 6981 bytes [18:50 23/02/2014] [18:50 23/02/2014]
sq_AL.xpm --a---- 5037 bytes [18:50 23/02/2014] [18:50 23/02/2014]

c:\users\Paul\AppData\Local\lptmp978825813\languages\sr_RS d------ [18:50 23/02/2014]
lastpass.mo --a---- 88765 bytes [18:50 23/02/2014] [18:50 23/02/2014]
sr_RS.xpm --a---- 2395 bytes [18:50 23/02/2014] [18:50 23/02/2014]

c:\users\Paul\AppData\Local\lptmp978825813\languages\sv_SE d------ [18:50 23/02/2014]
lastpass.mo --a---- 69058 bytes [18:50 23/02/2014] [18:50 23/02/2014]
messages.mo --a---- 39217 bytes [18:50 23/02/2014] [18:50 23/02/2014]
sv_SE.xpm --a---- 2798 bytes [18:50 23/02/2014] [18:50 23/02/2014]

c:\users\Paul\AppData\Local\lptmp978825813\languages\ta_IN d------ [18:50 23/02/2014]
lastpass.mo --a---- 43259 bytes [18:50 23/02/2014] [18:50 23/02/2014]
ta_IN.xpm --a---- 2968 bytes [18:50 23/02/2014] [18:50 23/02/2014]

c:\users\Paul\AppData\Local\lptmp978825813\languages\th_TH d------ [18:50 23/02/2014]
lastpass.mo --a---- 70867 bytes [18:50 23/02/2014] [18:50 23/02/2014]
th_TH.xpm --a---- 2773 bytes [18:50 23/02/2014] [18:50 23/02/2014]

c:\users\Paul\AppData\Local\lptmp978825813\languages\tl_PH d------ [18:50 23/02/2014]
lastpass.mo --a---- 25723 bytes [18:50 23/02/2014] [18:50 23/02/2014]
tl_PH.xpm --a---- 5044 bytes [18:50 23/02/2014] [18:50 23/02/2014]

c:\users\Paul\AppData\Local\lptmp978825813\languages\tr_TR d------ [18:50 23/02/2014]
lastpass.mo --a---- 70017 bytes [18:50 23/02/2014] [18:50 23/02/2014]
tr_TR.xpm --a---- 2634 bytes [18:50 23/02/2014] [18:50 23/02/2014]

c:\users\Paul\AppData\Local\lptmp978825813\languages\uk_UA d------ [18:50 23/02/2014]
lastpass.mo --a---- 83584 bytes [18:50 23/02/2014] [18:50 23/02/2014]
uk_UA.xpm --a---- 2878 bytes [18:50 23/02/2014] [18:50 23/02/2014]

c:\users\Paul\AppData\Local\lptmp978825813\languages\ur_PK d------ [18:50 23/02/2014]
lastpass.mo --a---- 5025 bytes [18:50 23/02/2014] [18:50 23/02/2014]
ur_PK.xpm --a---- 5028 bytes [18:50 23/02/2014] [18:50 23/02/2014]

c:\users\Paul\AppData\Local\lptmp978825813\languages\vi_VN d------ [18:50 23/02/2014]
lastpass.mo --a---- 77918 bytes [18:50 23/02/2014] [18:50 23/02/2014]
vi_VN.xpm --a---- 2522 bytes [18:50 23/02/2014] [18:50 23/02/2014]

c:\users\Paul\AppData\Local\lptmp978825813\languages\zh_CN d------ [18:50 23/02/2014]
lastpass.mo --a---- 66254 bytes [18:50 23/02/2014] [18:50 23/02/2014]
zh_CN.xpm --a---- 4794 bytes [18:50 23/02/2014] [18:50 23/02/2014]

c:\users\Paul\AppData\Local\lptmp978825813\languages\zh_TW d------ [18:50 23/02/2014]
lastpass.mo --a---- 65336 bytes [18:50 23/02/2014] [18:50 23/02/2014]
zh_TW.xpm --a---- 4812 bytes [18:50 23/02/2014] [18:50 23/02/2014]

-= EOF =-



#9 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:59 PM

Posted 26 February 2014 - 09:20 AM

Hi,
 
ComboFix

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    ClearJavaCache::
     
    File::
    c:\windows\SysWow64\REN55FC.tmp
    c:\windows\SysWow64\REN55FB.tmp
    c:\windows\SysWow64\RENF0BB.tmp
    c:\windows\SysWow64\RENF0BA.tmp
     
    Folder::
    c:\users\Paul\AppData\Local\Slick Savings
    c:\program files (x86)\Common Files\Spigot

  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
     
    CFScriptB-4.gif
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
----------

Post the new ComboFix log and let me know how your system is running now. :)


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#10 Foxy88

Foxy88
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:59 PM

Posted 26 February 2014 - 11:33 AM

Jeff...thanks for your continued help.

 

ComboFix 14-02-24.02 - Paul 02/26/2014   7:12.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3767.2245 [GMT -9:00]
Running from: c:\users\Paul\Desktop\ComboFix.exe
Command switches used :: c:\users\Paul\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\SysWow64\REN55FB.tmp"
"c:\windows\SysWow64\REN55FC.tmp"
"c:\windows\SysWow64\RENF0BA.tmp"
"c:\windows\SysWow64\RENF0BB.tmp"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\Spigot
c:\program files (x86)\Common Files\Spigot\GC\ErrorAssistant_1.3.crx
c:\program files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx
c:\program files (x86)\Common Files\Spigot\GC\saebay_1.1.crx
c:\users\Paul\AppData\Local\Slick Savings
c:\users\Paul\AppData\Local\Slick Savings\coupons.crx
.
.
(((((((((((((((((((((((((   Files Created from 2014-01-26 to 2014-02-26  )))))))))))))))))))))))))))))))
.
.
2014-02-26 16:21 . 2014-02-26 16:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-02-25 01:36 . 2014-02-25 01:36 -------- d-----w- c:\programdata\Malwarebytes
2014-02-25 01:36 . 2014-02-25 02:04 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-02-25 01:36 . 2014-02-25 01:36 119000 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-02-25 01:35 . 2014-02-25 01:35 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-02-25 01:11 . 2014-02-25 01:11 -------- d-----w- C:\AdwCleaner
2014-02-23 19:14 . 2014-02-23 19:14 388096 ----a-r- c:\users\Paul\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2014-02-23 19:14 . 2014-02-23 19:14 -------- d-----w- c:\program files (x86)\Trend Micro
2014-02-23 19:01 . 2014-02-23 19:01 0 ----a-w- c:\windows\SysWow64\REN55FC.tmp
2014-02-23 19:01 . 2014-02-23 19:01 0 ----a-w- c:\windows\SysWow64\REN55FB.tmp
2014-02-23 18:50 . 2014-02-23 18:50 -------- d-----w- c:\users\Paul\AppData\Local\lptmp978825813
2014-02-23 18:46 . 2014-02-23 18:53 -------- d-----w- c:\programdata\Oracle
2014-02-23 18:46 . 2014-02-23 18:46 0 ----a-w- c:\windows\SysWow64\RENF0BB.tmp
2014-02-23 18:46 . 2014-02-23 18:46 0 ----a-w- c:\windows\SysWow64\RENF0BA.tmp
2014-02-23 01:02 . 2014-02-23 01:02 17858952 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-02-23 00:02 . 2014-02-25 02:45 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1AD1A39F-C8DB-4808-8BEC-461D4CB91596}\offreg.dll
2014-02-21 21:17 . 2014-02-06 09:01 10536864 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1AD1A39F-C8DB-4808-8BEC-461D4CB91596}\mpengine.dll
2014-02-14 17:40 . 2014-02-14 17:40 -------- d-----w- c:\users\Paul\AppData\Roaming\IObit
2014-02-14 17:19 . 2014-02-14 17:30 -------- d-----w- c:\users\Paul\AppData\Local\ElevatedDiagnostics
2014-02-12 16:28 . 2013-12-24 23:09 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2014-02-12 16:27 . 2013-11-26 23:29 5693440 ----a-w- c:\windows\SysWow64\mstscax.dll
2014-02-12 16:27 . 2013-11-26 22:49 6573056 ----a-w- c:\windows\system32\mstscax.dll
2014-02-09 21:35 . 2014-02-09 21:35 -------- d-----w- c:\programdata\ProductData
2014-02-09 21:34 . 2014-02-09 21:34 -------- d-----w- c:\programdata\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2014-02-09 21:34 . 2014-02-09 21:36 -------- d-----w- c:\programdata\IObit
2014-02-09 21:34 . 2014-02-09 21:41 -------- d-----w- c:\program files (x86)\IObit
2014-02-09 21:32 . 2014-02-09 21:32 -------- d-----w- c:\program files\CCleaner
2014-02-06 02:57 . 2014-02-06 02:58 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-06 02:57 . 2014-02-06 02:58 -------- d-----w- c:\program files\iTunes
2014-02-06 02:57 . 2014-02-06 02:58 -------- d-----w- c:\program files (x86)\iTunes
2014-02-06 02:56 . 2014-02-06 02:56 -------- d-----w- c:\program files (x86)\Apple Software Update
2014-02-06 02:56 . 2014-02-06 02:56 -------- d-----w- c:\program files\Common Files\Apple
2014-02-06 02:56 . 2014-02-06 02:56 -------- d-----w- c:\program files\Bonjour
2014-02-06 02:56 . 2014-02-06 02:56 -------- d-----w- c:\program files (x86)\Bonjour
2014-02-06 02:56 . 2014-02-06 02:57 -------- d-----w- c:\program files (x86)\Common Files\Apple
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-23 01:02 . 2012-04-15 19:36 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-23 01:02 . 2011-05-18 23:35 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-12 16:44 . 2010-10-10 18:34 88567024 ----a-w- c:\windows\system32\MRT.exe
2013-12-18 15:13 . 2010-10-19 01:31 270496 ------w- c:\windows\system32\MpSigStub.exe
2013-12-11 16:37 . 2012-11-17 06:03 10395072 ----a-w- c:\program files (x86)\Common Files\wruninstall.exe
2013-10-19 00:19 . 2013-10-19 00:19 50053120 ----a-w- c:\program files (x86)\GUT7E0A.tmp
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}]
c:\users\Paul\AppData\Roaming\Slick Savings\Coupons.dll [BU]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"ANT Agent"="c:\program files (x86)\Garmin\ANT Agent\ANT Agent.exe" [2013-02-16 14731776]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-11-20 284696]
"SmartWiHelper"="c:\program files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" [2009-10-05 80384]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2009-08-27 320880]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2009-10-24 597792]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-01-20 43848]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"WD Drive Unlocker"="c:\program files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe" [2012-06-14 1688008]
"WD Quick View"="c:\program files (x86)\Western Digital\WD Quick View\WDDMStatus.exe" [2012-12-20 5237256]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-01-21 152392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ActivClient Agent.lnk - c:\program files\ActivIdentity\ActivClient\acsagent.exe [2009-6-3 164904]
Sony MSS.lnk - c:\program files (x86)\Sony\MSS\3.0.271\SSScheduler.exe [2012-3-13 274328]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe "c:\programdata\Best Buy pc app\Best Buy pc app.application" [2010-9-21 9216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-12-01 03:20 98304 ------w- c:\windows\System32\VESWinlogon.dll
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]
R3 MSSQL$DDNI;SQL Server (DDNI);c:\program files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\sqlservr.exe;c:\program files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\sqlservr.exe [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtl8187.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8187.sys [x]
R3 S3XXx64;SCR3xx USB SmartCardReader64;c:\windows\system32\DRIVERS\S3XXx64.sys;c:\windows\SYSNATIVE\DRIVERS\S3XXx64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [x]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [x]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [x]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R4 McComponentHostServiceSony;McAfee Security Scan Component Host Service for Sony;c:\program files (x86)\Sony\MSS\3.0.271\McCHSvc.exe;c:\program files (x86)\Sony\MSS\3.0.271\McCHSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [x]
R4 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [x]
R4 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [x]
R4 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [x]
R4 SQLAgent$DDNI;SQL Server Agent (DDNI);c:\program files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\SQLAGENT.EXE;c:\program files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\SQLAGENT.EXE [x]
R4 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [x]
S0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\DRIVERS\shpf.sys;c:\windows\SYSNATIVE\DRIVERS\shpf.sys [x]
S2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [x]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys;c:\windows\SYSNATIVE\drivers\rimssne64.sys [x]
S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys;c:\windows\SYSNATIVE\drivers\risdsne64.sys [x]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe;c:\program files\Sony\VAIO Care\VCPerfService.exe [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 WDBackup;WD Backup;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [x]
S2 WDDriveService;WD Drive Manager;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [x]
S2 WDRulesService;WD Rules;c:\program files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe;c:\program files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [x]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys;c:\windows\SYSNATIVE\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys;c:\windows\SYSNATIVE\drivers\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys;c:\windows\SYSNATIVE\drivers\SFEP.sys [x]
S3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe;c:\program files\Sony\VAIO Power Management\SPMService.exe [x]
S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe;c:\program files\Sony\VAIO Care\VCService.exe [x]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update\VUAgent.exe;c:\program files\Sony\VAIO Update\VUAgent.exe [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 01:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-02 16395880]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-10-09 9636896]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-12-04 196648]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-12-04 485416]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 2327952]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-07-19 1931024]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-01-08 169096]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-01-08 393864]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-01-08 418440]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://mail.aol.com/38366-111/aol-6/en-us/Suite.aspx
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: af.mil\jber.mail.us
Trusted Zone: af.mil\owa.elmendorf
Trusted Zone: af.mil\webmail.afmc
Trusted Zone: af.mil\www.my
Trusted Zone: garmin.com
TCP: DhcpNameServer = 209.165.131.12 209.165.131.13 192.168.1.1
TCP: Interfaces\{8A356BB9-7671-4C5D-9FEF-891007EDCCF0}: NameServer = 172.26.38.1 172.26.38.2
TCP: Interfaces\{C73F9B3D-0556-45E9-A89B-35650EE4151C}: NameServer = 172.26.38.1 172.26.38.2
TCP: Interfaces\{EC280D09-8534-48A1-8F15-4B7417B1FBDE}: NameServer = 172.26.38.1 172.26.38.2
Handler: x-owacid2 - {5B290518-830E-4C57-A66B-E4F748900C27} - c:\program files (x86)\Microsoft\SMIME Client (2010)\mimectl.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.1.0.0/GarminAxControl_32.CAB
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=10000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"&\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\%C3 & Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
   76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
   b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
   2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:ef,5a,12,ec,57,f7,cb,01
.
[HKEY_USERS\S-1-5-21-3196128469-3788443982-4118194652-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3196128469-3788443982-4118194652-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-02-26  07:24:38
ComboFix-quarantined-files.txt  2014-02-26 16:24
ComboFix2.txt  2014-02-25 16:39
.
Pre-Run: 200,614,199,296 bytes free
Post-Run: 200,201,646,080 bytes free
.
- - End Of File - - 41C9476E2600BF33EA5316EE9A4283F9
 



#11 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:59 PM

Posted 26 February 2014 - 02:16 PM

and let me know how your system is running now.  :)

 

:)


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#12 Foxy88

Foxy88
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:59 PM

Posted 26 February 2014 - 08:53 PM

Computer still acts the same. Something I did notice is there are three items in the task scheduler that I have no idea what they are or what they are doing.

 

{432592B0-330A-4B59-AC55-BB2BFC72A8FC}

{9C6AE3A2-C335-48FB-A68D-0279F4758BF4}

{E144A085-12BB-49E4-930D-E78FE73C80F2}

 

Additionally, I checked the Event Viewer and there were 75 errors/24 hours, 19 Warnings/24 hours, 847 Information/24 hours. Could this help identify the problem?



#13 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:59 PM

Posted 26 February 2014 - 09:16 PM

Ok thanks for letting me know.   :)
 
81mYIKe.jpg  AdwCleaner
 
Double click on AdwCleaner.exe to run the tool again.

  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

------------
 

N4qAiMQ.jpgFRST
 
Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
 
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
----------


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#14 Foxy88

Foxy88
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:59 PM

Posted 26 February 2014 - 09:47 PM

Adaware results...

# AdwCleaner v3.019 - Report created 26/02/2014 at 17:42:19
# Updated 17/02/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Paul - PAUL-VAIO
# Running from : C:\Users\Paul\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\~0
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\Users\Paul\AppData\Local\PackageAware

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16533

*************************

AdwCleaner[R0].txt - [2953 octets] - [24/02/2014 16:11:12]
AdwCleaner[R1].txt - [2677 octets] - [26/02/2014 17:41:08]
AdwCleaner[S0].txt - [2595 octets] - [26/02/2014 17:42:19]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2655 octets] ##########



#15 Foxy88

Foxy88
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:59 PM

Posted 26 February 2014 - 09:54 PM

FRST program has several warnings that it may be harmful. Also, it hangs up "not responding" when scanning Tcpip, but continued.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-02-2014
Ran by Paul (administrator) on PAUL-VAIO on 26-02-2014 17:49:47
Running from C:\Users\Paul\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(ActivIdentity) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(GARMIN Corp.) C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
(Microsoft Corporation) C:\Windows\SysWow64\NOTEPAD.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
(Western Digital) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
() C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
(Western Digital) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe
() C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
() C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
(Western Digital ) C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Western Digital ) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_12_0_0_70_ActiveX.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
() C:\Program Files\Sony\VAIO Care\VCPerfService.exe
() C:\Program Files\Sony\VAIO Care\listener.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [16395880 2009-11-02] (NVIDIA Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9636896 2010-10-09] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1861416 2009-11-01] (Synaptics Incorporated)
HKLM\...\Run: [acevents] - C:\Program Files\ActivIdentity\ActivClient\acevents.exe [196648 2009-12-04] (ActivIdentity)
HKLM\...\Run: [accrdsub] - C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [485416 2009-12-04] (ActivIdentity)
HKLM\...\Run: [IntelliPoint] - c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2327952 2010-07-21] (Microsoft Corporation)
HKLM\...\Run: [IntelWireless] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1931024 2010-07-19] (Intel® Corporation)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2009-11-20] (Intel Corporation)
HKLM-x32\...\Run: [SmartWiHelper] - C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe [80384 2009-10-05] (Sony Electronics Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [320880 2009-08-26] (Sony Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] - C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [597792 2009-10-24] (Sony Corporation)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WD Drive Unlocker] - C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1688008 2012-06-13] (Western Digital)
HKLM-x32\...\Run: [WD Quick View] - C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5237256 2012-12-20] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
Winlogon\Notify\VESWinlogon-x32: VESWinlogon.dll [X]
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-3196128469-3788443982-4118194652-1005\...\Run: [ANT Agent] - C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe [14731776 2013-02-15] (GARMIN Corp.)
HKU\S-1-5-21-3196128469-3788443982-4118194652-1005\...\Policies\Explorer: [NoDevMgrUpdate] 0
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.aol.com/38394-114/aol-6/en-us/suite.aspx
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://finance.yahoo.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNNT
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNNT_enUS400US401
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  No File
BHO-x32: PE_IE_Helper Class - {0941C58F-E461-4E03-BD7D-44C27392ADE1} - C:\Program Files (x86)\IBM\Lotus Forms\Viewer\3.5\PEhelper.dll (IBM Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} -  No File
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: x-excid - {9D6CC632-1337-4a33-9214-2DA092E776F4} -  No File
Handler: x-owacid2 - {5B290518-830E-4C57-A66B-E4F748900C27} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: x-excid - {9D6CC632-1337-4a33-9214-2DA092E776F4} - c:\Windows\Downloaded Program Files\mimectl.dll (Microsoft Corporation)
Handler-x32: x-owacid2 - {5B290518-830E-4C57-A66B-E4F748900C27} - C:\Program Files (x86)\Microsoft\SMIME Client (2010)\mimectl.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 209.165.131.12 209.165.131.13 192.168.1.1
Tcpip\..\Interfaces\{8A356BB9-7671-4C5D-9FEF-891007EDCCF0}: [NameServer]172.26.38.1 172.26.38.2
Tcpip\..\Interfaces\{C73F9B3D-0556-45E9-A89B-35650EE4151C}: [NameServer]172.26.38.1 172.26.38.2
Tcpip\..\Interfaces\{EC280D09-8534-48A1-8F15-4B7417B1FBDE}: [NameServer]172.26.38.1 172.26.38.2

==================== Services (Whitelisted) =================

R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [277032 2009-06-03] (ActivIdentity)
S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2151200 2013-12-03] (IObit)
S4 McComponentHostServiceSony; C:\Program Files (x86)\Sony\MSS\3.0.271\McCHSvc.exe [237328 2012-03-30] (McAfee, Inc.)
S3 MSSQL$DDNI; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\sqlservr.exe [43028328 2011-09-22] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-07-19] ()
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [156672 2012-08-06] ()
S4 SQLAgent$DDNI; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\SQLAGENT.EXE [370024 2011-09-22] (Microsoft Corporation)
S4 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [74496 2010-09-27] (Sony Corporation)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [864000 2010-09-27] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1369136 2013-09-25] (Sony Corporation)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1155088 2012-12-20] (Western Digital )
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [248248 2012-09-06] (Western Digital)
R2 WDRulesService; C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [1178128 2012-12-20] (Western Digital )

==================== Drivers (Whitelisted) ====================

R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
S3 DSI_SiUSBXp_3_1; C:\Windows\System32\drivers\DSI_SiUSBXp_3_1.sys [16384 2007-09-06] (Silicon Laboratories)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [256000 2010-08-31] (Huawei Technologies Co., Ltd.)
S3 S3XXx64; C:\Windows\System32\DRIVERS\S3XXx64.sys [73984 2013-06-05] (Identive)
R0 shpf; C:\Windows\System32\DRIVERS\shpf.sys [25120 2009-05-28] (Sony Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-02-26 17:49 - 2014-02-26 17:50 - 00016704 _____ () C:\Users\Paul\Desktop\FRST.txt
2014-02-26 17:49 - 2014-02-26 17:49 - 00000000 ____D () C:\FRST
2014-02-26 17:48 - 2014-02-26 17:49 - 02155520 _____ (Farbar) C:\Users\Paul\Desktop\FRST64.exe
2014-02-26 17:28 - 2014-02-26 17:28 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-02-26 17:27 - 2014-02-26 17:28 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-26 17:27 - 2014-02-26 17:28 - 00000000 ____D () C:\Program Files\iTunes
2014-02-26 17:27 - 2014-02-26 17:28 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-02-26 17:22 - 2014-02-26 17:22 - 00001845 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-02-26 17:22 - 2014-02-26 17:22 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-02-26 07:24 - 2014-02-26 07:24 - 00027047 _____ () C:\ComboFix.txt
2014-02-25 17:03 - 2014-02-25 17:03 - 00033346 _____ () C:\Users\Paul\Desktop\SystemLook.txt
2014-02-25 16:55 - 2014-02-25 16:55 - 00165376 _____ () C:\Users\Paul\Desktop\SystemLook_x64.exe
2014-02-25 07:24 - 2014-02-26 07:24 - 00000000 ____D () C:\Qoobox
2014-02-25 07:24 - 2014-02-25 07:36 - 00000000 ____D () C:\Windows\erdnt
2014-02-25 07:24 - 2011-06-25 21:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-02-25 07:24 - 2010-11-07 08:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-02-25 07:24 - 2009-04-19 19:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-02-25 07:24 - 2000-08-30 15:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-02-25 07:24 - 2000-08-30 15:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-02-25 07:24 - 2000-08-30 15:00 - 00098816 _____ () C:\Windows\sed.exe
2014-02-25 07:24 - 2000-08-30 15:00 - 00080412 _____ () C:\Windows\grep.exe
2014-02-25 07:24 - 2000-08-30 15:00 - 00068096 _____ () C:\Windows\zip.exe
2014-02-25 07:22 - 2014-02-25 07:23 - 05185084 ____R (Swearware) C:\Users\Paul\Desktop\ComboFix.exe
2014-02-24 16:36 - 2014-02-24 17:04 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-24 16:36 - 2014-02-24 16:36 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-02-24 16:36 - 2014-02-24 16:36 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-24 16:35 - 2014-02-24 17:04 - 00000000 ____D () C:\Users\Paul\Downloads\mbar
2014-02-24 16:35 - 2014-02-24 16:35 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-02-24 16:11 - 2014-02-26 17:42 - 00000000 ____D () C:\AdwCleaner
2014-02-24 16:10 - 2014-02-24 16:10 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Paul\Downloads\mbar-1.07.0.1009.exe
2014-02-24 16:09 - 2014-02-24 16:09 - 01241834 _____ () C:\Users\Paul\Downloads\AdwCleaner.exe
2014-02-23 12:39 - 2014-02-23 12:39 - 00026809 _____ () C:\Users\Paul\Downloads\DDS.txt
2014-02-23 12:39 - 2014-02-23 12:39 - 00013804 _____ () C:\Users\Paul\Downloads\Attach.txt
2014-02-23 12:38 - 2014-02-23 12:38 - 00026809 _____ () C:\Users\Paul\Desktop\dds.txt
2014-02-23 12:38 - 2014-02-23 12:38 - 00013804 _____ () C:\Users\Paul\Desktop\attach.txt
2014-02-23 12:36 - 2014-02-23 12:36 - 00688992 ____R (Swearware) C:\Users\Paul\Downloads\dds.com
2014-02-23 12:21 - 2014-02-23 12:21 - 00069918 _____ () C:\Users\Paul\Downloads\Extras.Txt
2014-02-23 12:18 - 2014-02-23 12:18 - 00110600 _____ () C:\Users\Paul\Downloads\OTL.Txt
2014-02-23 11:56 - 2014-02-23 11:56 - 00602112 _____ (OldTimer Tools) C:\Users\Paul\Downloads\OTL.exe
2014-02-23 10:14 - 2014-02-23 10:14 - 00002971 _____ () C:\Users\Paul\Desktop\HiJackThis.lnk
2014-02-23 10:14 - 2014-02-23 10:14 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-02-23 10:14 - 2014-02-23 10:14 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-02-23 10:01 - 2014-02-23 10:01 - 00000000 _____ () C:\Windows\SysWOW64\REN55FC.tmp
2014-02-23 10:01 - 2014-02-23 10:01 - 00000000 _____ () C:\Windows\SysWOW64\REN55FB.tmp
2014-02-23 09:50 - 2014-02-23 09:50 - 00000000 ____D () C:\Users\Paul\AppData\Local\lptmp978825813
2014-02-23 09:46 - 2014-02-23 09:53 - 00000000 ____D () C:\ProgramData\Oracle
2014-02-23 09:46 - 2014-02-23 09:46 - 00000000 _____ () C:\Windows\SysWOW64\RENF0BB.tmp
2014-02-23 09:46 - 2014-02-23 09:46 - 00000000 _____ () C:\Windows\SysWOW64\RENF0BA.tmp
2014-02-23 09:45 - 2014-02-23 10:01 - 00000139 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-02-22 16:02 - 2014-02-22 16:02 - 17858952 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-02-14 09:58 - 2014-02-14 09:58 - 00000000 _____ () C:\Windows\Model.log
2014-02-14 08:40 - 2014-02-14 08:40 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\IObit
2014-02-12 07:29 - 2014-02-05 01:19 - 17849344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-12 07:29 - 2014-02-05 01:02 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-12 07:29 - 2014-02-05 01:00 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-12 07:29 - 2014-02-05 00:54 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-12 07:29 - 2014-02-05 00:54 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-12 07:29 - 2014-02-05 00:52 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-12 07:29 - 2014-02-05 00:52 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-12 07:29 - 2014-02-05 00:52 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-12 07:29 - 2014-02-05 00:51 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-12 07:29 - 2014-02-05 00:51 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-12 07:29 - 2014-02-05 00:51 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-12 07:29 - 2014-02-05 00:51 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-12 07:29 - 2014-02-05 00:51 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-12 07:29 - 2014-02-05 00:50 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-12 07:29 - 2014-02-05 00:50 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-12 07:29 - 2014-02-05 00:50 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-12 07:29 - 2014-02-04 23:58 - 12345344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-12 07:29 - 2014-02-04 23:56 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-12 07:29 - 2014-02-04 23:53 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-12 07:29 - 2014-02-04 23:51 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-12 07:29 - 2014-02-04 23:50 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-12 07:29 - 2014-02-04 23:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-12 07:29 - 2014-02-04 23:49 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-02-12 07:29 - 2014-02-04 23:48 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-12 07:29 - 2014-02-04 23:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-02-12 07:29 - 2014-02-04 23:48 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-12 07:29 - 2014-02-04 23:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-12 07:29 - 2014-02-04 23:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-12 07:29 - 2014-02-04 23:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-12 07:29 - 2014-02-04 23:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-12 07:29 - 2014-02-04 23:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-02-12 07:29 - 2014-02-04 23:46 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-12 07:28 - 2013-12-31 14:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-12 07:28 - 2013-12-31 14:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-12 07:28 - 2013-12-24 14:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-12 07:28 - 2013-12-24 13:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-12 07:28 - 2013-12-05 17:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 07:28 - 2013-12-05 17:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-12 07:28 - 2013-12-05 17:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-12 07:28 - 2013-12-05 17:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-12 07:28 - 2013-12-03 17:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-12 07:28 - 2013-12-03 17:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-12 07:28 - 2013-12-03 17:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-12 07:28 - 2013-12-03 17:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-12 07:28 - 2013-12-03 17:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-12 07:28 - 2013-12-03 17:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-12 07:28 - 2013-12-03 17:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-12 07:28 - 2013-12-03 17:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-12 07:28 - 2013-12-03 17:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-12 07:28 - 2013-12-03 17:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-12 07:28 - 2013-12-03 17:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-12 07:28 - 2013-12-03 17:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-12 07:28 - 2013-12-03 17:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-12 07:28 - 2013-12-03 17:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-12 07:28 - 2013-12-03 16:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-12 07:28 - 2013-12-03 16:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-12 07:28 - 2013-12-03 16:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-12 07:28 - 2013-12-03 16:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-12 07:28 - 2013-11-25 23:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-12 07:28 - 2013-11-22 13:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-12 07:27 - 2013-11-26 14:29 - 05693440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-02-12 07:27 - 2013-11-26 13:49 - 06573056 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-02-10 07:26 - 2014-02-10 07:26 - 00119896 _____ () C:\Users\Paul\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-10 07:25 - 2014-02-26 17:43 - 00000887 _____ () C:\Windows\setupact.log
2014-02-10 07:25 - 2014-02-26 16:54 - 00013748 _____ () C:\Windows\PFRO.log
2014-02-10 07:25 - 2014-02-10 07:25 - 00457200 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-10 07:25 - 2014-02-10 07:25 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-09 12:41 - 2014-02-09 12:41 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2014-02-09 12:35 - 2014-02-09 12:35 - 00000000 ____D () C:\ProgramData\ProductData
2014-02-09 12:34 - 2014-02-09 12:41 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-02-09 12:34 - 2014-02-09 12:36 - 00000000 ____D () C:\ProgramData\IObit
2014-02-09 12:34 - 2014-02-09 12:34 - 00000000 ____D () C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2014-02-09 12:32 - 2014-02-09 12:32 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-02-09 12:32 - 2014-02-09 12:32 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-02-09 12:32 - 2014-02-09 12:32 - 00000000 ____D () C:\Program Files\CCleaner
2014-02-05 17:56 - 2014-02-05 17:56 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2014-02-05 17:56 - 2014-02-05 17:56 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-02-05 17:56 - 2014-02-05 17:56 - 00000000 ____D () C:\Program Files\Bonjour
2014-02-05 17:56 - 2014-02-05 17:56 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-02-05 17:56 - 2014-02-05 17:56 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-02-05 10:55 - 2014-02-05 10:55 - 00003544 ____N () C:\bootsqm.dat

==================== One Month Modified Files and Folders =======

2014-02-26 17:50 - 2014-02-26 17:49 - 00016704 _____ () C:\Users\Paul\Desktop\FRST.txt
2014-02-26 17:49 - 2014-02-26 17:49 - 00000000 ____D () C:\FRST
2014-02-26 17:49 - 2014-02-26 17:48 - 02155520 _____ (Farbar) C:\Users\Paul\Desktop\FRST64.exe
2014-02-26 17:49 - 2010-08-13 22:30 - 02034748 _____ () C:\Windows\WindowsUpdate.log
2014-02-26 17:44 - 2011-12-03 18:25 - 00000437 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-02-26 17:44 - 2009-07-13 20:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-26 17:43 - 2014-02-10 07:25 - 00000887 _____ () C:\Windows\setupact.log
2014-02-26 17:42 - 2014-02-24 16:11 - 00000000 ____D () C:\AdwCleaner
2014-02-26 17:28 - 2014-02-26 17:28 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-02-26 17:28 - 2014-02-26 17:27 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-26 17:28 - 2014-02-26 17:27 - 00000000 ____D () C:\Program Files\iTunes
2014-02-26 17:28 - 2014-02-26 17:27 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-02-26 17:27 - 2010-10-09 14:17 - 00000000 ____D () C:\Program Files\iPod
2014-02-26 17:22 - 2014-02-26 17:22 - 00001845 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-02-26 17:22 - 2014-02-26 17:22 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-02-26 17:09 - 2009-07-13 19:45 - 00010096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-26 17:09 - 2009-07-13 19:45 - 00010096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-26 16:54 - 2014-02-10 07:25 - 00013748 _____ () C:\Windows\PFRO.log
2014-02-26 07:24 - 2014-02-26 07:24 - 00027047 _____ () C:\ComboFix.txt
2014-02-26 07:24 - 2014-02-25 07:24 - 00000000 ____D () C:\Qoobox
2014-02-26 07:21 - 2009-07-13 17:34 - 00000215 _____ () C:\Windows\system.ini
2014-02-25 18:11 - 2014-01-19 09:43 - 00000000 ____D () C:\Users\Paul\Desktop\Taxes 2013
2014-02-25 17:03 - 2014-02-25 17:03 - 00033346 _____ () C:\Users\Paul\Desktop\SystemLook.txt
2014-02-25 16:55 - 2014-02-25 16:55 - 00165376 _____ () C:\Users\Paul\Desktop\SystemLook_x64.exe
2014-02-25 07:39 - 2009-07-13 18:20 - 00000000 __RHD () C:\Users\Default
2014-02-25 07:36 - 2014-02-25 07:24 - 00000000 ____D () C:\Windows\erdnt
2014-02-25 07:23 - 2014-02-25 07:22 - 05185084 ____R (Swearware) C:\Users\Paul\Desktop\ComboFix.exe
2014-02-24 17:04 - 2014-02-24 16:36 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-24 17:04 - 2014-02-24 16:35 - 00000000 ____D () C:\Users\Paul\Downloads\mbar
2014-02-24 16:36 - 2014-02-24 16:36 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-02-24 16:36 - 2014-02-24 16:36 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-24 16:35 - 2014-02-24 16:35 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-02-24 16:10 - 2014-02-24 16:10 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Paul\Downloads\mbar-1.07.0.1009.exe
2014-02-24 16:09 - 2014-02-24 16:09 - 01241834 _____ () C:\Users\Paul\Downloads\AdwCleaner.exe
2014-02-23 16:48 - 2012-04-15 10:36 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-23 12:39 - 2014-02-23 12:39 - 00026809 _____ () C:\Users\Paul\Downloads\DDS.txt
2014-02-23 12:39 - 2014-02-23 12:39 - 00013804 _____ () C:\Users\Paul\Downloads\Attach.txt
2014-02-23 12:38 - 2014-02-23 12:38 - 00026809 _____ () C:\Users\Paul\Desktop\dds.txt
2014-02-23 12:38 - 2014-02-23 12:38 - 00013804 _____ () C:\Users\Paul\Desktop\attach.txt
2014-02-23 12:36 - 2014-02-23 12:36 - 00688992 ____R (Swearware) C:\Users\Paul\Downloads\dds.com
2014-02-23 12:21 - 2014-02-23 12:21 - 00069918 _____ () C:\Users\Paul\Downloads\Extras.Txt
2014-02-23 12:18 - 2014-02-23 12:18 - 00110600 _____ () C:\Users\Paul\Downloads\OTL.Txt
2014-02-23 11:56 - 2014-02-23 11:56 - 00602112 _____ (OldTimer Tools) C:\Users\Paul\Downloads\OTL.exe
2014-02-23 11:56 - 2012-09-02 15:21 - 00060416 ___SH () C:\Users\Paul\Downloads\Thumbs.db
2014-02-23 10:35 - 2009-07-13 20:13 - 00876418 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-23 10:14 - 2014-02-23 10:14 - 00002971 _____ () C:\Users\Paul\Desktop\HiJackThis.lnk
2014-02-23 10:14 - 2014-02-23 10:14 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-02-23 10:14 - 2014-02-23 10:14 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-02-23 10:10 - 2009-12-16 05:54 - 00000000 ____D () C:\Program Files (x86)\Microsoft Works
2014-02-23 10:07 - 2009-12-16 06:05 - 00000000 ____D () C:\Program Files (x86)\Sony
2014-02-23 10:01 - 2014-02-23 10:01 - 00000000 _____ () C:\Windows\SysWOW64\REN55FC.tmp
2014-02-23 10:01 - 2014-02-23 10:01 - 00000000 _____ () C:\Windows\SysWOW64\REN55FB.tmp
2014-02-23 10:01 - 2014-02-23 09:45 - 00000139 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-02-23 10:01 - 2009-12-16 05:53 - 00000000 ____D () C:\Program Files (x86)\Java
2014-02-23 09:55 - 2011-12-01 15:16 - 00000000 ____D () C:\Program Files\Webroot
2014-02-23 09:53 - 2014-02-23 09:46 - 00000000 ____D () C:\ProgramData\Oracle
2014-02-23 09:50 - 2014-02-23 09:50 - 00000000 ____D () C:\Users\Paul\AppData\Local\lptmp978825813
2014-02-23 09:50 - 2011-12-01 15:16 - 00000000 ____D () C:\ProgramData\WRData
2014-02-23 09:46 - 2014-02-23 09:46 - 00000000 _____ () C:\Windows\SysWOW64\RENF0BB.tmp
2014-02-23 09:46 - 2014-02-23 09:46 - 00000000 _____ () C:\Windows\SysWOW64\RENF0BA.tmp
2014-02-22 16:04 - 2012-04-15 10:36 - 00003916 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-22 16:02 - 2014-02-22 16:02 - 17858952 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-02-22 16:02 - 2012-04-15 10:36 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-22 16:02 - 2011-05-18 14:35 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-20 20:08 - 2008-03-22 06:42 - 00000000 ____D () C:\Users\Paul\Documents\Finance
2014-02-20 07:48 - 2012-05-03 16:26 - 00843264 ___SH () C:\Users\Paul\Desktop\Thumbs.db
2014-02-18 10:22 - 2009-12-16 06:15 - 00000000 ____D () C:\Program Files (x86)\DDNi
2014-02-14 10:26 - 2010-11-09 15:38 - 00000000 ____D () C:\ProgramData\Intel
2014-02-14 10:26 - 2010-10-09 13:26 - 00000000 ____D () C:\Update
2014-02-14 10:26 - 2009-11-25 14:45 - 00014936 _____ () C:\Windows\system32\results.xml
2014-02-14 09:59 - 2009-11-25 14:39 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-02-14 09:58 - 2014-02-14 09:58 - 00000000 _____ () C:\Windows\Model.log
2014-02-14 09:58 - 2010-10-09 13:27 - 00000021 _____ () C:\Windows\Model.txt
2014-02-14 08:40 - 2014-02-14 08:40 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\IObit
2014-02-14 08:40 - 2009-07-13 20:08 - 00032552 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-14 08:33 - 2010-10-31 12:05 - 00000000 ____D () C:\Users\Paul\AppData\Local\CrashDumps
2014-02-14 08:20 - 2010-10-26 13:15 - 00016384 ___SH () C:\Users\Paul\Thumbs.db
2014-02-13 09:32 - 2009-07-13 18:20 - 00000000 ____D () C:\Windows\rescache
2014-02-12 07:54 - 2009-12-16 05:58 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-12 07:53 - 2009-12-16 06:14 - 00870634 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-12 07:46 - 2013-07-16 17:21 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-12 07:44 - 2010-10-10 09:34 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-12 07:31 - 2009-07-13 17:34 - 00000499 _____ () C:\Windows\win.ini
2014-02-10 07:26 - 2014-02-10 07:26 - 00119896 _____ () C:\Users\Paul\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-10 07:25 - 2014-02-10 07:25 - 00457200 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-10 07:25 - 2014-02-10 07:25 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-09 12:49 - 2010-10-10 03:42 - 00000000 ___DC () C:\Users\Paul\AppData\Local\MigWiz
2014-02-09 12:49 - 2010-10-09 17:04 - 00000000 ____D () C:\Users\Paul\Tracing
2014-02-09 12:49 - 2009-11-25 14:10 - 00000000 ____D () C:\Windows\Panther
2014-02-09 12:41 - 2014-02-09 12:41 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2014-02-09 12:41 - 2014-02-09 12:34 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-02-09 12:36 - 2014-02-09 12:34 - 00000000 ____D () C:\ProgramData\IObit
2014-02-09 12:35 - 2014-02-09 12:35 - 00000000 ____D () C:\ProgramData\ProductData
2014-02-09 12:35 - 2010-10-09 14:18 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\Apple Computer
2014-02-09 12:34 - 2014-02-09 12:34 - 00000000 ____D () C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2014-02-09 12:32 - 2014-02-09 12:32 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-02-09 12:32 - 2014-02-09 12:32 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-02-09 12:32 - 2014-02-09 12:32 - 00000000 ____D () C:\Program Files\CCleaner
2014-02-05 17:56 - 2014-02-05 17:56 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2014-02-05 17:56 - 2014-02-05 17:56 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-02-05 17:56 - 2014-02-05 17:56 - 00000000 ____D () C:\Program Files\Bonjour
2014-02-05 17:56 - 2014-02-05 17:56 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-02-05 17:56 - 2014-02-05 17:56 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-02-05 17:56 - 2010-10-09 14:16 - 00000000 ____D () C:\ProgramData\Apple
2014-02-05 10:55 - 2014-02-05 10:55 - 00003544 ____N () C:\bootsqm.dat
2014-02-05 01:19 - 2014-02-12 07:29 - 17849344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-05 01:02 - 2014-02-12 07:29 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-05 01:00 - 2014-02-12 07:29 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-05 00:54 - 2014-02-12 07:29 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-05 00:54 - 2014-02-12 07:29 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-05 00:52 - 2014-02-12 07:29 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-05 00:52 - 2014-02-12 07:29 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-05 00:52 - 2014-02-12 07:29 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-05 00:51 - 2014-02-12 07:29 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-05 00:51 - 2014-02-12 07:29 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-05 00:51 - 2014-02-12 07:29 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-05 00:51 - 2014-02-12 07:29 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-05 00:51 - 2014-02-12 07:29 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-05 00:50 - 2014-02-12 07:29 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-05 00:50 - 2014-02-12 07:29 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-05 00:50 - 2014-02-12 07:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-04 23:58 - 2014-02-12 07:29 - 12345344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-04 23:56 - 2014-02-12 07:29 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-04 23:53 - 2014-02-12 07:29 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-04 23:51 - 2014-02-12 07:29 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-04 23:50 - 2014-02-12 07:29 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-04 23:49 - 2014-02-12 07:29 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-04 23:49 - 2014-02-12 07:29 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-02-04 23:48 - 2014-02-12 07:29 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-04 23:48 - 2014-02-12 07:29 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-02-04 23:48 - 2014-02-12 07:29 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-04 23:48 - 2014-02-12 07:29 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-04 23:48 - 2014-02-12 07:29 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-04 23:47 - 2014-02-12 07:29 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-04 23:47 - 2014-02-12 07:29 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-04 23:47 - 2014-02-12 07:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-02-04 23:46 - 2014-02-12 07:29 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-01-27 17:12 - 2013-12-10 13:10 - 00003786 _____ () C:\Windows\System32\Tasks\VAIO Health Report

Some content of TEMP:
====================
C:\Users\Paul\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-02-18 10:10

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-02-2014
Ran by Paul at 2014-02-26 17:50:58
Running from C:\Users\Paul\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

ActivClient CAC x64 (HKLM\...\{86E45973-5352-439F-A115-2E8EE4D40140}) (Version: 6.2 - ActivIdentity)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.0.4.13090 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 2.0.4.13090 - Adobe Systems Inc.) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Aimersoft DVD Ripper(Build 2.7.3.4) (HKLM-x32\...\Aimersoft DVD Ripper_is1) (Version:  - Aimersoft Software)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft Magic-i Visual Effects 2 (HKLM-x32\...\{7BB90344-0647-468E-925A-7F69F7983421}) (Version: 2.0.1.85 - ArcSoft)
ArcSoft WebCam Companion 3 (HKLM-x32\...\{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}) (Version: 3.0.21.390 - ArcSoft)
Best Buy pc app (Version: 3.0.1.2 - Best Buy) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.4.11266.0 - Cisco Consumer Products LLC)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{81FB7C60-565A-4869-9D90-3BE1D270E8B7}) (Version:  - Microsoft)
Garmin ANT Agent (HKLM\...\{3B589892-1061-48B4-8598-295C80C8573C}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin (HKLM-x32\...\{B1EE1CC5-6CED-4801-BFFF-8454F21A245A}) (Version: 2.9.3 - Garmin Ltd or its subsidiaries)
Garmin Training Center (HKLM-x32\...\{3D6878FF-FAF4-4C27-903C-0D07FBBB92F9}) (Version: 3.5.3 - Garmin Ltd or its subsidiaries)
Garmin Training Center (HKLM-x32\...\{7D542452-84EB-47C0-97BA-735C523AB555}) (Version: 3.6.5 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
HandBrake 0.9.8 (HKLM-x32\...\HandBrake) (Version: 0.9.8 - )
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
IBM Lotus Forms Viewer 3.5.1 (HKLM-x32\...\{A0BBF7AB-2F47-47DC-BB02-4C826F2BC73C}) (Version: 7.6.1.333 - IBM)
Intel PROSet Wireless (Version:  - ) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2827 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{4327107B-E95E-415C-9194-458FCED6BF12}) (Version: 13.03.0000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.4.1001 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{3E12E400-C29C-4DF2-BF9E-B1981C5BB0F9}) (Version: 1.0.57.0 - Intel® Corporation)
iPhoneSMSExport (HKLM-x32\...\iPhoneSMSExport) (Version:  - )
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java Auto Updater (x32 Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Media Gallery (HKLM-x32\...\{DD88F979-FA58-41AC-980C-A6E1A82B61D9}) (Version: 1.1.0.10210 - Sony Corporation)
Media Gallery (x32 Version: 1.1.0.10210 - Sony Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Outlook Web Access S/MIME (HKLM-x32\...\{6CF08AD2-00C5-4A63-B74B-2EFFFAFEBE1A}) (Version: 6.5.7651.60 - Microsoft)
Microsoft S/MIME (HKLM-x32\...\{D4E54C39-AC87-4C48-B6E0-A073F21E9B8A}) (Version: 14.1.218.12 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 (HKLM-x32\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 (x32 Version:  - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Common Files (x32 Version: 10.3.5500.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Database Engine Services (x32 Version: 10.3.5500.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Database Engine Shared (x32 Version: 10.3.5500.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Native Client (HKLM\...\{2738C4AA-420E-4E13-ADEF-B5AB250E3EF1}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 RsFx Driver (x32 Version: 10.3.5500.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Setup Support Files  (HKLM-x32\...\{8F72E2D4-1E48-4534-8DB8-1E8E012899C6}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.9 - NVIDIA Corporation)
Plants vs. Zombies (HKLM-x32\...\Plants vs. Zombies) (Version:  - PopCap Games)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PMB (HKLM-x32\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.0.00.10260 - Sony Corporation)
PMB VAIO Edition Guide (HKLM-x32\...\InstallShield_{88C252C8-A7EE-4B60-BF74-8E5919A8048F}) (Version: 1.0.00.09250 - Sony Corporation)
PMB VAIO Edition Guide (x32 Version: 1.0.00.09250 - Sony Corporation) Hidden
PMB VAIO Edition plug-in (Click to Disc) (HKLM-x32\...\InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}) (Version: 3.0.01.11230 - Sony Corporation)
PMB VAIO Edition plug-in (Click to Disc) (x32 Version: 3.0.01.11230 - Sony Corporation) Hidden
PMB VAIO Edition plug-in (VAIO Image Optimizer) (HKLM-x32\...\InstallShield_{1873FFC1-FDCB-47E1-B7C7-F418211E3530}) (Version: 1.0.00.10150 - Sony Corporation)
PMB VAIO Edition plug-in (VAIO Image Optimizer) (x32 Version: 1.0.00.10150 - Sony Corporation) Hidden
PMB VAIO Edition plug-in (VAIO Movie Story) (HKLM-x32\...\InstallShield_{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}) (Version: 2.0.01.12010 - Sony Corporation)
PMB VAIO Edition plug-in (VAIO Movie Story) (x32 Version: 2.0.01.12010 - Sony Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5992 - Realtek Semiconductor Corp.)
Remote Keyboard (x32 Version: 1.1.1.03020 - Sony Corporation) Hidden
Remote Play with PlayStation 3 (x32 Version: 1.1.0.15071 - Sony Corporation) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Service Pack 3 for SQL Server 2008 (KB2546951) (HKLM-x32\...\KB2546951) (Version: 10.3.5500.0 - Microsoft Corporation)
Setting Utility Series (HKLM-x32\...\{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}) (Version: 5.1.0.11200 - Sony Corporation)
Setup_msm_VCMS_x64 (Version: 2.6.0.06040 - Sony Corporation) Hidden
Setup_msm_VOFS_x64 (Version: 2.3.0.09270 - Sony Corporation) Hidden
Setup_VEP_x64_Contain_SSDB (Version: 3.9.0.09270 - Sony Corporation) Hidden
SmartWi Connection Utility (HKLM-x32\...\{9B5F85CA-90D4-4AFC-BB37-32477FD0D2B9}) (Version: 4.9.4.20091005.2246 - Sony)
SOHLib Merge Module (x32 Version: 2.2.0.11240 - Sony Corporation) Hidden
Sony Home Network Library (HKLM-x32\...\{A6B90666-2A1F-49E8-A40E-27EAAD11C096}) (Version: 2.2.0.11240 - Sony Corporation)
Sony Home Network Library (x32 Version: 2.0.1.10160 - Sony Corporation) Hidden
Sql Server Customer Experience Improvement Program (x32 Version: 10.3.5500.0 - Microsoft Corporation) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.10.0 - Synaptics Incorporated)
System Requirements Lab for Intel (HKLM-x32\...\{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}) (Version: 4.4.24.0 - Husdawg, LLC)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837583) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{E21274CE-CA0C-49FA-93F4-DC292A052264}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{B5C70C99-B109-42FD-B219-FF12CA543F19}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{DA2F7ECE-6629-4A80-9CDE-EC95261B75E2}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{80F56E3F-1D47-4E45-B6E0-FEF4E919F4F9}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{E78E2B68-8FD1-42EE-BB74-99A4D9E6222D}) (Version:  - Microsoft)
VAIO - Remote Keyboard (HKLM-x32\...\{7396FB15-9AB4-4B78-BDD8-24A9C15D2C65}) (Version: 1.0.1.03020 - Sony Corporation)
VAIO - Remote Play with PlayStation®3 (HKLM-x32\...\{07441A52-E208-478A-92B7-5C337CA8C131}) (Version: 1.1.0.15071 - Sony Corporation)
VAIO Care (HKLM\...\{EC635BC0-0D7C-4CA2-9B87-2A330C298CB2}) (Version: 8.1.0.10120 - Sony Corporation)
VAIO Care Update (HKLM-x32\...\{87EEB1B4-EE40-4D74-9780-F266FA12F564}) (Version: 1.00.1119 - Sony Corporation)
VAIO Content Metadata Intelligent Analyzing Manager (HKLM\...\{F8B40DB4-FD07-4368-AA57-34F2B0839683}) (Version: 3.9.20.08110 - Sony Corporation)
VAIO Content Metadata Intelligent Analyzing Manager (x32 Version: 3.7.0.14191 - Sony Corporation) Hidden
VAIO Content Metadata Intelligent Network Service Manager (HKLM\...\{725D5BA4-E9FA-452B-8CF5-D7E5F8055C71}) (Version: 3.9.20.08110 - Sony Corporation)
VAIO Content Metadata Manager Settings (HKLM\...\{8FE3CF66-4484-4D39-B47D-DEBBA173619D}) (Version: 3.9.20.08110 - Sony Corporation)
VAIO Content Metadata XML Interface Library (HKLM\...\{97C58294-36D8-4594-8A49-7AB4AE096504}) (Version: 3.9.20.08110 - Sony Corporation)
VAIO Content Monitoring Settings (HKLM-x32\...\{06C05B90-2127-4933-8ABA-61833BDE13FA}) (Version: 2.6.0.11050 - Sony Corporation)
VAIO Control Center (HKLM-x32\...\{72042FA6-5609-489F-A8EA-3C2DD650F667}) (Version: 4.1.1.07160 - Sony Corporation)
VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.2.0.09150 - Sony Corporation)
VAIO Data Restore Tool (x32 Version: 1.2.0.09150 - Sony Corporation) Hidden
VAIO DVD Menu Data (HKLM-x32\...\{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}) (Version: 2.0.00.09240 - Sony Corporation)
VAIO Entertainment Platform (HKLM-x32\...\{0489D044-6386-4BDF-9F98-577D60CF79DD}) (Version: 3.9.0.11160 - Sony Corporation)
VAIO Event Service (HKLM-x32\...\{C7477742-DDB4-43E5-AC8D-0259E1E661B1}) (Version: 5.1.0.11300 - Sony Corporation)
VAIO Hardware Diagnostics (x32 Version: 3.9.1 - Sony Corporation) Hidden
VAIO Help and Support (HKLM-x32\...\{DB1C9CB7-DF65-4991-BD17-71BF9CD15BA0}) (Version: 10.00.1029 - Sony Corporation)
VAIO Media plus (HKLM-x32\...\{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}) (Version: 2.0.1.10160 - Sony Corporation)
VAIO Media plus Opening Movie (HKLM-x32\...\{6BF03C88-C06A-48DC-B9A1-FE72B24E5FA9}) (Version: 2.0.0.07030 - Sony Corporation)
VAIO Movie Story Template Data (HKLM-x32\...\InstallShield_{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}) (Version: 2.0.00.09240 - Sony Corporation)
VAIO Movie Story Template Data (x32 Version: 2.0.00.09240 - Sony Corporation) Hidden
VAIO OOBE and Startup Assistant (HKLM-x32\...\{1B500D37-E7CF-480B-8054-8A563594EC4E}) (Version: 2.01.1110 - Sony Corporation)
VAIO Original Function Settings (HKLM-x32\...\{04EAE65A-CDCF-480F-B754-5C3A9364239C}) (Version: 2.3.0.11240 - Sony Corporation)
VAIO Personalization Manager (HKLM\...\{BAD9A7B0-FA18-4247-A6F5-BDCF64B40C4C}) (Version: 3.0.2.05260 - Sony Corporation)
VAIO Power Management (HKLM-x32\...\{803E4FA5-A940-4420-B89D-A8BC2E160247}) (Version: 5.0.0.11300 - Sony Corporation)
VAIO Survey (HKLM-x32\...\{34B37A74-125E-4406-87BA-E4BD3D097AE5}) (Version: 6.00.1028 - Sony Corporation)
VAIO Transfer Support (HKLM-x32\...\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}) (Version: 1.1.2.06030 - Sony Corporation)
VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 6.3.1.10120 - Sony Corporation)
VAIO Wallpaper Contents (HKLM-x32\...\{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}) (Version: 2.0.0.06010 - Sony Corporation)
VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden
WD Drive Utilities (HKLM-x32\...\{72E40002-8CEC-47C1-A099-83AC8E173BF0}) (Version: 1.0.3.3 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{83270912-15C7-4336-822E-E8F1B1BBCA60}) (Version: 1.0.3.3 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{9798BB87-01B9-4D46-8EA0-6681E72BDE87}) (Version: 1.6.5.2 - Western Digital Technologies, Inc.)
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.500 - Broadcom Corporation)
Windows Driver Package - Broadcom Bluetooth  (09/09/2009 6.2.0.9405) (HKLM\...\930E4792BDAEAFB62A9514EE7578775658A5D07C) (Version: 09/09/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Driver Package - Dynastream Innovations (libusb0) LibUsbDevices  (07/07/2009 1.12.2) (HKLM\...\24DA573F901348FFDFF7717497830D45BE0C362E) (Version: 07/07/2009 1.12.2 - Dynastream Innovations)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Driver Package - Intel (NETwLv64) net  (10/07/2010 13.4.0.139) (HKLM\...\EA1C8ECD4E416637C38F0079F98C8C7B0A112265) (Version: 10/07/2010 13.4.0.139 - Intel)
Windows Driver Package - Intel (NETwNs64) net  (01/19/2011 13.5.0.6) (HKLM\...\EF16709DD2C1C00190D1433E735F9F703EA529B9) (Version: 01/19/2011 13.5.0.6 - Intel)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

12-02-2014 16:28:33 Windows Update
18-02-2014 18:13:18 Windows Update
18-02-2014 19:21:46 Removed Oasis2Service
21-02-2014 21:16:55 Windows Update
23-02-2014 18:45:14 Installed Java 7 Update 51
23-02-2014 18:59:01 Installed Java 7 Update 51
23-02-2014 19:04:10 Removed Java 7 Update 51
23-02-2014 19:08:00 Removed Microsoft Works
23-02-2014 19:14:29 Installed HiJackThis
23-02-2014 21:01:27 OTL Restore Point - 2/23/2014 12:01:25 PM
25-02-2014 16:24:47 ComboFix created restore point
26-02-2014 02:56:56 Removed Garmin ANT Agent

==================== Hosts content: ==========================

2009-07-13 17:34 - 2014-02-26 07:21 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {1A02AC57-FE36-4B30-98FB-66C6CD93C4B9} - System32\Tasks\Sony\OOBESendInfo => C:\Program Files\Sony\First Experience\OOBESendInfo.exe [2009-11-05] ()
Task: {3E054868-003C-4F9E-8CC7-554684AE88A5} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3196128469-3788443982-4118194652-1005 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {3E4A3FEF-B9CE-4B72-AAFC-7531B39CAB8B} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {43D76504-B097-46E2-B694-A24ED7AB7DB4} - System32\Tasks\SONY\SUS-BCF\Level4Daily => C:\Program Files (x86)\Sony\Setting Utility Series\WBCBatteryCare.exe [2009-11-20] (Sony Corporation)
Task: {53D801B4-A518-4E0D-8FF2-2F055CC1EA7C} - System32\Tasks\SONY\VAIO Power Management\VPM Session Change => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-06-19] (Sony Corporation)
Task: {65F36D84-E344-47D6-87AC-9B73D007CDEC} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3196128469-3788443982-4118194652-1005 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {735F523D-C283-4B90-ABB2-15F0197D459B} - System32\Tasks\Sony Corporation\VAIO Update\Launch Application => C:\Program Files\SONY\VAIO Update\ShellExeProxy.exe [2013-08-29] (Sony Corporation)
Task: {73BCFF94-B404-4235-A5DF-BDE7D2B93668} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-22] (Adobe Systems Incorporated)
Task: {7F706026-B2A7-4397-9F5C-E4B4503E4C2F} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-10-12] (Sony Corporation)
Task: {822299A1-6671-46A7-93AF-C1414DE8C48D} - System32\Tasks\Sony Corporation\VAIO Care\CRMReminder => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-10-12] (Sony Corporation)
Task: {87CFF7D9-DF61-47BF-B33B-9D95125B2684} - System32\Tasks\Sony\VAIO Survey => C:\Program Files (x86)\Sony\VAIO Survey\VAIO Sat Survey.exe [2009-10-26] ()
Task: {9402627E-C3F6-4AAF-8D6F-586A1BDD6B61} - System32\Tasks\Sony Corporation\VAIO Care\VCSelfHeal => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-10-12] (Sony Corporation)
Task: {9A0109F3-96EF-4560-9438-0EB8AA1E63D4} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-10-12] (Sony Corporation)
Task: {AB4972BA-EF15-4D9D-B98C-7BFDBFB723C2} - System32\Tasks\SONY\SUS-BCF\Level4Month => C:\Program Files (x86)\Sony\Setting Utility Series\WBCBatteryCare.exe [2009-11-20] (Sony Corporation)
Task: {B1A41A93-5F1F-4479-B17E-77F39192306D} - System32\Tasks\SONY\VAIO Power Management\VPM Logon Start => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-06-19] (Sony Corporation)
Task: {B6D3BBEB-DAC5-4E43-82EA-3F018F24CAD8} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-10-12] (Sony Corporation)
Task: {B83C7B48-DA11-45B9-9755-E607AE5B1EF6} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-10-12] (Sony Corporation)
Task: {BAAD8817-CB01-4C1A-A004-A0F0F5DB37F7} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2013-09-27] (Sony Corporation)
Task: {BEC220D8-9191-4570-82AE-7472B03D1CCD} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2010-07-21] (Microsoft Corporation)
Task: {D087AC4F-5286-4AD0-BACA-69F3BDE54EDC} - System32\Tasks\Sony\Java Update => C:\Program Files\Java\jre6\bin\jusched.exe
Task: {E163D5F2-3AAF-4888-B9FC-03997D8D35CA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
Task: {E7926116-1693-4073-B051-F6D888B5779C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E809E3A3-940F-4EF1-B057-CF41B534C92C} - System32\Tasks\SONY\VAIO Power Management\VPM Unlock => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-06-19] (Sony Corporation)
Task: {ECEDC442-094C-4254-A35B-99B7FFC76700} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2013-09-19] (Sony Corporation)
Task: {F1E4DDE9-45F0-4E4C-A735-7824EA7D3C6D} - System32\Tasks\Sony\OOBEReminder => C:\Program Files\Sony\First Experience\OOBEFcdRegistration.exe [2009-11-05] (Sony Electronics, Inc.)
Task: {F9536F72-B38E-4DBE-8CBE-EC1A6B55F533} - System32\Tasks\VAIO Health Report => C:\Program Files (x86)\Sony\VAIO Health Report\VAIOHealthReport.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 11:23 - 2010-10-20 11:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2010-07-19 13:48 - 2010-07-19 13:48 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2010-07-19 13:48 - 2010-07-19 13:48 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2013-01-07 23:35 - 2013-01-07 23:35 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2009-12-16 06:05 - 2009-10-05 12:57 - 00016384 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
2009-12-16 06:05 - 2009-10-05 12:42 - 00161080 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
2009-12-16 06:05 - 2009-10-05 12:42 - 00017920 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
2009-12-16 06:05 - 2009-10-05 12:42 - 00033792 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
2012-08-06 13:27 - 2012-08-06 13:27 - 00156672 _____ () C:\Program Files\Sony\VAIO Care\VCPerfService.exe
2012-08-06 13:27 - 2012-08-06 13:27 - 00062464 _____ () C:\Program Files\Sony\VAIO Care\listener.exe
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2009-12-16 06:05 - 2009-10-05 12:42 - 00121856 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\SonyCommonLib.dll
2009-12-16 06:05 - 2009-10-05 12:42 - 00007680 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\DebugMsg.dll
2009-12-16 06:05 - 2009-10-05 12:42 - 00009728 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\Resources.dll
2009-12-16 06:05 - 2009-10-05 12:42 - 00015360 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\SharedInterfaces.dll
2009-12-16 06:05 - 2009-10-05 12:42 - 00018944 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\DictionaryLookup.dll
2009-12-16 06:05 - 2009-10-05 12:42 - 00011264 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\MessageXML.dll
2009-12-16 06:05 - 2009-10-05 12:42 - 00107008 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\DevicePanel.dll
2009-12-16 06:44 - 2009-11-30 18:20 - 00010752 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESBasePS.dll
2009-12-16 06:44 - 2009-11-30 18:20 - 00009728 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSubPS.dll
2009-12-16 06:05 - 2009-10-05 12:42 - 00005120 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.ThirdPartyApp.dll
2009-12-16 06:05 - 2009-10-05 12:42 - 00023040 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.Generic.dll
2009-12-16 06:05 - 2009-10-05 12:42 - 00027648 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.BtPower.dll
2009-12-16 06:05 - 2009-10-05 12:42 - 00005120 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.Generic.dll
2009-12-16 06:05 - 2009-10-05 12:42 - 00015360 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.NativeWifiThirdPartyApp.dll
2009-12-16 06:05 - 2009-10-05 12:42 - 00011264 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.TosBtThirdPartyApp.dll
2009-12-16 06:05 - 2009-10-05 12:42 - 00006656 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.WlanPower.dll
2009-12-16 06:05 - 2009-10-05 12:42 - 00004608 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.Power.dll
2009-11-25 15:01 - 2009-11-20 11:19 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 11:45 - 2010-10-20 11:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:D20FFA63

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: ACDaemon => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: McComponentHostServiceSony => 3
MSCONFIG\Services: SOHCImp => 3
MSCONFIG\Services: SOHDms => 3
MSCONFIG\Services: SOHDs => 3
MSCONFIG\Services: SpfService => 3
MSCONFIG\Services: uCamMonitor => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Install Webroot FF RunOnce.lnk => C:\Windows\pss\Install Webroot FF RunOnce.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Install Webroot IE RunOnce.lnk => C:\Windows\pss\Install Webroot IE RunOnce.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ANT Agent => C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe
MSCONFIG\startupreg: Garmin Lifetime Updater => "C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe" /StartMinimized
MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
MSCONFIG\startupreg: Google Update => "C:\Users\Paul\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~2\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: WRSVC => "C:\Program Files\Webroot\WRSA.exe" -ul

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (02/26/2014 05:10:59 PM) (Source: Bonjour Service) (User: )
Description: Client application bug: DNSServiceResolve(A28FF6531D38A035._appletv-v2._tcp.local.) active for over two minutes. This places considerable burden on the network.

Error: (02/25/2014 07:02:27 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13510

Error: (02/25/2014 07:02:27 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13510

Error: (02/25/2014 07:02:27 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/25/2014 07:02:26 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12340

Error: (02/25/2014 07:02:26 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12340

Error: (02/25/2014 07:02:26 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/25/2014 07:02:25 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11341

Error: (02/25/2014 07:02:25 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11341

Error: (02/25/2014 07:02:25 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

System errors:
=============
Error: (02/26/2014 05:45:33 PM) (Source: Service Control Manager) (User: )
Description: The LiveUpdate service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/26/2014 05:44:54 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (02/26/2014 05:29:36 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 107.

Error: (02/26/2014 05:29:36 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

Error: (02/26/2014 05:29:35 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 107.

Error: (02/26/2014 05:29:35 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

Error: (02/26/2014 05:29:35 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 107.

Error: (02/26/2014 05:29:35 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

Error: (02/26/2014 05:29:26 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 107.

Error: (02/26/2014 05:29:26 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

Microsoft Office Sessions:
=========================
Error: (02/26/2014 05:10:59 PM) (Source: Bonjour Service)(User: )
Description: Client application bug: DNSServiceResolve(A28FF6531D38A035._appletv-v2._tcp.local.) active for over two minutes. This places considerable burden on the network.

Error: (02/25/2014 07:02:27 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13510

Error: (02/25/2014 07:02:27 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13510

Error: (02/25/2014 07:02:27 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/25/2014 07:02:26 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12340

Error: (02/25/2014 07:02:26 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12340

Error: (02/25/2014 07:02:26 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/25/2014 07:02:25 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11341

Error: (02/25/2014 07:02:25 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11341

Error: (02/25/2014 07:02:25 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

CodeIntegrity Errors:
===================================
  Date: 2014-02-26 07:20:36.319
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-02-26 07:20:36.241
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2010-11-20 08:08:52.698
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2010-11-20 08:08:52.677
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2010-10-10 10:29:34.870
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\oleaut32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2010-10-10 10:24:02.280
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\oleaut32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2010-10-10 10:20:09.775
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\oleaut32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2010-10-10 10:19:17.975
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\oleaut32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2010-10-10 10:08:23.304
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\oleaut32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2010-10-10 10:04:20.721
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\oleaut32.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 55%
Total physical RAM: 3766.88 MB
Available physical RAM: 1661.96 MB
Total Pagefile: 7531.95 MB
Available Pagefile: 5029.61 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:457.04 GB) (Free:186.33 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: D83B5F0D)

Partition: GPT Partition Type.

==================== End Of Log ============================






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users