-
2016-05-13 21:16 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2016-05-13 21:16 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2016-05-13 21:16 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2016-05-13 21:16 - 2007-07-20 00:54 - 00018280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_2.dll
2016-05-13 21:16 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2016-05-13 21:16 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2016-05-13 21:16 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2016-05-13 21:14 - 2016-05-13 21:14 - 00001303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Gallery.lnk
2016-05-13 21:14 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2016-05-13 21:14 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2016-05-13 21:14 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2016-05-13 21:14 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2016-05-13 21:14 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2016-05-13 21:14 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2016-05-13 21:14 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2016-05-13 21:14 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2016-05-13 21:14 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2016-05-13 21:14 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2016-05-13 21:14 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2016-05-13 21:14 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2016-05-13 21:14 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2016-05-13 21:14 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2016-05-13 21:14 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2016-05-13 21:14 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2016-05-13 21:12 - 2016-05-14 14:17 - 00000910 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-13 21:12 - 2016-05-14 14:13 - 00000906 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-13 21:12 - 2016-05-14 01:08 - 00000000 ____D C:\ProgramData\Partner
2016-05-13 21:12 - 2016-05-14 01:08 - 00000000 ____D C:\Program Files\Google
2016-05-13 21:12 - 2016-05-14 01:08 - 00000000 ____D C:\Program Files (x86)\Google
2016-05-13 21:12 - 2016-05-13 21:27 - 00000000 ____D C:\Program Files (x86)\ArcSoft
2016-05-13 21:12 - 2016-05-13 21:12 - 00003906 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-13 21:12 - 2016-05-13 21:12 - 00003654 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-13 21:12 - 2016-05-13 21:12 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
2016-05-13 21:12 - 2016-05-13 21:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2016-05-13 21:12 - 2016-05-13 21:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote for VAIO
2016-05-13 21:12 - 2016-05-13 21:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Magic-i Visual Effects 2
2016-05-13 21:12 - 2016-05-13 21:12 - 00000000 ____D C:\ProgramData\Evernote
2016-05-13 21:12 - 2016-05-13 21:12 - 00000000 ____D C:\Program Files (x86)\Evernote
2016-05-13 21:12 - 2016-05-13 21:12 - 00000000 ____D C:\Program Files (x86)\BBC iPlayer Desktop
2016-05-13 21:12 - 2009-05-26 14:32 - 00019968 _____ (ArcSoft, Inc.) C:\Windows\system32\Drivers\ArcSoftKsUFilter.sys
2016-05-13 21:12 - 2008-09-04 17:06 - 00055808 _____ (ArcSoft, Inc.) C:\Windows\system\ArcSoftKsUFilter.dll
2016-05-13 21:12 - 2003-03-18 22:14 - 00499712 ____R (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2016-05-13 21:12 - 2003-02-21 04:42 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2016-05-13 21:12 - 1995-07-31 13:44 - 00212480 _____ (Eastman Kodak) C:\Windows\SysWOW64\PCDLIB32.DLL
2016-05-13 21:11 - 2016-05-13 21:11 - 00000000 ____D C:\ProgramData\SmartSound Software Inc
2016-05-13 21:11 - 2016-05-13 21:11 - 00000000 ____D C:\ProgramData\eSellerate
2016-05-13 21:11 - 2016-05-13 21:11 - 00000000 ____D C:\Program Files (x86)\SmartSound Software
2016-05-13 21:10 - 2016-05-13 21:10 - 00002177 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Premiere Elements 8.0.lnk
2016-05-13 21:09 - 2016-05-13 21:09 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-05-13 21:07 - 2016-05-13 21:07 - 00001225 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Elements 8.0.lnk
2016-05-13 21:07 - 2008-06-16 03:00 - 00055024 ____N (Sonic Solutions) C:\Windows\system32\Drivers\PxHlpa64.sys
2016-05-13 21:06 - 2016-05-14 13:31 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-05-13 21:05 - 2016-05-13 21:38 - 00000000 ____D C:\Windows\System32\Tasks\SONY
2016-05-13 21:05 - 2016-05-13 21:30 - 00000000 ____D C:\Program Files (x86)\Sony
2016-05-13 21:05 - 2016-05-13 21:12 - 00000000 ____D C:\ProgramData\Adobe
2016-05-13 21:05 - 2016-05-13 21:05 - 00001995 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Manual.lnk
2016-05-13 21:05 - 2016-05-13 21:05 - 00001533 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Control Center.lnk
2016-05-13 21:05 - 2016-05-13 21:05 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2016-05-13 21:05 - 2016-05-13 21:05 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2016-05-13 21:05 - 2016-05-13 21:05 - 00000000 ____D C:\Documentation
2016-05-13 21:05 - 2016-05-13 21:05 - 00000000 ____D C:\_FS_SWRINFO
2016-05-13 21:04 - 2016-05-13 21:05 - 00000000 ____D C:\Windows\Sonysys
2016-05-13 21:03 - 2016-05-13 21:13 - 00000000 ____D C:\Program Files\Common Files\Sony Shared
2016-05-13 21:01 - 2016-05-13 21:01 - 00000000 ____D C:\Program Files\WIDCOMM
2016-05-13 21:01 - 2010-06-30 21:03 - 00342056 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwampfl.sys
2016-05-13 21:01 - 2010-06-30 21:03 - 00135720 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwavdt.sys
2016-05-13 21:01 - 2010-06-30 21:03 - 00102952 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwaudio.sys
2016-05-13 21:01 - 2010-06-30 21:03 - 00021544 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwrchid.sys
2016-05-13 21:01 - 2010-06-30 21:02 - 00039464 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwl2cap.sys
2016-05-13 21:00 - 2016-05-13 21:00 - 00000000 ___HD C:\Program Files (x86)\Temp
2016-05-13 21:00 - 2016-05-13 21:00 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2016-05-13 21:00 - 2016-05-13 21:00 - 00000000 ____D C:\Program Files\Realtek
2016-05-13 21:00 - 2016-05-13 21:00 - 00000000 ____D C:\Program Files (x86)\Realtek
2016-05-13 21:00 - 2010-06-07 21:33 - 02719504 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib.dll
2016-05-13 21:00 - 2010-06-07 21:33 - 02602016 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
2016-05-13 21:00 - 2010-06-07 21:33 - 01958944 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2016-05-13 21:00 - 2010-06-07 21:33 - 01210912 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2016-05-13 21:00 - 2010-06-07 21:33 - 01146400 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2016-05-13 21:00 - 2010-06-07 21:33 - 00518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2016-05-13 21:00 - 2010-06-07 21:33 - 00476192 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2016-05-13 21:00 - 2010-06-07 21:33 - 00332320 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2016-05-13 21:00 - 2010-06-07 21:33 - 00211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2016-05-13 21:00 - 2010-06-07 21:33 - 00198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2016-05-13 21:00 - 2010-06-07 21:33 - 00155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2016-05-13 21:00 - 2010-06-07 21:33 - 00149536 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2016-05-13 21:00 - 2010-06-07 21:32 - 02357024 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2016-05-13 21:00 - 2010-06-07 21:32 - 02197264 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ.dll
2016-05-13 21:00 - 2010-06-07 21:32 - 01325328 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2016-05-13 21:00 - 2010-06-07 21:32 - 01178384 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2016-05-13 21:00 - 2010-06-07 21:32 - 01110800 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2016-05-13 21:00 - 2010-06-07 21:32 - 00504592 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2016-05-13 21:00 - 2010-06-07 21:32 - 00489744 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
2016-05-13 21:00 - 2010-06-07 21:32 - 00474896 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2016-05-13 21:00 - 2010-06-07 21:32 - 00372936 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2016-05-13 21:00 - 2010-06-07 21:32 - 00330656 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2016-05-13 21:00 - 2010-06-07 21:32 - 00318808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2016-05-13 21:00 - 2010-06-07 21:32 - 00315152 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2016-05-13 21:00 - 2010-06-07 21:32 - 00307920 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2016-05-13 21:00 - 2010-06-07 21:32 - 00307920 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2016-05-13 21:00 - 2010-06-07 21:32 - 00268560 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2016-05-13 21:00 - 2010-06-07 21:32 - 00265488 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2016-05-13 21:00 - 2010-06-07 21:32 - 00201928 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2016-05-13 21:00 - 2010-06-07 21:32 - 00168288 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2016-05-13 21:00 - 2010-06-07 21:32 - 00123664 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2016-05-13 21:00 - 2010-06-07 21:32 - 00123152 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2016-05-13 21:00 - 2010-06-07 21:32 - 00122128 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
2016-05-13 21:00 - 2010-06-07 21:32 - 00108960 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2016-05-13 21:00 - 2010-06-07 21:32 - 00099016 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2016-05-13 21:00 - 2010-06-07 21:32 - 00076488 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2016-05-13 21:00 - 2010-06-07 21:32 - 00070176 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInst64.dll
2016-05-13 21:00 - 2010-06-07 21:31 - 01247776 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-05-14 14:20 - 2009-07-14 06:13 - 00726316 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-14 14:20 - 2009-07-14 05:45 - 00009888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-14 14:20 - 2009-07-14 05:45 - 00009888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-14 14:20 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-05-14 14:13 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-14 02:45 - 2009-07-14 05:45 - 00305328 _____ C:\Windows\system32\FNTCACHE.DAT
2016-05-14 02:41 - 2009-07-14 08:45 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-14 02:41 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2016-05-14 02:41 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-05-14 02:41 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2016-05-14 02:41 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\Windows Defender
2016-05-14 02:41 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\DVD Maker
2016-05-14 02:41 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2016-05-14 02:41 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-05-14 02:41 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-05-14 02:41 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\Setup
2016-05-14 02:41 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\oobe
2016-05-14 02:41 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2016-05-14 02:41 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\manifeststore
2016-05-14 02:41 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2016-05-14 02:41 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2016-05-14 02:41 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\Setup
2016-05-14 02:41 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\oobe
2016-05-14 02:41 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\migwiz
2016-05-14 02:41 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\manifeststore
2016-05-14 02:41 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\Dism
2016-05-14 02:41 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2016-05-14 02:41 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\servicing
2016-05-14 02:41 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-05-14 02:22 - 2009-07-14 03:36 - 00175616 _____ (Microsoft Corporation) C:\Windows\system32\msclmd.dll
2016-05-14 02:22 - 2009-07-14 03:36 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll
2016-05-14 00:43 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-05-13 21:56 - 2009-07-14 06:32 - 00028672 _____ C:\Windows\system32\config\BCD-Template
2016-05-13 21:55 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2016-05-13 21:55 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\MUI
2016-05-13 21:55 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\com
2016-05-13 21:55 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\MUI
2016-05-13 21:55 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\com
2016-05-13 21:55 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\System
2016-05-13 21:47 - 2010-07-26 22:26 - 00000000 ____D C:\ProgramData\Sony Corporation
2016-05-13 21:47 - 2010-07-26 20:01 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-05-13 21:37 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Public\Libraries
2016-05-13 21:36 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2016-05-13 21:33 - 2010-07-26 20:19 - 00000000 ____D C:\Windows\Panther
2016-05-13 21:33 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\sysprep
2016-05-13 21:27 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\Help
2016-05-13 21:16 - 2009-07-14 06:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-05-13 21:12 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system
2016-05-13 21:05 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\Resources
2016-05-13 21:04 - 2010-07-26 20:20 - 00000012 _____ C:\Windows\csup.txt
2016-05-13 21:04 - 2009-07-14 03:34 - 00000435 _____ C:\Windows\win.ini
2016-05-13 21:02 - 2010-07-26 19:48 - 00000000 ____D C:\Program Files (x86)\Intel
2016-05-13 21:00 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\Globalization
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2010-07-26 19:24
==================== End of FRST.txt ============================
-
Additional scan result of Farbar Recovery Scan Tool (x64) Version:14-05-2016
Ran by Home (2016-05-14 14:40:54)
Running from C:\Users\Home\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2016-05-13 20:37:17)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-482867837-3682723445-3421049626-500 - Administrator - Disabled)
Guest (S-1-5-21-482867837-3682723445-3421049626-501 - Limited - Disabled)
Home (S-1-5-21-482867837-3682723445-3421049626-1001 - Administrator - Enabled) => C:\Users\Home
HomeGroupUser$ (S-1-5-21-482867837-3682723445-3421049626-1002 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 21.0.0.215 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.45.2 - Adobe Systems Incorporated)
Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.0.45.2 - Adobe Systems Incorporated)
Adobe Photoshop Elements 8.0 (HKLM-x32\...\Adobe Photoshop Elements 8.0) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 8.0 (HKLM-x32\...\PremElem80) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Reader 9.3 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A93000000001}) (Version: 9.3.0 - Adobe Systems Incorporated)
ArcSoft Magic-i Visual Effects 2 (HKLM-x32\...\{7BB90344-0647-468E-925A-7F69F7983421}) (Version: 2.0.1.115 - ArcSoft)
ArcSoft WebCam Companion 3 (HKLM-x32\...\{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}) (Version: 3.0.21.368 - ArcSoft)
ArcSoft WebCam Message Board (HKLM-x32\...\{6ACF0A95-340A-46D6-B1AC-F22CDB51F475}) (Version: 1.0.1.58 - ArcSoft)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.2.2262 - AVAST Software)
BBC iPlayer Desktop (HKLM-x32\...\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1) (Version: 2.1.21228 - British Broadcasting Corp.)
BBC iPlayer Desktop (x32 Version: 2.1.21228 - British Broadcasting Corp.) Hidden
Bing Maps 3D (HKLM\...\{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}) (Version: 4.0.903.16005 - Microsoft Corporation)
CyberLink YouPaint (HKLM-x32\...\InstallShield_{72BF1DA0-2B00-4794-9173-159722019B74}) (Version: 1.2.1714 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Evernote (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 3.5.4.2224 - Evernote Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 4.1.249.1064 - Google Inc.)
Google Update Helper (x32 Version: 1.2.183.23 - Google Inc.) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2119 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.02.00.1002 - Intel Corporation)
Java(TM) 6 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
Java(TM) 6 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Media Gallery (Version: 1.3.0 - Sony Corporation) Hidden
Media Gallery (x32 Version: 1.3.0.06230 - Sony Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Touch Pack for Windows 7 (HKLM-x32\...\{8FF90DB8-6DED-44A3-B182-244FEC09012F}) (Version: 1.0.40517.00 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.57.35 - NVIDIA Corporation)
PMB (HKLM-x32\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.3.00.06040 - Sony Corporation)
PMB VAIO Edition Guide (x32 Version: 1.3.00.06040 - Sony Corporation) Hidden
PMB VAIO Edition plug-in (Click to Disc) (Version: 3.3.00 - Sony Corporation) Hidden
PMB VAIO Edition plug-in (Click to Disc) (x32 Version: 3.3.00 - Sony Corporation) Hidden
PMB VAIO Edition plug-in (Click to Disc) (x32 Version: 3.3.00.06180 - Sony Corporation) Hidden
PMB VAIO Edition plug-in (VAIO Image Optimizer) (x32 Version: 1.3.00.06110 - Sony Corporation) Hidden
PMB VAIO Edition plug-in (VAIO Movie Story) (Version: 2.3.00 - Sony Corporation) Hidden
PMB VAIO Edition plug-in (VAIO Movie Story) (x32 Version: 2.3.00 - Sony Corporation) Hidden
PMB VAIO Edition plug-in (VAIO Movie Story) (x32 Version: 2.3.00.06180 - Sony Corporation) Hidden
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6098 - Realtek Semiconductor Corp.)
Remote Keyboard with PlayStation 3 (HKLM-x32\...\{65B138AE-F636-4D4C-BA5D-A06E21E47C53}) (Version: 1.0.2.06170 - Sony Corporation)
Remote Play with PlayStation 3 (x32 Version: 1.0.2.06210 - Sony Corporation) Hidden
Remote Play with PlayStation®3 (HKLM-x32\...\{07441A52-E208-478A-92B7-5C337CA8C131}) (Version: 1.0.2.06210 - Sony Corporation)
SafeZone Stable 1.48.2066.101 (x32 Version: 1.48.2066.101 - Avast Software) Hidden
Skype™ 7.23 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.23.105 - Skype Technologies S.A.)
SmartSound Quicktracks for Premiere Elements 8.0 (HKLM-x32\...\InstallShield_{4685A344-6718-4923-AA9D-158A0A2E1CFB}) (Version: 3.11.3090 - SmartSound Software Inc)
SmartSound Quicktracks for Premiere Elements 8.0 (x32 Version: 3.11.3090 - SmartSound Software Inc) Hidden
VAIO - Media Gallery (HKLM-x32\...\{DD88F979-FA58-41AC-980C-A6E1A82B61D9}) (Version: 1.3.0.06230 - Sony Corporation)
VAIO - PMB VAIO Edition Guide (HKLM-x32\...\InstallShield_{88C252C8-A7EE-4B60-BF74-8E5919A8048F}) (Version: 1.3.00.06040 - Sony Corporation)
VAIO - PMB VAIO Edition plug-in (Click to Disc) (HKLM-x32\...\InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}) (Version: 3.3.00.06180 - Sony Corporation)
VAIO - PMB VAIO Edition plug-in (VAIO Image Optimizer) (HKLM-x32\...\InstallShield_{1873FFC1-FDCB-47E1-B7C7-F418211E3530}) (Version: 1.3.00.06110 - Sony Corporation)
VAIO - PMB VAIO Edition plug-in (VAIO Movie Story) (HKLM-x32\...\InstallShield_{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}) (Version: 2.3.00.06180 - Sony Corporation)
VAIO Care (HKLM-x32\...\{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}) (Version: 6.4.2.11150 - Sony Corporation)
VAIO Care (x32 Version: 6.4.2.11150 - Sony Corporation) Hidden
VAIO Control Center (HKLM-x32\...\{72042FA6-5609-489F-A8EA-3C2DD650F667}) (Version: 4.3.0.05310 - Sony Corporation)
VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.4.0.05240 - Sony Corporation)
VAIO Data Restore Tool (x32 Version: 1.4.0.05240 - Sony Corporation) Hidden
VAIO DVD Menu Data (HKLM-x32\...\{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}) (Version: 2.2.00.05120 - Sony Corporation)
VAIO Gate (HKLM-x32\...\{A7C30414-2382-4086-B0D6-01A88ABA21C3}) (Version: 2.2.0.06080 - Sony Corporation)
VAIO Gate Default (HKLM-x32\...\{B7546697-2A80-4256-A24B-1C33163F535B}) (Version: 2.2.0.07020 - Sony Corporation)
VAIO Hardware Diagnostics (x32 Version: 4.0.0.06230 - Sony Corporation) Hidden
VAIO Manual (HKLM-x32\...\{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}) (Version: 1.1.0.05280 - Sony Corporation)
VAIO Media plus (HKLM-x32\...\{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}) (Version: 2.1.0.18210 - Sony Corporation)
VAIO Media plus (Version: 2.1.0 - Sony Corporation) Hidden
VAIO Media plus (x32 Version: 2.1.0.18210 - Sony Corporation) Hidden
VAIO Media plus Opening Movie (HKLM-x32\...\{9238E8A4-BEBA-43A3-B926-769BDBF194C5}) (Version: 2.1.0.13220 - Sony Corporation)
VAIO Movie Story Template Data (HKLM-x32\...\InstallShield_{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}) (Version: 2.3.00
-
VAIO Movie Story Template Data (x32 Version: 2.3.00.06040 - Sony Corporation) Hidden
VAIO Sample Contents (HKLM-x32\...\{547C9EB4-4CA6-402F-9D1B-8BD30DC71E44}) (Version: 1.3.0.06041 - Sony Corporation)
VAIO screensaver (HKLM-x32\...\VAIO screensaver) (Version: 1.0.0.0 - Sony Europe)
VAIO Smart Network (HKLM-x32\...\{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}) (Version: 3.3.0.06080 - Sony Corporation)
VAIO Transfer Support (HKLM-x32\...\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}) (Version: 1.2.0.06230 - Sony Corporation)
VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 7.1.0.08060 - Sony Corporation)
VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.5600 - Broadcom Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
WOT for Internet Explorer (HKLM\...\{373B90E1-A28C-434C-92B6-7281AFA6115A}) (Version: 13.9.2.0 - WOT Services Oy)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {182A3D93-B564-469D-809A-B62BF0E8B57A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-13] (Google Inc.)
Task: {492DF654-8245-448F-8D38-776D0DB6A3AE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-13] (Google Inc.)
Task: {5237FB2F-2B2B-4ECB-B4E0-3FDDC90BE5AE} - System32\Tasks\SONY\Remote Keyboard with PlayStation 3\Remote Keyboard with PlayStation 3 => C:\Program Files\Sony\Remote Keyboard with PlayStation 3\VBTKBUtil.exe [2010-06-17] (Sony Corporation)
Task: {74442330-D7BA-4BEC-ADDD-597542BD9573} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2015-07-31] (Sony Corporation)
Task: {7FB4AA74-3926-4DCD-8FCA-3F1F6617052B} - System32\Tasks\SafeZone scheduled Autoupdate 1463228808 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-04-15] (Avast Software)
Task: {858D7B49-2F45-43D5-AAE5-D053144FD9E6} - System32\Tasks\SONY\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2010-06-08] (Sony Corporation)
Task: {901AB693-2BCF-4786-AF85-5CEC4904DFC0} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {9EB3ECCF-32DE-49C7-B118-8A780ED5809A} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCsystray.exe [2011-02-16] (Sony Corporation)
Task: {BFE9F4E9-E34D-455E-8886-5B1CFA165B00} - System32\Tasks\SONY\VAIO Gate\StartExecuteProxy => C:\Program Files\Sony\VAIO Gate\ExecutionProxy.exe [2010-06-08] (Sony Corporation)
Task: {D9956818-2282-48B0-B06B-44A02AE3B558} - System32\Tasks\SONY\VAIO Wallpaper Setting Tool\VAIO Wallpaper Setting Tool => C:\Program Files (x86)\Sony\VAIO Wallpaper Setting Tool\VWSet.exe
Task: {EAD2E789-88D3-4A48-8FD8-2B6CF698BEF5} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-05-14] (AVAST Software)
Task: {F2F98530-4BF4-4306-8B26-71D6DD733B44} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCOneClick.exe [2011-02-16] (Sony Corporation)
Task: {F70BA6D3-FA7A-478D-8B64-AA0416104BBC} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2015-08-06] (Sony Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2016-05-13 21:54 - 2011-02-25 17:14 - 00297472 _____ () C:\Program Files\Sony\VAIO Care\CRM\ManagedVAIORecoveryMedia.dll
2016-05-13 21:54 - 2011-02-25 17:14 - 00192000 _____ () C:\Program Files\Sony\VAIO Care\CRM\VAIORecovery.dll
2016-05-13 21:54 - 2011-02-25 17:14 - 00070656 _____ () C:\Program Files\Sony\VAIO Care\CRM\Logging.dll
2016-05-13 21:54 - 2011-02-25 17:14 - 00063488 _____ () C:\Program Files\Sony\VAIO Care\CRM\VAIOCommon.dll
2016-05-13 21:54 - 2011-02-25 17:14 - 00215040 _____ () C:\Program Files\Sony\VAIO Care\CRM\OsServices.dll
2016-05-13 21:54 - 2011-02-25 17:14 - 00043008 _____ () C:\Program Files\Sony\VAIO Care\CRM\PluginFactory.dll
2016-05-13 21:54 - 2011-02-25 17:14 - 00260608 _____ () C:\Program Files\Sony\VAIO Care\CRM\RecoveryPartitionManager.dll
2016-05-13 21:54 - 2011-02-25 17:14 - 00043520 _____ () C:\Program Files\Sony\VAIO Care\CRM\XMLTools.dll
2016-05-13 21:54 - 2011-02-25 17:14 - 00059904 _____ () C:\Program Files\Sony\VAIO Care\CRM\VAIOInstallAppsDrivers.dll
2016-05-13 21:54 - 2011-02-25 17:14 - 00157696 _____ () C:\Program Files\Sony\VAIO Care\CRM\InstallDB.dll
2016-05-13 21:54 - 2011-02-25 17:14 - 00138752 _____ () C:\Program Files\Sony\VAIO Care\CRM\InstallationTools.dll
2016-05-13 21:54 - 2011-02-25 17:14 - 00025600 _____ () C:\Program Files\Sony\VAIO Care\CRM\VAIOUtility.dll
2016-05-14 13:22 - 2016-05-14 13:22 - 00123344 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-05-14 13:22 - 2016-05-14 13:22 - 00135816 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-05-14 13:26 - 2016-05-14 13:26 - 02906112 _____ () C:\Program Files\AVAST Software\Avast\defs\16051401\algo.dll
2016-05-14 13:22 - 2016-05-14 13:22 - 00309912 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll
2016-05-14 13:22 - 2016-05-14 13:22 - 00479680 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-05-13 21:05 - 2010-05-31 19:18 - 00013824 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESBasePS.dll
2016-05-13 21:05 - 2010-05-31 19:18 - 00013312 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSubPS.dll
2016-05-14 13:22 - 2016-05-14 13:22 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-05-14 09:04 - 2016-05-14 09:04 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\818c5277bd028fb9cb78a30e3720eb0f\IsdiInterop.ni.dll
2010-07-26 20:01 - 2010-03-04 04:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2016-05-13 21:12 - 2010-04-26 18:13 - 00111600 _____ () C:\Program Files (x86)\Google\Chrome\Application\4.1.249.1064\rlz.dll
2016-05-13 21:12 - 2010-04-26 18:12 - 01112560 _____ () C:\Program Files (x86)\Google\Chrome\Application\4.1.249.1064\avcodec-52.dll
2016-05-13 21:12 - 2010-04-26 18:12 - 00061424 _____ () C:\Program Files (x86)\Google\Chrome\Application\4.1.249.1064\avutil-50.dll
2016-05-13 21:12 - 2010-04-26 18:12 - 00135152 _____ () C:\Program Files (x86)\Google\Chrome\Application\4.1.249.1064\avformat-52.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-482867837-3682723445-3421049626-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Home\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
-
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
MSCONFIG\startupreg: NvCplDaemon => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: PMBVolumeWatcher => c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
MSCONFIG\startupreg: RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{D2B096E4-FA27-4B0F-9FA7-7322D7908FBB}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{1F235716-9286-4E96-8889-4E5E4C1F1765}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{E926BDEB-B0AB-4103-81E4-39377A07E8D1}] => (Allow) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\AdobePhotoshopElementsMediaServer.exe
FirewallRules: [{8285423B-F8C3-417D-93C6-CC99B2205086}] => (Allow) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\AdobePhotoshopElementsMediaServer.exe
FirewallRules: [{D0F19215-930F-4CB0-A355-B188C93E83C6}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{1CD4E7D7-69BB-4602-B113-72911DAB9E54}] => (Allow) svchost.exe
FirewallRules: [{085AC12C-77CA-4E2E-8604-337D935F1826}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{6A6A89D4-9B19-4EC4-AD86-0C353D066C9E}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{52BF6BC7-B8F9-48C7-A937-D2A7E1218FB4}] => (Allow) LPort=2869
FirewallRules: [{115EB7C4-6C90-450A-B4EE-DD2E8E77A856}] => (Allow) LPort=1900
FirewallRules: [{8535BB8D-50EE-43A3-831D-A3997EDF0F67}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
==================== Restore Points =========================
13-05-2016 21:37:25 Windows Update
13-05-2016 21:44:41 Removed VAIO Update 5
13-05-2016 21:45:10 Installed VAIO Update
13-05-2016 21:46:36 Removed VAIO Update
13-05-2016 21:46:55 Installed VAIO Update
13-05-2016 21:54:14 Removed VAIO Care
13-05-2016 21:54:37 Installed VAIO Care
13-05-2016 22:20:20 Installed WOT for Internet Explorer
13-05-2016 22:28:35 Windows Update
14-05-2016 01:12:38 Windows Update
14-05-2016 01:21:05 Windows Update
14-05-2016 02:07:28 Windows Update
14-05-2016 02:51:13 Windows Update
14-05-2016 13:31:56 ASU_MSI_TRAN
14-05-2016 14:11:26 Removed Norton Online Backup
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (05/14/2016 02:11:53 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -1032.
Error: (05/14/2016 02:11:53 PM) (Source: ESENT) (EventID: 490) (User: )
Description: Catalog Database (1124) Catalog Database: An attempt to open the file "C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).
Error: (05/14/2016 01:54:19 PM) (Source: McLogEvent) (EventID: 5022) (User: NT AUTHORITY)
Description: 1
Error: (05/14/2016 01:54:19 PM) (Source: McLogEvent) (EventID: 5004) (User: NT AUTHORITY)
Description: 0x7eThe specified module could not be found.
Error: (05/14/2016 01:54:19 PM) (Source: McLogEvent) (EventID: 5022) (User: NT AUTHORITY)
Description: 1
Error: (05/14/2016 01:54:19 PM) (Source: McLogEvent) (EventID: 5004) (User: NT AUTHORITY)
Description: 0x7eThe specified module could not be found.
Error: (05/14/2016 02:49:37 AM) (Source: MsiInstaller) (EventID: 10005) (User: Home-VAIO)
Description: Product: WOT for Internet Explorer -- WOT requires Internet Explorer 6.0 or later. Please upgrade.
Error: (05/14/2016 02:47:50 AM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail (1800) WindowsMail0: The backup has been stopped because it was halted by the client or the connection with the client failed.
Error: (05/14/2016 02:44:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: VESMgr.exe, version: 5.3.0.5310, time stamp: 0x4c0315bd
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x750a6cc4
Faulting process id: 0xfe4
Faulting application start time: 0xVESMgr.exe0
Faulting application path: VESMgr.exe1
Faulting module path: VESMgr.exe2
Report Id: VESMgr.exe3
Error: (05/14/2016 02:44:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LMS.exe, version: 6.0.30.1211, time stamp: 0x4b844bc6
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x750a6cc4
Faulting process id: 0xd54
Faulting application start time: 0xLMS.exe0
Faulting application path: LMS.exe1
Faulting module path: LMS.exe2
Report Id: LMS.exe3
System errors:
=============
Error: (05/14/2016 02:04:10 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {51FA2736-5DEE-11D4-98E8-006008BF430C}
Error: (05/14/2016 12:57:10 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
Error: (05/14/2016 03:42:18 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.
Error: (05/14/2016 03:41:26 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {51FA2736-5DEE-11D4-98E8-006008BF430C}
Error: (05/14/2016 03:31:15 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {51FA2736-5DEE-11D4-98E8-006008BF430C}
Error: (05/14/2016 02:44:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel(R) Management and Security Application Local Management Service service failed to start due to the following error:
%%109
Error: (05/14/2016 02:44:41 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The VAIO Event Service service failed to start due to the following error:
%%109
Error: (05/14/2016 02:44:38 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The VCService service terminated unexpectedly. It has done this 1 time(s).
Error: (05/14/2016 02:44:38 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The VAIO Event Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 3000 milliseconds: Restart the service.
Error: (05/14/2016 02:44:38 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Intel(R) Management and Security Application Local Management Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz
Percentage of memory in use: 71%
Total physical RAM: 2798.08 MB
Available physical RAM: 800.96 MB
Total Virtual: 5594.35 MB
Available Virtual: 2943.17 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:452.7 GB) (Free:416.49 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 1D1BF807)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=452.7 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
-
-
Forgot to mention windows updates have stopped working, it done some updates at first then it would just search for updates, continually searching....
-
Please, observe following rules:
- Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
- If you're stuck, or you're not sure about certain step, always ask before doing anything else.
- Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
- Never run more than one scan at a time.
- Keep updating me regarding your computer behavior, good, or bad.
- The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
- If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
- I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
================================
http://dev.discussions.virtualdr.forums.relay.cool/ Download RogueKiller from one of the following links and save it to your Desktop:
Link 1
Link 2
- Close all the running programs
- Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
- Otherwise just double-click on RogueKiller.exe
- Pre-scan will start. Let it finish.
- Click on SCAN button.
- Wait until the Status box shows Scan Finished
- Click on Delete.
- Wait until the Status box shows Deleting Finished.
- Click on Report and copy/paste the content of the Notepad into your next reply.
- RKreport.txt could also be found on your desktop.
- If more than one log is produced post all logs.
- If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
http://dev.discussions.virtualdr.forums.relay.cool/ Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.
- Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
- At the end, be sure a checkmark is placed next to the following:
- Launch Malwarebytes Anti-Malware
- A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
- Click Finish.
- On the Dashboard, click the 'Update Now >>' link
- After the update completes, click the 'Scan Now >>' button.
- Or, on the Dashboard, click the Scan Now >> button.
- If an update is available, click the Update Now button.
- A Threat Scan will begin.
- When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
- In most cases, a restart will be required.
- Wait for the prompt to restart the computer to appear, then click on Yes.
If you already have MBAM 2.0 installed:
- On the Dashboard, click the 'Update Now >>' link
- After the update completes, click the 'Scan Now >>' button.
- Or, on the Dashboard, click the Scan Now >> button.
- If an update is available, click the Update Now button.
- A Threat Scan will begin.
- When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
- In most cases, a restart will be required.
- Wait for the prompt to restart the computer to appear, then click on Yes.
How to get logs:
(Export log to save as txt)
- After the restart once you are back at your desktop, open MBAM once more.
- Click on the History tab > Application Logs.
- Double click on the Scan Log which shows the Date and time of the scan just performed.
- Click 'Export'.
- Click 'Text file (*.txt)'
- In the Save File dialog box which appears, click on Desktop.
- In the File name: box type a name for your scan log.
- A message box named 'File Saved' should appear stating "Your file has been successfully exported".
- Click Ok
- Attach that saved log to your next reply.
(Copy to clipboard for pasting into forum replies or tickets)
- After the restart once you are back at your desktop, open MBAM once more.
- Click on the History tab > Application Logs.
- Double click on the Scan Log which shows the Date and time of the scan just performed.
- Click 'Copy to Clipboard'
- Paste the contents of the clipboard into your reply.
http://dev.discussions.virtualdr.forums.relay.cool/ Please download AdwCleaner by Xplode onto your desktop.
- Close all open programs and internet browsers.
- Double click on adwcleaner.exe to run the tool.
- Click on Scan button.
- When the scan has finished click on Clean button.
- Your computer will be rebooted automatically. A text file will open after the restart.
- Please post the contents of that logfile with your next reply.
- You can find the logfile at C:\AdwCleaner[S1].txt as well.
http://dev.discussions.virtualdr.forums.relay.cool/ Please download Junkware Removal Tool to your desktop.
- Shut down your protection software now to avoid potential conflicts.
- Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
- The tool will open and start scanning your system.
- Please be patient as this can take a while to complete depending on your system's specifications.
- On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
- Post the contents of JRT.txt into your next message.
-
I'm having to post this from my laptop as when I try to post from the sony vaio the text box is greyed out, it wont let me type in it.
What should I do now as I cant post scan results from the sony vaio.
-
I copied scans from the sony vaio to a usb drive and will send them through my laptop.
RogueKiller V12.2.0.0 [May 10 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Home [Administrator]
Started from : C:\Users\Home\Desktop\RogueKiller.exe
Mode : Scan -- Date : 05/14/2016 23:09:30
¤¤¤ Processes : 0 ¤¤¤
¤¤¤ Registry : 0 ¤¤¤
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ Hosts File : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD5000AAKS-55V0A0 +++++
--- User ---
[MBR] 665a97274d01f84b71a3670ad61831a3
[BSP] c2b01bb41fba0d50855ae213547c391d : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 13278 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 27195392 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 27400192 | Size: 463560 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
-
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 15/05/2016
Scan Time: 00:01
Logfile: malwarebytes.txt
Administrator: Yes
Version: 2.2.1.1043
Malware Database: v2016.05.14.06
Rootkit Database: v2016.05.06.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Home
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 280658
Time Elapsed: 7 min, 56 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
-
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 7 Home Premium x64
Ran by Home (Administrator) on 15/05/2016 at 13:43:16.65
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 17
Successfully deleted: C:\ProgramData\esellerate (Folder)
Successfully deleted: C:\Users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DOFU4TJU (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L97BK6S0 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PYJGFM3Q (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VS0Z4UN2 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DOFU4TJU (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L97BK6S0 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PYJGFM3Q (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VS0Z4UN2 (Temporary Internet Files Folder)
Registry: 3
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15/05/2016 at 13:45:53.91
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
# AdwCleaner v5.116 - Logfile created 15/05/2016 at 00:16:54
# Updated 09/05/2016 by Xplode
# Database : 2016-05-13.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Home - HOME-VAIO
# Running from : C:\Users\Home\Desktop\adwcleaner_5.116.exe
# Option : Scan
# Support : http://toolslib.net/forum
***** [ Services ] *****
***** [ Folders ] *****
Folder Found : C:\ProgramData\Partner
Folder Found : C:\ProgramData\Application Data\Partner
***** [ Files ] *****
File Found : C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_avast.en.softonic.com_0.localstorage
File Found : C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_en.softonic.com_0.localstorage
File Found : C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_microsoft-security-essentials.en.softonic.com_0.localstorage
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
***** [ Registry ] *****
Key Found : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
***** [ Web browsers ] *****
[C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : avast.en.softonic.com
*************************
C:\AdwCleaner\AdwCleaner[S1].txt - [1571 bytes] - [15/05/2016 00:16:54]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1644 bytes] ##########
-
# AdwCleaner v5.116 - Logfile created 15/05/2016 at 00:19:49
# Updated 09/05/2016 by Xplode
# Database : 2016-05-13.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Home - HOME-VAIO
# Running from : C:\Users\Home\Desktop\adwcleaner_5.116.exe
# Option : Clean
# Support : http://toolslib.net/forum
***** [ Services ] *****
***** [ Folders ] *****
[-] Folder Deleted : C:\ProgramData\Partner
[#] Folder Deleted : C:\ProgramData\Application Data\Partner
***** [ Files ] *****
[-] File Deleted : C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_avast.en.softonic.com_0.localstorage
[-] File Deleted : C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_en.softonic.com_0.localstorage
[-] File Deleted : C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_microsoft-security-essentials.en.softonic.com_0.localstorage
***** [ DLLs ] *****
***** [ WMI ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
***** [ Registry ] *****
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
***** [ Web browsers ] *****
[-] [C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : avast.en.softonic.com
*************************
:: "Tracing" keys deleted
:: Winsock settings cleared
*************************
C:\AdwCleaner\AdwCleaner[C1].txt - [1714 bytes] - [15/05/2016 00:19:49]
C:\AdwCleaner\AdwCleaner[S1].txt - [1723 bytes] - [15/05/2016 00:16:54]
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1860 bytes] ##########
-
Please download ComboFix from Here, Here or Here to your Desktop.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
- Never rename Combofix unless instructed.
- Close any open browsers.
- Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
If the connection is not there use restore point you created prior to running Combofix. - Double click on combofix.exe & follow the prompts.
- NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- When finished, it will produce a report for you.
- Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.
Make sure, you re-enable your security programs, when you're done with Combofix.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
NOTE.
If, for some reason, Combofix refuses to run, try the following...
Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/
Restart computer in safe mode
- Double-click on the Rkill desktop icon to run the tool.
- If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
- A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
- If not, delete the file, then download and use the one provided in Link 2.
- Do not reboot until instructed.
- If the tool does not run from any of the links provided, please let me know.
When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.
IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
-
ComboFix 16-04-29.01 - Home 15/05/2016 21:52:13.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2798.636 [GMT 1:00]
Running from: c:\users\Home\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Home\Documents\RogueKiller.exe
c:\windows\msdownld.tmp
.
.
((((((((((((((((((((((((( Files Created from 2016-04-15 to 2016-05-15 )))))))))))))))))))))))))))))))
.
.
2016-05-15 20:58 . 2016-05-15 20:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-05-15 20:56 . 2016-05-15 20:56 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A0D6EA43-7B20-4AEC-883A-E10B0E4E46E1}\offreg.1412.dll
2016-05-14 23:16 . 2016-05-14 23:19 -------- d-----w- C:\AdwCleaner
2016-05-14 23:00 . 2016-05-15 13:55 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-05-14 23:00 . 2016-05-14 23:00 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2016-05-14 23:00 . 2016-05-14 23:00 -------- d-----w- c:\programdata\Malwarebytes
2016-05-14 23:00 . 2016-03-10 13:09 64896 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-05-14 23:00 . 2016-03-10 13:08 140672 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-05-14 23:00 . 2016-03-10 13:08 27008 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-05-14 22:55 . 2016-05-14 22:55 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A0D6EA43-7B20-4AEC-883A-E10B0E4E46E1}\offreg.4628.dll
2016-05-14 22:34 . 2016-05-14 22:34 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A0D6EA43-7B20-4AEC-883A-E10B0E4E46E1}\offreg.3316.dll
2016-05-14 22:23 . 2016-04-26 09:25 11695896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A0D6EA43-7B20-4AEC-883A-E10B0E4E46E1}\mpengine.dll
2016-05-14 21:58 . 2016-05-15 12:57 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-05-14 21:57 . 2016-05-14 22:25 -------- d-----w- c:\programdata\RogueKiller
2016-05-14 13:39 . 2016-05-14 13:41 -------- d-----w- C:\FRST
2016-05-14 12:33 . 2016-05-14 12:33 -------- d-----w- c:\program files (x86)\Common Files\Skype
2016-05-14 12:33 . 2016-05-14 12:33 -------- d-----r- c:\program files (x86)\Skype
2016-05-14 01:51 . 2014-05-14 16:23 44512 ----a-w- c:\windows\system32\wups2.dll
2016-05-14 01:39 . 2016-05-14 01:39 -------- d-----w- c:\program files\Microsoft Silverlight
2016-05-14 01:39 . 2016-05-14 01:39 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2016-05-14 01:17 . 2016-05-14 01:17 -------- d-----w- c:\windows\system32\SPReview
2016-05-14 01:17 . 2016-05-14 01:17 -------- d-----w- c:\windows\system32\EventProviders
2016-05-14 01:02 . 2010-11-20 13:33 189824 ----a-w- c:\windows\system32\drivers\storport.sys
2016-05-14 01:01 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll
2016-05-14 01:01 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\wdscore.dll
2016-05-14 01:01 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll
2016-05-14 01:01 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll
2016-05-14 01:01 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2016-05-14 00:35 . 2016-05-14 00:35 -------- d-----w- c:\windows\en
2016-05-14 00:35 . 2016-05-14 00:35 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2016-05-14 00:13 . 2016-05-14 00:13 -------- d-----w- c:\program files (x86)\Microsoft.NET
2016-05-14 00:03 . 2016-05-14 00:03 -------- d-----w- c:\programdata\CyberLink
2016-05-14 00:02 . 2016-05-14 00:02 -------- d--h--w- c:\programdata\ArcSoft
2016-05-13 21:29 . 2016-05-13 21:40 -------- d-----w- c:\windows\system32\MRT
2016-05-13 21:26 . 2011-08-30 05:25 14173184 ----a-w- c:\windows\system32\shell32.dll
2016-05-13 21:26 . 2011-04-09 07:02 5562240 ----a-w- c:\windows\system32\ntoskrnl.exe
2016-05-13 21:26 . 2011-04-09 06:02 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2016-05-13 21:26 . 2011-04-09 06:02 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2016-05-13 21:25 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2016-05-13 21:25 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2016-05-13 21:20 . 2016-05-13 21:20 -------- d-----w- c:\program files\WOT
2016-05-13 21:20 . 2016-05-13 21:20 -------- d-----w- c:\program files (x86)\WOT
2016-05-13 20:56 . 2016-05-13 20:47 -------- d-----w- c:\program files\Sony
2016-05-13 20:44 . 2016-05-13 20:57 -------- d-----w- C:\Update
2016-05-13 20:37 . 2016-05-13 20:38 -------- d-----w- c:\windows\SysWow64\VAIO Startup Setting Tool
2016-05-13 20:37 . 2016-05-13 20:39 -------- d-----w- c:\users\Home
2016-05-13 20:30 . 2016-05-13 20:30 -------- d-----w- c:\program files (x86)\CyberLink
2016-05-13 20:29 . 2016-05-14 00:34 -------- d-----w- c:\program files\Windows Live
2016-05-13 20:29 . 2006-11-29 12:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll
2016-05-13 20:29 . 2006-11-29 12:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll
2016-05-13 20:28 . 2016-05-14 00:35 -------- d-----w- c:\program files (x86)\Windows Live
2016-05-13 20:28 . 2016-05-13 20:28 -------- d-----w- c:\windows\PCHEALTH
2016-05-13 20:27 . 2016-05-13 20:27 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2016-05-13 20:26 . 2016-05-13 20:26 -------- d-----w- C:\VAIO Sample Contents
2016-05-13 20:24 . 2016-05-13 20:25 -------- d-----w- C:\Temp
2016-05-13 20:23 . 2016-05-13 20:23 455680 ----a-w- c:\windows\system32\deployJava1.dll
2016-05-13 20:23 . 2016-05-13 20:23 182784 ----a-w- c:\windows\system32\javaws.exe
2016-05-13 20:23 . 2016-05-13 20:23 165888 ----a-w- c:\windows\system32\javaw.exe
2016-05-13 20:23 . 2016-05-13 20:23 165888 ----a-w- c:\windows\system32\java.exe
2016-05-13 20:23 . 2016-05-13 20:23 -------- d-----w- c:\program files\Java
2016-05-13 20:23 . 2016-05-13 20:23 -------- d-----w- c:\program files (x86)\Common Files\Java
2016-05-13 20:23 . 2016-05-13 20:23 -------- d-----w- c:\program files (x86)\Java
2016-05-13 20:23 . 2010-01-14 16:02 98304 ----a-w- c:\windows\SysWow64\SonyVideoProcessor.dll
2016-05-13 20:23 . 2010-01-14 16:02 94720 ----a-w- c:\windows\system32\SonyVideoProcessor.dll
2016-05-13 20:23 . 2016-05-14 12:34 -------- d-----w- c:\programdata\Skype
2016-05-13 20:23 . 2016-05-13 20:23 -------- d-----w- c:\program files (x86)\VAIO screensavers
2016-05-13 20:18 . 2016-05-13 20:18 -------- d-----w- c:\program files (x86)\MSXML 4.0
2016-05-13 20:18 . 2007-07-19 17:14 5073256 ----a-w- c:\windows\system32\d3dx9_35.dll
2016-05-13 20:18 . 2006-03-31 11:41 3927248 ----a-w- c:\windows\system32\d3dx9_30.dll
2016-05-13 20:18 . 2016-05-13 20:18 -------- d-----w- c:\program files (x86)\Symantec
2016-05-13 20:15 . 2010-06-03 20:54 5789544 ----a-w- c:\programdata\Microsoft\OEMOffice14\Office14\SingleImage.WW\osetup.dll
2016-05-13 20:14 . 2009-09-04 16:44 73544 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2016-05-13 20:12 . 2003-03-18 21:14 499712 ----a-r- c:\windows\SysWow64\msvcp71.dll
2016-05-13 20:12 . 2003-02-21 03:42 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2016-05-13 20:12 . 1995-07-31 12:44 212480 ----a-w- c:\windows\SysWow64\PCDLIB32.DLL
2016-05-13 20:12 . 2016-05-13 20:27 -------- d-----w- c:\program files (x86)\ArcSoft
2016-05-13 20:12 . 2016-05-13 20:12 -------- d-----w- c:\program files (x86)\Common Files\ArcSoft
2016-05-13 20:12 . 2009-05-26 13:32 19968 ----a-w- c:\windows\system32\drivers\ArcSoftKsUFilter.sys
2016-05-13 20:12 . 2008-09-04 16:06 55808 ----a-w- c:\windows\system\ArcSoftKsUFilter.dll
2016-05-13 20:12 . 2016-05-14 00:08 -------- d-----w- c:\program files\Google
2016-05-13 20:05 . 2016-05-14 12:31 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2016-05-13 20:05 . 2016-05-13 20:05 -------- d-----w- C:\Documentation
2016-05-13 20:05 . 2016-05-13 20:05 -------- d-----w- C:\_FS_SWRINFO
2016-05-13 20:05 . 2016-05-13 20:30 -------- d-----w- c:\program files (x86)\Sony
2016-05-13 20:04 . 2016-05-13 20:05 -------- d-----w- c:\windows\Sonysys
2016-05-13 20:03 . 2016-05-13 20:14 -------- d-----w- c:\program files (x86)\Common Files\Sony Shared
2016-05-13 20:03 . 2016-05-13 20:13 -------- d-----w- c:\program files\Common Files\Sony Shared
2016-05-13 20:02 . 2016-05-13 20:02 -------- d-----w- c:\program files (x86)\Common Files\postureAgent
2016-05-13 20:01 . 2010-06-30 20:03 21544 ----a-w- c:\windows\system32\drivers\btwrchid.sys
2016-05-13 20:01 . 2010-06-30 20:03 342056 ----a-w- c:\windows\system32\drivers\btwampfl.sys
2016-05-13 20:01 . 2010-06-30 20:03 135720 ----a-w- c:\windows\system32\drivers\btwavdt.sys
2016-05-13 20:01 . 2010-06-30 20:03 102952 ----a-w- c:\windows\system32\drivers\btwaudio.sys
2016-05-13 20:01 . 2010-06-30 20:02 39464 ----a-w- c:\windows\system32\drivers\btwl2cap.sys
2016-05-13 20:01 . 2016-05-13 20:01 -------- d-----w- c:\program files\WIDCOMM
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-05-14 01:22 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2016-05-14 01:22 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2016-05-13 23:44 . 2010-06-24 10:33 24800 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2016-05-13 20:55 . 2016-05-13 20:55 2560 ----a-w- c:\windows\SysWow64\drivers\en-US\qwavedrv.sys.mui
2016-05-13 20:55 . 2016-05-13 20:55 25600 ----a-w- c:\windows\SysWow64\drivers\en-US\bfe.dll.mui
2016-05-13 20:55 . 2016-05-13 20:55 15360 ----a-w- c:\windows\SysWow64\drivers\en-US\pacer.sys.mui
2016-05-13 20:54 . 2016-05-13 20:54 2560 ----a-w- c:\windows\SysWow64\drivers\en-US\scfilter.sys.mui
2016-05-13 20:54 . 2016-05-13 20:54 5632 ----a-w- c:\windows\SysWow64\drivers\en-US\ndiscap.sys.mui
2016-05-13 20:54 . 2016-05-13 20:54 44032 ----a-w- c:\windows\SysWow64\drivers\en-US\tcpip.sys.mui
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2016-05-14 7400576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [x]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [x]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [x]
R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe;c:\program files\Sony\VAIO Power Management\SPMService.exe [x]
R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [x]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [x]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [x]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [x]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys;c:\windows\SYSNATIVE\drivers\rimssne64.sys [x]
S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys;c:\windows\SYSNATIVE\drivers\risdsne64.sys [x]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe;c:\program files\Sony\VAIO Care\VCPerfService.exe [x]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe;c:\program files\Sony\VAIO Smart Network\VSNService.exe [x]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys;c:\windows\SYSNATIVE\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys;c:\windows\SYSNATIVE\DRIVERS\SFEP.sys [x]
S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe;c:\program files\Sony\VAIO Care\VCService.exe [x]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update\vuagent.exe;c:\program files\Sony\VAIO Update\vuagent.exe [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2016-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2016-05-13 20:12]
.
2016-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2016-05-13 20:12]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2016-05-14 12:22 920784 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SVEE&bmod=SVEE
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-482867837-3682723445-3421049626-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-482867837-3682723445-3421049626-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2016-05-15 22:00:56
ComboFix-quarantined-files.txt 2016-05-15 21:00
.
Pre-Run: 445,310,267,392 bytes free
Post-Run: 444,962,783,232 bytes free
.
- - End Of File - - 977140DA562860680869172F2680735E
