TheJudge6070
New Member
I've ran CCcleaner last week. I'll post everything up soon tonight
Is a solid state drive worth it?
- Thread starter TheJudge6070
- Start date
TheJudge6070
New Member
From the combofix add-remove folder
Adobe Flash Player 17 ActiveX
Adobe Flash Player 17 NPAPI
Adobe Reader XI (11.0.10)
Adobe Refresh Manager
Adobe Shockwave Player 12.0
Application Manager for VAIO
ArcSoft Magic-i Visual Effects 2
ArcSoft WebCam Companion 4
Atheros WiFi Driver Installation
Avast Free Antivirus
Bing Bar
D3DX10
Dropbox
Elevated Installer
Garmin Express
Garmin Express Tray
Garmin VIRB Edit
Google Chrome
Google Earth
Google Update Helper
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Java 7 Update 76
Java 8 Update 40
Junk Mail filter update
Malwarebytes Anti-Malware version 2.1.4.1018
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft OneDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
Movie Maker
Mozilla Firefox 37.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSVCRT110
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2758694)
OOBE
Photo Common
Photo Gallery
Photobucket Backup
PMB
PMB VAIO Edition Guide
PMB VAIO Edition Plug-in
Qualcomm Atheros Direct Connect
Realtek PCIE Card Reader
Remote Keyboard
Remote Play with PlayStation 3
RuneScape Launcher 1.2.3
SeaTools for Windows
Security Update for Microsoft .NET Framework 4.5.2 (KB3037581)
SSLx86
SUABnR
swMSM
VAIO - Media Gallery
VAIO - PMB VAIO Edition Guide
VAIO - PMB VAIO Edition Plug-in
VAIO - Remote Keyboard
VAIO - Remote Play with PlayStation®3
VAIO Control Center
VAIO Data Restore Tool
VAIO Easy Connect
VAIO Event Service
VAIO Gate
VAIO Gate Default
VAIO Hardware Diagnostics
VAIO Health Report
VAIO Help and Support
VAIO Improvement
VAIO Manual
VAIO Messenger
VAIO Quick Web Access
VAIO Sample Contents
VAIO Satisfaction Survey.
VAIO Smart Network
VAIO Transfer Support
VAIO Update
VCCx86
Verizon Wireless Software Upgrade Assistant - Samsung(ar)
Verizon Wireless Software Utility Application for Android - Samsung
VESx86
VGClientX86
VIx86
VSNx86
VU5x86
VWSTx86
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Adobe Flash Player 17 ActiveX
Adobe Flash Player 17 NPAPI
Adobe Reader XI (11.0.10)
Adobe Refresh Manager
Adobe Shockwave Player 12.0
Application Manager for VAIO
ArcSoft Magic-i Visual Effects 2
ArcSoft WebCam Companion 4
Atheros WiFi Driver Installation
Avast Free Antivirus
Bing Bar
D3DX10
Dropbox
Elevated Installer
Garmin Express
Garmin Express Tray
Garmin VIRB Edit
Google Chrome
Google Earth
Google Update Helper
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Java 7 Update 76
Java 8 Update 40
Junk Mail filter update
Malwarebytes Anti-Malware version 2.1.4.1018
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft OneDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
Movie Maker
Mozilla Firefox 37.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSVCRT110
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2758694)
OOBE
Photo Common
Photo Gallery
Photobucket Backup
PMB
PMB VAIO Edition Guide
PMB VAIO Edition Plug-in
Qualcomm Atheros Direct Connect
Realtek PCIE Card Reader
Remote Keyboard
Remote Play with PlayStation 3
RuneScape Launcher 1.2.3
SeaTools for Windows
Security Update for Microsoft .NET Framework 4.5.2 (KB3037581)
SSLx86
SUABnR
swMSM
VAIO - Media Gallery
VAIO - PMB VAIO Edition Guide
VAIO - PMB VAIO Edition Plug-in
VAIO - Remote Keyboard
VAIO - Remote Play with PlayStation®3
VAIO Control Center
VAIO Data Restore Tool
VAIO Easy Connect
VAIO Event Service
VAIO Gate
VAIO Gate Default
VAIO Hardware Diagnostics
VAIO Health Report
VAIO Help and Support
VAIO Improvement
VAIO Manual
VAIO Messenger
VAIO Quick Web Access
VAIO Sample Contents
VAIO Satisfaction Survey.
VAIO Smart Network
VAIO Transfer Support
VAIO Update
VCCx86
Verizon Wireless Software Upgrade Assistant - Samsung(ar)
Verizon Wireless Software Utility Application for Android - Samsung
VESx86
VGClientX86
VIx86
VSNx86
VU5x86
VWSTx86
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
TheJudge6070
New Member
TDSKiller log is very long...wont let me post it all in one post but at the bottom it has
21:35:01.0804 0x0510 Scan finished
21:35:01.0804 0x0510 ============================================================
21:35:01.0804 0x064c Detected object count: 1
21:35:01.0804 0x064c Actual detected object count: 1
21:48:10.0151 0x064c ql2300 ( LockedFile.Multi.Generic ) - User select action: Quarantine
21:49:07.0513 0x0654 Deinitialize success
21:35:01.0804 0x0510 Scan finished
21:35:01.0804 0x0510 ============================================================
21:35:01.0804 0x064c Detected object count: 1
21:35:01.0804 0x064c Actual detected object count: 1
21:48:10.0151 0x064c ql2300 ( LockedFile.Multi.Generic ) - User select action: Quarantine
21:49:07.0513 0x0654 Deinitialize success
TheJudge6070
New Member
Just ran ccleaner again and tfc.
ccleaner cleared 1080 mb or so and tfc did like 68 mb
ccleaner cleared 1080 mb or so and tfc did like 68 mb
Ok, I'm not seeing too much out of the ordinary to be causing the number of processes or amount of memory to be used. It is a very high possibility that all the sony Vaio utilities running at boot up is the culprit in this case. I just disabled all the toshiba services on a laptop and the ram usage is lower by over 50 percent.
You have a couple fixes to run though.
1. 1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box
3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!
ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.
2.
Rerun OTL but this time copy and paste the following into the custom scans/fixes box at the bottom and click on the run fix button up top.
You also need to uninstall the following programs.
Java 7 Update 76
You have a couple fixes to run though.
1. 1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box
Code:
Reglock::
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!
ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.
2.
Rerun OTL but this time copy and paste the following into the custom scans/fixes box at the bottom and click on the run fix button up top.
Code:
:OTL
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value foundYou also need to uninstall the following programs.
Java 7 Update 76
TheJudge6070
New Member
Combofix log
ComboFix 15-04-16.01 - DerekH 04/21/2015 22:50:04.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4044.2088 [GMT -4:00]
Running from: c:\users\DerekH\Downloads\ComboFix.exe
Command switches used :: c:\users\DerekH\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2015-03-22 to 2015-04-22 )))))))))))))))))))))))))))))))
.
.
2015-04-22 03:02 . 2015-04-22 03:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-04-19 02:55 . 2015-04-19 02:55 -------- d-----w- C:\RegBackup
2015-04-19 02:42 . 2015-04-19 02:45 -------- d-----w- C:\AdwCleaner
2015-04-18 00:17 . 2015-04-22 02:57 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{73BB3546-EBAB-4CC3-BC8A-FC95599A7D67}\offreg.dll
2015-04-17 23:50 . 2015-04-17 23:50 -------- d-----w- c:\program files (x86)\Seagate
2015-04-17 23:29 . 2015-03-23 06:32 12002392 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{73BB3546-EBAB-4CC3-BC8A-FC95599A7D67}\mpengine.dll
2015-04-15 02:34 . 2015-03-25 03:24 98304 ----a-w- c:\windows\system32\wudriver.dll
2015-04-15 02:33 . 2015-03-23 03:25 726528 ----a-w- c:\windows\system32\generaltel.dll
2015-04-15 02:31 . 2015-02-25 03:18 754688 ----a-w- c:\windows\system32\drivers\http.sys
2015-04-15 02:30 . 2015-03-04 04:55 367552 ----a-w- c:\windows\system32\clfs.sys
2015-04-15 02:30 . 2015-03-04 04:41 79360 ----a-w- c:\windows\system32\clfsw32.dll
2015-04-15 02:30 . 2015-03-04 04:10 58880 ----a-w- c:\windows\SysWow64\clfsw32.dll
2015-04-12 05:39 . 2015-04-19 04:05 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-04-12 05:39 . 2015-04-12 05:39 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-04-12 05:39 . 2015-03-17 10:15 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-04-12 05:39 . 2015-03-17 10:15 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-04-12 05:39 . 2015-03-17 10:15 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-04-12 03:29 . 2015-04-12 03:29 364472 ----a-w- c:\windows\system32\aswBoot.exe
2015-04-12 03:29 . 2015-04-12 03:29 43112 ----a-w- c:\windows\avastSS.scr
2015-04-10 02:52 . 2015-04-10 02:52 -------- d-----w- c:\users\DerekH\AppData\Roaming\Photobucket
2015-04-10 02:51 . 2015-04-10 02:51 -------- d-----w- c:\program files (x86)\Photobucket Backup
2015-04-09 09:33 . 2015-04-09 09:33 -------- d-s---w- c:\windows\SysWow64\GWX
2015-04-09 09:33 . 2015-04-09 09:33 -------- d-s---w- c:\windows\system32\GWX
2015-04-08 23:06 . 2015-04-12 03:25 -------- d-----w- c:\program files\Carbonite
2015-04-03 01:22 . 2015-04-03 01:22 -------- d-----w- C:\TDSSKiller_Quarantine
2015-04-02 01:52 . 2015-04-02 01:52 -------- d-----w- c:\program files\CCleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-04-19 05:37 . 2013-03-20 01:18 128913832 ----a-w- c:\windows\system32\MRT.exe
2015-04-18 00:04 . 2013-02-14 20:53 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-04-18 00:04 . 2013-02-14 20:53 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-04-12 03:29 . 2014-04-22 00:29 29168 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-04-12 03:29 . 2014-04-22 00:29 136752 ----a-w- c:\windows\system32\drivers\aswStm.sys
2015-04-12 03:29 . 2013-03-04 02:15 65736 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-04-12 03:29 . 2013-03-04 02:15 271200 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-04-12 03:29 . 2013-02-14 19:41 442264 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-04-12 03:29 . 2013-02-14 19:41 88408 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-04-12 03:29 . 2013-02-14 19:41 93528 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-04-12 03:29 . 2013-02-14 19:41 1047320 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-03-17 04:56 . 2015-04-19 03:44 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-03-14 02:00 . 2015-03-09 02:25 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-03-11 01:29 . 2015-02-05 04:38 736952 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2015-03-11 01:26 . 2013-04-29 01:10 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2015-03-11 01:26 . 2013-04-29 01:09 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2015-03-11 01:26 . 2013-04-29 01:09 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2015-03-05 05:00 . 2013-04-29 01:10 736952 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2015-03-04 00:39 . 2015-02-16 18:35 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2015-02-28 21:49 . 2015-02-03 03:33 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2015-02-28 21:49 . 2015-02-03 03:32 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2015-02-26 03:25 . 2015-03-11 01:32 3204096 ----a-w- c:\windows\system32\win32k.sys
2015-02-24 08:17 . 2010-11-21 03:27 295552 ------w- c:\windows\system32\MpSigStub.exe
2015-02-20 04:41 . 2015-03-11 01:39 41984 ----a-w- c:\windows\system32\lpk.dll
2015-02-20 04:40 . 2015-03-11 01:39 100864 ----a-w- c:\windows\system32\fontsub.dll
2015-02-20 04:40 . 2015-03-11 01:39 14336 ----a-w- c:\windows\system32\dciman32.dll
2015-02-20 04:40 . 2015-03-11 01:39 46080 ----a-w- c:\windows\system32\atmlib.dll
2015-02-20 04:13 . 2015-03-11 01:39 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2015-02-20 04:13 . 2015-03-11 01:39 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2015-02-20 04:13 . 2015-03-11 01:39 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2015-02-20 04:12 . 2015-03-11 01:39 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2015-02-20 03:29 . 2015-03-11 01:39 372224 ----a-w- c:\windows\system32\atmfd.dll
2015-02-20 03:09 . 2015-03-11 01:39 299008 ----a-w- c:\windows\SysWow64\atmfd.dll
2015-02-13 05:22 . 2015-03-11 01:33 14177280 ----a-w- c:\windows\system32\shell32.dll
2015-02-04 16:23 . 2015-02-04 16:23 875688 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
2015-02-04 16:13 . 2015-02-04 16:13 869536 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2015-02-04 03:16 . 2015-03-11 01:32 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2015-02-04 02:54 . 2015-03-11 01:32 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2015-02-03 03:34 . 2015-03-11 01:38 693176 ----a-w- c:\windows\system32\winload.efi
2015-02-03 03:34 . 2015-03-11 01:38 94656 ----a-w- c:\windows\system32\drivers\mountmgr.sys
2015-02-03 03:33 . 2015-03-11 01:38 616360 ----a-w- c:\windows\system32\winresume.efi
2015-02-03 03:31 . 2015-03-11 01:39 14632960 ----a-w- c:\windows\system32\wmp.dll
2015-02-03 03:31 . 2015-03-11 01:38 782848 ----a-w- c:\windows\system32\wmdrmsdk.dll
2015-02-03 03:31 . 2015-03-11 01:38 229376 ----a-w- c:\windows\system32\wintrust.dll
2015-02-03 03:31 . 2015-03-11 01:32 1424896 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-02-03 03:31 . 2015-03-11 01:33 215552 ----a-w- c:\windows\system32\ubpm.dll
2015-02-03 03:31 . 2015-03-11 01:38 5120 ----a-w- c:\windows\system32\msdxm.ocx
2015-02-03 03:31 . 2015-03-11 01:38 5120 ----a-w- c:\windows\system32\dxmasf.dll
2015-02-03 03:31 . 2015-03-11 01:38 63488 ----a-w- c:\windows\system32\setbcdlocale.dll
2015-02-03 03:31 . 2015-03-11 01:38 1574400 ----a-w- c:\windows\system32\quartz.dll
2015-02-03 03:31 . 2015-03-11 01:38 500224 ----a-w- c:\windows\system32\AUDIOKSE.dll
2015-02-03 03:31 . 2015-03-11 01:38 371712 ----a-w- c:\windows\system32\qdvd.dll
2015-02-03 03:31 . 2015-03-11 01:38 188416 ----a-w- c:\windows\system32\pcasvc.dll
2015-02-03 03:31 . 2015-03-11 01:38 37376 ----a-w- c:\windows\system32\pcadm.dll
2015-02-03 03:31 . 2015-03-11 01:38 9728 ----a-w- c:\windows\system32\spwmp.dll
2015-02-03 03:31 . 2015-03-11 01:38 641024 ----a-w- c:\windows\system32\msscp.dll
2015-02-03 03:31 . 2015-03-11 01:38 325632 ----a-w- c:\windows\system32\msnetobj.dll
2015-02-03 03:31 . 2015-03-11 01:38 11264 ----a-w- c:\windows\system32\msmmsp.dll
2015-02-03 03:31 . 2015-03-11 01:38 432128 ----a-w- c:\windows\system32\mfplat.dll
2015-02-03 03:31 . 2015-03-11 01:38 4121600 ----a-w- c:\windows\system32\mf.dll
2015-02-03 03:31 . 2015-03-11 01:38 206848 ----a-w- c:\windows\system32\mfps.dll
2015-02-03 03:30 . 2015-03-11 01:38 631808 ----a-w- c:\windows\system32\evr.dll
2015-02-03 03:30 . 2015-03-11 01:38 284672 ----a-w- c:\windows\system32\EncDump.dll
2015-02-03 03:30 . 2015-03-11 01:39 1202176 ----a-w- c:\windows\system32\drmv2clt.dll
2015-02-03 03:30 . 2015-03-11 01:38 497664 ----a-w- c:\windows\system32\drmmgrtn.dll
2015-02-03 03:30 . 2015-03-11 01:38 1480192 ----a-w- c:\windows\system32\crypt32.dll
2015-02-03 03:30 . 2015-03-11 01:38 1069056 ----a-w- c:\windows\system32\cryptui.dll
2015-02-03 03:30 . 2015-03-11 01:38 82432 ----a-w- c:\windows\system32\cryptsp.dll
2015-02-03 03:30 . 2015-03-11 01:38 140288 ----a-w- c:\windows\system32\cryptnet.dll
2015-02-03 03:30 . 2015-03-11 01:38 187904 ----a-w- c:\windows\system32\cryptsvc.dll
2015-02-03 03:30 . 2015-03-11 01:39 842240 ----a-w- c:\windows\system32\blackbox.dll
2015-02-03 03:30 . 2015-03-11 01:38 680960 ----a-w- c:\windows\system32\audiosrv.dll
2015-02-03 03:30 . 2015-03-11 01:38 296448 ----a-w- c:\windows\system32\AudioSes.dll
2015-02-03 03:30 . 2015-03-11 01:38 440832 ----a-w- c:\windows\system32\AudioEng.dll
2015-02-03 03:30 . 2015-03-11 01:38 32256 ----a-w- c:\windows\system32\appidsvc.dll
2015-02-03 03:30 . 2015-03-11 01:38 58880 ----a-w- c:\windows\system32\appidapi.dll
2015-02-03 03:30 . 2015-03-11 01:38 55808 ----a-w- c:\windows\system32\rrinstaller.exe
2015-02-03 03:30 . 2015-03-11 01:38 11264 ----a-w- c:\windows\system32\pcawrk.exe
2015-02-03 03:30 . 2015-03-11 01:38 9728 ----a-w- c:\windows\system32\pcalua.exe
2015-02-03 03:30 . 2015-03-11 01:38 24576 ----a-w- c:\windows\system32\mfpmp.exe
2015-02-03 03:30 . 2015-03-11 01:38 126464 ----a-w- c:\windows\system32\audiodg.exe
2015-02-03 03:30 . 2015-03-11 01:38 146944 ----a-w- c:\windows\system32\appidpolicyconverter.exe
2015-02-03 03:30 . 2015-03-11 01:38 17920 ----a-w- c:\windows\system32\appidcertstorecheck.exe
2015-02-03 03:30 . 2015-03-11 01:38 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2015-02-03 03:29 . 2015-03-11 01:38 8704 ----a-w- c:\windows\system32\pcaevts.dll
2015-02-03 03:28 . 2015-03-11 01:37 2048 ----a-w- c:\windows\system32\mferror.dll
2015-02-03 03:19 . 2015-03-11 01:38 663552 ----a-w- c:\windows\system32\drivers\PEAuth.sys
2015-02-03 03:12 . 2015-03-11 01:38 617984 ----a-w- c:\windows\SysWow64\wmdrmsdk.dll
2015-02-03 03:12 . 2015-03-11 01:38 179200 ----a-w- c:\windows\SysWow64\wintrust.dll
2015-02-03 03:12 . 2015-03-11 01:32 1230848 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2015-02-03 03:12 . 2015-03-11 01:33 171520 ----a-w- c:\windows\SysWow64\ubpm.dll
2015-02-03 03:12 . 2015-03-11 01:38 4096 ----a-w- c:\windows\SysWow64\msdxm.ocx
2015-02-03 03:12 . 2015-03-11 01:38 4096 ----a-w- c:\windows\SysWow64\dxmasf.dll
2015-02-03 03:12 . 2015-03-11 01:38 1329664 ----a-w- c:\windows\SysWow64\quartz.dll
2015-02-03 03:12 . 2015-03-11 01:38 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
2015-02-03 03:12 . 2015-03-11 01:38 442880 ----a-w- c:\windows\SysWow64\AUDIOKSE.dll
2015-02-03 03:12 . 2015-03-11 01:38 8192 ----a-w- c:\windows\SysWow64\spwmp.dll
2015-02-03 03:12 . 2015-03-11 01:38 504320 ----a-w- c:\windows\SysWow64\msscp.dll
2015-02-03 03:12 . 2015-03-11 01:38 265216 ----a-w- c:\windows\SysWow64\msnetobj.dll
2015-02-03 03:12 . 2015-03-11 01:38 3209728 ----a-w- c:\windows\SysWow64\mf.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2013-07-04 . 700BD5A6AA5381D1D8ADC4045149DBF6 . 530432 . . [5.82] .. c:\windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7601.22376_none_3bee2a494f8638cf\comctl32.dll
[7] 2013-07-04 . 700BD5A6AA5381D1D8ADC4045149DBF6 . 530432 . . [5.82] .. c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.22376_none_ee67d2d082b9f619\comctl32.dll
[-] 2013-07-04 . 1C4DFD75F73B849F6A77EB0D20ECF39C . 530432 . . [5.82] .. c:\windows\SysWOW64\comctl32.dll
[-] 2013-07-04 . 1C4DFD75F73B849F6A77EB0D20ECF39C . 530432 . . [5.82] .. c:\windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7601.18201_none_3bab3b80363456bb\comctl32.dll
[7] 2013-07-04 . 75F5E1FE8D55CF8E577E0EC5F2290D3F . 530432 . . [5.82] .. c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_ec80f00e8593ece5\comctl32.dll
[7] 2010-11-21 . BDAC1AA64495D0F7E1FF810EBBF1F018 . 530432 . . [5.82] .. c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
[7] 2010-11-21 . BDAC1AA64495D0F7E1FF810EBBF1F018 . 530432 . . [5.82] .. c:\windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7601.17514_none_3ba388ec36399c85\comctl32.dll
[7] 2010-11-21 . 352B3DC62A0D259A82A052238425C872 . 1680896 . . [5.82] .. c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2015-04-10 02:14 329376 ----a-w- c:\users\DerekH\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2015-04-10 02:14 329376 ----a-w- c:\users\DerekH\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2015-04-10 02:14 329376 ----a-w- c:\users\DerekH\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\DerekH\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\DerekH\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\DerekH\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe" [2015-01-28 688984]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-03-13 7451928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-27 648032]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2011-02-15 2757312]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-09-14 283160]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-04-12 5512912]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 1022152]
"Photobucket Backup"="c:\program files (x86)\Photobucket Backup\Photobucket.App.exe" [2013-04-09 320000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"20150107"="c:\program files\AVAST Software\Avast\setup\emupdate\eef099a9-18b3-4439-91ee-cfd240bb73c4.exe" [2015-04-22 183232]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-7-16 988712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 bcbtums;Bluetooth USB LD Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
R3 btwampfl;btwampfl;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
R3 DCDhcpService;DCDhcpService;c:\program files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe;c:\program files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1y60x64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USER_ESRV_SVC;User Energy Server Service;c:\program files\Sony\VAIO Care\ESRV\esrv_svc.exe;c:\program files\Sony\VAIO Care\ESRV\esrv_svc.exe [x]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 BcmBtRSupport;Bluetooth Driver Management Service;c:\windows\system32\BtwRSupportService.exe;c:\windows\SYSNATIVE\BtwRSupportService.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 ESRV_SVC;Energy Server Service;c:\program files\Sony\VAIO Care\ESRV\esrv_svc.exe --AUTO_START --start --address 127.0.0.1;c:\program files\Sony\VAIO Care\ESRV\esrv_svc.exe --AUTO_START --start --address 127.0.0.1 [x]
S2 Garmin Core Update Service;Garmin Core Update Service;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [x]
S2 SampleCollector;Intel(R) System Behavior Tracker Collector Service;c:\program files\Sony\VAIO Care\VCPerfService.exe;c:\program files\Sony\VAIO Care\VCPerfService.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [x]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [x]
S2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [x]
S2 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [x]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe;c:\program files\Sony\VAIO Smart Network\VSNService.exe [x]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys;c:\windows\SYSNATIVE\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 semav6thermal64ro;semav6thermal64ro;c:\windows\system32\drivers\semav6thermal64ro.sys;c:\windows\SYSNATIVE\drivers\semav6thermal64ro.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys;c:\windows\SYSNATIVE\DRIVERS\SFEP.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [x]
S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe;c:\program files\Sony\VAIO Care\VCService.exe [x]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update\VUAgent.exe;c:\program files\Sony\VAIO Update\VUAgent.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-04-17 23:28 988488 ----a-w- c:\program files (x86)\Google\Chrome\Application\42.0.2311.90\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-04-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-14 00:04]
.
2015-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-14 03:15]
.
2015-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-14 03:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2015-04-10 02:14 358056 ----a-w- c:\users\DerekH\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2015-04-10 02:14 358056 ----a-w- c:\users\DerekH\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2015-04-10 02:14 358056 ----a-w- c:\users\DerekH\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-04-12 03:29 722400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\DerekH\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\DerekH\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\DerekH\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\DerekH\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-08 416024]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-08 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-08 392472]
"Apoint"="c:\program files (x86)\Apoint\Apoint.exe" [BU]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2015-02-03 557768]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mDefault_Page_URL = hxxp://www.google.com
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\DerekH\AppData\Roaming\Mozilla\Firefox\Profiles\b18a3kfd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search
FF - prefs.js: browser.search.selectedEngine - Yahoo!
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=10000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\%C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1157162323-2987086346-848721498-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1157162323-2987086346-848721498-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.17"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-04-21 23:07:13
ComboFix-quarantined-files.txt 2015-04-22 03:07
ComboFix2.txt 2015-04-20 02:29
.
Pre-Run: 378,792,189,952 bytes free
Post-Run: 379,244,056,576 bytes free
.
- - End Of File - - 6BCABF6BF15FB8D9B29BA3004BD4B50B
ComboFix 15-04-16.01 - DerekH 04/21/2015 22:50:04.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4044.2088 [GMT -4:00]
Running from: c:\users\DerekH\Downloads\ComboFix.exe
Command switches used :: c:\users\DerekH\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2015-03-22 to 2015-04-22 )))))))))))))))))))))))))))))))
.
.
2015-04-22 03:02 . 2015-04-22 03:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-04-19 02:55 . 2015-04-19 02:55 -------- d-----w- C:\RegBackup
2015-04-19 02:42 . 2015-04-19 02:45 -------- d-----w- C:\AdwCleaner
2015-04-18 00:17 . 2015-04-22 02:57 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{73BB3546-EBAB-4CC3-BC8A-FC95599A7D67}\offreg.dll
2015-04-17 23:50 . 2015-04-17 23:50 -------- d-----w- c:\program files (x86)\Seagate
2015-04-17 23:29 . 2015-03-23 06:32 12002392 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{73BB3546-EBAB-4CC3-BC8A-FC95599A7D67}\mpengine.dll
2015-04-15 02:34 . 2015-03-25 03:24 98304 ----a-w- c:\windows\system32\wudriver.dll
2015-04-15 02:33 . 2015-03-23 03:25 726528 ----a-w- c:\windows\system32\generaltel.dll
2015-04-15 02:31 . 2015-02-25 03:18 754688 ----a-w- c:\windows\system32\drivers\http.sys
2015-04-15 02:30 . 2015-03-04 04:55 367552 ----a-w- c:\windows\system32\clfs.sys
2015-04-15 02:30 . 2015-03-04 04:41 79360 ----a-w- c:\windows\system32\clfsw32.dll
2015-04-15 02:30 . 2015-03-04 04:10 58880 ----a-w- c:\windows\SysWow64\clfsw32.dll
2015-04-12 05:39 . 2015-04-19 04:05 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-04-12 05:39 . 2015-04-12 05:39 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-04-12 05:39 . 2015-03-17 10:15 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-04-12 05:39 . 2015-03-17 10:15 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-04-12 05:39 . 2015-03-17 10:15 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-04-12 03:29 . 2015-04-12 03:29 364472 ----a-w- c:\windows\system32\aswBoot.exe
2015-04-12 03:29 . 2015-04-12 03:29 43112 ----a-w- c:\windows\avastSS.scr
2015-04-10 02:52 . 2015-04-10 02:52 -------- d-----w- c:\users\DerekH\AppData\Roaming\Photobucket
2015-04-10 02:51 . 2015-04-10 02:51 -------- d-----w- c:\program files (x86)\Photobucket Backup
2015-04-09 09:33 . 2015-04-09 09:33 -------- d-s---w- c:\windows\SysWow64\GWX
2015-04-09 09:33 . 2015-04-09 09:33 -------- d-s---w- c:\windows\system32\GWX
2015-04-08 23:06 . 2015-04-12 03:25 -------- d-----w- c:\program files\Carbonite
2015-04-03 01:22 . 2015-04-03 01:22 -------- d-----w- C:\TDSSKiller_Quarantine
2015-04-02 01:52 . 2015-04-02 01:52 -------- d-----w- c:\program files\CCleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-04-19 05:37 . 2013-03-20 01:18 128913832 ----a-w- c:\windows\system32\MRT.exe
2015-04-18 00:04 . 2013-02-14 20:53 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-04-18 00:04 . 2013-02-14 20:53 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-04-12 03:29 . 2014-04-22 00:29 29168 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-04-12 03:29 . 2014-04-22 00:29 136752 ----a-w- c:\windows\system32\drivers\aswStm.sys
2015-04-12 03:29 . 2013-03-04 02:15 65736 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-04-12 03:29 . 2013-03-04 02:15 271200 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-04-12 03:29 . 2013-02-14 19:41 442264 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-04-12 03:29 . 2013-02-14 19:41 88408 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-04-12 03:29 . 2013-02-14 19:41 93528 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-04-12 03:29 . 2013-02-14 19:41 1047320 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-03-17 04:56 . 2015-04-19 03:44 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-03-14 02:00 . 2015-03-09 02:25 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-03-11 01:29 . 2015-02-05 04:38 736952 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2015-03-11 01:26 . 2013-04-29 01:10 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2015-03-11 01:26 . 2013-04-29 01:09 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2015-03-11 01:26 . 2013-04-29 01:09 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2015-03-05 05:00 . 2013-04-29 01:10 736952 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2015-03-04 00:39 . 2015-02-16 18:35 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2015-02-28 21:49 . 2015-02-03 03:33 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2015-02-28 21:49 . 2015-02-03 03:32 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2015-02-26 03:25 . 2015-03-11 01:32 3204096 ----a-w- c:\windows\system32\win32k.sys
2015-02-24 08:17 . 2010-11-21 03:27 295552 ------w- c:\windows\system32\MpSigStub.exe
2015-02-20 04:41 . 2015-03-11 01:39 41984 ----a-w- c:\windows\system32\lpk.dll
2015-02-20 04:40 . 2015-03-11 01:39 100864 ----a-w- c:\windows\system32\fontsub.dll
2015-02-20 04:40 . 2015-03-11 01:39 14336 ----a-w- c:\windows\system32\dciman32.dll
2015-02-20 04:40 . 2015-03-11 01:39 46080 ----a-w- c:\windows\system32\atmlib.dll
2015-02-20 04:13 . 2015-03-11 01:39 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2015-02-20 04:13 . 2015-03-11 01:39 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2015-02-20 04:13 . 2015-03-11 01:39 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2015-02-20 04:12 . 2015-03-11 01:39 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2015-02-20 03:29 . 2015-03-11 01:39 372224 ----a-w- c:\windows\system32\atmfd.dll
2015-02-20 03:09 . 2015-03-11 01:39 299008 ----a-w- c:\windows\SysWow64\atmfd.dll
2015-02-13 05:22 . 2015-03-11 01:33 14177280 ----a-w- c:\windows\system32\shell32.dll
2015-02-04 16:23 . 2015-02-04 16:23 875688 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
2015-02-04 16:13 . 2015-02-04 16:13 869536 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2015-02-04 03:16 . 2015-03-11 01:32 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2015-02-04 02:54 . 2015-03-11 01:32 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2015-02-03 03:34 . 2015-03-11 01:38 693176 ----a-w- c:\windows\system32\winload.efi
2015-02-03 03:34 . 2015-03-11 01:38 94656 ----a-w- c:\windows\system32\drivers\mountmgr.sys
2015-02-03 03:33 . 2015-03-11 01:38 616360 ----a-w- c:\windows\system32\winresume.efi
2015-02-03 03:31 . 2015-03-11 01:39 14632960 ----a-w- c:\windows\system32\wmp.dll
2015-02-03 03:31 . 2015-03-11 01:38 782848 ----a-w- c:\windows\system32\wmdrmsdk.dll
2015-02-03 03:31 . 2015-03-11 01:38 229376 ----a-w- c:\windows\system32\wintrust.dll
2015-02-03 03:31 . 2015-03-11 01:32 1424896 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-02-03 03:31 . 2015-03-11 01:33 215552 ----a-w- c:\windows\system32\ubpm.dll
2015-02-03 03:31 . 2015-03-11 01:38 5120 ----a-w- c:\windows\system32\msdxm.ocx
2015-02-03 03:31 . 2015-03-11 01:38 5120 ----a-w- c:\windows\system32\dxmasf.dll
2015-02-03 03:31 . 2015-03-11 01:38 63488 ----a-w- c:\windows\system32\setbcdlocale.dll
2015-02-03 03:31 . 2015-03-11 01:38 1574400 ----a-w- c:\windows\system32\quartz.dll
2015-02-03 03:31 . 2015-03-11 01:38 500224 ----a-w- c:\windows\system32\AUDIOKSE.dll
2015-02-03 03:31 . 2015-03-11 01:38 371712 ----a-w- c:\windows\system32\qdvd.dll
2015-02-03 03:31 . 2015-03-11 01:38 188416 ----a-w- c:\windows\system32\pcasvc.dll
2015-02-03 03:31 . 2015-03-11 01:38 37376 ----a-w- c:\windows\system32\pcadm.dll
2015-02-03 03:31 . 2015-03-11 01:38 9728 ----a-w- c:\windows\system32\spwmp.dll
2015-02-03 03:31 . 2015-03-11 01:38 641024 ----a-w- c:\windows\system32\msscp.dll
2015-02-03 03:31 . 2015-03-11 01:38 325632 ----a-w- c:\windows\system32\msnetobj.dll
2015-02-03 03:31 . 2015-03-11 01:38 11264 ----a-w- c:\windows\system32\msmmsp.dll
2015-02-03 03:31 . 2015-03-11 01:38 432128 ----a-w- c:\windows\system32\mfplat.dll
2015-02-03 03:31 . 2015-03-11 01:38 4121600 ----a-w- c:\windows\system32\mf.dll
2015-02-03 03:31 . 2015-03-11 01:38 206848 ----a-w- c:\windows\system32\mfps.dll
2015-02-03 03:30 . 2015-03-11 01:38 631808 ----a-w- c:\windows\system32\evr.dll
2015-02-03 03:30 . 2015-03-11 01:38 284672 ----a-w- c:\windows\system32\EncDump.dll
2015-02-03 03:30 . 2015-03-11 01:39 1202176 ----a-w- c:\windows\system32\drmv2clt.dll
2015-02-03 03:30 . 2015-03-11 01:38 497664 ----a-w- c:\windows\system32\drmmgrtn.dll
2015-02-03 03:30 . 2015-03-11 01:38 1480192 ----a-w- c:\windows\system32\crypt32.dll
2015-02-03 03:30 . 2015-03-11 01:38 1069056 ----a-w- c:\windows\system32\cryptui.dll
2015-02-03 03:30 . 2015-03-11 01:38 82432 ----a-w- c:\windows\system32\cryptsp.dll
2015-02-03 03:30 . 2015-03-11 01:38 140288 ----a-w- c:\windows\system32\cryptnet.dll
2015-02-03 03:30 . 2015-03-11 01:38 187904 ----a-w- c:\windows\system32\cryptsvc.dll
2015-02-03 03:30 . 2015-03-11 01:39 842240 ----a-w- c:\windows\system32\blackbox.dll
2015-02-03 03:30 . 2015-03-11 01:38 680960 ----a-w- c:\windows\system32\audiosrv.dll
2015-02-03 03:30 . 2015-03-11 01:38 296448 ----a-w- c:\windows\system32\AudioSes.dll
2015-02-03 03:30 . 2015-03-11 01:38 440832 ----a-w- c:\windows\system32\AudioEng.dll
2015-02-03 03:30 . 2015-03-11 01:38 32256 ----a-w- c:\windows\system32\appidsvc.dll
2015-02-03 03:30 . 2015-03-11 01:38 58880 ----a-w- c:\windows\system32\appidapi.dll
2015-02-03 03:30 . 2015-03-11 01:38 55808 ----a-w- c:\windows\system32\rrinstaller.exe
2015-02-03 03:30 . 2015-03-11 01:38 11264 ----a-w- c:\windows\system32\pcawrk.exe
2015-02-03 03:30 . 2015-03-11 01:38 9728 ----a-w- c:\windows\system32\pcalua.exe
2015-02-03 03:30 . 2015-03-11 01:38 24576 ----a-w- c:\windows\system32\mfpmp.exe
2015-02-03 03:30 . 2015-03-11 01:38 126464 ----a-w- c:\windows\system32\audiodg.exe
2015-02-03 03:30 . 2015-03-11 01:38 146944 ----a-w- c:\windows\system32\appidpolicyconverter.exe
2015-02-03 03:30 . 2015-03-11 01:38 17920 ----a-w- c:\windows\system32\appidcertstorecheck.exe
2015-02-03 03:30 . 2015-03-11 01:38 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2015-02-03 03:29 . 2015-03-11 01:38 8704 ----a-w- c:\windows\system32\pcaevts.dll
2015-02-03 03:28 . 2015-03-11 01:37 2048 ----a-w- c:\windows\system32\mferror.dll
2015-02-03 03:19 . 2015-03-11 01:38 663552 ----a-w- c:\windows\system32\drivers\PEAuth.sys
2015-02-03 03:12 . 2015-03-11 01:38 617984 ----a-w- c:\windows\SysWow64\wmdrmsdk.dll
2015-02-03 03:12 . 2015-03-11 01:38 179200 ----a-w- c:\windows\SysWow64\wintrust.dll
2015-02-03 03:12 . 2015-03-11 01:32 1230848 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2015-02-03 03:12 . 2015-03-11 01:33 171520 ----a-w- c:\windows\SysWow64\ubpm.dll
2015-02-03 03:12 . 2015-03-11 01:38 4096 ----a-w- c:\windows\SysWow64\msdxm.ocx
2015-02-03 03:12 . 2015-03-11 01:38 4096 ----a-w- c:\windows\SysWow64\dxmasf.dll
2015-02-03 03:12 . 2015-03-11 01:38 1329664 ----a-w- c:\windows\SysWow64\quartz.dll
2015-02-03 03:12 . 2015-03-11 01:38 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
2015-02-03 03:12 . 2015-03-11 01:38 442880 ----a-w- c:\windows\SysWow64\AUDIOKSE.dll
2015-02-03 03:12 . 2015-03-11 01:38 8192 ----a-w- c:\windows\SysWow64\spwmp.dll
2015-02-03 03:12 . 2015-03-11 01:38 504320 ----a-w- c:\windows\SysWow64\msscp.dll
2015-02-03 03:12 . 2015-03-11 01:38 265216 ----a-w- c:\windows\SysWow64\msnetobj.dll
2015-02-03 03:12 . 2015-03-11 01:38 3209728 ----a-w- c:\windows\SysWow64\mf.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2013-07-04 . 700BD5A6AA5381D1D8ADC4045149DBF6 . 530432 . . [5.82] .. c:\windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7601.22376_none_3bee2a494f8638cf\comctl32.dll
[7] 2013-07-04 . 700BD5A6AA5381D1D8ADC4045149DBF6 . 530432 . . [5.82] .. c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.22376_none_ee67d2d082b9f619\comctl32.dll
[-] 2013-07-04 . 1C4DFD75F73B849F6A77EB0D20ECF39C . 530432 . . [5.82] .. c:\windows\SysWOW64\comctl32.dll
[-] 2013-07-04 . 1C4DFD75F73B849F6A77EB0D20ECF39C . 530432 . . [5.82] .. c:\windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7601.18201_none_3bab3b80363456bb\comctl32.dll
[7] 2013-07-04 . 75F5E1FE8D55CF8E577E0EC5F2290D3F . 530432 . . [5.82] .. c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_ec80f00e8593ece5\comctl32.dll
[7] 2010-11-21 . BDAC1AA64495D0F7E1FF810EBBF1F018 . 530432 . . [5.82] .. c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
[7] 2010-11-21 . BDAC1AA64495D0F7E1FF810EBBF1F018 . 530432 . . [5.82] .. c:\windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7601.17514_none_3ba388ec36399c85\comctl32.dll
[7] 2010-11-21 . 352B3DC62A0D259A82A052238425C872 . 1680896 . . [5.82] .. c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2015-04-10 02:14 329376 ----a-w- c:\users\DerekH\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2015-04-10 02:14 329376 ----a-w- c:\users\DerekH\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2015-04-10 02:14 329376 ----a-w- c:\users\DerekH\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\DerekH\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\DerekH\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\DerekH\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe" [2015-01-28 688984]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-03-13 7451928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-27 648032]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2011-02-15 2757312]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-09-14 283160]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-04-12 5512912]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 1022152]
"Photobucket Backup"="c:\program files (x86)\Photobucket Backup\Photobucket.App.exe" [2013-04-09 320000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"20150107"="c:\program files\AVAST Software\Avast\setup\emupdate\eef099a9-18b3-4439-91ee-cfd240bb73c4.exe" [2015-04-22 183232]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-7-16 988712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 bcbtums;Bluetooth USB LD Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
R3 btwampfl;btwampfl;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
R3 DCDhcpService;DCDhcpService;c:\program files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe;c:\program files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1y60x64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USER_ESRV_SVC;User Energy Server Service;c:\program files\Sony\VAIO Care\ESRV\esrv_svc.exe;c:\program files\Sony\VAIO Care\ESRV\esrv_svc.exe [x]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 BcmBtRSupport;Bluetooth Driver Management Service;c:\windows\system32\BtwRSupportService.exe;c:\windows\SYSNATIVE\BtwRSupportService.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 ESRV_SVC;Energy Server Service;c:\program files\Sony\VAIO Care\ESRV\esrv_svc.exe --AUTO_START --start --address 127.0.0.1;c:\program files\Sony\VAIO Care\ESRV\esrv_svc.exe --AUTO_START --start --address 127.0.0.1 [x]
S2 Garmin Core Update Service;Garmin Core Update Service;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [x]
S2 SampleCollector;Intel(R) System Behavior Tracker Collector Service;c:\program files\Sony\VAIO Care\VCPerfService.exe;c:\program files\Sony\VAIO Care\VCPerfService.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [x]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [x]
S2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [x]
S2 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [x]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe;c:\program files\Sony\VAIO Smart Network\VSNService.exe [x]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys;c:\windows\SYSNATIVE\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 semav6thermal64ro;semav6thermal64ro;c:\windows\system32\drivers\semav6thermal64ro.sys;c:\windows\SYSNATIVE\drivers\semav6thermal64ro.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys;c:\windows\SYSNATIVE\DRIVERS\SFEP.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [x]
S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe;c:\program files\Sony\VAIO Care\VCService.exe [x]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update\VUAgent.exe;c:\program files\Sony\VAIO Update\VUAgent.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-04-17 23:28 988488 ----a-w- c:\program files (x86)\Google\Chrome\Application\42.0.2311.90\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-04-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-14 00:04]
.
2015-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-14 03:15]
.
2015-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-14 03:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2015-04-10 02:14 358056 ----a-w- c:\users\DerekH\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2015-04-10 02:14 358056 ----a-w- c:\users\DerekH\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2015-04-10 02:14 358056 ----a-w- c:\users\DerekH\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-04-12 03:29 722400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\DerekH\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\DerekH\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\DerekH\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\DerekH\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-08 416024]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-08 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-08 392472]
"Apoint"="c:\program files (x86)\Apoint\Apoint.exe" [BU]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2015-02-03 557768]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mDefault_Page_URL = hxxp://www.google.com
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\DerekH\AppData\Roaming\Mozilla\Firefox\Profiles\b18a3kfd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search
FF - prefs.js: browser.search.selectedEngine - Yahoo!
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=10000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\%C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1157162323-2987086346-848721498-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1157162323-2987086346-848721498-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.17"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-04-21 23:07:13
ComboFix-quarantined-files.txt 2015-04-22 03:07
ComboFix2.txt 2015-04-20 02:29
.
Pre-Run: 378,792,189,952 bytes free
Post-Run: 379,244,056,576 bytes free
.
- - End Of File - - 6BCABF6BF15FB8D9B29BA3004BD4B50B
TheJudge6070
New Member
OTL LOG
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
OTL by OldTimer - Version 3.2.69.0 log created on 04212015_231248
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
OTL by OldTimer - Version 3.2.69.0 log created on 04212015_231248
TheJudge6070
New Member
Well I got the SSD in. I didn't get a Usb to Seda adapter yet.
I got some of my files on my flash drive and some cds.
Is it possible later to get the rest of my stuff from the hard drive and load it on to my ssd? if so I'm going to order the adapter but just wanted to go ahead and use my ssd.
I got some of my files on my flash drive and some cds.
Is it possible later to get the rest of my stuff from the hard drive and load it on to my ssd? if so I'm going to order the adapter but just wanted to go ahead and use my ssd.
TheJudge6070
New Member
It's doing better. Thanks alot john. I owe you lunch.
TheJudge6070
New Member
Installed the SSD but once it boots up it comes to "operating system not found".
What now?
What now?
TheJudge6070
New Member
I've pressed f2 and is at another screen now..has like main, security, boot, exit drop boxes
Install the OS.
TheJudge6070
New Member
Where is it located at?
Either a CD or ISO that you have (I'm guessing you probably don't have one of these). When you removed the HDD that's where your Windows installation was, therefore you need to install Windows onto the SSD as well. It's not integrated into some other component.
What version of Windows do you have a serial for?
You may be able to download an ISO here:
http://www.microsoft.com/en-us/software-recovery
TheJudge6070
New Member
Windows 7
TheJudge6070
New Member
Well I found where I can make a system repair disc in my control panel
TheJudge6070
New Member
I think it's recovery but it says I need the system image cd.
Trying to do it with a 4.7 gb cd.
It says it possibly will need 112 gb free.
I started to copy the system image but it says
The back up failed.
Windows backup failed to create the shared protection point on the source volumes. (0x8078006B)
Additional information
the shadow copy provider had an error. Check the system and application event logs for more information. (0x80042306)
What could be doing this?
Trying to do it with a 4.7 gb cd.
It says it possibly will need 112 gb free.
I started to copy the system image but it says
The back up failed.
Windows backup failed to create the shared protection point on the source volumes. (0x8078006B)
Additional information
the shadow copy provider had an error. Check the system and application event logs for more information. (0x80042306)
What could be doing this?