Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Thumbs opening, Many BSOD


  • This topic is locked This topic is locked
74 replies to this topic

#1 Notsoanonymous

Notsoanonymous

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:19 AM

Posted 17 September 2012 - 07:00 PM

Hello,
I have this annoying problem which i'm sure, is a virus (kinda think about a rootkit). About 5 days ago, my AVG popped up and told me i had a virus in my appdata/roaming folder called compatibleSxs.exe. I clicked put in quarantine and then poop my laptop started doing a earkiller sound and went in BSOD. Long story short, i booted in safe mode, got my hands on the compatiblesxs file and uploaded it to virustotal here were the results : 4 out of 42 antiviruses found something :
McAfee-GW-Edition Heuristic.BehavesLike.Win32.Downloader.A
ESET-NOD32 a variant of Win32/Injector.WHK
AntiVir TR/Dropper.Gen
TheHacker Posible_Worm32

so i deleted the file and though everything was over. I scanned my computer with malwarebytes in safe mode and normal mode (and with AVG too after) and had nthing so i though i was ok. About 2 hours ago, i came back home and started browsing the net with firefox when i noticed that random pages were opening in my thumbs. How to fix this? For now, random thumbs are not opening anymore, they were mostly fake google pages and blank pages (i have adblock plus so maybe they were blocked), but i still have a lot of BSOD.

I have a 64bits windows installation so there's no GMER log,
Here is the DDS.txt log file :

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by Samuel at 19:47:38 on 2012-09-17
Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.2.1036.18.8162.6479 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Steam\steam.exe
C:\Users\Samuel\Local Settings\Apps\F.lux\flux.exe
C:\Program Files\StartKiller\StartKiller.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Program Files (x86)\Stardock\ObjectDockPlus2\ObjectDock.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Users\Samuel\AppData\Roaming\SupportService\SupportService.exe
C:\Users\Samuel\AppData\Roaming\SupportService\SupportService.exe
C:\Program Files (x86)\Stardock\ObjectDockPlus2\Dock64.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Sony\VAIO Care\VCPerfService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
C:\Program Files\Sony\VAIO Improvement\vim.exe
C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
C:\Program Files\Sony\VAIO Improvement\vim.exe
C:\Program Files\Sony\VAIO Care\VCService.exe
C:\Program Files\Sony\VAIO Care\VCAgent.exe
C:\Windows\System32\vds.exe
C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
C:\Program Files\Sony\VAIO Care\VCAdmin.exe
C:\Users\Samuel\AppData\Roaming\Mozilla\Firefox\Profiles\bnb8rs5v.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}\components\afom.exe
C:\Program Files (x86)\Stardock\ObjectDockPlus2\ObjectDockTray.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://sony.msn.com
uDefault_Page_URL = hxxp://sony.msn.com
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: Programme d'aide de l'Assistant de connexion Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [SupportService] C:\Users\Samuel\AppData\Roaming\SupportService\SupportService.exe
uRun: [F.lux] "C:\Users\Samuel\Local Settings\Apps\F.lux\flux.exe" /noshow
uRun: [Start Killer] C:\Program Files\StartKiller\StartKiller.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
StartupFolder: C:\Users\Samuel\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files (x86)\Rainmeter\Rainmeter.exe
StartupFolder: C:\Users\Samuel\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\STARDO~1.LNK - C:\Program Files (x86)\Stardock\ObjectDockPlus2\ObjectDock.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
LSP: %SystemRoot%\system32\vsocklib.dll
TCP: Interfaces\{97F1F661-F99C-4413-A32D-67425BF6D633} : DhcpNameServer = 192.168.2.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun-x64: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Samuel\AppData\Roaming\Mozilla\Firefox\Profiles\bnb8rs5v.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 iusb3hcs;Pilote de commutateur de contrôleur d'hôte Intel® USB 3.0;C:\Windows\system32\DRIVERS\iusb3hcs.sys --> C:\Windows\system32\DRIVERS\iusb3hcs.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2012-1-19 106144]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-8-13 5167736]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 BstHdDrv;BlueStacks Hypervisor;C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2012-8-16 74616]
R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [2012-8-16 384888]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-6-27 13592]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-6-27 2429544]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448]
R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-6-27 121344]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-6-27 161560]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-11 399432]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [2012-2-21 473960]
R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2011-11-30 260768]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-6-27 363800]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-8-29 846448]
R2 VMwareHostd;VMware Workstation Server;C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2012-6-9 11839488]
R2 VSNService;VSNService;C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2012-6-27 978056]
R2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2012-1-19 158880]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys --> C:\Windows\system32\DRIVERS\btath_bus.sys [?]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R3 iusb3hub;Pilote de concentrateur Intel® USB 3.0;C:\Windows\system32\DRIVERS\iusb3hub.sys --> C:\Windows\system32\DRIVERS\iusb3hub.sys [?]
R3 iusb3xhc;Pilote du contrôleur d'hôte extensible Intel® USB 3.0;C:\Windows\system32\DRIVERS\iusb3xhc.sys --> C:\Windows\system32\DRIVERS\iusb3xhc.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MEIx64;Intel® Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\DRIVERS\SFEP.sys --> C:\Windows\system32\DRIVERS\SFEP.sys [?]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
R3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2012-5-29 54464]
R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update Common\VUAgent.exe [2012-1-13 1259104]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 BstHdAndroidSvc;BlueStacks Android Service;C:\Program Files (x86)\BlueStacks\HD-Service.exe [2012-8-16 397176]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-11 676936]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-27 250056]
S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys --> C:\Windows\system32\DRIVERS\btath_flt.sys [?]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys --> C:\Windows\system32\drivers\btath_a2dp.sys [?]
S3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\system32\drivers\btath_avdt.sys --> C:\Windows\system32\drivers\btath_avdt.sys [?]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys --> C:\Windows\system32\DRIVERS\btath_hcrp.sys [?]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys --> C:\Windows\system32\DRIVERS\btath_lwflt.sys [?]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys --> C:\Windows\system32\DRIVERS\btath_rcp.sys [?]
S3 BTATH_VDP;Bluetooth VDP Driver;C:\Windows\system32\drivers\btath_vdp.sys --> C:\Windows\system32\drivers\btath_vdp.sys [?]
S3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys --> C:\Windows\system32\DRIVERS\btfilter.sys [?]
S3 DCDhcpService;DCDhcpService;C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [2012-6-27 112256]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y60x64.sys --> C:\Windows\system32\DRIVERS\e1y60x64.sys [?]
S3 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-6-27 2369960]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-27 114144]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
S3 SOHCImp;VAIO Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2012-1-6 138392]
S3 SOHDs;VAIO Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2012-1-6 74904]
S3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-12-1 289952]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2012-6-27 535688]
S3 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-12-29 960160]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-12-21 550128]
S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-12-21 382720]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-8-26 101600]
S3 WatAdminSvc;Service Windows Activation Technologies;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2012-6-27 14544]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-09-17 21:25:49 8199504 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-09-17 21:25:45 9310152 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8BA9FB1E-4FF6-467C-90E5-D6FE6EB723A7}\mpengine.dll
2012-09-17 21:24:26 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-09-17 21:24:26 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-09-17 02:25:29 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys
2012-09-17 01:21:32 -------- d-----w- C:\Program Files (x86)\ESET
2012-09-17 00:46:20 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-09-17 00:46:20 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
2012-09-17 00:46:19 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-09-17 00:46:19 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-09-17 00:46:18 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-09-17 00:46:18 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-09-17 00:46:18 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-09-10 01:32:44 -------- d-----w- C:\Users\Samuel\AppData\Roaming\.minecraft
2012-09-08 23:20:55 -------- d-----w- C:\bbLean
2012-09-07 02:44:25 -------- d-----w- C:\Program Files\StartKiller
2012-09-07 01:15:34 -------- d-----w- C:\Users\Samuel\AppData\Local\ODUI
2012-09-07 01:15:01 -------- d-----w- C:\Users\Samuel\AppData\Local\Stardock
2012-09-07 01:14:32 -------- d-----w- C:\Users\Samuel\AppData\Roaming\Stardock
2012-09-07 01:13:52 -------- dc-h--w- C:\ProgramData\{0F4A7EFE-5950-4389-BF36-1E625D72456B}
2012-09-07 01:13:52 -------- d-----w- C:\ProgramData\Stardock
2012-09-07 01:13:52 -------- d-----w- C:\Program Files (x86)\Common Files\Stardock
2012-09-07 01:13:42 -------- d-----w- C:\Users\Samuel\AppData\Local\PackageAware
2012-09-05 23:35:38 -------- d-----w- C:\Users\Samuel\AppData\Local\Nero_AG
2012-09-05 23:35:00 -------- d-----w- C:\Users\Samuel\AppData\Local\Nero
2012-09-05 23:33:03 -------- d-----w- C:\ProgramData\Nero
2012-09-04 22:04:20 -------- d-----w- C:\Users\Samuel\AppData\Local\Atheros
2012-09-04 02:17:38 -------- d-----w- C:\Users\Samuel\AppData\Local\Opera
2012-09-04 01:26:20 -------- d-----w- C:\Users\Samuel\AppData\Local\RockMelt
2012-09-03 17:18:03 -------- d--h--w- C:\Windows\msdownld.tmp
2012-09-03 17:18:02 -------- d-----w- C:\Windows\SysWow64\directx
2012-08-28 04:21:18 -------- d-----w- C:\Program Files (x86)\Stardock
2012-08-28 04:02:34 -------- d-----w- C:\Users\Samuel\AppData\Local\Microsoft Games
2012-08-28 04:01:30 -------- d-----w- C:\Program Files\Stardock
2012-08-28 04:01:13 898560 ----a-w- C:\Windows\System32\OobeFldr_backup_wti.dll
2012-08-28 04:01:13 2871808 ----a-w- C:\Windows\explorer_backup_wti.exe
2012-08-28 04:01:12 303216 ----a-w- C:\Windows\UTP.exe
2012-08-25 22:27:54 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-08-25 22:27:54 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-08-25 22:27:54 136704 ----a-w- C:\Windows\System32\browser.dll
2012-08-25 22:27:53 956928 ----a-w- C:\Windows\System32\localspl.dll
2012-08-25 22:26:53 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-08-25 03:05:47 -------- d-----w- C:\Users\Samuel\AppData\Local\Adobe
2012-08-24 19:43:16 384352 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2012-08-21 18:23:31 33856 ---ha-w- C:\Windows\System32\hamachi.sys
2012-08-21 18:23:22 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi
2012-08-21 04:47:19 -------- d-----w- C:\Users\Samuel\AppData\Local\LogMeIn Hamachi
2012-08-21 04:18:29 -------- d-----w- C:\Program Files (x86)\Microsoft XNA
2012-08-20 22:55:11 -------- d-----w- C:\ProgramData\dvdfab
2012-08-20 22:07:02 -------- d-----w- C:\Users\Samuel\AppData\Roaming\HandBrake
2012-08-19 22:38:05 -------- d-----w- C:\Program Files (x86)\BlueStacks
2012-08-19 22:32:56 -------- d-----w- C:\ProgramData\BlueStacksSetup
2012-08-19 22:32:56 -------- d-----w- C:\ProgramData\BlueStacks
.
==================== Find3M ====================
.
2012-09-07 21:04:46 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-08-28 04:46:17 20266496 ----a-w- C:\Windows\System32\imageres.dll
2012-08-28 04:01:14 2755072 ----a-w- C:\Windows\SysWow64\themeui.dll
2012-08-28 04:01:13 245760 ----a-w- C:\Windows\SysWow64\uxtheme.dll
2012-08-21 19:46:44 21840 ----atw- C:\Windows\SysWow64\SIntfNT.dll
2012-08-21 19:46:44 17212 ----atw- C:\Windows\SysWow64\SIntf32.dll
2012-08-21 19:46:44 12067 ----atw- C:\Windows\SysWow64\SIntf16.dll
2012-08-15 02:06:05 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-15 02:06:05 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-15 02:06:03 9826504 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-08-07 16:28:05 2829 ----a-w- C:\Windows\DIIUnin.pif
2012-08-07 16:28:05 102400 ----a-w- C:\Windows\DIIUnin.exe
2012-07-27 22:12:31 925184 ----a-w- C:\Windows\expstart.exe
2012-07-26 07:21:28 291680 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2012-07-06 02:06:30 772544 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-07-06 02:06:20 687544 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-27 22:21:34 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2012-06-27 16:08:31 353576 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2012-06-27 16:08:31 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll
2012-06-27 15:23:23 2560 ----a-w- C:\Windows\SysWow64\drivers\fr-FR\qwavedrv.sys.mui
2012-06-27 15:23:20 29696 ----a-w- C:\Windows\SysWow64\drivers\fr-FR\bfe.dll.mui
2012-06-27 15:23:20 15872 ----a-w- C:\Windows\SysWow64\drivers\fr-FR\pacer.sys.mui
2012-06-27 15:23:12 6144 ----a-w- C:\Windows\SysWow64\drivers\fr-FR\ndiscap.sys.mui
2012-06-27 15:23:12 2560 ----a-w- C:\Windows\SysWow64\drivers\fr-FR\scfilter.sys.mui
2012-06-27 15:23:11 49152 ----a-w- C:\Windows\SysWow64\drivers\fr-FR\tcpip.sys.mui
2012-06-27 15:13:52 627600 ----a-w- C:\Windows\System32\deployJava1.dll
2012-06-27 15:08:01 0 ----a-w- C:\Windows\ativpsrm.bin
2012-06-25 20:04:24 1394248 ----a-w- C:\Windows\SysWow64\msxml4.dll
.
============= FINISH: 19:48:12,18 ===============

Edited by Notsoanonymous, 17 September 2012 - 07:04 PM.


BC AdBot (Login to Remove)

 


#2 Notsoanonymous

Notsoanonymous
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:19 AM

Posted 18 September 2012 - 04:50 PM

I'm sorry i have uninstalled some stuff before knowing i SHOULD NOT.
Here is the UPDATED log and ATTACH file :

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by Samuel at 21:11:21 on 2012-09-18
Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.2.1036.18.8162.6217 [GMT -4:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Steam\steam.exe
C:\Users\Samuel\Local Settings\Apps\F.lux\flux.exe
C:\Program Files\StartKiller\StartKiller.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Program Files (x86)\Stardock\ObjectDockPlus2\ObjectDock.exe
C:\Windows\system32\taskeng.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\system32\DllHost.exe
C:\Users\Samuel\AppData\Roaming\SupportService\SupportService.exe
C:\Users\Samuel\AppData\Roaming\SupportService\SupportService.exe
C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
C:\Program Files (x86)\Stardock\ObjectDockPlus2\Dock64.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Samuel\AppData\Roaming\Mozilla\Firefox\Profiles\bnb8rs5v.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}\components\afom.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Sony\VAIO Care\VCPerfService.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Program Files\Sony\VAIO Improvement\vim.exe
C:\Program Files\Sony\VAIO Improvement\vim.exe
C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\explorer.exe
C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
C:\Program Files\Sony\VAIO Care\VCService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\foobar2000\foobar2000.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files (x86)\Stardock\ObjectDockPlus2\ObjectDockTray.exe
C:\Windows\system32\taskhost.exe
c:\program files (x86)\avira\antivir desktop\avscan.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://sony.msn.com
uDefault_Page_URL = hxxp://sony.msn.com
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: Programme d'aide de l'Assistant de connexion Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [SupportService] C:\Users\Samuel\AppData\Roaming\SupportService\SupportService.exe
uRun: [F.lux] "C:\Users\Samuel\Local Settings\Apps\F.lux\flux.exe" /noshow
uRun: [Start Killer] C:\Program Files\StartKiller\StartKiller.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
StartupFolder: C:\Users\Samuel\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files (x86)\Rainmeter\Rainmeter.exe
StartupFolder: C:\Users\Samuel\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\STARDO~1.LNK - C:\Program Files (x86)\Stardock\ObjectDockPlus2\ObjectDock.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16}
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
LSP: %SystemRoot%\system32\vsocklib.dll
TCP: Interfaces\{97F1F661-F99C-4413-A32D-67425BF6D633} : DhcpNameServer = 192.168.2.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun-x64: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun-x64: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Samuel\AppData\Roaming\Mozilla\Firefox\Profiles\bnb8rs5v.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Samuel\AppData\Roaming\Mozilla\Firefox\Profiles\bnb8rs5v.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Pilote de commutateur de contrôleur d'hôte Intel® USB 3.0;C:\Windows\system32\DRIVERS\iusb3hcs.sys --> C:\Windows\system32\DRIVERS\iusb3hcs.sys [?]
R1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AntiVirSchedulerService;Avira Planificateur;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-9-18 86224]
R2 AntiVirService;Avira Protection temps réel;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-9-18 110032]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2012-1-19 106144]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 BstHdDrv;BlueStacks Hypervisor;C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2012-8-16 74616]
R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [2012-8-16 384888]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-6-27 13592]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-6-27 2429544]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448]
R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-6-27 121344]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-6-27 161560]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-11 399432]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [2012-2-21 473960]
R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2011-11-30 260768]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-6-27 363800]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-8-29 846448]
R2 VMwareHostd;VMware Workstation Server;C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2012-6-9 11839488]
R2 VSNService;VSNService;C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2012-6-27 978056]
R2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2012-1-19 158880]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys --> C:\Windows\system32\DRIVERS\btath_bus.sys [?]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R3 iusb3hub;Pilote de concentrateur Intel® USB 3.0;C:\Windows\system32\DRIVERS\iusb3hub.sys --> C:\Windows\system32\DRIVERS\iusb3hub.sys [?]
R3 iusb3xhc;Pilote du contrôleur d'hôte extensible Intel® USB 3.0;C:\Windows\system32\DRIVERS\iusb3xhc.sys --> C:\Windows\system32\DRIVERS\iusb3xhc.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MEIx64;Intel® Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\DRIVERS\SFEP.sys --> C:\Windows\system32\DRIVERS\SFEP.sys [?]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
R3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2012-5-29 54464]
R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update Common\VUAgent.exe [2012-1-13 1259104]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 BstHdAndroidSvc;BlueStacks Android Service;C:\Program Files (x86)\BlueStacks\HD-Service.exe [2012-8-16 397176]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-11 676936]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-27 250056]
S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys --> C:\Windows\system32\DRIVERS\btath_flt.sys [?]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys --> C:\Windows\system32\drivers\btath_a2dp.sys [?]
S3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\system32\drivers\btath_avdt.sys --> C:\Windows\system32\drivers\btath_avdt.sys [?]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys --> C:\Windows\system32\DRIVERS\btath_hcrp.sys [?]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys --> C:\Windows\system32\DRIVERS\btath_lwflt.sys [?]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys --> C:\Windows\system32\DRIVERS\btath_rcp.sys [?]
S3 BTATH_VDP;Bluetooth VDP Driver;C:\Windows\system32\drivers\btath_vdp.sys --> C:\Windows\system32\drivers\btath_vdp.sys [?]
S3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys --> C:\Windows\system32\DRIVERS\btfilter.sys [?]
S3 DCDhcpService;DCDhcpService;C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [2012-6-27 112256]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y60x64.sys --> C:\Windows\system32\DRIVERS\e1y60x64.sys [?]
S3 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-6-27 2369960]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-27 114144]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
S3 SOHCImp;VAIO Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2012-1-6 138392]
S3 SOHDs;VAIO Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2012-1-6 74904]
S3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-12-1 289952]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2012-6-27 535688]
S3 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-12-29 960160]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-12-21 550128]
S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-12-21 382720]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-8-26 101600]
S3 WatAdminSvc;Service Windows Activation Technologies;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2012-6-27 14544]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-09-19 01:04:47 -------- d-----w- C:\ProgramData\WindSolutions
2012-09-19 01:04:14 -------- d-----w- C:\Users\Samuel\AppData\Roaming\WindSolutions
2012-09-18 23:36:57 -------- d-----w- C:\Users\Samuel\AppData\Roaming\QuickScan
2012-09-18 23:01:43 -------- d-----w- C:\Users\Samuel\AppData\Roaming\Avira
2012-09-18 22:54:46 98848 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2012-09-18 22:54:46 27760 ----a-w- C:\Windows\System32\drivers\avkmgr.sys
2012-09-18 22:54:43 -------- d-----w- C:\ProgramData\Avira
2012-09-18 22:54:43 -------- d-----w- C:\Program Files (x86)\Avira
2012-09-18 22:42:16 -------- d-----w- C:\ProgramData\RegRun
2012-09-18 22:42:12 2 --shatr- C:\Windows\winstart.bat
2012-09-17 21:25:49 8199504 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-09-17 21:25:45 9310152 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8BA9FB1E-4FF6-467C-90E5-D6FE6EB723A7}\mpengine.dll
2012-09-17 21:24:26 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-09-17 21:24:26 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-09-17 02:25:29 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys
2012-09-17 01:21:32 -------- d-----w- C:\Program Files (x86)\ESET
2012-09-17 00:46:20 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-09-17 00:46:20 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
2012-09-17 00:46:19 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-09-17 00:46:19 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-09-17 00:46:18 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-09-17 00:46:18 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-09-17 00:46:18 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-09-10 01:32:44 -------- d-----w- C:\Users\Samuel\AppData\Roaming\.minecraft
2012-09-08 23:20:55 -------- d-----w- C:\bbLean
2012-09-07 02:44:25 -------- d-----w- C:\Program Files\StartKiller
2012-09-07 01:15:34 -------- d-----w- C:\Users\Samuel\AppData\Local\ODUI
2012-09-07 01:15:01 -------- d-----w- C:\Users\Samuel\AppData\Local\Stardock
2012-09-07 01:14:32 -------- d-----w- C:\Users\Samuel\AppData\Roaming\Stardock
2012-09-07 01:13:52 -------- dc-h--w- C:\ProgramData\{0F4A7EFE-5950-4389-BF36-1E625D72456B}
2012-09-07 01:13:52 -------- d-----w- C:\ProgramData\Stardock
2012-09-07 01:13:52 -------- d-----w- C:\Program Files (x86)\Common Files\Stardock
2012-09-07 01:13:42 -------- d-----w- C:\Users\Samuel\AppData\Local\PackageAware
2012-09-05 23:35:38 -------- d-----w- C:\Users\Samuel\AppData\Local\Nero_AG
2012-09-05 23:35:00 -------- d-----w- C:\Users\Samuel\AppData\Local\Nero
2012-09-05 23:33:03 -------- d-----w- C:\ProgramData\Nero
2012-09-04 22:04:20 -------- d-----w- C:\Users\Samuel\AppData\Local\Atheros
2012-09-04 02:17:38 -------- d-----w- C:\Users\Samuel\AppData\Local\Opera
2012-09-04 01:26:20 -------- d-----w- C:\Users\Samuel\AppData\Local\RockMelt
2012-09-03 17:18:03 -------- d--h--w- C:\Windows\msdownld.tmp
2012-09-03 17:18:02 -------- d-----w- C:\Windows\SysWow64\directx
2012-08-28 04:21:18 -------- d-----w- C:\Program Files (x86)\Stardock
2012-08-28 04:02:34 -------- d-----w- C:\Users\Samuel\AppData\Local\Microsoft Games
2012-08-28 04:01:30 -------- d-----w- C:\Program Files\Stardock
2012-08-28 04:01:13 898560 ----a-w- C:\Windows\System32\OobeFldr_backup_wti.dll
2012-08-28 04:01:13 2871808 ----a-w- C:\Windows\explorer_backup_wti.exe
2012-08-28 04:01:12 303216 ----a-w- C:\Windows\UTP.exe
2012-08-25 22:27:54 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-08-25 22:27:54 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-08-25 22:27:54 136704 ----a-w- C:\Windows\System32\browser.dll
2012-08-25 22:27:53 956928 ----a-w- C:\Windows\System32\localspl.dll
2012-08-25 22:26:53 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-08-25 03:05:47 -------- d-----w- C:\Users\Samuel\AppData\Local\Adobe
2012-08-21 18:23:31 33856 ---ha-w- C:\Windows\System32\hamachi.sys
2012-08-21 18:23:22 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi
2012-08-21 04:47:19 -------- d-----w- C:\Users\Samuel\AppData\Local\LogMeIn Hamachi
2012-08-21 04:18:29 -------- d-----w- C:\Program Files (x86)\Microsoft XNA
2012-08-20 22:55:11 -------- d-----w- C:\ProgramData\dvdfab
2012-08-20 22:07:02 -------- d-----w- C:\Users\Samuel\AppData\Roaming\HandBrake
.
==================== Find3M ====================
.
2012-09-07 21:04:46 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-08-28 04:46:17 20266496 ----a-w- C:\Windows\System32\imageres.dll
2012-08-28 04:01:14 2755072 ----a-w- C:\Windows\SysWow64\themeui.dll
2012-08-28 04:01:13 245760 ----a-w- C:\Windows\SysWow64\uxtheme.dll
2012-08-21 19:46:44 21840 ----atw- C:\Windows\SysWow64\SIntfNT.dll
2012-08-21 19:46:44 17212 ----atw- C:\Windows\SysWow64\SIntf32.dll
2012-08-21 19:46:44 12067 ----atw- C:\Windows\SysWow64\SIntf16.dll
2012-08-15 02:06:05 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-15 02:06:05 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-15 02:06:03 9826504 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-08-07 16:28:05 2829 ----a-w- C:\Windows\DIIUnin.pif
2012-08-07 16:28:05 102400 ----a-w- C:\Windows\DIIUnin.exe
2012-07-27 22:12:31 925184 ----a-w- C:\Windows\expstart.exe
2012-07-06 02:06:30 772544 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-07-06 02:06:20 687544 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-27 22:21:34 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2012-06-27 16:08:31 353576 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2012-06-27 16:08:31 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll
2012-06-27 15:23:23 2560 ----a-w- C:\Windows\SysWow64\drivers\fr-FR\qwavedrv.sys.mui
2012-06-27 15:23:20 29696 ----a-w- C:\Windows\SysWow64\drivers\fr-FR\bfe.dll.mui
2012-06-27 15:23:20 15872 ----a-w- C:\Windows\SysWow64\drivers\fr-FR\pacer.sys.mui
2012-06-27 15:23:12 6144 ----a-w- C:\Windows\SysWow64\drivers\fr-FR\ndiscap.sys.mui
2012-06-27 15:23:12 2560 ----a-w- C:\Windows\SysWow64\drivers\fr-FR\scfilter.sys.mui
2012-06-27 15:23:11 49152 ----a-w- C:\Windows\SysWow64\drivers\fr-FR\tcpip.sys.mui
2012-06-27 15:13:52 627600 ----a-w- C:\Windows\System32\deployJava1.dll
2012-06-27 15:08:01 0 ----a-w- C:\Windows\ativpsrm.bin
2012-06-25 20:04:24 1394248 ----a-w- C:\Windows\SysWow64\msxml4.dll
.
============= FINISH: 21:12:07,78 ===============

Attached Files


Edited by Notsoanonymous, 18 September 2012 - 08:16 PM.


#3 Notsoanonymous

Notsoanonymous
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:19 AM

Posted 18 September 2012 - 05:28 PM

Someone just called today saying they were from "windows" and that we could potentially "loose all our files", i assume they got my phone # with the virus, what to do now?

Edited by Notsoanonymous, 18 September 2012 - 05:34 PM.


#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,744 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:19 AM

Posted 22 September 2012 - 07:05 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/468904 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#5 Notsoanonymous

Notsoanonymous
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:19 AM

Posted 23 September 2012 - 01:47 PM

I still need help, i canned a lot of time since i had random thumbs and stuff and found nothing but now, there's no thumbs opening anymore but i'm sure the virus is still there.

Here is my DDS, i have mo GMER log since i'm 64-bits. I also now have dualbooted Ubuntu and Window 7. I DO NOT have my original Win7 CD, it's a laptop and windows was already on it.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by Samuel at 14:39:46 on 2012-09-23
Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.2.1036.18.8162.6776 [GMT -4:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Steam\steam.exe
C:\Users\Samuel\Local Settings\Apps\F.lux\flux.exe
C:\Program Files\StartKiller\StartKiller.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Program Files (x86)\Stardock\ObjectDockPlus2\ObjectDock.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Users\Samuel\AppData\Roaming\SupportService\SupportService.exe
C:\Users\Samuel\AppData\Roaming\SupportService\SupportService.exe
C:\Program Files (x86)\Stardock\ObjectDockPlus2\Dock64.exe
C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\DllHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Sony\VAIO Care\VCPerfService.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Sony\VAIO Care\VCService.exe
C:\Program Files\Sony\VAIO Care\VCAgent.exe
C:\Windows\System32\vds.exe
C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
C:\Program Files\Sony\VAIO Care\VCAdmin.exe
C:\Users\Samuel\AppData\Roaming\Mozilla\Firefox\Profiles\bnb8rs5v.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}\components\afom.exe
C:\Program Files\Sony\VAIO Improvement\vim.exe
C:\Program Files\Sony\VAIO Improvement\vim.exe
C:\Program Files (x86)\Stardock\ObjectDockPlus2\ObjectDockTray.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://sony.msn.com
uDefault_Page_URL = hxxp://sony.msn.com
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: Programme d'aide de l'Assistant de connexion Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [SupportService] C:\Users\Samuel\AppData\Roaming\SupportService\SupportService.exe
uRun: [F.lux] "C:\Users\Samuel\Local Settings\Apps\F.lux\flux.exe" /noshow
uRun: [Start Killer] C:\Program Files\StartKiller\StartKiller.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
StartupFolder: C:\Users\Samuel\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files (x86)\Rainmeter\Rainmeter.exe
StartupFolder: C:\Users\Samuel\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\STARDO~1.LNK - C:\Program Files (x86)\Stardock\ObjectDockPlus2\ObjectDock.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16}
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
LSP: %SystemRoot%\system32\vsocklib.dll
TCP: Interfaces\{97F1F661-F99C-4413-A32D-67425BF6D633} : DhcpNameServer = 192.168.2.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun-x64: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun-x64: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Samuel\AppData\Roaming\Mozilla\Firefox\Profiles\bnb8rs5v.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Samuel\AppData\Roaming\Mozilla\Firefox\Profiles\bnb8rs5v.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Pilote de commutateur de contrôleur d'hôte Intel® USB 3.0;C:\Windows\system32\DRIVERS\iusb3hcs.sys --> C:\Windows\system32\DRIVERS\iusb3hcs.sys [?]
R1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AntiVirSchedulerService;Avira Planificateur;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-9-18 86224]
R2 AntiVirService;Avira Protection temps réel;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-9-18 110032]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2012-1-19 106144]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 BstHdDrv;BlueStacks Hypervisor;C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2012-8-16 74616]
R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [2012-8-16 384888]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-6-27 13592]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-6-27 2429544]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448]
R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-6-27 121344]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-6-27 161560]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-11 399432]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [2012-2-21 473960]
R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2011-11-30 260768]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-6-27 363800]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-8-29 846448]
R2 VMwareHostd;VMware Workstation Server;C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2012-6-9 11839488]
R2 VSNService;VSNService;C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2012-6-27 978056]
R2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2012-1-19 158880]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys --> C:\Windows\system32\DRIVERS\btath_bus.sys [?]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R3 iusb3hub;Pilote de concentrateur Intel® USB 3.0;C:\Windows\system32\DRIVERS\iusb3hub.sys --> C:\Windows\system32\DRIVERS\iusb3hub.sys [?]
R3 iusb3xhc;Pilote du contrôleur d'hôte extensible Intel® USB 3.0;C:\Windows\system32\DRIVERS\iusb3xhc.sys --> C:\Windows\system32\DRIVERS\iusb3xhc.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MEIx64;Intel® Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\DRIVERS\SFEP.sys --> C:\Windows\system32\DRIVERS\SFEP.sys [?]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
R3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2012-5-29 54464]
R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update Common\VUAgent.exe [2012-1-13 1259104]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 BstHdAndroidSvc;BlueStacks Android Service;C:\Program Files (x86)\BlueStacks\HD-Service.exe [2012-8-16 397176]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-11 676936]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-27 250288]
S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys --> C:\Windows\system32\DRIVERS\btath_flt.sys [?]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys --> C:\Windows\system32\drivers\btath_a2dp.sys [?]
S3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\system32\drivers\btath_avdt.sys --> C:\Windows\system32\drivers\btath_avdt.sys [?]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys --> C:\Windows\system32\DRIVERS\btath_hcrp.sys [?]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys --> C:\Windows\system32\DRIVERS\btath_lwflt.sys [?]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys --> C:\Windows\system32\DRIVERS\btath_rcp.sys [?]
S3 BTATH_VDP;Bluetooth VDP Driver;C:\Windows\system32\drivers\btath_vdp.sys --> C:\Windows\system32\drivers\btath_vdp.sys [?]
S3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys --> C:\Windows\system32\DRIVERS\btfilter.sys [?]
S3 DCDhcpService;DCDhcpService;C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [2012-6-27 112256]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y60x64.sys --> C:\Windows\system32\DRIVERS\e1y60x64.sys [?]
S3 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-6-27 2369960]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-27 114144]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
S3 SOHCImp;VAIO Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2012-1-6 138392]
S3 SOHDs;VAIO Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2012-1-6 74904]
S3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-12-1 289952]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2012-6-27 535688]
S3 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-12-29 960160]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-12-21 550128]
S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-12-21 382720]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-8-26 101600]
S3 WatAdminSvc;Service Windows Activation Technologies;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2012-6-27 14544]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-09-22 03:09:18 -------- d-----w- C:\_Queue
2012-09-21 16:49:56 -------- d-----w- C:\Program Files\Speccy
2012-09-20 00:36:13 -------- d-----w- C:\ubuntu
2012-09-19 01:04:47 -------- d-----w- C:\ProgramData\WindSolutions
2012-09-19 01:04:14 -------- d-----w- C:\Users\Samuel\AppData\Roaming\WindSolutions
2012-09-18 23:36:57 -------- d-----w- C:\Users\Samuel\AppData\Roaming\QuickScan
2012-09-18 23:01:43 -------- d-----w- C:\Users\Samuel\AppData\Roaming\Avira
2012-09-18 22:54:46 98848 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2012-09-18 22:54:46 27760 ----a-w- C:\Windows\System32\drivers\avkmgr.sys
2012-09-18 22:54:43 -------- d-----w- C:\ProgramData\Avira
2012-09-18 22:54:43 -------- d-----w- C:\Program Files (x86)\Avira
2012-09-18 22:42:16 -------- d-----w- C:\ProgramData\RegRun
2012-09-18 22:42:12 2 --shatr- C:\Windows\winstart.bat
2012-09-17 21:25:49 8199504 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-09-17 21:25:45 9310152 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8BA9FB1E-4FF6-467C-90E5-D6FE6EB723A7}\mpengine.dll
2012-09-17 21:24:26 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-09-17 21:24:26 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-09-17 02:25:29 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys
2012-09-17 01:21:32 -------- d-----w- C:\Program Files (x86)\ESET
2012-09-17 00:46:20 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-09-17 00:46:20 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
2012-09-17 00:46:19 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-09-17 00:46:19 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-09-17 00:46:18 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-09-17 00:46:18 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-09-17 00:46:18 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-09-10 01:32:44 -------- d-----w- C:\Users\Samuel\AppData\Roaming\.minecraft
2012-09-08 23:20:55 -------- d-----w- C:\bbLean
2012-09-07 02:44:25 -------- d-----w- C:\Program Files\StartKiller
2012-09-07 01:15:34 -------- d-----w- C:\Users\Samuel\AppData\Local\ODUI
2012-09-07 01:15:01 -------- d-----w- C:\Users\Samuel\AppData\Local\Stardock
2012-09-07 01:14:32 -------- d-----w- C:\Users\Samuel\AppData\Roaming\Stardock
2012-09-07 01:13:52 -------- dc-h--w- C:\ProgramData\{0F4A7EFE-5950-4389-BF36-1E625D72456B}
2012-09-07 01:13:52 -------- d-----w- C:\ProgramData\Stardock
2012-09-07 01:13:52 -------- d-----w- C:\Program Files (x86)\Common Files\Stardock
2012-09-07 01:13:42 -------- d-----w- C:\Users\Samuel\AppData\Local\PackageAware
2012-09-05 23:35:38 -------- d-----w- C:\Users\Samuel\AppData\Local\Nero_AG
2012-09-05 23:35:00 -------- d-----w- C:\Users\Samuel\AppData\Local\Nero
2012-09-05 23:33:03 -------- d-----w- C:\ProgramData\Nero
2012-09-04 22:04:20 -------- d-----w- C:\Users\Samuel\AppData\Local\Atheros
2012-09-04 02:17:38 -------- d-----w- C:\Users\Samuel\AppData\Local\Opera
2012-09-04 01:26:20 -------- d-----w- C:\Users\Samuel\AppData\Local\RockMelt
2012-09-03 17:18:03 -------- d--h--w- C:\Windows\msdownld.tmp
2012-09-03 17:18:02 -------- d-----w- C:\Windows\SysWow64\directx
2012-08-28 04:21:18 -------- d-----w- C:\Program Files (x86)\Stardock
2012-08-28 04:02:34 -------- d-----w- C:\Users\Samuel\AppData\Local\Microsoft Games
2012-08-28 04:01:30 -------- d-----w- C:\Program Files\Stardock
2012-08-28 04:01:13 898560 ----a-w- C:\Windows\System32\OobeFldr_backup_wti.dll
2012-08-28 04:01:13 2871808 ----a-w- C:\Windows\explorer_backup_wti.exe
2012-08-28 04:01:12 303216 ----a-w- C:\Windows\UTP.exe
2012-08-25 22:27:54 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-08-25 22:27:54 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-08-25 22:27:54 136704 ----a-w- C:\Windows\System32\browser.dll
2012-08-25 22:27:53 956928 ----a-w- C:\Windows\System32\localspl.dll
2012-08-25 22:26:53 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-08-25 03:05:47 -------- d-----w- C:\Users\Samuel\AppData\Local\Adobe
.
==================== Find3M ====================
.
2012-09-22 03:06:06 73136 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-22 03:06:06 696240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-09-07 21:04:46 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-08-28 04:46:17 20266496 ----a-w- C:\Windows\System32\imageres.dll
2012-08-28 04:01:14 2755072 ----a-w- C:\Windows\SysWow64\themeui.dll
2012-08-28 04:01:13 245760 ----a-w- C:\Windows\SysWow64\uxtheme.dll
2012-08-21 19:46:44 21840 ----atw- C:\Windows\SysWow64\SIntfNT.dll
2012-08-21 19:46:44 17212 ----atw- C:\Windows\SysWow64\SIntf32.dll
2012-08-21 19:46:44 12067 ----atw- C:\Windows\SysWow64\SIntf16.dll
2012-08-07 16:28:05 2829 ----a-w- C:\Windows\DIIUnin.pif
2012-08-07 16:28:05 102400 ----a-w- C:\Windows\DIIUnin.exe
2012-07-27 22:12:31 925184 ----a-w- C:\Windows\expstart.exe
2012-07-06 02:06:30 772544 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-07-06 02:06:20 687544 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-27 22:21:34 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2012-06-27 16:08:31 353576 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2012-06-27 16:08:31 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll
2012-06-27 15:23:23 2560 ----a-w- C:\Windows\SysWow64\drivers\fr-FR\qwavedrv.sys.mui
2012-06-27 15:23:20 29696 ----a-w- C:\Windows\SysWow64\drivers\fr-FR\bfe.dll.mui
2012-06-27 15:23:20 15872 ----a-w- C:\Windows\SysWow64\drivers\fr-FR\pacer.sys.mui
2012-06-27 15:23:12 6144 ----a-w- C:\Windows\SysWow64\drivers\fr-FR\ndiscap.sys.mui
2012-06-27 15:23:12 2560 ----a-w- C:\Windows\SysWow64\drivers\fr-FR\scfilter.sys.mui
2012-06-27 15:23:11 49152 ----a-w- C:\Windows\SysWow64\drivers\fr-FR\tcpip.sys.mui
2012-06-27 15:13:52 627600 ----a-w- C:\Windows\System32\deployJava1.dll
2012-06-27 15:08:01 0 ----a-w- C:\Windows\ativpsrm.bin
2012-06-25 20:04:24 1394248 ----a-w- C:\Windows\SysWow64\msxml4.dll
.
============= FINISH: 14:40:16,84 ===============

Attached Files



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:19 PM

Posted 26 September 2012 - 09:41 AM

Greetings Notsoanonymous and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary. If you prefer I call you something other than your screen name I would be pleased to do so. :thumbup2:


===================================================


Ground Rules:

  • First, I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me about it.
  • When you post your reply, do not use the Posted Image button but use the Posted Image button instead.
  • In the upper right hand corner of the topic you will see the Posted Image button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:

===================================================


Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. As you can imagine we are quite busy these days. Please allow me some time to review the information you have provided. I will post back as soon as possible.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:19 PM

Posted 26 September 2012 - 02:41 PM

Greetings Notsoanonymous,

I would like to thank you again for patiently waiting for our availability.

I am not seeing any current evidence of malicious software on your computer. Still, I would like to run 2 programs to view the state of your system from different vantage points.

I would like you to do the following and also caution you about one of the programs installed on your computer.


===================================================


P2P Warning

--------------------

Going over your logs I noticed that you have µTorrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.


===================================================


OTL

--------------------

Please download OTL here.

  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Copy and paste the two reports in your next reply.

  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

===================================================


aswMBR

--------------------

  • Download aswMBR and save it to your desktop.
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here and here.
  • Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.
  • Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.


    Posted Image
  • When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.


    Posted Image
  • Please post the contents of the log in your next reply.
NOTE: aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • OTL.txt
  • Extra.txt
  • aswMBR report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 Notsoanonymous

Notsoanonymous
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:19 AM

Posted 26 September 2012 - 05:47 PM

Well hello Gary, thanks for helping me! I'm not 100% sure i have a virus but i had some bad surprises and don't want to take any chances again. Just call me Samuel. I was going to uninstall uTorrent anyway because it is the only virus-giver thing i do on my computer. I'm doing OTL and aswMBR right now and will be back with the results shortly.

#9 Notsoanonymous

Notsoanonymous
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:19 AM

Posted 26 September 2012 - 06:05 PM

I finished everything you asked and here are the results!

OTL logfile created on: 2012-09-26 18:49:41 - Run 1
OTL by OldTimer - Version 3.2.68.0 Folder = C:\Users\Samuel\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd

7,97 Gb Total Physical Memory | 6,06 Gb Available Physical Memory | 75,96% Memory free
15,94 Gb Paging File | 12,68 Gb Available in Paging File | 79,57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 676,69 Gb Total Space | 504,16 Gb Free Space | 74,50% Space Free | Partition Type: NTFS

Computer Name: SAMVAIO | User Name: Samuel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-09-26 18:47:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Samuel\Desktop\OTL.exe
PRC - [2012-09-21 23:06:06 | 001,807,280 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe
PRC - [2012-09-07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012-09-06 20:47:07 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012-08-16 17:46:10 | 000,384,888 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
PRC - [2012-08-15 11:17:39 | 000,047,304 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\ubuntuone-syncdaemon.exe
PRC - [2012-08-15 11:17:39 | 000,040,136 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\ubuntu-sso-login.exe
PRC - [2012-08-15 11:17:39 | 000,040,136 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\ubuntuone-control-panel-qt.exe
PRC - [2012-08-15 11:17:39 | 000,024,776 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\ubuntuone-proxy-tunnel.exe
PRC - [2012-08-04 14:44:45 | 001,353,080 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\steam.exe
PRC - [2012-07-27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012-07-18 18:35:11 | 000,405,504 | ---- | M] (Support) -- C:\Users\Samuel\AppData\Roaming\SupportService\SupportService.exe
PRC - [2012-07-02 15:39:27 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012-07-02 15:39:17 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012-07-02 15:39:17 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012-06-09 02:18:08 | 000,433,816 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2012-06-09 02:17:40 | 000,103,576 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
PRC - [2012-06-09 02:17:38 | 000,354,456 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2012-06-09 01:39:40 | 011,839,488 | ---- | M] () -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
PRC - [2012-06-09 00:15:22 | 000,079,872 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
PRC - [2012-05-29 00:54:30 | 000,054,464 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Care\VCService.exe
PRC - [2012-03-07 18:57:48 | 000,183,432 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
PRC - [2012-03-07 18:57:46 | 000,065,464 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
PRC - [2012-02-27 03:34:42 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2012-02-21 12:41:12 | 000,473,960 | ---- | M] (Sony Corporation) -- c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
PRC - [2012-02-07 17:53:34 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2012-02-07 17:53:32 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2012-02-07 17:52:04 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2012-02-07 17:27:24 | 000,121,344 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2012-01-19 13:40:32 | 000,158,880 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2011-11-30 18:49:50 | 000,082,592 | ---- | M] (Sony of America Corporation) -- C:\Program Files\Sony\VAIO Care\listener.exe
PRC - [2011-11-29 20:04:56 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011-11-29 20:04:54 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2011-09-20 16:57:56 | 000,060,552 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
PRC - [2011-04-16 12:18:52 | 000,647,168 | ---- | M] (IDEVFH) -- C:\Users\Samuel\AppData\Roaming\Mozilla\Firefox\Profiles\bnb8rs5v.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}\components\afom.exe
PRC - [2010-11-20 23:24:27 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2010-10-12 10:04:20 | 004,142,448 | ---- | M] (Stardock) -- C:\Program Files (x86)\Stardock\ObjectDockPlus2\ObjectDock.exe
PRC - [2009-08-29 02:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Samuel\Local Settings\Apps\F.lux\flux.exe


========== Modules (No Company Name) ==========

MOD - [2012-09-21 23:06:06 | 009,813,424 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll
MOD - [2012-09-08 13:14:47 | 020,317,008 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012-09-08 13:14:47 | 001,099,616 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012-09-08 13:14:47 | 000,902,480 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2012-09-08 13:14:47 | 000,190,816 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012-09-08 13:14:47 | 000,123,232 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012-09-06 21:14:38 | 000,807,936 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDockPlus2\CrashRpt.dll
MOD - [2012-09-06 20:47:07 | 002,244,064 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012-08-15 11:17:39 | 000,047,304 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\ubuntuone-syncdaemon.exe
MOD - [2012-08-15 11:17:39 | 000,040,136 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\ubuntu-sso-login.exe
MOD - [2012-08-15 11:17:39 | 000,040,136 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\ubuntuone-control-panel-qt.exe
MOD - [2012-08-15 11:17:39 | 000,024,776 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\ubuntuone-proxy-tunnel.exe
MOD - [2012-06-28 18:32:46 | 000,487,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\33e53ffe7ba7362a2d483ef4ea79bfe3\IAStorUtil.ni.dll
MOD - [2012-06-28 18:32:46 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\acc563eb665e430df4375afb9697a5d9\IAStorCommon.ni.dll
MOD - [2012-06-27 22:30:03 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
MOD - [2012-06-27 22:29:57 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012-06-27 22:29:40 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012-06-27 22:29:35 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012-06-27 22:29:26 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012-06-27 22:29:23 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012-06-27 22:29:20 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012-06-27 22:29:20 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012-06-27 22:29:15 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012-06-26 17:48:08 | 000,494,592 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\PyQt4.QtNetwork.pyd
MOD - [2012-06-26 17:46:12 | 005,811,200 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\PyQt4.QtGui.pyd
MOD - [2012-06-26 17:35:02 | 001,661,952 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\PyQt4.QtCore.pyd
MOD - [2012-06-26 17:26:34 | 000,068,096 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\sip.pyd
MOD - [2012-06-05 11:00:37 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\zope.interface._zope_interface_coptimizations.pyd
MOD - [2012-06-05 11:00:07 | 000,031,744 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\simplejson._speedups.pyd
MOD - [2012-06-05 10:57:55 | 000,055,808 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\OpenSSL.crypto.pyd
MOD - [2012-06-05 10:57:55 | 000,043,008 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\OpenSSL.SSL.pyd
MOD - [2012-06-05 10:57:55 | 000,010,240 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\OpenSSL.rand.pyd
MOD - [2012-06-05 10:57:30 | 000,031,232 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\Crypto.Cipher.AES.pyd
MOD - [2012-06-05 10:55:51 | 000,006,656 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\twisted.python._initgroups.pyd
MOD - [2011-06-12 17:09:18 | 000,720,896 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\_ssl.pyd
MOD - [2011-06-12 17:09:18 | 000,038,400 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\_socket.pyd
MOD - [2011-06-12 17:06:22 | 000,287,232 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\_hashlib.pyd
MOD - [2011-06-12 17:06:22 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\_ctypes.pyd
MOD - [2011-06-12 17:06:22 | 000,011,776 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\select.pyd
MOD - [2011-02-27 12:13:34 | 000,110,080 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\pywintypes27.dll
MOD - [2011-02-26 14:05:44 | 000,265,728 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\win32com.shell.shell.pyd
MOD - [2011-02-26 14:02:26 | 000,354,304 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\pythoncom27.dll
MOD - [2011-02-26 14:00:54 | 000,167,424 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\win32gui.pyd
MOD - [2011-02-26 14:00:50 | 000,096,768 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\win32api.pyd
MOD - [2011-02-26 14:00:26 | 000,015,872 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\win32trace.pyd
MOD - [2011-02-26 14:00:18 | 000,110,080 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\win32security.pyd
MOD - [2011-02-26 14:00:08 | 000,035,840 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\win32process.pyd
MOD - [2011-02-26 14:00:02 | 000,023,552 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\win32pipe.pyd
MOD - [2011-02-26 13:59:34 | 000,112,128 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\win32file.pyd
MOD - [2011-02-26 13:59:34 | 000,017,408 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\win32event.pyd
MOD - [2011-02-26 13:59:26 | 000,025,600 | ---- | M] () -- C:\Program Files (x86)\ubuntuone\dist\win32cred.pyd
MOD - [2010-11-12 19:52:13 | 000,311,296 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_fr_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010-10-06 17:55:44 | 000,091,544 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDockPlus2\Docklets\Calendar\Calendar.dll
MOD - [2010-09-30 21:50:23 | 000,675,840 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDockPlus2\DockShellHook.dll
MOD - [2010-09-22 16:20:40 | 000,566,136 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDockPlus2\StardockTray.dll
MOD - [2010-03-09 17:58:30 | 000,053,760 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDockPlus2\zlib.dll
MOD - [2010-03-09 17:58:24 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDockPlus2\Docklets\Clock\Clock.dll
MOD - [2009-08-29 02:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Samuel\Local Settings\Apps\F.lux\flux.exe


========== Services (SafeList) ==========

SRV:64bit: - [2012-05-29 00:54:30 | 000,054,464 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Care\VCService.exe -- (VCService)
SRV:64bit: - [2012-05-10 18:44:34 | 001,259,104 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Update Common\VUAgent.exe -- (VUAgent)
SRV:64bit: - [2012-04-16 02:44:49 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012-03-26 09:24:10 | 000,978,056 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe -- (VSNService)
SRV:64bit: - [2012-03-21 17:08:20 | 000,112,256 | ---- | M] (Atheros Communication Inc.) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe -- (DCDhcpService)
SRV:64bit: - [2012-02-02 22:29:52 | 000,628,448 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2012-01-10 13:45:32 | 000,535,688 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV:64bit: - [2011-12-21 13:55:14 | 000,382,720 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)
SRV:64bit: - [2011-12-21 13:15:06 | 000,550,128 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV:64bit: - [2011-12-01 10:04:56 | 000,289,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe -- (SpfService)
SRV:64bit: - [2011-11-30 18:49:50 | 000,260,768 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector)
SRV:64bit: - [2011-08-26 18:47:26 | 000,101,600 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV:64bit: - [2010-09-22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009-07-13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2012-09-21 23:06:06 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012-09-07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012-09-07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012-09-06 20:47:07 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012-08-16 17:46:10 | 000,384,888 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe -- (BstHdLogRotatorSvc)
SRV - [2012-08-16 17:45:30 | 000,397,176 | ---- | M] (BlueStack Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\BlueStacks\HD-Service.exe -- (BstHdAndroidSvc)
SRV - [2012-07-27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012-07-02 15:39:27 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012-07-02 15:39:17 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012-06-27 21:50:17 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012-06-27 12:29:24 | 002,369,960 | ---- | M] (LogMeIn Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012-06-09 02:18:08 | 000,433,816 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2012-06-09 02:17:38 | 000,354,456 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2012-06-09 01:39:40 | 011,839,488 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe -- (VMwareHostd)
SRV - [2012-06-09 00:15:22 | 000,079,872 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2012-06-07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012-03-07 18:57:46 | 000,065,464 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe -- (VAIO Event Service)
SRV - [2012-02-21 12:41:12 | 000,473,960 | ---- | M] (Sony Corporation) [Auto | Running] -- c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2012-02-09 03:43:45 | 002,429,544 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2012-02-07 17:53:34 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012-02-07 17:53:32 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012-02-07 17:52:04 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012-02-07 17:27:24 | 000,121,344 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe -- (Intel®
SRV - [2012-01-19 13:40:32 | 000,158,880 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (ZAtheros Bt&Wlan Coex Agent)
SRV - [2012-01-19 13:22:08 | 000,106,144 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2012-01-06 16:44:28 | 000,074,904 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2012-01-06 16:44:26 | 000,138,392 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2011-12-29 16:10:08 | 000,960,160 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2011-11-29 20:04:56 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011-08-29 23:11:04 | 000,846,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService)
SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009-06-10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012-09-07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012-06-27 18:21:34 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012-06-09 02:18:28 | 000,063,128 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2012-06-09 02:16:28 | 000,030,360 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2012-06-08 23:52:20 | 000,045,680 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2012-06-08 23:52:20 | 000,020,080 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2012-06-06 00:39:46 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012-06-06 00:39:46 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012-06-06 00:39:46 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012-04-25 12:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012-04-16 02:49:00 | 000,095,248 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012-04-16 02:45:19 | 000,328,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012-04-16 02:45:15 | 010,729,984 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012-03-14 22:42:06 | 000,421,648 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012-03-01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012-02-27 03:34:27 | 000,787,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012-02-27 03:34:19 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012-02-27 03:34:16 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012-02-21 23:27:36 | 002,807,808 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2012-02-16 10:14:57 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2012-02-09 03:43:54 | 000,340,072 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2012-02-09 01:34:36 | 000,565,352 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2012-01-19 13:31:32 | 000,550,560 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2012-01-19 13:31:02 | 000,421,664 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_vdp.sys -- (BTATH_VDP)
DRV:64bit: - [2012-01-19 13:30:50 | 000,280,992 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2012-01-19 13:30:32 | 000,068,256 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2012-01-19 13:30:02 | 000,167,584 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2012-01-19 13:29:44 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2012-01-19 13:29:32 | 000,030,368 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2012-01-19 13:29:14 | 000,110,752 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)
DRV:64bit: - [2012-01-19 13:29:02 | 000,339,616 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2012-01-16 05:01:14 | 000,014,336 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2011-11-10 01:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011-08-29 23:11:04 | 000,039,024 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2011-08-29 23:01:10 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb)
DRV:64bit: - [2011-08-08 14:59:12 | 000,116,336 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2011-03-11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011-03-11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010-11-20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010-11-20 23:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010-11-20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010-11-20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009-07-13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-06-10 16:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress)
DRV:64bit: - [2009-06-10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009-05-18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009-03-18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2012-08-16 17:46:04 | 000,074,616 | ---- | M] (BlueStack Systems) [Kernel | Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys -- (BstHdDrv)
DRV - [2010-11-01 06:08:46 | 000,014,544 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys -- (WinRing0_1_2_0)
DRV - [2009-07-13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SNYVDF&pc=MASA&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SNYVDF&pc=MASA&src=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-735894983-3100481250-2166785636-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sony.msn.com
IE - HKU\S-1-5-21-735894983-3100481250-2166785636-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.sony.ca [binary data]
IE - HKU\S-1-5-21-735894983-3100481250-2166785636-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.sony.ca [binary data]
IE - HKU\S-1-5-21-735894983-3100481250-2166785636-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://sony.msn.com
IE - HKU\S-1-5-21-735894983-3100481250-2166785636-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-735894983-3100481250-2166785636-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-735894983-3100481250-2166785636-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: scriptish@erikvold.com:0.1.7
FF - prefs.js..extensions.enabledAddons: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.2.6
FF - prefs.js..extensions.enabledAddons: {7f57cf46-4467-4c2d-adfa-0cba7c507e54}:2.0.6
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.9
FF - prefs.js..extensions.enabledAddons: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10
FF - prefs.js..extensions.enabledAddons: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.13
FF - prefs.js..extensions.enabledAddons: {E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}:7.4
FF - prefs.js..extensions.enabledAddons: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.119
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_278.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-09-06 20:47:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012-09-06 20:47:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012-08-03 22:11:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2012-06-27 17:26:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Samuel\AppData\Roaming\mozilla\Extensions
[2012-09-18 19:36:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Samuel\AppData\Roaming\mozilla\Firefox\Profiles\bnb8rs5v.default\extensions
[2012-06-27 17:52:34 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Samuel\AppData\Roaming\mozilla\Firefox\Profiles\bnb8rs5v.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012-09-18 19:36:47 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\Samuel\AppData\Roaming\mozilla\Firefox\Profiles\bnb8rs5v.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2012-08-24 23:11:43 | 000,000,000 | ---D | M] (Memory Fox) -- C:\Users\Samuel\AppData\Roaming\mozilla\Firefox\Profiles\bnb8rs5v.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}
[2012-08-04 16:49:09 | 000,123,385 | ---- | M] () (No name found) -- C:\Users\Samuel\AppData\Roaming\mozilla\firefox\profiles\bnb8rs5v.default\extensions\elemhidehelper@adblockplus.org.xpi
[2012-08-20 12:31:22 | 000,226,493 | ---- | M] () (No name found) -- C:\Users\Samuel\AppData\Roaming\mozilla\firefox\profiles\bnb8rs5v.default\extensions\scriptish@erikvold.com.xpi
[2012-07-27 17:37:29 | 000,258,567 | ---- | M] () (No name found) -- C:\Users\Samuel\AppData\Roaming\mozilla\firefox\profiles\bnb8rs5v.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi
[2012-08-27 19:14:14 | 000,527,037 | ---- | M] () (No name found) -- C:\Users\Samuel\AppData\Roaming\mozilla\firefox\profiles\bnb8rs5v.default\extensions\{7f57cf46-4467-4c2d-adfa-0cba7c507e54}.xpi
[2012-08-29 19:15:03 | 000,199,396 | ---- | M] () (No name found) -- C:\Users\Samuel\AppData\Roaming\mozilla\firefox\profiles\bnb8rs5v.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2012-07-24 21:44:25 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Samuel\AppData\Roaming\mozilla\firefox\profiles\bnb8rs5v.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012-08-05 19:09:42 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\Samuel\AppData\Roaming\mozilla\firefox\profiles\bnb8rs5v.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2012-06-27 17:52:34 | 000,709,293 | ---- | M] () (No name found) -- C:\Users\Samuel\AppData\Roaming\mozilla\firefox\profiles\bnb8rs5v.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2012-09-06 20:47:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012-09-06 20:47:07 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012-06-14 20:27:03 | 000,001,516 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-france.xml
[2012-08-30 17:57:51 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012-06-14 20:27:03 | 000,001,822 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2012-06-14 20:27:03 | 000,001,154 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-france.xml
[2012-06-14 20:27:03 | 000,001,426 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-fr.xml
[2012-06-14 20:27:03 | 000,000,956 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2009-06-10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKLM..\Run: [vmware-tray] C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-735894983-3100481250-2166785636-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-735894983-3100481250-2166785636-1001..\Run: [F.lux] C:\Users\Samuel\Local Settings\Apps\F.lux\flux.exe ()
O4 - HKU\S-1-5-21-735894983-3100481250-2166785636-1001..\Run: [Start Killer] C:\Program Files\StartKiller\StartKiller.exe (Tordex)
O4 - HKU\S-1-5-21-735894983-3100481250-2166785636-1001..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-735894983-3100481250-2166785636-1001..\Run: [SupportService] C:\Users\Samuel\AppData\Roaming\SupportService\SupportService.exe (Support)
O4 - HKU\S-1-5-21-735894983-3100481250-2166785636-1001..\Run: [Ubuntu One] C:\Program Files (x86)\ubuntuone\dist\ubuntuone-syncdaemon.exe ()
O4 - HKU\S-1-5-21-735894983-3100481250-2166785636-1001..\Run: [Ubuntu One Icon] C:\Program Files (x86)\ubuntuone\dist\ubuntuone-control-panel-qt.exe ()
O4 - HKU\S-1-5-21-735894983-3100481250-2166785636-1001..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - HKLM..\RunOnceEx: [Title] UnHackMe Rootkit Check File not found
O4 - Startup: C:\Users\Samuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk = File not found
O4 - Startup: C:\Users\Samuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files (x86)\Stardock\ObjectDockPlus2\ObjectDock.exe (Stardock)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-735894983-3100481250-2166785636-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - Reg Error: Key error. File not found
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{97F1F661-F99C-4413-A32D-67425BF6D633}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-735894983-3100481250-2166785636-1001 Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {1984D045-52CF-49cd-DB77-08F378FEA4DB} - ObjectDockShellExt - C:\Program Files (x86)\Stardock\ObjectDockPlus2\ODMenu64.dll (Stardock)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012-09-26 18:47:44 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Samuel\Desktop\OTL.exe
[2012-09-23 15:48:45 | 000,000,000 | ---D | C] -- C:\Users\Samuel\Ubuntu One
[2012-09-23 15:48:44 | 000,000,000 | ---D | C] -- C:\Users\Samuel\AppData\Local\ubuntuone
[2012-09-23 15:47:15 | 000,000,000 | ---D | C] -- C:\ProgramData\ubuntuone-storageprotocol
[2012-09-23 15:47:15 | 000,000,000 | ---D | C] -- C:\ProgramData\ubuntuone
[2012-09-23 15:47:13 | 000,000,000 | ---D | C] -- C:\Users\Samuel\AppData\Local\xdg
[2012-09-23 15:47:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubuntu One
[2012-09-23 15:47:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ubuntuone
[2012-09-21 23:09:18 | 000,000,000 | ---D | C] -- C:\_Queue
[2012-09-21 23:09:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VLC Streamer
[2012-09-21 12:49:56 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2012-09-18 21:04:47 | 000,000,000 | ---D | C] -- C:\ProgramData\WindSolutions
[2012-09-18 21:04:14 | 000,000,000 | ---D | C] -- C:\Users\Samuel\AppData\Roaming\WindSolutions
[2012-09-18 19:36:57 | 000,000,000 | ---D | C] -- C:\Users\Samuel\AppData\Roaming\QuickScan
[2012-09-18 19:09:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012-09-18 19:01:43 | 000,000,000 | ---D | C] -- C:\Users\Samuel\AppData\Roaming\Avira
[2012-09-18 18:54:46 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012-09-18 18:54:46 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012-09-18 18:54:46 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012-09-18 18:54:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012-09-18 18:54:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012-09-18 18:42:16 | 000,000,000 | ---D | C] -- C:\ProgramData\RegRun
[2012-09-18 18:42:11 | 000,000,000 | ---D | C] -- C:\Users\Samuel\Documents\RegRun2
[2012-09-17 17:24:26 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012-09-17 17:24:26 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012-09-16 22:23:03 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012-09-16 22:23:03 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012-09-16 22:23:02 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012-09-16 22:23:02 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012-09-16 22:23:02 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012-09-16 22:23:02 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012-09-16 22:23:02 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012-09-16 22:23:02 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012-09-16 22:23:02 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012-09-16 22:23:01 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012-09-16 22:23:01 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012-09-16 22:23:00 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012-09-16 22:23:00 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012-09-16 21:21:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012-09-16 20:46:20 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
[2012-09-16 20:46:19 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2012-09-16 20:46:18 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2012-09-16 20:46:18 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2012-09-09 21:32:44 | 000,000,000 | ---D | C] -- C:\Users\Samuel\AppData\Roaming\.minecraft
[2012-09-08 19:20:55 | 000,000,000 | ---D | C] -- C:\bbLean
[2012-09-06 22:44:25 | 000,000,000 | ---D | C] -- C:\Program Files\StartKiller
[2012-09-06 22:44:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Start Killer
[2012-09-06 21:15:34 | 000,000,000 | ---D | C] -- C:\Users\Samuel\AppData\Local\ODUI
[2012-09-06 21:15:01 | 000,000,000 | ---D | C] -- C:\Users\Samuel\Documents\Stardock
[2012-09-06 21:15:01 | 000,000,000 | ---D | C] -- C:\Users\Samuel\AppData\Local\Stardock
[2012-09-06 21:14:32 | 000,000,000 | ---D | C] -- C:\Users\Samuel\AppData\Roaming\Stardock
[2012-09-06 21:13:52 | 000,000,000 | -H-D | C] -- C:\ProgramData\{0F4A7EFE-5950-4389-BF36-1E625D72456B}
[2012-09-06 21:13:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Stardock
[2012-09-06 21:13:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Stardock
[2012-09-06 21:13:42 | 000,000,000 | ---D | C] -- C:\Users\Samuel\AppData\Local\PackageAware
[2012-09-06 20:47:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012-09-05 19:35:38 | 000,000,000 | ---D | C] -- C:\Users\Samuel\AppData\Local\Nero_AG
[2012-09-05 19:35:16 | 000,000,000 | ---D | C] -- C:\Users\Samuel\AppData\Roaming\Nero
[2012-09-05 19:35:00 | 000,000,000 | ---D | C] -- C:\Users\Samuel\AppData\Local\Nero
[2012-09-05 19:33:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2012-09-04 18:04:20 | 000,000,000 | ---D | C] -- C:\Users\Samuel\AppData\Local\Atheros
[2012-09-03 22:17:38 | 000,000,000 | ---D | C] -- C:\Users\Samuel\AppData\Roaming\Opera
[2012-09-03 22:17:38 | 000,000,000 | ---D | C] -- C:\Users\Samuel\AppData\Local\Opera
[2012-09-03 21:26:20 | 000,000,000 | ---D | C] -- C:\Users\Samuel\AppData\Local\RockMelt
[2012-09-03 15:57:09 | 000,000,000 | RH-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care
[2012-09-03 13:20:14 | 000,000,000 | ---D | C] -- C:\Users\Samuel\Documents\PCSX2
[2012-09-03 13:18:02 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2012-08-28 00:21:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Stardock
[2012-08-28 00:02:34 | 000,000,000 | ---D | C] -- C:\Users\Samuel\AppData\Local\Microsoft Games
[2012-08-28 00:01:30 | 000,000,000 | ---D | C] -- C:\Program Files\Stardock
[2012-08-28 00:01:13 | 002,871,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer_backup_wti.exe
[2012-08-28 00:01:13 | 000,898,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OobeFldr_backup_wti.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-09-26 18:47:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Samuel\Desktop\OTL.exe
[2012-09-26 18:38:12 | 000,021,200 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012-09-26 18:38:12 | 000,021,200 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012-09-26 18:28:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-09-26 18:28:03 | 2124,173,311 | -HS- | M] () -- C:\hiberfil.sys
[2012-09-25 22:06:00 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012-09-21 23:06:06 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012-09-21 23:06:06 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012-09-18 19:12:04 | 001,670,052 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012-09-18 19:12:04 | 000,748,028 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2012-09-18 19:12:04 | 000,654,870 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012-09-18 19:12:04 | 000,150,040 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2012-09-18 19:12:04 | 000,122,328 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012-09-18 18:42:12 | 000,000,002 | RHS- | M] () -- C:\Windows\winstart.bat
[2012-09-18 18:42:12 | 000,000,002 | RHS- | M] () -- C:\Windows\SysWow64\CONFIG.NT
[2012-09-18 18:42:12 | 000,000,002 | RHS- | M] () -- C:\Windows\SysWow64\AUTOEXEC.NT
[2012-09-17 17:14:08 | 000,308,936 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012-09-16 21:49:07 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012-09-16 20:37:25 | 001,699,090 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012-09-08 16:51:54 | 000,000,024 | ---- | M] () -- C:\Users\Samuel\random.dat
[2012-09-08 16:50:35 | 000,000,023 | ---- | M] () -- C:\Users\Samuel\jagexappletviewer.preferences
[2012-09-08 16:50:16 | 000,000,045 | ---- | M] () -- C:\Users\Samuel\jagex_cl_runescape_LIVE.dat
[2012-09-07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012-09-06 21:15:01 | 000,002,091 | ---- | M] () -- C:\Users\Samuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
[2012-09-04 15:33:10 | 000,002,110 | ---- | M] () -- C:\Users\Samuel\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2012-09-03 22:20:08 | 000,001,270 | ---- | M] () -- C:\Users\Samuel\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012-08-28 00:46:17 | 020,266,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imageres.dll
[2012-08-28 00:40:59 | 000,303,216 | ---- | M] () -- C:\Windows\UTP.exe
[2012-08-28 00:01:14 | 002,755,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\themeui.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-09-18 18:42:12 | 000,000,002 | RHS- | C] () -- C:\Windows\winstart.bat
[2012-09-18 18:42:12 | 000,000,002 | RHS- | C] () -- C:\Windows\SysWow64\CONFIG.NT
[2012-09-18 18:42:12 | 000,000,002 | RHS- | C] () -- C:\Windows\SysWow64\AUTOEXEC.NT
[2012-09-16 20:27:21 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012-09-08 14:43:24 | 000,000,045 | ---- | C] () -- C:\Users\Samuel\jagex_cl_runescape_LIVE.dat
[2012-09-08 14:43:24 | 000,000,024 | ---- | C] () -- C:\Users\Samuel\random.dat
[2012-09-08 14:42:58 | 000,000,023 | ---- | C] () -- C:\Users\Samuel\jagexappletviewer.preferences
[2012-09-06 21:15:01 | 000,002,091 | ---- | C] () -- C:\Users\Samuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
[2012-09-03 22:20:08 | 000,001,270 | ---- | C] () -- C:\Users\Samuel\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012-09-03 15:57:09 | 000,002,017 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care.lnk
[2012-08-28 00:01:12 | 000,303,216 | ---- | C] () -- C:\Windows\UTP.exe
[2012-08-07 12:45:42 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2012-08-07 12:45:42 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2012-08-07 12:45:42 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2012-08-07 12:28:09 | 000,038,355 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2012-08-06 00:08:49 | 000,007,602 | ---- | C] () -- C:\Users\Samuel\AppData\Local\Resmon.ResmonCfg
[2012-08-03 19:08:13 | 000,045,568 | ---- | C] () -- C:\Windows\UniFish3.exe
[2012-07-27 18:12:31 | 000,925,184 | ---- | C] () -- C:\Windows\expstart.exe
[2012-07-09 17:44:32 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012-07-09 17:44:32 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012-07-09 17:39:18 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012-06-27 11:08:01 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012-04-16 03:11:19 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012-04-16 03:11:19 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012-04-16 03:11:19 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012-02-02 22:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[2011-04-09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011-02-10 19:03:27 | 001,699,090 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009-07-14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012-06-09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >




OTL Extras logfile created on: 2012-09-26 18:49:41 - Run 1
OTL by OldTimer - Version 3.2.68.0 Folder = C:\Users\Samuel\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd

7,97 Gb Total Physical Memory | 6,06 Gb Available Physical Memory | 75,96% Memory free
15,94 Gb Paging File | 12,68 Gb Available in Paging File | 79,57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 676,69 Gb Total Space | 504,16 Gb Free Space | 74,50% Space Free | Partition Type: NTFS

Computer Name: SAMVAIO | User Name: Samuel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-735894983-3100481250-2166785636-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05A9FC76-DF44-46E9-BFFC-EFBBEDC307D6}" = rport=137 | protocol=17 | dir=out | app=system |
"{0DE43B2D-B3D4-4CC9-BE49-4925E3D91F16}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{23FCD91B-E062-4F21-8FB6-2CB56000A985}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{26DBC5A2-25D3-46FF-B8BF-4F8A0558E560}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{289D6C0F-B7E6-41B0-B459-8A23EBC825F2}" = lport=3888 | protocol=17 | dir=in | app=c:\program files (x86)\sony\vaio creations\vaio movie story\vmstory.exe |
"{29629AEE-83E4-4072-A18D-6D94EAE023E7}" = lport=139 | protocol=6 | dir=in | app=system |
"{3D12BEA4-4661-493E-9B52-99555BC498F4}" = lport=138 | protocol=17 | dir=in | app=system |
"{43719AA1-C140-4DCF-81AE-954C6B2D3866}" = lport=53 | protocol=17 | dir=in | app=c:\program files\sony\vaio smart network\wfda\dcdhcpservice.exe |
"{44FE44F4-6E95-4867-B782-FBD2BDCDFBD5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{50518331-6B58-4452-8DC2-041C9284DF53}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{50F8101A-7622-49F6-AA55-91E294AB516A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{53DFC884-AC3A-4D7E-B297-9902E2C0487C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{58076D4E-4AA5-46B6-9B46-62AEE10B49BE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{59FF4678-3599-4F62-99FD-6317192AC6AA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{60EA6BFB-C600-45C0-8D09-6A4B4BF14647}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{61EE56B1-AAED-4431-B418-E725CEE55FE6}" = rport=445 | protocol=6 | dir=out | app=system |
"{6E96775A-E632-4144-8394-5EDD99C5F344}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6EFECCD4-24FB-4DEA-A0C8-CB4A3F992060}" = rport=139 | protocol=6 | dir=out | app=system |
"{709A2CB4-CD63-4016-9352-D85C7B3F6691}" = lport=10243 | protocol=6 | dir=in | app=system |
"{71891A89-34C2-4DFE-8C02-DE70B86E3DB6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9B23B059-A8FA-44AC-AD1F-173A49F04569}" = rport=138 | protocol=17 | dir=out | app=system |
"{A35C07D2-B107-462A-972B-F1B316C65E5C}" = lport=80 | protocol=6 | dir=in | app=c:\program files\sony\vaio smart network\wfda\wifidirectapplication.exe |
"{B2DBA712-394C-49E4-9337-FBF2C71CDF34}" = lport=137 | protocol=17 | dir=in | app=system |
"{BF0FCDE4-7F92-4453-BAA4-6CFE2F2F77E1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DEF190D3-8A9C-4D04-880B-754A8F1B9B1D}" = lport=3888 | protocol=6 | dir=in | app=c:\program files (x86)\sony\vaio creations\vaio movie story\vmstory.exe |
"{EAFEF226-9997-4931-8FCB-44D494C96822}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F014D671-4CC5-468E-A0E9-C13507278AA0}" = lport=445 | protocol=6 | dir=in | app=system |
"{F0549193-1FF0-4E92-BC82-7070F2462181}" = lport=48113 | protocol=6 | dir=in | name=maconfig_tcp |
"{F184E213-58CF-4B15-A147-685928BA4B32}" = lport=48113 | protocol=17 | dir=in | name=maconfig_udp |
"{F6D4B484-C963-46B6-B994-16F0D1B5462D}" = lport=3880 | protocol=6 | dir=in | app=c:\program files (x86)\sony\vaio creations\vaio movie story\vmstory.exe |
"{FDA1A342-3CAE-4E74-91EB-70E98DCCB5C3}" = rport=10243 | protocol=6 | dir=out | app=system |
"{FF85209F-7339-4642-BA9E-71E5E1726E47}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02337245-BC54-4077-A3CF-336FFB1091E7}" = protocol=6 | dir=in | app=c:\program files (x86)\capcom\resident evil 5\re5dx9.exe |
"{02E1B46D-BFB7-4F0B-9764-A469882825AB}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0441B7C4-ACD2-47F0-971A-CFCD15FE884C}" = protocol=17 | dir=in | app=c:\users\samuel\documents\my games\minecraftsp.exe |
"{0BE6EF65-F1D9-453F-AD70-C1592353F0A9}" = dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe |
"{0FBE5C2D-6E39-4406-92F7-614853FCCAEB}" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe |
"{11733D83-4FF2-4772-8833-37302BB1737B}" = dir=in | app=c:\program files\bonjour\mdnsresponder.exe\bonjour\mdnsresponder.exe |
"{141B7DE2-E25B-451E-AAC8-5EB9C9438763}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{25A28697-1667-4FAA-B69B-546823BD7DAC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{344704AC-06BF-4B25-A865-066EB7F70F4C}" = protocol=17 | dir=in | app=c:\users\samuel\appdata\roaming\dropbox\bin\dropbox.exe |
"{36164D0F-9690-4E81-9B97-CC30441B444E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{3B94716F-16C3-49D4-8EB3-CA1F354F63D9}" = protocol=6 | dir=in | app=c:\users\samuel\documents\my games\minecraftsp.exe |
"{3BA7754C-C397-43DB-930E-93BBA9C12860}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3C8DCA8E-6479-49A1-85DE-23D9FC29B92E}" = protocol=6 | dir=in | app=c:\program files (x86)\capcom\street fighter x tekken\sftk.exe |
"{3E7B35B3-6877-4748-99BE-B50CE01E51A2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{42DE42EE-EC96-4B8D-92B9-50FFBCA9AE96}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{48F6218D-6E82-4FFD-8480-8BC27C24FE90}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{4D80D3C5-8407-40E5-864E-A88E6E4A6192}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5549BB5B-56A1-4176-8EF7-5A899217D316}" = protocol=17 | dir=in | app=c:\program files (x86)\capcom\resident evil 5\re5dx9.exe |
"{560896EB-6896-4A08-B0C0-25E11453A0A6}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{59835639-E096-4612-8E60-E9EEBD926726}" = protocol=6 | dir=out | app=system |
"{657B2C33-81E7-4E10-81E6-E21286F45965}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{69C9E0FE-E9DE-40DB-A468-FF275AE02E12}" = dir=in | app=c:\program files (x86)\hobbyist software\vlc streamer\vlc streamer configuration.exe |
"{6A7A65DC-E44A-43AA-8752-0235F7D2D8DF}" = protocol=17 | dir=in | app=c:\program files (x86)\capcom\resident evil 5\re5dx10.exe |
"{6E45CBB2-D624-43DB-BB12-3B64B754DED8}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{6F73DADD-E11D-4879-8960-4F5E42768696}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{74057989-AED6-4693-9E28-56A67982BE4D}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{7DAD8EEF-0AF3-4F52-8C02-7A480FED49CE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{7EE085B2-3054-446D-A8A4-E891392B5100}" = protocol=17 | dir=in | app=c:\program files (x86)\capcom\street fighter x tekken\sftk.exe |
"{8173A6B5-7A37-4207-9B75-5DC08DAE5999}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{86E9031C-9C6B-4DCC-AD20-E57799738A59}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{8B4E32B0-0F7C-48F7-B8CF-9535F28E217A}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{8C8513B8-E1C1-4B5E-9454-F2324DE580D4}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{92761266-BDB6-493D-BD66-198E1711278F}" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe |
"{92CBF89C-CCDD-4C48-B4B4-3C8E9F7069E6}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{948D66EB-5EE3-4414-B590-4964AB2418E2}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{9508D9BB-00E2-4F04-B895-6E280D660C58}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9FBFA508-0992-450C-B8EF-328F78093AF8}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{A0AD2586-15EF-45A8-B03C-D02BF33B6E90}" = dir=out | app=c:\program files (x86)\ubuntuone\dist\ubuntuone-syncdaemon.exe |
"{A3928745-D04A-477D-B282-FA7FFC8AA7A9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A7655D55-6647-4411-BBD1-62786E61FBBC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A9B8AB2F-9F37-4C12-8B21-AB411B280600}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B0D1C4FB-13F9-49B1-A220-F6C7BAB1C7AF}" = protocol=6 | dir=in | app=c:\users\samuel\appdata\roaming\dropbox\bin\dropbox.exe |
"{B3046195-F5B4-49E5-93F3-7C5F9282DA59}" = dir=in | app=c:\program files (x86)\hobbyist software\vlc streamer\mdnsresponder.exe |
"{B8F0AB54-8137-4FEF-AA88-443198CBEF9D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B9649C0B-7772-4BBC-A51A-0AEA2A6B51E6}" = dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-hostd.exe |
"{BCC538AE-8A13-4E21-A5A4-FBDAD3C15AB6}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C2989E31-5A59-4B36-9B73-18308282D35D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C8C4E955-22B6-44C0-A3A7-BED09E754980}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{C97ADDCB-7BE4-4521-A35A-B2576728521A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CA33070A-384B-4233-831A-A95D3B22333C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CA64513D-5088-4813-9EE2-47E2F5CDC2E3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CAFB5FE7-5395-4159-9319-42C8D12DF1D0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{CB87EBBE-06C4-4CAF-8B16-DA8FFEFF562E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D0503107-38FB-4C77-A7C4-C71CB7E353FD}" = dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe |
"{D35EAB83-340F-4608-8EFC-28DACBAC0F91}" = dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-hostd.exe |
"{DA50CF50-A13B-4BFC-92F7-168E240771F0}" = protocol=6 | dir=in | app=c:\users\samuel\jagexcache\jagexlauncher\bin\jagexlauncher.exe |
"{DB72C43F-88A7-4783-945A-3769C5A9DC58}" = protocol=17 | dir=in | app=c:\users\samuel\jagexcache\jagexlauncher\bin\jagexlauncher.exe |
"{E054A573-DD8E-42F2-B7E4-8AF18A9C6591}" = protocol=6 | dir=in | app=c:\program files (x86)\capcom\resident evil 5\re5dx10.exe |
"{E72CC1AD-DFA0-4598-BBFA-55B864BF6594}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{E7735A14-E296-4E2A-9A84-1B09A0C15E26}" = dir=in | app=c:\program files (x86)\ubuntuone\dist\ubuntuone-syncdaemon.exe |
"{ED08664E-1B29-4C9D-AA81-EE41B0945DF3}" = protocol=58 | dir=in | app=system |
"TCP Query User{48B6108C-55F2-46CA-BB2A-8798AB2E35C9}C:\program files (x86)\foobar2000\foobar2000.exe" = protocol=6 | dir=in | app=c:\program files (x86)\foobar2000\foobar2000.exe |
"TCP Query User{8AD39C2B-27D4-468D-89DA-16F551035229}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe |
"UDP Query User{8D46277A-01EE-4460-8D54-4B4A5E4DBF7C}C:\program files (x86)\foobar2000\foobar2000.exe" = protocol=17 | dir=in | app=c:\program files (x86)\foobar2000\foobar2000.exe |
"UDP Query User{D6291ACA-6D6C-41AF-9BF2-62C038EFB562}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client
"{0EB7792D-EFA2-42AB-9A22-F33D9458E974}" = Media Gallery
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Atheros Bluetooth Suite (64)
"{26A24AE4-039D-4CA4-87B4-2F86417001FF}" = Java™ 7 Update 1 (64-bit)
"{28DB4A00-92CC-481E-5485-12A73F6B88C1}" = ccc-utility64
"{312395BC-7CC2-434C-A660-30250276A926}" = SSLx64
"{34EB42BE-F4D3-44C1-B28E-9740115DB72C}" = VAIO - Microsoft Visual C++ 2010 SP1 Runtime 10.0.40219.325
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{46261E1C-5E0D-484E-8CCC-7F770375FBA2}" = VU5x64
"{4B5F58F7-C7D1-3CE3-9B37-B657F0852643}" = Microsoft .NET Framework 4 Client Profile FRA Language Pack
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D95D095-8C6F-4357-BDD8-27E295F37FB1}" = VAIO Care
"{4F31AC31-0A28-4F5A-8416-513972DA1F79}" = VSSTx64
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{549AD5FB-F52D-4307-864A-C0008FB35D96}" = VCCx64
"{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}" = AMD Catalyst Install Manager
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{886C0C18-F905-49B2-90BA-EFC0FEDF27C6}" = VAIO - PlayMemories Home Plug-in
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98DE7960-458C-4104-90E9-910389C81AC9}" = VmciSockets
"{A39AE3AE-9808-39D2-AB7B-FF5F0335095E}" = Microsoft .NET Framework 4 Extended FRA Language Pack
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{D43908B1-76F6-42FB-B97D-0F4694769ACF}" = Start Killer
"{D55EAC07-7207-44BD-B524-0F063F327743}" = VIx64
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBEAA361-F8A4-4298-B41C-9E9DCB9AAB84}" = VPMx64
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F2611404-06BF-4E67-A5B7-8DB2FFC1CBF6}" = VSNx64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile FRA Language Pack" = Module linguistique Microsoft .NET Framework 4 Client Profile FRA
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended FRA Language Pack" = Module linguistique Microsoft .NET Framework 4 Extended FRA
"Recuva" = Recuva
"Speccy" = Speccy
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{07441A52-E208-478A-92B7-5C337CA8C131}" = VAIO - Lecture à distance avec PlayStation®3
"{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network
"{08EBCF9F-416D-0BD3-0C9E-2CBFC6688A19}" = CCC Help German
"{0A738870-A1D3-11E0-ACDF-005056C00008}" = Sound Forge Audio Studio 10.0
"{0AB5F0FD-D917-BB15-163F-B044C606C965}" = CCC Help French
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D94F75A-0EA6-4951-B3AF-B145FA9E05C6}" = VMware Workstation
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation®Store
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1221B471-09BE-71E6-1A26-AAC627625DA0}" = CCC Help Swedish
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{12F9B6AA-B861-CA2C-7DFF-EE4334D9F142}" = CCC Help Spanish
"{18EE664A-8121-4023-8E6E-BB2E9AEEC75E}" = Catalyst Control Center - Branding
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{219801B0-668E-5AC0-193A-7F66BC1A9B8D}" = CCC Help Finnish
"{21DD6041-7251-40FA-9D06-C5EB30268E0F}" = Qualcomm Atheros Direct Connect
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel® USB 3.0 eXtensible Host Controller Driver
"{247092CD-6E4C-3B0E-9C93-FCF60191AE1E}" = CCC Help Czech
"{24DAB461-8071-E28A-92BA-470D21AFFDF3}" = CCC Help Thai
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java™ 7 Update 5
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2F41EF61-A066-4EBF-84F8-21C1B317A780}" = VAIO - TrackID™ avec BRAVIA
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{340600B4-1DAF-25DC-1F55-C67A03126F07}" = CCC Help Chinese Traditional
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{3490653F-2789-46A1-B1BF-6BD4CF4131AB}" = FDUx86
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{34FAB034-9225-83B3-9539-49267DE32A11}" = CCC Help Polish
"{3A26D9BD-0F73-432D-B522-2BA18138F7EF}" = VAIO Improvement
"{3AF0ACA1-E2CC-64C5-4589-E75E2CF7291C}" = CCC Help Italian
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3E22AC09-619F-5C08-0FF2-5947ABC7ACB3}" = Catalyst Control Center
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{43430FA5-AF68-4A2D-A7D4-891000008200}" = Street Fighter X Tekken
"{43DE8A79-029C-38E0-AC90-167333F8EF7E}" = CCC Help Portuguese
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B2C32DE-2C82-4B16-B9D8-D7DEB98FEEF2}" = BlueStacks
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{5156C9BF-1C27-430B-96D8-7129F11699A8}" = VAIO Data Restore Tool
"{547C9EB4-4CA6-402F-9D1B-8BD30DC71E44}" = VAIO Sample Contents
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = Outil de restauration de données VAIO
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
"{5D87C09F-512F-474A-A306-0FE3B89C396F}" = RuneScape Launcher 1.2
"{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO Transfer Support
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63C43435-F428-42BA-8E7B-5848749D9262}" = SSLx86
"{6466EF6E-700E-470F-94CB-D0050302C84E}" = Remote Keyboard
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{692955F2-DE9F-4078-8FAA-858D6F3A1776}" = VAIO Gesture Control
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6FD21053-829D-40E7-B04C-CAFB7D5CD025}" = KUx86
"{70991E0A-1108-437E-BA7D-085702C670C0}" =
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7396FB15-9AB4-4B78-BDD8-24A9C15D2C65}" = VAIO - Clavier à distance
"{7762BB16-AF4E-769D-779C-F6E5F7F9D898}" = CCC Help Hungarian
"{7A127A70-24FE-11E1-B500-F04DA23A5C58}" = DVD Architect Studio 5.0
"{7A9C864F-6D04-11E0-A2D9-005056C00008}" = ACID Music Studio 8.0
"{7C80D30A-AC02-4E3F-B95D-29F0E4FF937B}" = VAIO Easy Connect
"{7E5A5CA6-B7D0-406E-A75E-157CAB47EB94}" = VMLx86
"{7FB413C8-3CAD-49F7-A67C-6EFEB4B04050}" = LogMeIn Hamachi
"{803E4FA5-A940-4420-B89D-A8BC2E160247}" =
"{82F09B1C-F602-4552-9C40-5BD5F8EAF750}" =
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{855DDD3C-131E-42A8-BCBD-F9581F80CACB}" =
"{858B32BD-121C-4AC8-BD87-CE37C51C03E2}" = TrackID™ with BRAVIA
"{862D7DA8-D4B6-EDAD-DFB0-D9F27E187B56}" = CCC Help Turkish
"{8B522F26-C481-1BDB-DA5B-239465957E15}" = CCC Help Russian
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CE152BA-1D16-11E1-867D-984BE15F174E}" = Evernote v. 4.5.2
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E797841-A110-41FD-B17A-3ABC0641187A}" = VAIO Control Center
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9994E62F-F31B-3890-5D17-2548A9F65B23}" = CCC Help Greek
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A49A517F-5332-4665-922C-6D9AD31ADD4F}" = VSNx86
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD
"{A85FCCBE-31AB-4312-A5A9-165FF3B0BF90}" = RuneScape Launcher 1.2.2
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA39D3EF-8722-BC43-1429-FD7ED7C0C20A}" = CCC Help Korean
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AC08BBA0-96B9-431A-A7D0-D8598E493775}" = RESIDENT EVIL 5
"{AC76BA86-7AD7-1036-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Français
"{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
"{AE5F3379-8B81-457E-8E09-7E61D941AFA4}" = VAIO Gate
"{AFEDF394-2774-F2F4-6309-4F6436163ECE}" = CCC Help Japanese
"{B24BB74E-8359-43AA-985A-8E80C9219C70}" = VSSTx86
"{B4DEF552-B0CE-89A8-9A8B-936CDF5D041E}" = CCC Help Norwegian
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation®Network Downloader
"{B7546697-2A80-4256-A24B-1C33163F535B}" = VAIO Gate Default
"{B8991D99-88FD-41F2-8C32-DB70278D5C30}" = VWSTx86
"{BCE6E3D7-B565-4E1B-AC77-F780666A35FB}" = Diagnostic du ventilateur de l'UC VAIO
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C346C112-D8D9-2ACC-3BC8-A204754C68BD}" = CCC Help Dutch
"{C3592426-531E-4110-911D-BFECE2CE284C}" = osu!
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}" = Manuel VAIO
"{C7BC5783-3244-FE39-2EF6-CDE781453D17}" = CCC Help Chinese Standard
"{C7CE1BF7-08A1-9DD7-1E1A-101993EC91BC}" = Catalyst Control Center Localization All
"{C8544A9A-76BE-4F82-811E-979799AE493B}" = VAIO Gesture Control
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C9EFF66F-B0CF-4B1A-9371-2FC647658CDF}" = VAIO Help and Support
"{CE63E240-F384-11E0-A300-F04DA23A5C58}" = Vegas Movie Studio HD Platinum 11.0
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF91A5A9-F10D-433D-A677-9505B84EAF1B}" = Stardock Software
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D17C2A58-E0EA-4DD7-A2D6-C448FD25B6F6}" = VIx86
"{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}" = VU5x86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D56DA747-5FDB-4AD5-9A6A-3481C0ED44BD}" = Remote Play with PlayStation®3
"{D9777637-33B7-47A9-800C-F6A2CD4EB0FE}" = VAIO OOBE
"{DB1A3EA7-0C25-4BEC-A108-176195190369}" = VHD
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE93ED51-40D8-48B4-2A02-67EBF85DEE88}" = CCC Help Danish
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF184496-1CA2-4D07-92E7-0BD251D7DEF0}" = VCCx86
"{E03CD71A-F595-49DF-9ADC-0CFC93B1B211}" = PlayMemories Home
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E17D151E-5E8E-C6AF-031E-76A941D2111E}" = Catalyst Control Center Graphics Previews Common
"{E26A3459-C2A9-9C54-4ED5-F0E26DECBD40}" = CCC Help English
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E682702C-609C-4017-99E7-3129C163955F}" = VAIO - Clavier à distance avec PlayStation®3
"{E727B31A-8B24-4C1C-934A-69634E0D2C0B}" = Qualcomm Atheros WiFi Driver Installation
"{EBBB8461-52A2-11E1-8EBF-005056C00008}" = MSVCRT Redists
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FB77DB0C-6951-47B6-9D80-A0FDBEE0334C}" =
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"DAEMON Tools Lite" = DAEMON Tools Lite
"Diablo II" = Diablo II
"ESET Online Scanner" = ESET Online Scanner v3
"Fraps" = Fraps (remove only)
"Game Booster_is1" = Game Booster 3
"InstallShield_{7C80D30A-AC02-4E3F-B95D-29F0E4FF937B}" = VAIO Easy Connect
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"Mozilla Firefox 15.0.1 (x86 fr)" = Mozilla Firefox 15.0.1 (x86 fr)
"Mozilla Thunderbird 14.0 (x86 fr)" = Mozilla Thunderbird 14.0 (x86 fr)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"ObjectDock Plus 2" = ObjectDock Plus 2
"pcsx2-r5350" = PCSX2 - Playstation 2 Emulator
"Rainmeter" = Rainmeter
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Ubuntu One 3.0.2b" = Ubuntu One
"uTorrent" = µTorrent
"VAIO Satisfaction Survey.3.0" = VAIO Satisfaction Survey.
"VLC media player" = VLC media player 2.0.2
"VLC Streamer_is1" = VLC Streamer 2.68
"VMware_Workstation" = VMware Workstation
"WinLiveSuite" = Windows Live
"WinRAR archiver" = WinRAR 4.11 (32-bit)
"Xvid Video Codec 1.3.2" = Xvid Video Codec

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-735894983-3100481250-2166785636-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Flux" = F.lux

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 2012-09-09 12:22:41 | Computer Name = SamVAIO | Source = WinMgmt | ID = 10
Description =

Error - 2012-09-10 17:41:24 | Computer Name = SamVAIO | Source = WinMgmt | ID = 10
Description =

Error - 2012-09-10 18:35:56 | Computer Name = SamVAIO | Source = WinMgmt | ID = 10
Description =

Error - 2012-09-11 17:37:19 | Computer Name = SamVAIO | Source = WinMgmt | ID = 10
Description =

Error - 2012-09-11 19:04:13 | Computer Name = SamVAIO | Source = WinMgmt | ID = 10
Description =

Error - 2012-09-11 19:11:23 | Computer Name = SamVAIO | Source = WinMgmt | ID = 10
Description =

Error - 2012-09-11 19:40:00 | Computer Name = SamVAIO | Source = WinMgmt | ID = 10
Description =

Error - 2012-09-11 20:38:14 | Computer Name = SamVAIO | Source = WinMgmt | ID = 10
Description =

Error - 2012-09-12 19:47:08 | Computer Name = SamVAIO | Source = WinMgmt | ID = 10
Description =

Error - 2012-09-13 17:27:39 | Computer Name = SamVAIO | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 2012-09-19 20:44:15 | Computer Name = SamVAIO | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d’amorçage suivant n’a pas pu se
charger : AVGIDSHA

Error - 2012-09-21 12:16:11 | Computer Name = SamVAIO | Source = Service Control Manager | ID = 7023
Description = Le service BlueStacks Android Service s’est arrêté avec l’erreur :
%%1064

Error - 2012-09-21 12:16:20 | Computer Name = SamVAIO | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d’amorçage suivant n’a pas pu se
charger : AVGIDSHA

Error - 2012-09-21 20:53:49 | Computer Name = SamVAIO | Source = Service Control Manager | ID = 7023
Description = Le service BlueStacks Android Service s’est arrêté avec l’erreur :
%%1064

Error - 2012-09-21 20:54:06 | Computer Name = SamVAIO | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d’amorçage suivant n’a pas pu se
charger : AVGIDSHA

Error - 2012-09-21 21:12:37 | Computer Name = SamVAIO | Source = Service Control Manager | ID = 7023
Description = Le service BlueStacks Android Service s’est arrêté avec l’erreur :
%%1064

Error - 2012-09-21 21:12:43 | Computer Name = SamVAIO | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d’amorçage suivant n’a pas pu se
charger : AVGIDSHA

Error - 2012-09-21 23:05:18 | Computer Name = SamVAIO | Source = Service Control Manager | ID = 7023
Description = Le service BlueStacks Android Service s’est arrêté avec l’erreur :
%%1064

Error - 2012-09-21 23:05:24 | Computer Name = SamVAIO | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d’amorçage suivant n’a pas pu se
charger : AVGIDSHA

Error - 2012-09-21 23:07:29 | Computer Name = SamVAIO | Source = Service Control Manager | ID = 7034
Description = Le service Service Bonjour s’est terminé de façon inattendue pour
la 1ème fois.


< End of report >




aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-26 18:58:49
-----------------------------
18:58:49.533 OS Version: Windows x64 6.1.7601 Service Pack 1
18:58:49.533 Number of processors: 8 586 0x3A09
18:58:49.534 ComputerName: SAMVAIO UserName: Samuel
18:58:51.404 Initialize success
18:59:25.866 AVAST engine defs: 12092601
18:59:48.016 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:59:48.019 Disk 0 Vendor: WDC_WD75 01.0 Size: 715404MB BusType: 3
18:59:48.036 Disk 0 MBR read successfully
18:59:48.040 Disk 0 MBR scan
18:59:48.060 Disk 0 Windows 7 default MBR code
18:59:48.064 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 22121 MB offset 2048
18:59:48.084 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 350 MB offset 45305856
18:59:48.091 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 692931 MB offset 46022656
18:59:48.113 Disk 0 scanning C:\Windows\system32\drivers
18:59:56.564 Service scanning
19:00:33.371 Modules scanning
19:00:33.383 Disk 0 trace - called modules:
19:00:33.411 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
19:00:33.746 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800a28d790]
19:00:33.753 3 CLASSPNP.SYS[fffff8800148743f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007e59050]
19:00:35.621 AVAST engine scan C:\Windows
19:00:38.987 AVAST engine scan C:\Windows\system32
19:02:46.338 AVAST engine scan C:\Windows\system32\drivers
19:02:59.302 AVAST engine scan C:\Users\Samuel
19:04:53.612 Disk 0 MBR has been saved successfully to "C:\Users\Samuel\Desktop\MBR.dat"
19:04:53.622 The log file has been saved successfully to "C:\Users\Samuel\Desktop\aswMBR.txt"

#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:19 PM

Posted 26 September 2012 - 10:10 PM

Greetings Samuel,

There is still evidences of the ZeroAccess infection on your computer. I would like you to run the following program for me. In addition I must advise you of the following.


===================================================


BACKDOOR WARNING!

--------------------

One or more of the identified infections is a Backdoor Trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation. Please let me know if you have already noticed evedences of financial institution irregularities.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.


===================================================


Run Combofix in Vista/7

--------------------

Combofix is a very powerful tool and special attention must be taken to allow it to work properly. Please pay careful attention to the following instructions.

  • Please download ComboFix from one of these locations:

    BleepingComputer

    ForoSpyware

  • Save Combofix.exe to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts. It is important you do not mouseclick while the program is running or it may stall.

    Note #1: Often times it may appear as if ComboFix has stopped working. To verify it is still running please do one of the following below. If, based on the below, you have concluded ComboFix has stopped running please stop and advise me.

    • Check your computer clock. If it is still running then so is ComboFix
    • Open Task Manager and select the Applications Tab. If the status of AutoScan is Running, then ComboFix is running
    • Open Task Manager and select the Processes Tab. Under Image Name look for files ending in .3xe. If there are fluctuating numbers under CPU and Mem Usage then ComboFix is running
    Note #2: If you receive the following error "Illegal operation attempted on a registery key that has been marked for deletion" please just restart your computer to resolve this issue
  • When finished, it will produce a log. Please copy and paste the C:\Combofix.txt log information in your next reply.

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • Combofix.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Notsoanonymous

Notsoanonymous
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:19 AM

Posted 27 September 2012 - 06:53 AM

Ok i just have a few questions before i start doing this, this computer (my laptop) is the main thing i use for school, it contains lots and lots of stuff i need. also it contains over 150GBs of files i don't want to lose, also i do not have the original Windows 7 CD, it's a laptop so Windows was already in when i bought it, i just needed to set it up. So i'd like to avoid a reformat-reinstall. What do you mean by the computer could not be trusted anymore? I did ZERO important stuff or banking stuff on this computer, i do this stuff on my third computer who have Ubuntu. I'm going to school right now, then, to work so i'll be back in about nine hours to do this Combofix thing. Thanks for your help Gary.

And if it's not asking too much, do you have any tips to avoid getting infected by a backdoor trojan or any other malware?

Edited by Notsoanonymous, 27 September 2012 - 06:54 AM.


#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:19 PM

Posted 27 September 2012 - 09:20 AM

Greetings Samuel,

It is necessary for us to at least make you aware of the worse case scenario. This is because of the potential Backdoor Trojans bring with them, but it is not a determination on our part that your situation currently falls withing this worse case scenario.

Ultimately it is a personal decision whether to reformat or not. What decision should you make to let you sleep well at night. It is different for different people. I will say whether rightly or wrongly most people decide to clean and not reformat, at least initially.

The only insight I can offer is how I evaluate the issue personally even though I have never had a Backdoor Trojan on my computer. The main purpose for malicious software is to somehow separate you from your money. It seems reasonable to assume that a thief trying to take your money via a Backdoor Trojan will hit you hard, and quickly. Once your computer starts to act up and you become suspicious you have the opportunity to eliminate access to your computer and change the information taken, namely account and password information. The key to this, in my opinion, is whether or not you have noticed any irregularities in your banking or other financial institutions, or things like email and social network accounts (like Facebook). If not, I think you can assume your information has not been compromised to the point where you need to reformat. But if you don't you should still monitor your financial institutions and other accounts as described above.

I did ZERO important stuff or banking stuff on this computer

No disrespect to you, but I don't think thieves are interested in your homework :) I think you are pretty safe to clean and not reformat, as long as you can sleep at night. :graduate:
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 Notsoanonymous

Notsoanonymous
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:19 AM

Posted 27 September 2012 - 04:15 PM

I disabled windows firewall and my antiviruses, but everytime i run combofix i get a BSOD, i had similar issues with RKILL, what do i do Gary?

Not related : I'm insomniac so don't worry about sleeping at night, virus or no, i can't! ;)

Edited by Notsoanonymous, 27 September 2012 - 04:58 PM.


#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:19 PM

Posted 27 September 2012 - 05:17 PM

Greetings Samuel,

I'm insomniac

You should be a malware fighter! :)


Try these links. If one doesn't work try the next.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 Notsoanonymous

Notsoanonymous
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:19 AM

Posted 27 September 2012 - 05:24 PM

Link 1 : BSOD
Link 2 : BSOD
Link 3 : BSOD
Combofix : BSOD

Edited by Notsoanonymous, 27 September 2012 - 05:30 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users