Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Avast, Malwarebytes and Housecall deteted something (1)


  • This topic is locked This topic is locked
31 replies to this topic

#1 reggiereg

reggiereg

  • Members
  • 142 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:36 AM

Posted 14 November 2014 - 04:42 AM

I ran Housecall, Avast, and Malwarebites scans, but cannot find the logfiles. Iv'e Googled where they should be but they are not there. My internet is painfully slow too.

 

Iv'e attached a png of a screenshot of the quarantine files from Malwarebites too.

 

I've also had to post this from my phone, a the computer times out, so won't let me post, so forgive any,errors in my post, it's hard to see on such a small screen

 

=====================================================================================================================

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 
Run by hooky sw at 7:34:46 on 2014-11-14
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.5998.3266 [GMT 0:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\CISVC.EXE
C:\Windows\system32\spool\DRIVERS\x64\3\OKHSLDCS.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\hasplms.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Okidata\Common\Extend3\portmgrsrv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
c:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Apoint\Apoint.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files\Okidata\OKI LPR Utility\okilpr.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\Apvfb.exe
C:\Program Files (x86)\WordWeb\wweb32.exe
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe
C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
C:\Users\hooky sw\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Sony\VAIO Update\vuagent.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Sony\VAIO Care\VCPerfService.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files\Sony\VAIO Care\VCService.exe
C:\Program Files\Sony\VAIO Care\VCAgent.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SVEE&bmod=SVEE
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SVEE&bmod=SVEE
mDefault_Page_URL = hxxp://www.google.com
uProxyOverride = <local>
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\Sony\MSS\3.8.141\McAfeeMSS_IE.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - 
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - 
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [PMBVolumeWatcher] c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [WordWeb] "C:\Program Files (x86)\WordWeb\wweb32.exe" -startup
mRun: [Seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
mRun: [SHTtray.exe] C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe
mRun: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
mRun: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
StartupFolder: C:\Users\HOOKYS~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\hooky sw\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\IMAGEB~1.LNK - C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\OKILPR~1.LNK - C:\Program Files\Okidata\OKI LPR Utility\okilpr.exe
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab
TCP: NameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{BC863AAA-54E2-4F05-A57B-5B003D0368DB} : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{C3FA99C0-6D20-46D3-A571-87208C430CB4} : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{C3FA99C0-6D20-46D3-A571-87208C430CB4}\258434144435C4 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{C3FA99C0-6D20-46D3-A571-87208C430CB4}\4514C4B44514C4B4D2836453234483 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C3FA99C0-6D20-46D3-A571-87208C430CB4}\45543545F5E4 : DHCPNameServer = 20.20.20.1
TCP: Interfaces\{C3FA99C0-6D20-46D3-A571-87208C430CB4}\64275656745756374775966696 : DHCPNameServer = 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - <no file>
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - LocalServer32 - <no file>
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3 
x64-Run: [Apoint] C:\Program Files (x86)\Apoint\Apoint.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
x64-DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
x64-DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\Windows\System32\ieudinit.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\hooky sw\AppData\Roaming\Mozilla\Firefox\Profiles\8ynsjwen.default\
FF - plugin: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\npBrowserPlugin.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Sony\MSS\3.8.141\npMcAfeeMSS.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-11-13 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-11-13 267632]
R0 Lbd;Lbd;C:\Windows\System32\drivers\Lbd.sys [2012-3-10 69376]
R0 RapportKE64;RapportKE64;C:\Windows\System32\drivers\RapportKE64.sys [2014-4-22 536984]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2014-11-13 1050432]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2014-11-13 436624]
R1 RapportCerberus_80049;RapportCerberus_80049;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_80049.sys [2014-9-1 768184]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2014-7-31 444184]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2014-7-31 562136]
R2 aksdf;aksdf;C:\Windows\System32\drivers\aksdf.sys [2013-5-22 83072]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-10-8 202752]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-11-13 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-11-13 83280]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-11-13 116728]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-11-13 50344]
R2 ESRV_SVC;Energy Server Service;C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [2013-11-1 377768]
R2 hasplms;Sentinel Local License Manager;C:\Windows\System32\hasplms.exe  -run --> C:\Windows\System32\hasplms.exe  -run [?]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-7-12 13336]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2014-7-15 786256]
R2 OpLclSrv;OKI Local Port Manager;C:\Program Files\Okidata\Common\Extend3\portmgrsrv.exe [2013-11-5 169472]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-6-1 367456]
R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2014-7-31 1919256]
R2 rimspci;rimspci;C:\Windows\System32\drivers\rimssne64.sys [2010-7-12 94208]
R2 risdsnpe;risdsnpe;C:\Windows\System32\drivers\risdsne64.sys [2010-7-12 78848]
R2 SampleCollector;Intel® System Behavior Tracker Collector Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2013-11-1 266168]
R2 SeagateDashboardService;Seagate Dashboard Service;C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-6-1 14088]
R2 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-6-20 108400]
R2 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-6-18 423280]
R2 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-6-20 67952]
R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2012-3-6 104960]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-3-6 2320920]
R2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2012-3-6 575856]
R2 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-1-20 887000]
R2 VSNService;VSNService;C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2012-3-6 836608]
R2 WDBackup;WD Backup;C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [2012-6-14 1151424]
R2 WDDriveService;WD Drive Manager;C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [2012-9-6 248248]
R2 WDRulesService;WD Rules;C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [2012-6-14 1177536]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\System32\drivers\ArcSoftKsUFilter.sys [2012-3-6 19968]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-6-4 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-7-12 158976]
R3 RapportIaso;RapportIaso;C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportIaso64.sys [2014-4-22 428696]
R3 semav6thermal64ro;semav6thermal64ro;C:\Windows\System32\drivers\semav6thermal64ro.sys [2014-4-19 13792]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2010-6-2 12032]
R3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-1-20 286936]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-5-19 549616]
R3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2014-2-20 60504]
R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update\VUAgent.exe [2014-10-7 1642544]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2010-7-12 402720]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-4-1 183560]
S3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\System32\drivers\btwampfl.sys [2012-3-6 342056]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2012-3-6 39464]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2014-1-22 108800]
S3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-7-12 271872]
S3 JLTECH0227;Dual Mode Camera;C:\Windows\System32\drivers\jl2005c.sys [2012-12-31 77992]
S3 McComponentHostServiceSony;McAfee Security Scan Component Host Service for Sony;C:\Program Files\Sony\MSS\3.8.141\McCHSvc.exe [2014-1-16 289256]
S3 pwdrvio;pwdrvio;C:\Windows\System32\pwdrvio.sys [2013-9-27 19032]
S3 pwdspio;pwdspio;C:\Windows\System32\pwdspio.sys [2013-9-27 12384]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-19 19456]
S3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;C:\Windows\System32\drivers\silabenm.sys [2012-11-27 27336]
S3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;C:\Windows\System32\drivers\silabser.sys [2013-3-6 73216]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2014-1-22 206080]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-11-14 56832]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 USER_ESRV_SVC;User Energy Server Service;C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [2013-11-1 377768]
S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-6-9 384880]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-2-18 99104]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-3-9 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-14 25088]
.
=============== Created Last 30 ================
.
2014-11-14 07:25:12 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4D055F8E-C3AD-42A4-8B00-9C733CA89C94}\offreg.dll
2014-11-13 11:02:33 -------- d-----w- C:\Users\hooky sw\AppData\Roaming\AVAST Software
2014-11-13 10:53:52 267632 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-11-13 10:53:52 116728 ----a-w- C:\Windows\System32\drivers\aswStm.sys
2014-11-13 10:53:50 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-11-13 10:53:49 83280 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-11-13 10:53:48 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2014-11-13 10:53:48 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2014-11-13 10:53:47 1050432 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2014-11-13 10:53:40 43152 ----a-w- C:\Windows\avastSS.scr
2014-11-13 10:51:52 -------- d-----w- C:\ProgramData\AVAST Software
2014-11-13 10:19:09 -------- d-----w- C:\Program Files\AVAST Software
2014-11-13 09:50:08 -------- d-----w- C:\Users\hooky sw\AppData\Local\Broadcom
2014-11-13 09:45:06 -------- d-----w- C:\Users\hooky sw\AppData\Local\ElevatedDiagnostics
2014-11-12 14:37:30 175528 ----a-w- C:\Windows\System32\drivers\tmcomm.sys
2014-11-12 11:12:26 -------- d-----w- C:\Users\hooky sw\AppData\Roaming\Subversion
2014-11-12 11:12:16 -------- d-----w- C:\Users\hooky sw\AppData\Local\MathWorks
2014-11-12 11:11:36 -------- d-----w- C:\Users\hooky sw\AppData\Roaming\MathWorks
2014-11-12 11:03:51 -------- d-----w- C:\ProgramData\MathWorks
2014-11-12 10:00:08 -------- d-----w- C:\Program Files\MATLAB
2014-11-12 09:32:10 304640 ----a-w- C:\Windows\System32\generaltel.dll
2014-11-12 09:32:09 228864 ----a-w- C:\Windows\System32\aepdu.dll
2014-11-12 09:32:08 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-11-12 09:32:03 683520 ----a-w- C:\Windows\System32\termsrv.dll
2014-11-12 09:32:03 155064 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-11-12 09:32:02 681984 ----a-w- C:\Windows\SysWow64\adtschema.dll
2014-11-12 09:32:02 681984 ----a-w- C:\Windows\System32\adtschema.dll
2014-11-12 09:32:02 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2014-11-12 09:32:02 146432 ----a-w- C:\Windows\System32\msaudite.dll
2014-11-12 09:32:02 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-11-12 09:32:01 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-11-12 09:32:01 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-11-12 09:28:52 500224 ----a-w- C:\Windows\System32\AUDIOKSE.dll
2014-11-11 14:24:39 -------- d-----w- C:\Program Files (x86)\Elaborate Bytes
2014-11-11 13:16:39 11627712 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4D055F8E-C3AD-42A4-8B00-9C733CA89C94}\mpengine.dll
2014-11-11 12:43:33 -------- d-----w- C:\Users\hooky sw\AppData\Roaming\Arduino
2014-11-11 11:49:01 -------- d-----w- C:\Users\hooky sw\AppData\Local\Apple
2014-11-11 11:12:08 -------- d-----w- C:\Users\hooky sw\AppData\Local\qBittorrent
2014-11-11 11:11:51 -------- d-----w- C:\Users\hooky sw\AppData\Roaming\qBittorrent
2014-11-11 11:11:42 -------- d-----w- C:\Program Files (x86)\qBittorrent
2014-11-11 10:44:14 -------- d-----w- C:\Users\hooky sw\AppData\Roaming\uTorrent
2014-11-11 09:48:21 -------- d-----w- C:\Users\hooky sw\AppData\Roaming\Scooter Software
2014-11-10 20:24:51 -------- d-----w- C:\Users\hooky sw\AppData\Roaming\iolo
2014-11-10 14:27:01 -------- d-----w- C:\Users\hooky sw\AppData\Roaming\PDAppFlex
2014-11-10 14:11:27 -------- d-----w- C:\Program Files (x86)\DiskInternals
2014-11-10 13:08:29 -------- d-----w- C:\Program Files\Macromedia
2014-11-10 12:42:57 -------- d-----w- C:\Users\hooky sw\AppData\Roaming\LibreOffice
2014-11-07 12:25:28 -------- d-----r- C:\Users\hooky sw\Creative Cloud Files
2014-11-07 11:45:25 -------- d-----w- C:\Users\hooky sw\AppData\Local\Macromedia
2014-11-07 11:44:45 -------- d-----w- C:\Users\hooky sw\AppData\Local\Mozilla
2014-11-07 10:30:53 -------- d-----w- C:\Users\hooky sw\AppData\Local\gtk-2.0
2014-11-07 10:28:52 -------- d-----w- C:\Users\hooky sw\Synfig
2014-11-06 14:10:31 -------- d-----w- C:\Program Files (x86)\Common Files\Macromedia
2014-11-06 14:10:16 -------- d-----w- C:\Program Files (x86)\Macromedia
2014-11-05 13:59:14 -------- d-----r- C:\Users\hooky sw\Dropbox
2014-11-05 13:48:59 -------- d-----w- C:\Users\hooky sw\AppData\Roaming\Dropbox
2014-11-05 13:18:00 -------- d-----w- C:\Users\hooky sw\AppData\Roaming\KeePass
2014-11-05 13:17:03 -------- d-----w- C:\Users\hooky sw\AppData\Roaming\Intel Corporation
2014-11-05 13:17:00 -------- d-----w- C:\Users\hooky sw\AppData\Roaming\Seagate
2014-11-05 13:16:36 -------- d-----w- C:\Users\hooky sw\AppData\Local\Adobe
2014-10-16 13:50:38 -------- d-----w- C:\opencv
2014-10-15 10:27:38 -------- d-----w- C:\Program Files (x86)\LibreOffice 4
.
==================== Find3M  ====================
.
2014-11-13 19:46:12 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-11-12 13:59:26 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-12 13:59:26 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-11-05 13:29:56 111016 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2014-10-28 05:34:58 275080 ------w- C:\Windows\System32\MpSigStub.exe
2014-10-27 20:13:57 2339840 ----a-w- C:\Windows\System32\jscript9.dll
2014-10-27 20:06:55 1392128 ----a-w- C:\Windows\System32\wininet.dll
2014-10-27 20:05:41 1494016 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-10-27 20:04:52 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-10-27 20:04:37 599040 ----a-w- C:\Windows\System32\vbscript.dll
2014-10-27 20:03:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2014-10-27 20:03:21 12800 ----a-w- C:\Windows\System32\mshta.exe
2014-10-27 19:05:44 1810944 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-10-27 18:59:06 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-10-27 18:58:19 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-10-27 18:56:58 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-10-27 18:56:40 421376 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-10-27 18:55:20 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-10-27 18:55:17 11776 ----a-w- C:\Windows\SysWow64\mshta.exe
2014-10-25 01:57:59 77824 ----a-w- C:\Windows\System32\packager.dll
2014-10-25 01:32:37 67584 ----a-w- C:\Windows\SysWow64\packager.dll
2014-10-18 02:05:23 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2014-10-18 01:33:18 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2014-10-14 02:13:00 3241984 ----a-w- C:\Windows\System32\msi.dll
2014-10-14 01:50:41 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-10-13 08:30:20 230840 ----a-w- C:\Windows\System32\drivers\truecrypt.sys
2014-10-10 00:57:42 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-10-03 02:11:54 284672 ----a-w- C:\Windows\System32\EncDump.dll
2014-10-03 02:11:51 680960 ----a-w- C:\Windows\System32\audiosrv.dll
2014-10-03 02:11:51 440832 ----a-w- C:\Windows\System32\AudioEng.dll
2014-10-03 02:11:51 296448 ----a-w- C:\Windows\System32\AudioSes.dll
2014-10-03 01:44:42 442880 ----a-w- C:\Windows\SysWow64\AUDIOKSE.dll
2014-10-03 01:44:26 374784 ----a-w- C:\Windows\SysWow64\AudioEng.dll
2014-10-03 01:44:26 195584 ----a-w- C:\Windows\SysWow64\AudioSes.dll
2014-10-01 11:11:26 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-10-01 11:11:16 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-10-01 11:11:12 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-09-25 02:08:38 371712 ----a-w- C:\Windows\System32\qdvd.dll
2014-09-25 01:40:50 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-09-19 09:42:52 210944 ----a-w- C:\Windows\System32\wdigest.dll
2014-09-19 09:42:51 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2014-09-19 09:42:49 342016 ----a-w- C:\Windows\System32\schannel.dll
2014-09-19 09:42:47 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2014-09-19 09:42:47 309760 ----a-w- C:\Windows\System32\ncrypt.dll
2014-09-19 09:42:44 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-09-19 09:42:41 22016 ----a-w- C:\Windows\System32\credssp.dll
2014-09-19 09:23:55 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2014-09-19 09:23:52 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2014-09-19 09:23:49 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2014-09-19 09:23:46 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2014-09-19 09:23:45 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2014-09-19 09:23:42 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-09-19 09:23:36 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2014-09-09 22:11:04 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-09-09 21:47:10 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-09-05 02:11:09 6584320 ----a-w- C:\Windows\System32\mstscax.dll
2014-09-05 01:52:41 5703168 ----a-w- C:\Windows\SysWow64\mstscax.dll
2014-09-04 05:23:20 424448 ----a-w- C:\Windows\System32\rastls.dll
2014-09-04 05:04:15 372736 ----a-w- C:\Windows\SysWow64\rastls.dll
2014-08-29 02:07:13 3179520 ----a-w- C:\Windows\System32\rdpcorets.dll
2014-08-23 02:07:00 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-23 01:45:55 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-08-21 06:43:26 1882624 ----a-w- C:\Windows\System32\msxml3.dll
2014-08-21 06:40:32 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2014-08-21 06:26:21 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2014-08-21 06:23:10 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2014-08-19 03:11:28 693176 ----a-w- C:\Windows\System32\winload.efi
2014-08-19 03:10:10 616352 ----a-w- C:\Windows\System32\winresume.efi
2014-08-19 03:08:04 503808 ----a-w- C:\Windows\System32\srcore.dll
2014-08-19 03:08:04 50176 ----a-w- C:\Windows\System32\srclient.dll
2014-08-19 03:08:03 63488 ----a-w- C:\Windows\System32\setbcdlocale.dll
2014-08-19 03:07:51 58880 ----a-w- C:\Windows\System32\appidapi.dll
2014-08-19 03:07:51 32256 ----a-w- C:\Windows\System32\appidsvc.dll
2014-08-19 03:07:33 296960 ----a-w- C:\Windows\System32\rstrui.exe
2014-08-19 03:07:11 17920 ----a-w- C:\Windows\System32\appidcertstorecheck.exe
2014-08-19 03:07:11 146944 ----a-w- C:\Windows\System32\appidpolicyconverter.exe
2014-08-19 02:41:39 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2014-08-19 02:41:22 50688 ----a-w- C:\Windows\SysWow64\appidapi.dll
2014-08-19 02:06:56 61440 ----a-w- C:\Windows\System32\drivers\appid.sys
.
============= FINISH:  7:38:45.50 ===============

Attached Files


Edited by Chris Cosgrove, 14 November 2014 - 08:49 AM.


BC AdBot (Login to Remove)

 


m

#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,550 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:36 PM

Posted 19 November 2014 - 09:15 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/556372 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 reggiereg

reggiereg
  • Topic Starter

  • Members
  • 142 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:36 AM

Posted 22 November 2014 - 02:39 AM

1) See description of problem above.
2) I do not have a windows disc/DVD; it was pre-loaded on my machine when I bought it new.
3) here is a fresh DDSlog:
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 
Run by hooky sw at 7:23:18 on 2014-11-22
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.5998.3504 [GMT 0:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\CISVC.EXE
C:\Windows\system32\spool\DRIVERS\x64\3\OKHSLDCS.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\hasplms.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Okidata\Common\Extend3\portmgrsrv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
c:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Apoint\Apoint.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
C:\Program Files\Okidata\OKI LPR Utility\okilpr.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\WordWeb\wweb32.exe
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe
C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Users\hooky sw\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\Apvfb.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
C:\Program Files\Sony\VAIO Update\vuagent.exe
C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Sony\VAIO Care\VCPerfService.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Sony\VAIO Care\VCService.exe
C:\Program Files\Sony\VAIO Care\VCAgent.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SVEE&bmod=SVEE
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SVEE&bmod=SVEE
mDefault_Page_URL = hxxp://www.google.com
uProxyOverride = <local>
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\Sony\MSS\3.8.141\McAfeeMSS_IE.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - 
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - 
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [PMBVolumeWatcher] c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [WordWeb] "C:\Program Files (x86)\WordWeb\wweb32.exe" -startup
mRun: [Seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
mRun: [SHTtray.exe] C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe
mRun: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
mRun: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
StartupFolder: C:\Users\HOOKYS~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\hooky sw\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\IMAGEB~1.LNK - C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\OKILPR~1.LNK - C:\Program Files\Okidata\OKI LPR Utility\okilpr.exe
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab
TCP: NameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{BC863AAA-54E2-4F05-A57B-5B003D0368DB} : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{C3FA99C0-6D20-46D3-A571-87208C430CB4} : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{C3FA99C0-6D20-46D3-A571-87208C430CB4}\258434144435C4 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{C3FA99C0-6D20-46D3-A571-87208C430CB4}\4514C4B44514C4B4D2836453234483 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C3FA99C0-6D20-46D3-A571-87208C430CB4}\45543545F5E4 : DHCPNameServer = 20.20.20.1
TCP: Interfaces\{C3FA99C0-6D20-46D3-A571-87208C430CB4}\64275656745756374775966696 : DHCPNameServer = 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - <no file>
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - LocalServer32 - <no file>
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3 
x64-Run: [Apoint] C:\Program Files (x86)\Apoint\Apoint.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
x64-DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
x64-DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\Windows\System32\ieudinit.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\hooky sw\AppData\Roaming\Mozilla\Firefox\Profiles\8ynsjwen.default\
FF - plugin: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\npBrowserPlugin.dll
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Sony\MSS\3.8.141\npMcAfeeMSS.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-11-13 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-11-13 267632]
R0 Lbd;Lbd;C:\Windows\System32\drivers\Lbd.sys [2012-3-10 69376]
R0 RapportKE64;RapportKE64;C:\Windows\System32\drivers\RapportKE64.sys [2014-4-22 536984]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2014-11-13 1050432]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2014-11-13 436624]
R1 RapportCerberus_80049;RapportCerberus_80049;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_80049.sys [2014-9-1 768184]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2014-7-31 444184]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2014-7-31 562136]
R2 aksdf;aksdf;C:\Windows\System32\drivers\aksdf.sys [2013-5-22 83072]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-10-8 202752]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-11-13 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-11-13 83280]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-11-13 116728]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-11-13 50344]
R2 ESRV_SVC;Energy Server Service;C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [2013-11-1 377768]
R2 hasplms;Sentinel Local License Manager;C:\Windows\System32\hasplms.exe  -run --> C:\Windows\System32\hasplms.exe  -run [?]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-7-12 13336]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2014-7-15 786256]
R2 OpLclSrv;OKI Local Port Manager;C:\Program Files\Okidata\Common\Extend3\portmgrsrv.exe [2013-11-5 169472]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-6-1 367456]
R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2014-7-31 1919256]
R2 rimspci;rimspci;C:\Windows\System32\drivers\rimssne64.sys [2010-7-12 94208]
R2 risdsnpe;risdsnpe;C:\Windows\System32\drivers\risdsne64.sys [2010-7-12 78848]
R2 SampleCollector;Intel® System Behavior Tracker Collector Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2013-11-1 266168]
R2 SeagateDashboardService;Seagate Dashboard Service;C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-6-1 14088]
R2 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-6-20 108400]
R2 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-6-18 423280]
R2 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-6-20 67952]
R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2012-3-6 104960]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-3-6 2320920]
R2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2012-3-6 575856]
R2 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-1-20 887000]
R2 VSNService;VSNService;C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2012-3-6 836608]
R2 WDBackup;WD Backup;C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [2012-6-14 1151424]
R2 WDDriveService;WD Drive Manager;C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [2012-9-6 248248]
R2 WDRulesService;WD Rules;C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [2012-6-14 1177536]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\System32\drivers\ArcSoftKsUFilter.sys [2012-3-6 19968]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-6-4 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-7-12 158976]
R3 RapportIaso;RapportIaso;C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportIaso64.sys [2014-4-22 428696]
R3 semav6thermal64ro;semav6thermal64ro;C:\Windows\System32\drivers\semav6thermal64ro.sys [2014-4-19 13792]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2010-6-2 12032]
R3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-1-20 286936]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-5-19 549616]
R3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2014-2-20 60504]
R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update\VUAgent.exe [2014-10-7 1642544]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2010-7-12 402720]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-4-1 183560]
S3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\System32\drivers\btwampfl.sys [2012-3-6 342056]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2012-3-6 39464]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2014-1-22 108800]
S3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-7-12 271872]
S3 JLTECH0227;Dual Mode Camera;C:\Windows\System32\drivers\jl2005c.sys [2012-12-31 77992]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-7-13 129752]
S3 McComponentHostServiceSony;McAfee Security Scan Component Host Service for Sony;C:\Program Files\Sony\MSS\3.8.141\McCHSvc.exe [2014-1-16 289256]
S3 pwdrvio;pwdrvio;C:\Windows\System32\pwdrvio.sys [2013-9-27 19032]
S3 pwdspio;pwdspio;C:\Windows\System32\pwdspio.sys [2013-9-27 12384]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-19 19456]
S3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;C:\Windows\System32\drivers\silabenm.sys [2012-11-27 27336]
S3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;C:\Windows\System32\drivers\silabser.sys [2013-3-6 73216]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2014-1-22 206080]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-11-14 56832]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 USER_ESRV_SVC;User Energy Server Service;C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [2013-11-1 377768]
S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-6-9 384880]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-2-18 99104]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-3-9 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-14 25088]
.
=============== Created Last 30 ================
.
2014-11-22 07:13:22 11632448 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3F0AEB36-65F0-4327-AF81-50CC0713F226}\mpengine.dll
2014-11-19 11:07:57 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-11-19 11:07:57 241152 ----a-w- C:\Windows\System32\pku2u.dll
2014-11-19 11:07:57 186880 ----a-w- C:\Windows\SysWow64\pku2u.dll
2014-11-19 11:07:56 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-11-13 11:02:33 -------- d-----w- C:\Users\hooky sw\AppData\Roaming\AVAST Software
2014-11-13 10:53:52 267632 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-11-13 10:53:52 116728 ----a-w- C:\Windows\System32\drivers\aswStm.sys
2014-11-13 10:53:50 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-11-13 10:53:49 83280 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-11-13 10:53:48 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2014-11-13 10:53:48 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2014-11-13 10:53:47 1050432 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2014-11-13 10:53:40 43152 ----a-w- C:\Windows\avastSS.scr
2014-11-13 10:51:52 -------- d-----w- C:\ProgramData\AVAST Software
2014-11-13 10:19:09 -------- d-----w- C:\Program Files\AVAST Software
2014-11-13 09:50:08 -------- d-----w- C:\Users\hooky sw\AppData\Local\Broadcom
2014-11-13 09:45:06 -------- d-----w- C:\Users\hooky sw\AppData\Local\ElevatedDiagnostics
2014-11-12 14:37:30 175528 ----a-w- C:\Windows\System32\drivers\tmcomm.sys
2014-11-12 11:12:26 -------- d-----w- C:\Users\hooky sw\AppData\Roaming\Subversion
2014-11-12 11:12:16 -------- d-----w- C:\Users\hooky sw\AppData\Local\MathWorks
2014-11-12 11:11:36 -------- d-----w- C:\Users\hooky sw\AppData\Roaming\MathWorks
2014-11-12 11:03:51 -------- d-----w- C:\ProgramData\MathWorks
2014-11-12 10:00:08 -------- d-----w- C:\Program Files\MATLAB
2014-11-12 09:32:10 304640 ----a-w- C:\Windows\System32\generaltel.dll
2014-11-12 09:32:09 228864 ----a-w- C:\Windows\System32\aepdu.dll
2014-11-12 09:32:08 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-11-12 09:32:03 683520 ----a-w- C:\Windows\System32\termsrv.dll
2014-11-12 09:32:03 155064 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-11-12 09:32:02 681984 ----a-w- C:\Windows\SysWow64\adtschema.dll
2014-11-12 09:32:02 681984 ----a-w- C:\Windows\System32\adtschema.dll
2014-11-12 09:32:02 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2014-11-12 09:32:02 146432 ----a-w- C:\Windows\System32\msaudite.dll
2014-11-12 09:32:02 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-11-12 09:32:01 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-11-12 09:32:01 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-11-12 09:28:52 500224 ----a-w- C:\Windows\System32\AUDIOKSE.dll
2014-11-11 14:24:39 -------- d-----w- C:\Program Files (x86)\Elaborate Bytes
2014-11-11 12:43:33 -------- d-----w- C:\Users\hooky sw\AppData\Roaming\Arduino
2014-11-11 11:49:01 -------- d-----w- C:\Users\hooky sw\AppData\Local\Apple
2014-11-11 11:12:08 -------- d-----w- C:\Users\hooky sw\AppData\Local\qBittorrent
2014-11-11 11:11:51 -------- d-----w- C:\Users\hooky sw\AppData\Roaming\qBittorrent
2014-11-11 11:11:42 -------- d-----w- C:\Program Files (x86)\qBittorrent
2014-11-11 10:44:14 -------- d-----w- C:\Users\hooky sw\AppData\Roaming\uTorrent
2014-11-11 09:48:21 -------- d-----w- C:\Users\hooky sw\AppData\Roaming\Scooter Software
2014-11-10 20:24:51 -------- d-----w- C:\Users\hooky sw\AppData\Roaming\iolo
2014-11-10 14:27:01 -------- d-----w- C:\Users\hooky sw\AppData\Roaming\PDAppFlex
2014-11-10 14:11:27 -------- d-----w- C:\Program Files (x86)\DiskInternals
2014-11-10 13:08:29 -------- d-----w- C:\Program Files\Macromedia
2014-11-10 12:42:57 -------- d-----w- C:\Users\hooky sw\AppData\Roaming\LibreOffice
2014-11-07 12:25:28 -------- d-----r- C:\Users\hooky sw\Creative Cloud Files
2014-11-07 11:45:25 -------- d-----w- C:\Users\hooky sw\AppData\Local\Macromedia
2014-11-07 11:44:45 -------- d-----w- C:\Users\hooky sw\AppData\Local\Mozilla
2014-11-07 10:30:53 -------- d-----w- C:\Users\hooky sw\AppData\Local\gtk-2.0
2014-11-07 10:28:52 -------- d-----w- C:\Users\hooky sw\Synfig
2014-11-06 14:10:31 -------- d-----w- C:\Program Files (x86)\Common Files\Macromedia
2014-11-06 14:10:16 -------- d-----w- C:\Program Files (x86)\Macromedia
2014-11-05 13:59:14 -------- d-----r- C:\Users\hooky sw\Dropbox
2014-11-05 13:48:59 -------- d-----w- C:\Users\hooky sw\AppData\Roaming\Dropbox
2014-11-05 13:18:00 -------- d-----w- C:\Users\hooky sw\AppData\Roaming\KeePass
2014-11-05 13:17:03 -------- d-----w- C:\Users\hooky sw\AppData\Roaming\Intel Corporation
2014-11-05 13:17:00 -------- d-----w- C:\Users\hooky sw\AppData\Roaming\Seagate
2014-11-05 13:16:36 -------- d-----w- C:\Users\hooky sw\AppData\Local\Adobe
.
==================== Find3M  ====================
.
2014-11-14 08:50:13 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-11-12 13:59:26 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-12 13:59:26 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-11-05 13:29:56 111016 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2014-11-04 14:30:58 275080 ------w- C:\Windows\System32\MpSigStub.exe
2014-10-27 20:13:57 2339840 ----a-w- C:\Windows\System32\jscript9.dll
2014-10-27 20:06:55 1392128 ----a-w- C:\Windows\System32\wininet.dll
2014-10-27 20:05:41 1494016 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-10-27 20:04:52 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-10-27 20:04:37 599040 ----a-w- C:\Windows\System32\vbscript.dll
2014-10-27 20:03:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2014-10-27 20:03:21 12800 ----a-w- C:\Windows\System32\mshta.exe
2014-10-27 19:05:44 1810944 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-10-27 18:59:06 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-10-27 18:58:19 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-10-27 18:56:58 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-10-27 18:56:40 421376 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-10-27 18:55:20 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-10-27 18:55:17 11776 ----a-w- C:\Windows\SysWow64\mshta.exe
2014-10-25 01:57:59 77824 ----a-w- C:\Windows\System32\packager.dll
2014-10-25 01:32:37 67584 ----a-w- C:\Windows\SysWow64\packager.dll
2014-10-18 02:05:23 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2014-10-18 01:33:18 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2014-10-14 02:13:00 3241984 ----a-w- C:\Windows\System32\msi.dll
2014-10-14 01:50:41 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-10-13 08:30:20 230840 ----a-w- C:\Windows\System32\drivers\truecrypt.sys
2014-10-10 00:57:42 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-10-03 02:11:54 284672 ----a-w- C:\Windows\System32\EncDump.dll
2014-10-03 02:11:51 680960 ----a-w- C:\Windows\System32\audiosrv.dll
2014-10-03 02:11:51 440832 ----a-w- C:\Windows\System32\AudioEng.dll
2014-10-03 02:11:51 296448 ----a-w- C:\Windows\System32\AudioSes.dll
2014-10-03 01:44:42 442880 ----a-w- C:\Windows\SysWow64\AUDIOKSE.dll
2014-10-03 01:44:26 374784 ----a-w- C:\Windows\SysWow64\AudioEng.dll
2014-10-03 01:44:26 195584 ----a-w- C:\Windows\SysWow64\AudioSes.dll
2014-10-01 11:11:26 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-10-01 11:11:16 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-10-01 11:11:12 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-09-25 02:08:38 371712 ----a-w- C:\Windows\System32\qdvd.dll
2014-09-25 01:40:50 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-09-19 09:42:52 210944 ----a-w- C:\Windows\System32\wdigest.dll
2014-09-19 09:42:51 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2014-09-19 09:42:49 342016 ----a-w- C:\Windows\System32\schannel.dll
2014-09-19 09:42:47 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2014-09-19 09:42:47 309760 ----a-w- C:\Windows\System32\ncrypt.dll
2014-09-19 09:42:41 22016 ----a-w- C:\Windows\System32\credssp.dll
2014-09-19 09:23:55 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2014-09-19 09:23:52 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2014-09-19 09:23:49 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2014-09-19 09:23:46 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2014-09-19 09:23:45 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2014-09-19 09:23:36 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2014-09-09 22:11:04 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-09-09 21:47:10 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-09-05 02:11:09 6584320 ----a-w- C:\Windows\System32\mstscax.dll
2014-09-05 01:52:41 5703168 ----a-w- C:\Windows\SysWow64\mstscax.dll
2014-09-04 05:23:20 424448 ----a-w- C:\Windows\System32\rastls.dll
2014-09-04 05:04:15 372736 ----a-w- C:\Windows\SysWow64\rastls.dll
2014-08-29 02:07:13 3179520 ----a-w- C:\Windows\System32\rdpcorets.dll
.
============= FINISH:  7:25:30.25 ===============


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,264 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:36 PM

Posted 22 November 2014 - 02:22 PM

 

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.
 
If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===
 
Please download AdwCleaner by Xplode onto your Desktop.

  •  


  • Close all open programs and internet browsers.


  • Double click on AdwCleaner.exe to run the tool.


  • Click the Scan button and wait for the process to complete.


  • Click the Report button and the report will open in Notepad.

 
IMPORTANT

  •  


  • If you click the Clean button all items listed in the report will be removed.

 
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.

  •  


  • Close all open programs and internet browsers.


  • Double click on AdwCleaner.exe to run the tool.


  • Click the Scan button and wait for the process to complete.


  • Check off the element(s) you wish to keep.


  • Click on the Clean button follow the prompts.


  • A log file will automatically open after the scan has finished.


  • Please post the content of that log file with your next answer.


  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).

 
===
 
Download the version of this tool for your operating system.
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===
 
Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.
 
How is the computer running?
Wait for further instructions.

Edited by nasdaq, 22 November 2014 - 02:23 PM.


#5 reggiereg

reggiereg
  • Topic Starter

  • Members
  • 142 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:36 AM

Posted 22 November 2014 - 07:56 PM

Hi Nasdaq, hear are the scans you requested:
 
 
# AdwCleaner v4.101 - Report created 22/11/2014 at 22:12:26
# Updated 09/11/2014 by Xplode
# Database : 2014-11-16.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : hooky sw - DOM-VAIO
# Running from : C:\Users\hooky sw\Desktop\adwcleaner_4.101.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\iolo
Folder Deleted : C:\Users\dom\AppData\Roaming\iolo
Folder Deleted : C:\Users\hooky sw\AppData\Roaming\iolo
Folder Deleted : C:\Users\hooky sw\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v0.0.0.0
 
 
-\\ Mozilla Firefox v32.0.3 (x86 en-US)
 
 
-\\ Google Chrome v38.0.2125.111
 
[C:\Users\dom\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
[C:\Users\hooky sw\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [2773 octets] - [03/07/2014 17:23:46]
AdwCleaner[R1].txt - [1006 octets] - [07/07/2014 07:39:59]
AdwCleaner[R2].txt - [1585 octets] - [02/10/2014 09:41:44]
AdwCleaner[R3].txt - [1863 octets] - [22/11/2014 21:40:53]
AdwCleaner[S0].txt - [2723 octets] - [03/07/2014 17:26:01]
AdwCleaner[S1].txt - [1789 octets] - [02/10/2014 09:46:05]
AdwCleaner[S2].txt - [1796 octets] - [22/11/2014 22:12:26]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1856 octets] ##########
 
==============================================================================
==============================================================================
==============================================================================
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-11-2014 01
Ran by hooky sw (administrator) on DOM-VAIO on 22-11-2014 22:33:04
Running from C:\Users\hooky sw\Desktop
Loaded Profile: hooky sw (Available profiles: dom & hooky sw)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(Oki Data Corporation) C:\Windows\System32\spool\drivers\x64\3\OKHSLDCS.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Oki Data Corporation) C:\Program Files\Okidata\Common\Extend3\portmgrsrv.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
(Memeo) C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Western Digital) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital ) C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Western Digital ) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
() C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
() C:\Program Files\Okidata\OKI LPR Utility\okilpr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(WordWeb Software) C:\Program Files (x86)\WordWeb\wweb32.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(Dropbox, Inc.) C:\Users\hooky sw\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
(ALPS) C:\Program Files\Apoint\Apvfb.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Sony Corporation) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
() C:\Program Files\Sony\VAIO Care\listener.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10775584 2010-05-31] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2040352 2010-05-31] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [212480 2010-05-31] (Alps Electric Co., Ltd.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-10-14] (Adobe Systems Incorporated)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [673136 2010-05-31] (Sony Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] => c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [600928 2010-06-01] (Sony Corporation)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [673616 2009-04-07] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [WordWeb] => C:\Program Files (x86)\WordWeb\wweb32.exe [65216 2009-11-08] (WordWeb Software)
HKLM-x32\...\Run: [Seagate Dashboard] => C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe [79112 2011-06-01] ()
HKLM-x32\...\Run: [SHTtray.exe] => C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe [99696 2010-06-20] (Sony Corporation)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5235128 2012-06-14] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2117632 2014-07-06] (Dominik Reichl)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2014-10-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-11-22] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk
ShortcutTarget: ImageBrowser EX Agent.lnk -> C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\OKI LPR Utility.lnk
ShortcutTarget: OKI LPR Utility.lnk -> C:\Program Files\Okidata\OKI LPR Utility\okilpr.exe ()
Startup: C:\Users\dom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\hooky sw\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\dom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TalkTalk Setup CD Reporting Tool.exe ()
Startup: C:\Users\hooky sw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\hooky sw\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
BootExecute: autocheck autochk * sdnclean64.exelsdelete
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1744455475-465955899-1649940808-1269\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=SVEE&bmod=SVEE
HKU\S-1-5-21-1744455475-465955899-1649940808-1269\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=SVEE&bmod=SVEE
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\S-1-5-21-1744455475-465955899-1649940808-1269 -> {8BC04AA9-E46E-4F26-B3FC-5E26E67BF172} URL = http://rover.ebay.com/rover/1/710-42480-16445-15/4?satitle={searchTerms}
SearchScopes: HKU\S-1-5-21-1744455475-465955899-1649940808-1269 -> {DBE4568F-A441-4708-B156-94DAEFAFD63B} URL = http://uk.shopping.com/?linkin_id=8056359
SearchScopes: HKU\S-1-5-21-1744455475-465955899-1649940808-1269 -> {F26A571D-CFC9-42F1-BACE-730E170F1A50} URL = http://services.zinio.com/search?s={searchTerms}&rf=sonyslices
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\Sony\MSS\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\hooky sw\AppData\Roaming\Mozilla\Firefox\Profiles\8ynsjwen.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\Sony\MSS\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-10-09]
FF HKLM-x32\...\Firefox\Extensions: [wcapturex@deskperience.com] - C:\Program Files (x86)\WordWeb\WCaptureMoz
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-11-13]
 
Chrome: 
=======
CHR Profile: C:\Users\hooky sw\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\hooky sw\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-05]
CHR Extension: (Google Docs) - C:\Users\hooky sw\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-05]
CHR Extension: (Google Drive) - C:\Users\hooky sw\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-05]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\hooky sw\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-05]
CHR Extension: (YouTube) - C:\Users\hooky sw\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-05]
CHR Extension: (Google Search) - C:\Users\hooky sw\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-05]
CHR Extension: (Google Sheets) - C:\Users\hooky sw\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-05]
CHR Extension: (Avast Online Security) - C:\Users\hooky sw\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-11-13]
CHR Extension: (Google Wallet) - C:\Users\hooky sw\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-05]
CHR Extension: (Gmail) - C:\Users\hooky sw\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-05]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-13]
CHR HKLM-x32\...\Chrome\Extension: [mjdepfkicdcciagbigfcmdhknnoaaegf] - C:\Program Files (x86)\WordWeb\wcxChrome.crx [2012-04-04]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-13] (AVAST Software)
S4 CCALib8; C:\Program Files (x86)\Canon\CAL\CALMAIN.exe [96341 2005-09-30] (Canon Inc.) [File not signed]
R2 DCSLoader; C:\Windows\system32\spool\DRIVERS\x64\3\OKHSLDCS.EXE [20480 2011-11-14] (Oki Data Corporation) [File not signed]
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)
R2 hasplms; C:\Windows\system32\hasplms.exe [4412872 2012-08-23] (SafeNet Inc.)
S3 McComponentHostServiceSony; C:\Program Files\Sony\MSS\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.)
R2 OpLclSrv; C:\Program Files\Okidata\Common\Extend3\portmgrsrv.exe [169472 2011-04-11] (Oki Data Corporation) [File not signed]
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1919256 2014-07-31] (IBM Corp.)
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [266168 2013-11-01] (Intel Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)
S2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [887000 2011-01-20] (Sony Corporation)
R2 VSNService; C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [836608 2010-06-08] (Sony Corporation) [File not signed]
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-28] (Sony Corporation)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1151424 2012-06-14] (Western Digital )
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [248248 2012-09-06] (Western Digital)
R2 WDRulesService; C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [1177536 2012-06-14] (Western Digital )
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-13] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-13] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-13] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-13] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-13] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-13] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-13] ()
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [323584 2012-10-06] (SafeNet Inc.)
S3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [10326784 2010-06-24] (Intel Corporation) [File not signed]
S3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [271872 2010-06-24] (Intel® Corporation) [File not signed]
S3 JLTECH0227; C:\Windows\System32\Drivers\jl2005c.sys [77992 2010-05-29] (Windows ® Codename Longhorn DDK provider) [File not signed]
R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [69376 2011-10-28] (Lavasoft AB)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-14] (Malwarebytes Corporation)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19032 2013-07-01] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12384 2013-07-01] ()
R1 RapportCerberus_80049; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_80049.sys [768184 2014-09-01] ()
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [444184 2014-07-31] (IBM Corp.)
R3 RapportIaso; c:\programdata\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso64.sys [428696 2014-09-01] (IBM Corp.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [536984 2014-07-31] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [562136 2014-07-31] (IBM Corp.)
R3 semav6thermal64ro; C:\Windows\system32\drivers\semav6thermal64ro.sys [13792 2014-04-19] ()
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 Lavasoft Kernexplorer; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-22 22:33 - 2014-11-22 22:33 - 00026214 _____ () C:\Users\hooky sw\Desktop\FRST.txt
2014-11-22 22:32 - 2014-11-22 22:33 - 00000000 ____D () C:\FRST
2014-11-22 21:37 - 2014-11-22 21:38 - 02140160 _____ () C:\Users\hooky sw\Desktop\adwcleaner_4.101.exe
2014-11-22 21:37 - 2014-11-22 21:37 - 02118144 _____ (Farbar) C:\Users\hooky sw\Desktop\FRST64.exe
2014-11-22 09:13 - 2014-11-22 09:13 - 00009948 _____ () C:\Users\hooky sw\Desktop\Attach_22_11.txt
2014-11-22 09:12 - 2014-11-22 09:12 - 00032021 _____ () C:\Users\hooky sw\Desktop\DDS_22_11.txt
2014-11-22 08:54 - 2014-11-22 08:54 - 07340051 _____ (www.colinux.org) C:\Users\hooky sw\Desktop\coLinux-0.7.9.exe
2014-11-22 07:25 - 2014-11-22 07:25 - 00009948 _____ () C:\Users\hooky sw\Desktop\attach.txt
2014-11-19 11:27 - 2014-11-19 21:52 - 00000000 ____D () C:\Users\dom\Desktop\carcam
2014-11-19 11:24 - 2014-11-19 11:24 - 00000000 ____D () C:\Users\dom\AppData\Roaming\AVAST Software
2014-11-19 11:07 - 2014-11-11 03:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 11:07 - 2014-11-11 03:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 11:07 - 2014-11-11 02:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 11:07 - 2014-11-11 02:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-14 07:39 - 2014-11-22 07:25 - 00032021 _____ () C:\Users\hooky sw\Desktop\dds.txt
2014-11-14 07:33 - 2014-11-14 07:34 - 00688992 _____ (Swearware) C:\Users\hooky sw\Downloads\dds (1).com
2014-11-13 19:54 - 2014-11-13 19:54 - 00109636 _____ () C:\Users\hooky sw\Desktop\quarnteen_log.html
2014-11-13 19:27 - 2014-11-13 19:27 - 00688992 _____ (Swearware) C:\Users\hooky sw\Downloads\dds.com
2014-11-13 13:27 - 2014-11-13 13:27 - 00688992 ____R (Swearware) C:\Users\hooky sw\Desktop\dds.com
2014-11-13 11:02 - 2014-11-13 11:02 - 00000000 ____D () C:\Users\hooky sw\AppData\Roaming\AVAST Software
2014-11-13 10:54 - 2014-11-13 10:54 - 00001924 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-11-13 10:54 - 2014-11-13 10:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-11-13 10:53 - 2014-11-22 21:41 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-11-13 10:53 - 2014-11-13 10:53 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-11-13 10:53 - 2014-11-13 10:53 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-11-13 10:53 - 2014-11-13 10:53 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-11-13 10:53 - 2014-11-13 10:53 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-11-13 10:53 - 2014-11-13 10:53 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-11-13 10:53 - 2014-11-13 10:53 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-11-13 10:53 - 2014-11-13 10:53 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-11-13 10:53 - 2014-11-13 10:53 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-11-13 10:53 - 2014-11-13 10:53 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-11-13 10:51 - 2014-11-13 10:52 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-11-13 10:48 - 2014-11-13 10:48 - 05006864 _____ (AVAST Software) C:\Users\hooky sw\Downloads\avast_free_antivirus_setup_online.exe
2014-11-13 10:19 - 2014-11-13 10:52 - 00000000 ____D () C:\Program Files\AVAST Software
2014-11-13 09:50 - 2014-11-13 09:50 - 00000000 ____D () C:\Users\hooky sw\Documents\Bluetooth Exchange Folder
2014-11-13 09:50 - 2014-11-13 09:50 - 00000000 ____D () C:\Users\hooky sw\AppData\Local\Broadcom
2014-11-12 22:47 - 2014-11-13 23:36 - 00399600 _____ () C:\Users\hooky sw\AppData\Local\census.cache
2014-11-12 22:47 - 2014-11-13 23:36 - 00219205 _____ () C:\Users\hooky sw\AppData\Local\ars.cache
2014-11-12 14:44 - 2014-11-12 14:44 - 00000010 _____ () C:\Users\hooky sw\AppData\Local\sponge.last.runtime.cache
2014-11-12 14:37 - 2013-09-02 07:58 - 00175528 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2014-11-12 14:36 - 2014-11-12 14:36 - 02476596 _____ (Trend Micro Inc.) C:\Users\hooky sw\Downloads\HousecallLauncher64.exe
2014-11-12 14:36 - 2014-11-12 14:36 - 00000036 _____ () C:\Users\hooky sw\AppData\Local\housecall.guid.cache
2014-11-12 13:05 - 2014-11-12 13:05 - 00032394 _____ () C:\Users\hooky sw\Desktop\elec_switching_power_supply_dommod.slx
2014-11-12 11:44 - 2014-11-12 11:44 - 00000000 ____D () C:\Users\hooky sw\Documents\Polyspace_Workspace
2014-11-12 11:22 - 2014-11-12 11:27 - 00000000 ____D () C:\Users\hooky sw\Desktop\matlab install
2014-11-12 11:12 - 2014-11-12 11:12 - 00000000 ____D () C:\Users\hooky sw\AppData\Roaming\Subversion
2014-11-12 11:12 - 2014-11-12 11:12 - 00000000 ____D () C:\Users\hooky sw\AppData\Local\MathWorks
2014-11-12 11:11 - 2014-11-12 12:05 - 00000000 ____D () C:\Users\hooky sw\Documents\MATLAB
2014-11-12 11:11 - 2014-11-12 11:11 - 00000000 ____D () C:\Users\hooky sw\AppData\Roaming\MathWorks
2014-11-12 11:09 - 2014-11-12 11:09 - 00001283 _____ () C:\Users\Public\Desktop\Polyspace Code Prover R2014a.lnk
2014-11-12 11:09 - 2014-11-12 11:09 - 00001276 _____ () C:\Users\Public\Desktop\Polyspace Bug Finder R2014a.lnk
2014-11-12 11:09 - 2014-11-12 11:09 - 00001255 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MATLAB R2014a.lnk
2014-11-12 11:09 - 2014-11-12 11:09 - 00001243 _____ () C:\Users\Public\Desktop\MATLAB R2014a.lnk
2014-11-12 11:09 - 2014-11-12 11:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MATLAB
2014-11-12 11:03 - 2014-11-12 11:03 - 00000000 ____D () C:\ProgramData\MathWorks
2014-11-12 10:00 - 2014-11-12 10:00 - 00000000 ____D () C:\Program Files\MATLAB
2014-11-12 09:40 - 2014-11-12 09:40 - 00001250 _____ () C:\Users\Public\Desktop\Virtual CloneDrive.lnk
2014-11-12 09:39 - 2014-11-12 09:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes
2014-11-12 09:32 - 2014-11-05 17:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-12 09:32 - 2014-11-05 17:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-12 09:32 - 2014-11-05 17:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-12 09:32 - 2014-10-14 02:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 09:32 - 2014-10-14 02:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 09:32 - 2014-10-14 02:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 09:32 - 2014-10-14 02:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 09:32 - 2014-10-14 02:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 09:32 - 2014-10-14 01:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 09:32 - 2014-10-14 01:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-12 09:32 - 2014-10-14 01:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 09:32 - 2014-10-14 01:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 09:31 - 2014-10-27 20:32 - 17870336 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 09:31 - 2014-10-27 20:13 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 09:31 - 2014-10-27 20:12 - 10921472 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 09:31 - 2014-10-27 20:07 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 09:31 - 2014-10-27 20:06 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 09:31 - 2014-10-27 20:05 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 09:31 - 2014-10-27 20:05 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-11-12 09:31 - 2014-10-27 20:05 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 09:31 - 2014-10-27 20:04 - 02157056 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 09:31 - 2014-10-27 20:04 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-11-12 09:31 - 2014-10-27 20:04 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 09:31 - 2014-10-27 20:04 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 09:31 - 2014-10-27 20:04 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 09:31 - 2014-10-27 20:04 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 09:31 - 2014-10-27 20:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 09:31 - 2014-10-27 20:03 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 09:31 - 2014-10-27 20:03 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 09:31 - 2014-10-27 20:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 09:31 - 2014-10-27 20:03 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-11-12 09:31 - 2014-10-27 20:03 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-11-12 09:31 - 2014-10-27 20:03 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-11-12 09:31 - 2014-10-27 19:10 - 12366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 09:31 - 2014-10-27 19:05 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 09:31 - 2014-10-27 19:02 - 09739776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 09:31 - 2014-10-27 18:59 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 09:31 - 2014-10-27 18:59 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 09:31 - 2014-10-27 18:58 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 09:31 - 2014-10-27 18:57 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-11-12 09:31 - 2014-10-27 18:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 09:31 - 2014-10-27 18:56 - 01802752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 09:31 - 2014-10-27 18:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-11-12 09:31 - 2014-10-27 18:56 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 09:31 - 2014-10-27 18:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-12 09:31 - 2014-10-27 18:56 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-12 09:31 - 2014-10-27 18:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-12 09:31 - 2014-10-27 18:55 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 09:31 - 2014-10-27 18:55 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 09:31 - 2014-10-27 18:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 09:31 - 2014-10-27 18:55 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-11-12 09:31 - 2014-10-27 18:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-11-12 09:31 - 2014-10-27 18:55 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-11-12 09:31 - 2014-10-27 18:54 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 09:31 - 2014-08-21 06:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 09:31 - 2014-08-21 06:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 09:31 - 2014-08-21 06:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 09:31 - 2014-08-21 06:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 09:31 - 2014-08-12 02:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 09:31 - 2014-08-12 01:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-12 09:28 - 2014-10-25 01:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 09:28 - 2014-10-25 01:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 09:28 - 2014-10-18 02:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 09:28 - 2014-10-18 01:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 09:28 - 2014-10-14 02:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 09:28 - 2014-10-14 01:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-12 09:28 - 2014-10-10 00:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 09:28 - 2014-10-03 02:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 09:28 - 2014-10-03 02:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 09:28 - 2014-10-03 02:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 09:28 - 2014-10-03 02:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 09:28 - 2014-10-03 02:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 09:28 - 2014-10-03 01:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 09:28 - 2014-10-03 01:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 09:28 - 2014-10-03 01:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 09:28 - 2014-09-19 09:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 09:28 - 2014-09-19 09:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 09:28 - 2014-09-19 09:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 09:28 - 2014-09-19 09:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 09:28 - 2014-09-19 09:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 09:28 - 2014-09-19 09:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 09:28 - 2014-09-19 09:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-12 09:28 - 2014-09-19 09:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 09:28 - 2014-09-19 09:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-12 09:28 - 2014-09-19 09:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-12 09:28 - 2014-09-19 09:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-12 09:28 - 2014-09-19 09:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-12 09:13 - 2014-11-22 22:14 - 00314524 _____ () C:\Windows\PFRO.log
2014-11-11 14:24 - 2014-11-11 14:24 - 00000000 ____D () C:\Program Files (x86)\Elaborate Bytes
2014-11-11 12:43 - 2014-11-11 12:43 - 00000000 ____D () C:\Users\hooky sw\Documents\Arduino
2014-11-11 12:43 - 2014-11-11 12:43 - 00000000 ____D () C:\Users\hooky sw\AppData\Roaming\Arduino
2014-11-11 11:52 - 2014-11-11 14:10 - 00000000 ____D () C:\Users\hooky sw\AppData\Roaming\Notepad++
2014-11-11 11:49 - 2014-11-11 11:49 - 00000000 ____D () C:\Users\hooky sw\AppData\Local\Apple
2014-11-11 11:12 - 2014-11-11 11:12 - 00000000 ____D () C:\Users\hooky sw\AppData\Local\qBittorrent
2014-11-11 11:11 - 2014-11-11 11:16 - 00000000 ____D () C:\Users\hooky sw\AppData\Roaming\qBittorrent
2014-11-11 11:11 - 2014-11-11 11:11 - 00001043 _____ () C:\Users\Public\Desktop\qBittorrent.lnk
2014-11-11 11:11 - 2014-11-11 11:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2014-11-11 11:11 - 2014-11-11 11:11 - 00000000 ____D () C:\Program Files (x86)\qBittorrent
2014-11-11 10:44 - 2014-11-11 11:06 - 00000000 ____D () C:\Users\hooky sw\AppData\Roaming\uTorrent
2014-11-11 10:05 - 2014-11-20 12:14 - 00000000 ____D () C:\Users\hooky sw\Desktop\POWER456R951DEMO
2014-11-11 09:48 - 2014-11-11 09:48 - 00001522 _____ () C:\Users\hooky sw\Desktop\BCompare.exe - Shortcut.lnk
2014-11-11 09:48 - 2014-11-11 09:48 - 00000000 ____D () C:\Users\hooky sw\AppData\Roaming\Scooter Software
2014-11-11 09:44 - 2014-11-11 09:44 - 00000000 ____D () C:\Users\hooky sw\AppData\Roaming\vlc
2014-11-11 09:43 - 2014-11-11 09:43 - 00000975 _____ () C:\Users\hooky sw\Desktop\Dropbox - Shortcut.lnk
2014-11-10 20:11 - 2014-11-10 20:11 - 00003498 _____ () C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-dom-VAIO-dom
2014-11-10 14:27 - 2014-11-10 14:27 - 00000000 ____D () C:\Users\hooky sw\AppData\Roaming\PDAppFlex
2014-11-10 14:26 - 2014-11-10 14:26 - 00003508 _____ () C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-dom-VAIO-hooky sw
2014-11-10 14:11 - 2014-11-10 20:26 - 00000000 ____D () C:\Program Files (x86)\DiskInternals
2014-11-10 13:08 - 2014-11-10 14:57 - 00000000 ____D () C:\Program Files\Macromedia
2014-11-10 12:42 - 2014-11-10 12:42 - 00000000 ____D () C:\Users\hooky sw\AppData\Roaming\LibreOffice
2014-11-09 17:35 - 2014-11-09 17:36 - 00880272 _____ (Google Inc.) C:\Users\dom\Downloads\googledrivesync (1).exe
2014-11-09 17:27 - 2014-11-09 17:29 - 00880272 _____ (Google Inc.) C:\Users\dom\Downloads\googledrivesync.exe
2014-11-08 22:06 - 2014-11-08 09:58 - 261728664 _____ () C:\Users\dom\Desktop\MVI_8634.MOV
2014-11-07 13:01 - 2014-11-07 13:01 - 00000948 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Flash Professional CC 2014.lnk
2014-11-07 12:25 - 2014-11-07 12:25 - 00000000 ___RD () C:\Users\hooky sw\Creative Cloud Files
2014-11-07 12:12 - 2014-11-07 12:12 - 00001309 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2014-11-07 11:45 - 2014-11-07 11:45 - 00000000 ____D () C:\Users\hooky sw\AppData\Local\Macromedia
2014-11-07 11:44 - 2014-11-07 11:44 - 00000000 ____D () C:\Users\hooky sw\AppData\Roaming\Mozilla
2014-11-07 11:44 - 2014-11-07 11:44 - 00000000 ____D () C:\Users\hooky sw\AppData\Local\Mozilla
2014-11-07 10:57 - 2014-11-07 10:57 - 00003364 _____ () C:\Windows\System32\Tasks\{ECCF93ED-98A5-4FE9-B941-7DAB46E53B8C}
2014-11-07 10:52 - 2014-11-07 10:52 - 00000000 ____D () C:\Users\Public\Documents\Adobe PDF
2014-11-07 10:30 - 2014-11-07 10:31 - 00000000 ____D () C:\Users\hooky sw\AppData\Local\gtk-2.0
2014-11-07 10:30 - 2014-11-07 10:30 - 00000820 _____ () C:\Users\hooky sw\AppData\Local\recently-used.xbel
2014-11-07 10:28 - 2014-11-07 10:29 - 00000000 ____D () C:\Users\hooky sw\Synfig
2014-11-06 14:10 - 2014-11-10 14:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macromedia
2014-11-06 14:10 - 2014-11-10 14:57 - 00000000 ____D () C:\Program Files (x86)\Macromedia
2014-11-06 11:47 - 2014-11-20 11:04 - 00000000 ____D () C:\Users\hooky sw\Desktop\excel files
2014-11-06 11:47 - 2014-11-06 14:02 - 00000000 ____D () C:\Users\hooky sw\Desktop\job search
2014-11-05 13:59 - 2014-11-22 22:23 - 00000000 ___RD () C:\Users\hooky sw\Dropbox
2014-11-05 13:50 - 2014-11-19 11:12 - 00000000 ____D () C:\Users\hooky sw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-11-05 13:48 - 2014-11-22 22:23 - 00000000 ____D () C:\Users\hooky sw\AppData\Roaming\Dropbox
2014-11-05 13:33 - 2014-11-05 13:33 - 00000355 _____ () C:\Users\hooky sw\Computer - Shortcut.lnk
2014-11-05 13:31 - 2014-11-05 13:31 - 00000000 ____D () C:\ProgramData\Sun
2014-11-05 13:18 - 2014-11-17 11:43 - 00000000 ____D () C:\Users\hooky sw\AppData\Roaming\KeePass
2014-11-05 13:17 - 2014-11-10 12:45 - 00000000 ____D () C:\Users\hooky sw\AppData\Roaming\Adobe
2014-11-05 13:17 - 2014-11-05 13:17 - 00000000 ____D () C:\Users\hooky sw\AppData\Roaming\Seagate
2014-11-05 13:17 - 2014-11-05 13:17 - 00000000 ____D () C:\Users\hooky sw\AppData\Roaming\Intel Corporation
2014-11-05 13:16 - 2014-11-22 21:34 - 00000000 ____D () C:\Users\hooky sw\AppData\Local\Adobe
2014-11-05 13:16 - 2014-11-05 13:16 - 00086384 _____ () C:\Users\hooky sw\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-05 13:16 - 2014-11-05 13:16 - 00000000 ____D () C:\Users\hooky sw\AppData\Roaming\Epson
2014-11-05 13:16 - 2014-11-05 13:16 - 00000000 ____D () C:\Users\hooky sw\AppData\Roaming\Apple Computer
2014-11-05 13:14 - 2014-11-13 19:56 - 00000000 ____D () C:\Users\hooky sw\AppData\Local\Google
2014-11-05 13:14 - 2014-11-11 09:43 - 00000000 ____D () C:\Users\hooky sw
2014-11-05 13:14 - 2014-11-10 20:23 - 00000000 ____D () C:\Users\hooky sw\AppData\Local\Sony Corporation
2014-11-05 13:14 - 2014-11-06 14:26 - 00000000 ____D () C:\Users\hooky sw\AppData\Roaming\Macromedia
2014-11-05 13:14 - 2014-11-05 13:14 - 00000020 ___SH () C:\Users\hooky sw\ntuser.ini
2014-11-05 13:14 - 2014-11-05 13:14 - 00000000 ____D () C:\Users\hooky sw\AppData\Roaming\Sony Corporation
2014-11-05 13:14 - 2014-11-05 13:14 - 00000000 ____D () C:\Users\hooky sw\AppData\Local\VirtualStore
2014-11-05 13:14 - 2014-04-28 16:22 - 00000000 ____D () C:\Users\hooky sw\AppData\Local\Trusteer
2014-11-05 13:14 - 2013-06-28 04:00 - 00000000 ____D () C:\Users\hooky sw\AppData\LocalGoogle
2014-11-05 13:14 - 2009-07-14 04:54 - 00000000 ___RD () C:\Users\hooky sw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-05 13:14 - 2009-07-14 04:49 - 00000000 ___RD () C:\Users\hooky sw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-11-04 10:31 - 2014-11-04 10:32 - 00000000 ____D () C:\Users\dom\Desktop\pythen open cv
2014-10-23 13:12 - 2014-10-23 13:12 - 00009633 _____ () C:\Users\dom\AppData\Local\recently-used.xbel
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-22 22:24 - 2009-07-14 04:45 - 00022976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-22 22:24 - 2009-07-14 04:45 - 00022976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-22 22:21 - 2014-01-28 10:29 - 01645258 _____ () C:\Windows\WindowsUpdate.log
2014-11-22 22:15 - 2012-03-06 12:11 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-22 22:14 - 2014-10-19 09:18 - 00003260 _____ () C:\Windows\setupact.log
2014-11-22 22:14 - 2013-03-02 08:50 - 00196730 _____ () C:\aaw7boot.log
2014-11-22 22:14 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-22 22:12 - 2014-07-03 17:22 - 00000000 ____D () C:\AdwCleaner
2014-11-22 21:59 - 2012-05-04 12:51 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-22 21:59 - 2012-03-06 12:12 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-22 21:35 - 2012-07-04 12:05 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-11-22 08:23 - 2009-07-14 05:13 - 00786928 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-20 11:36 - 2014-09-01 19:31 - 00000848 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1744455475-465955899-1649940808-1001Core.job
2014-11-20 09:59 - 2012-03-14 14:35 - 00000000 ___RD () C:\Users\dom\Dropbox
2014-11-20 09:14 - 2012-03-14 14:33 - 00000000 ____D () C:\Users\dom\AppData\Roaming\Dropbox
2014-11-20 00:35 - 2013-10-06 19:53 - 00000600 _____ () C:\Users\dom\AppData\Roaming\winscp.rnd
2014-11-19 21:19 - 2012-03-10 21:19 - 00000248 _____ () C:\Windows\Tasks\Epson Printer Software Downloader.job
2014-11-19 11:45 - 2013-10-06 08:22 - 00000600 _____ () C:\Users\dom\AppData\Local\PUTTY.RND
2014-11-19 11:31 - 2014-09-01 19:31 - 00003866 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1744455475-465955899-1649940808-1001UA
2014-11-19 11:31 - 2014-09-01 19:31 - 00003470 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1744455475-465955899-1649940808-1001Core
2014-11-19 11:31 - 2014-09-01 19:31 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1744455475-465955899-1649940808-1001UA.job
2014-11-19 11:30 - 2012-03-14 14:34 - 00000000 ____D () C:\Users\dom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-11-19 11:23 - 2012-03-10 15:27 - 00000000 ____D () C:\Users\dom\AppData\Local\Adobe
2014-11-19 11:06 - 2012-03-09 20:36 - 00000000 ____D () C:\Update
2014-11-14 08:50 - 2014-07-13 07:34 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-13 04:57 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\rescache
2014-11-13 03:54 - 2009-07-14 04:45 - 04990984 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-13 03:49 - 2014-05-06 07:09 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-13 03:25 - 2013-07-30 06:05 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-13 03:04 - 2012-03-09 21:31 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-12 19:54 - 2012-03-06 12:12 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-12 19:54 - 2012-03-06 12:11 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-12 13:59 - 2012-05-04 12:51 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-12 13:59 - 2012-05-04 12:51 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-12 13:59 - 2012-03-10 15:30 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-10 20:10 - 2012-03-09 20:56 - 00000000 ____D () C:\Users\dom\AppData\Roaming\Adobe
2014-11-10 20:06 - 2013-03-26 11:28 - 00000000 ____D () C:\Users\dom\AppData\Roaming\KeePass
2014-11-10 14:57 - 2010-07-12 21:29 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-11-09 18:17 - 2012-03-13 11:14 - 00000000 ____D () C:\Users\dom\Documents\Map Overlays
2014-11-09 16:51 - 2009-07-14 05:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-11-07 13:29 - 2012-08-22 11:44 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-11-07 13:19 - 2012-08-22 11:39 - 00000000 ____D () C:\Program Files\Adobe
2014-11-07 13:01 - 2012-08-22 11:32 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-11-07 12:56 - 2014-01-12 12:24 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-07 12:25 - 2012-03-06 12:03 - 00000000 ____D () C:\ProgramData\Adobe
2014-11-07 12:10 - 2012-03-06 12:04 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-11-06 11:25 - 2012-03-10 15:47 - 00000000 ____D () C:\ProgramData\TEMP
2014-11-06 11:24 - 2014-07-13 07:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-06 11:24 - 2014-07-13 07:33 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-06 11:24 - 2012-03-10 15:46 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-11-06 09:57 - 2013-05-06 06:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-11-05 14:34 - 2013-03-03 08:55 - 00000000 ____D () C:\Users\dom\Synfig
2014-11-05 14:30 - 2013-03-03 08:53 - 00000105 _____ () C:\Users\dom\.gtkrc-2.0
2014-11-05 13:29 - 2014-08-15 06:33 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-11-05 13:29 - 2012-03-06 12:21 - 00000000 ____D () C:\Program Files\Java
2014-11-04 14:30 - 2012-03-10 08:50 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-11-03 21:14 - 2014-10-07 10:05 - 00001101 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk
2014-10-23 13:13 - 2014-02-22 14:18 - 00000000 ____D () C:\Users\dom\.gimp-2.8
2014-10-23 13:12 - 2014-02-22 14:22 - 00000000 ____D () C:\Users\dom\AppData\Local\gtk-2.0
 
Some content of TEMP:
====================
C:\Users\dom\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdybna7.dll
C:\Users\dom\AppData\Local\temp\numpy-1.6.1-sse3.exe
C:\Users\dom\AppData\Local\temp\numpy-1.7.1-sse3.exe
C:\Users\dom\AppData\Local\temp\winp.x641695311809160691824.dll
C:\Users\hooky sw\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpy3nozf.dll
C:\Users\hooky sw\AppData\Local\temp\Quarantine.exe
C:\Users\hooky sw\AppData\Local\temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-11-17 11:12
 
==================== End Of Log ============================
 
 
I'm not sure about the computer, as iv'e just posted this, but the fan has been going quite a bit in the last ten mins or so.
 
Let me know if i need to do anything else.
 
Kind Regards,
 
Reggie. 
 
 


#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,264 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:36 PM

Posted 23 November 2014 - 08:32 AM

 
Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start
 
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR Extension: (Google Wallet) - C:\Users\hooky sw\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-05]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 Lavasoft Kernexplorer; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [X]
C:\Users\dom\AppData\Local\temp\numpy-1.6.1-sse3.exe
C:\Users\dom\AppData\Local\temp\numpy-1.7.1-sse3.exe
C:\Users\dom\AppData\Local\temp\winp.x641695311809160691824.dll
 
End
Save the files as fixlist.txt into the same folder as FRST
 
Run FRST and click Fix only once and wait.
 
Restart the computer normally to reset the registry.
 
The tool will create a log Fixlog.txt please post it to your reply.
===
 
Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  • p.s.
    If the SecurityCheck program fails to run for any reason, run it as an Administrator.
     
    If the site is busy or not available use this mirror site:
     
    How is the computer running now?
     
    ======


    #7 reggiereg

    reggiereg
    • Topic Starter

    • Members
    • 142 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:01:36 AM

    Posted 23 November 2014 - 12:15 PM

    Hi, I did those two things and here are the results:

     

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-11-2014 01
    Ran by hooky sw at 2014-11-23 16:58:15 Run:1
    Running from C:\Users\hooky sw\Desktop
    Loaded Profile: hooky sw (Available profiles: dom & hooky sw)
    Boot Mode: Normal
    ==============================================
     
    Content of fixlist:
    *****************
    start
     
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
    Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    CHR Extension: (Google Wallet) - C:\Users\hooky sw\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-05]
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 Lavasoft Kernexplorer; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [X]
    C:\Users\dom\AppData\Local\temp\numpy-1.6.1-sse3.exe
    C:\Users\dom\AppData\Local\temp\numpy-1.7.1-sse3.exe
    C:\Users\dom\AppData\Local\temp\winp.x641695311809160691824.dll
     
    End
    *****************
     
    "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
    "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully.
    "HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value deleted successfully.
    "HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}" => Key not found.
    "HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
    "HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key Deleted successfully.
    C:\Users\hooky sw\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => Moved successfully.
    catchme => Service deleted successfully.
    Lavasoft Kernexplorer => Service deleted successfully.
    C:\Users\dom\AppData\Local\temp\numpy-1.6.1-sse3.exe => Moved successfully.
    C:\Users\dom\AppData\Local\temp\numpy-1.7.1-sse3.exe => Moved successfully.
    C:\Users\dom\AppData\Local\temp\winp.x641695311809160691824.dll => Moved successfully.
     
    ==== End of Fixlog ====
     

     Results of screen317's Security Check version 0.99.90  
     Windows 7 Service Pack 1 x64 (UAC is enabled)  
     Internet Explorer 11  
    ``````````````Antivirus/Firewall Check:`````````````` 
     Windows Firewall Enabled!  
    avast! Antivirus   
     Antivirus up to date!   
    `````````Anti-malware/Other Utilities Check:````````` 
     SpywareBlaster 5.0    
     VirusTotal Uploader 2.0   
     Duplicate Cleaner 2.1b   
     Java version out of Date! 
     Adobe Flash Player 15.0.0.223  
     Adobe Reader XI  
     Mozilla Firefox 32.0.3 Firefox out of Date!  
     Google Chrome (38.0.2125.111) 
     Google Chrome (39.0.2171.65) 
     Google Chrome (chrome.exe..) 
     Google Chrome (Dictionaries...) 
    ````````Process Check: objlist.exe by Laurent````````  
     AVAST Software Avast AvastSvc.exe  
     AVAST Software Avast avastui.exe  
    `````````````````System Health check````````````````` 
     Total Fragmentation on Drive C:  
    ````````````````````End of Log`````````````````````` 
     
    I hope this helps. the computers fan is going quite a bit, when i think it shouldn't.
     
    Kind regards,
     
    Reggie.
     
     


    #8 nasdaq

    nasdaq

    • Malware Response Team
    • 38,264 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:07:36 PM

    Posted 23 November 2014 - 01:30 PM

    Restore you Windows 7 to the Last good configuration
    Follow the instructions on this page.
     
    <<<>>>
     
    Keep me posted.


    #9 reggiereg

    reggiereg
    • Topic Starter

    • Members
    • 142 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:01:36 AM

    Posted 23 November 2014 - 02:08 PM

    I have just done that. Am I clean now? Do I have to update Java and Firefox? Is there any more scanes I need to do?


    Edited by reggiereg, 23 November 2014 - 02:08 PM.


    #10 nasdaq

    nasdaq

    • Malware Response Team
    • 38,264 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:07:36 PM

    Posted 24 November 2014 - 07:42 AM

    You have the latest Java version for your 64 bit system.
    C:\Program Files\Java\jre1.8.0_25\
     
    ===
     
    For your added protection keep Firefox up to date.
     
    If all is well.
     
    To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
    ===


    #11 reggiereg

    reggiereg
    • Topic Starter

    • Members
    • 142 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:01:36 AM

    Posted 24 November 2014 - 08:39 AM

    Hi Nasdaq,

     

    Did I have an Issue? , If so what was it?

     

    can I thus:

     

    1) I remove all the logs and tools used during this process?

    2) consider the issue resolved?

     

    Thanks for your help,

     

    Regards,

     

    Reggie.


    Edited by reggiereg, 24 November 2014 - 08:40 AM.


    #12 nasdaq

    nasdaq

    • Malware Response Team
    • 38,264 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:07:36 PM

    Posted 24 November 2014 - 09:27 AM

    Housecall and Malwarebytes remove sometings.
    However these restrictions were not fixed.
     

    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

     

     
    I would keep the Farbar Recovery Tool. It's the tool you should run next time you report a problem.
     
    The AdwCleaner tool is nice to have.
    I run it every time I install a free program just to make sure not PUP (Potentially Unwanted Program) are not installed without my consent. 
     
    If you decide to remove it run the application and un-install it.
    ===
     
    The other tools we used just delete the files/folders.
     
    ===
     
     
    If all is well.
     
    To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
    ===


    #13 reggiereg

    reggiereg
    • Topic Starter

    • Members
    • 142 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:01:36 AM

    Posted 24 November 2014 - 09:33 AM

    I don't understand what  "restrictions were not fixed" means to my system.

     

    Are the two restrictions, dangerous to my system?

     

    Is there any way of removing them, or do I need not to worry about them?

     

    Iv'e just tried to run "AdwCleaner" and Avast has blocked and quarantined it, Why would it do that?


    Edited by reggiereg, 24 November 2014 - 09:42 AM.


    #14 nasdaq

    nasdaq

    • Malware Response Team
    • 38,264 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:07:36 PM

    Posted 24 November 2014 - 02:11 PM

    I should have said the restrictions were not fixed by Malwarebytes.

     

    They were with the fix I gave you.

     

    ===

     

    AdwCleaner is clean, accept the download or de-quarantine the file.



    #15 reggiereg

    reggiereg
    • Topic Starter

    • Members
    • 142 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:01:36 AM

    Posted 25 November 2014 - 04:25 AM

    Thanks for your help Nasdaq.






    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users