TechSpot

Weird Malicious site blocking, possible Hijack?

Inactive-A
By Weazel99
Sep 12, 2013
  1. Ok so as long as I am connected to the internet (not with a browser open, just a network that has internet access) Avast- the free version- keeps popping up saying it has blocked a malicious URL. Every four or so seconds it blocks another one. And the sites it blocks are all... weird. I've never been to any of these sites. After about ten blocks, it cycles back to the first site. The sites are like:
    "munte8.biz" "kaylith5.org" "yatzza7.net," and they all end with ".../task/5010." This happens a few more times even after I disconnect my laptop from the wifi.

    Also, the program associated with these sites isn't "firefox.exe" as it would be normally, its the "svhost.exe."

    Anyways, I've already done several scans with Avast, including 2 boot time scans. I've also used MalwareBytes AntiMalware too. These have removed some "threatening" programs, but none have solved this problem. My brother (who is an IT guy and also programs servers for a living) suggested using Hijack This and ComboFix. I ran combofix, but still, the problems persists. Then that's when I used Hijack This. As I am not familiar with every suspicious program, I've posted the Hijack This log with this thread. Hopefully you guys can find something I cannot.

    Btw, my specs are:
    Sony S series Laptop, Windows 7
    intel i5 core processor, 2.4 ghtz CPU, 4g memory
     

    Attached Files:

  2. Broni

    Broni Malware Annihilator Posts: 47,066   +257

    Hmmm...you've been to this forum before so you should know better...

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. Weazel99

    Weazel99 TS Rookie Topic Starter Posts: 40

    Indeed I have, your probably right. I just love getting into trouble though. So here's my MBAM log, im running DDS now.

    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.09.12.09

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 10.0.9200.16686
    Weazel :: VAIO [administrator]

    9/12/2013 9:33:56 PM
    mbam-log-2013-09-12 (21-33-56).txt

    Scan type: Full scan (C:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 547679
    Time elapsed: 1 hour(s), 51 minute(s), 31 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  4. Weazel99

    Weazel99 TS Rookie Topic Starter Posts: 40

    dds.txt:
    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 10.0.9200.16686
    Run by Weazel at 18:43:03 on 2013-09-13
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4012.1572 [GMT -7:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: COMODO Antivirus *Disabled/Outdated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
    FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
    C:\Program Files\TrueSuite\TrueSuite.Service.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\WLANExt.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k WbioSvcGroup
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
    C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
    C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
    C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
    c:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
    C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
    C:\Windows\SysWOW64\DllHost.exe
    C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
    C:\Windows\SysWOW64\DllHost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files\Sony\VAIO Care\VCPerfService.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\ArcSoft\Magic-I Visual Effects 2\uCamMonitor.exe
    C:\Program Files\Sony\VAIO Power Management\SPMService.exe
    C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
    C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
    C:\Program Files (x86)\Sony\VAIO Control Center\VESGfxMgr.exe
    C:\Windows\system32\igfxext.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
    C:\Program Files\TrueSuite\TrueSuite.ClientAppLogonExe.exe
    C:\Program Files\Apoint\ApMsgFwd.exe
    C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe
    C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\Apoint\Apvfb.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
    C:\Program Files (x86)\Steam\Steam.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe
    C:\Users\Weazel\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
    C:\Program Files\COMODO\COMODO Internet Security\cis.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
    C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
    C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
    C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
    C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
    C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
    C:\Program Files\Sony\VAIO Care\VCService.exe
    C:\Program Files\Sony\VAIO Care\VCAgent.exe
    C:\Program Files\Sony\VAIO Care\listener.exe
    C:\Program Files\TrueSuite\TrueSuite.TouchControl.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
    C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://sony.msn.com
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: TrueSuite WebStore: {5cb2b77d-c8ca-44db-af20-a7a4df462a12} -
    BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\TrueSuite\x86\TrueSuite.IEBHO.dll
    BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Symantec VIP Access Add-On: {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: avast! Ad Blocker: {FFCB3198-32F3-4E8B-9539-4324694ED663} - C:\Program Files (x86)\AVAST Software\avast! Ad Blocker IE\Adblocker32.dll
    TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
    mRun: [PMBVolumeWatcher] c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
    mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
    mRun: [gbrspcontrol] "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave
    StartupFolder: C:\Users\Weazel\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Weazel\AppData\Roaming\Dropbox\bin\Dropbox.exe
    StartupFolder: C:\Users\Weazel\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\STARTG~1.LNK - C:\Program Files (x86)\Comodo\GeekBuddy\launcher.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableLUA = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    TCP: NameServer = 208.67.222.123 208.67.220.123 66.189.0.100
    TCP: Interfaces\{3BD40B49-DE02-4CE5-9050-195792D98DC4} : DHCPNameServer = 208.67.222.123 208.67.220.123 66.189.0.100
    TCP: Interfaces\{3BD40B49-DE02-4CE5-9050-195792D98DC4}\14355535 : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{3BD40B49-DE02-4CE5-9050-195792D98DC4}\2375942554730313 : DHCPNameServer = 192.168.1.254
    TCP: Interfaces\{3BD40B49-DE02-4CE5-9050-195792D98DC4}\76F667E6564777F627B623 : DHCPNameServer = 192.168.37.1
    TCP: Interfaces\{3BD40B49-DE02-4CE5-9050-195792D98DC4}\A455E494F425D20534 : DHCPNameServer = 66.189.0.100 24.159.64.23 24.247.24.53
    TCP: Interfaces\{3BD40B49-DE02-4CE5-9050-195792D98DC4}\E45445745414251323 : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{86E43F0F-B1D2-42F9-B68E-4EC736E50620} : DHCPNameServer = 192.168.10.1
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-BHO: TrueSuite WebStore: {5cb2b77d-c8ca-44db-af20-a7a4df462a12} -
    x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    x64-BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\TrueSuite\TrueSuite.IEBHO.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Symantec VIP Access Add-On: {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    x64-BHO: avast! Ad Blocker: {FFCB3198-32F3-4E8B-9539-4324694ED663} - C:\Program Files (x86)\AVAST Software\avast! Ad Blocker IE\Adblocker64.dll
    x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
    x64-Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
    x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Run: [Apoint] C:\Program Files (x86)\Apoint\Apoint.exe
    x64-Run: [ClientAppLogon] C:\Program Files\TrueSuite\TrueSuite.ClientAppLogonExe.exe
    x64-Run: [ClientAppLogon32] C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe
    x64-Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
    x64-Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
    x64-DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
    x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Weazel\AppData\Roaming\Mozilla\Firefox\Profiles\lhhfp41y.default\
    FF - prefs.js: browser.search.defaulturl -
    FF - prefs.js: browser.search.selectedEngine -
    FF - prefs.js: browser.startup.homepage - google.com
    FF - prefs.js: keyword.URL -
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Sony\Media Go\npmediago.dll
    FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
    FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\Weazel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
    FF - ExtSQL: 2013-08-29 19:16; firefox@webconnect.co; C:\Users\Weazel\AppData\Roaming\Mozilla\Firefox\Profiles\lhhfp41y.default\extensions\firefox@webconnect.co.xpi
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-29 65336]
    R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-3-29 204880]
    R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-3-29 1030952]
    R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-3-29 378944]
    R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\System32\drivers\cmderd.sys [2013-1-16 23168]
    R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdguard.sys [2013-1-16 708632]
    R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2013-1-16 48360]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-7-19 204288]
    R2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-4-21 1136640]
    R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-3-29 33400]
    R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-3-29 80816]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-9-11 46808]
    R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-7-12 923984]
    R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-7-12 1001808]
    R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-4-21 134928]
    R2 CLPSLauncher;COMODO LPS Launcher;C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [2013-7-24 70352]
    R2 FPLService;TrueSuiteService;C:\Program Files\TrueSuite\TrueSuite.Service.exe [2011-4-26 294216]
    R2 GeekBuddyRSP;GeekBuddyRSP Service;C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2013-5-30 1851088]
    R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2013-6-28 2470736]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-3-29 13592]
    R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2013-3-29 2375168]
    R2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-24 212944]
    R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2011-3-15 428384]
    R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2011-7-22 259512]
    R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-I Visual Effects 2\uCamMonitor.exe [2011-2-23 105024]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2013-3-29 2656536]
    R2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2013-3-29 552584]
    R2 VIPAppService;VIPAppService;C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [2011-4-13 84088]
    R2 VSNService;VSNService;C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2013-3-29 969352]
    R3 AMPPAL;Intel(R) Centrino(R) Bluetooth 3.0 + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2011-4-21 294912]
    R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\System32\drivers\ArcSoftKsUFilter.sys [2009-5-26 19968]
    R3 ATSwpWDF;AuthenTec TruePrint WBF Driver;C:\Windows\System32\drivers\ATSwpWDF.sys [2011-1-27 894240]
    R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-7-12 1321296]
    R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2011-7-6 52736]
    R3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2011-7-6 274944]
    R3 cmdvirth;COMODO Virtual Service Manager;C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2013-1-24 158936]
    R3 iBtFltCoex;iBtFltCoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2011-7-6 59904]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-7-19 317440]
    R3 intelkmd;intelkmd;C:\Windows\System32\drivers\igdpmd64.sys [2011-7-19 12230912]
    R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2011-6-21 25496]
    R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-6-13 87552]
    R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-6-13 207872]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-3-29 425064]
    R3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\System32\drivers\ScreamingBAudio64.sys [2012-7-31 38992]
    R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2010-6-1 12032]
    R3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2011-7-24 53176]
    R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update Common\VUAgent.exe [2011-6-30 1380480]
    R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2011-6-21 42392]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 DragonUpdater;COMODO Dragon Update Service;C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2013-8-1 2095808]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408]
    S2 Update WebConnect;Update WebConnect;"C:\Program Files (x86)\WebConnect\updateWebConnect.exe" --> C:\Program Files (x86)\WebConnect\updateWebConnect.exe [?]
    S3 AMPPALP;Intel(R) Centrino(R) Bluetooth 3.0 + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2011-4-21 294912]
    S3 BEService;BattlEye Service;C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2013-7-24 49152]
    S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y60x64.sys [2009-6-10 281088]
    S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2011-6-21 34200]
    S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-5-2 340240]
    S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2013-3-29 337512]
    S3 SOHCImp;VAIO Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2011-2-21 113824]
    S3 SOHDs;VAIO Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2011-2-21 67232]
    S3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-1-20 286936]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
    S3 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-1-20 887000]
    S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-5-19 549616]
    S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-2-18 385336]
    S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-2-18 99104]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-4-3 1255736]
    .
    =============== Created Last 30 ================
    .
    2013-09-14 01:27:52 9515512 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D171D991-98B6-442B-BA8F-F02E56F3EDB3}\mpengine.dll
    2013-09-14 01:12:41 125440 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon_toolbar@truesuite.com\components\TrueSuite.WLOXPCOM.dll
    2013-09-12 03:43:05 -------- d-sh--w- C:\$RECYCLE.BIN
    2013-09-12 00:04:46 98816 ----a-w- C:\Windows\sed.exe
    2013-09-12 00:04:46 256000 ----a-w- C:\Windows\PEV.exe
    2013-09-12 00:04:46 208896 ----a-w- C:\Windows\MBR.exe
    2013-09-11 20:21:38 -------- d-----w- C:\Program Files (x86)\AVAST Software
    2013-09-11 06:12:44 -------- d-----w- C:\Users\Weazel\AppData\Roaming\Malwarebytes
    2013-09-11 06:12:01 -------- d-----w- C:\ProgramData\Malwarebytes
    2013-09-11 06:11:51 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2013-09-11 06:11:50 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-09-11 01:23:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
    2013-09-08 07:54:56 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
    2013-09-08 07:54:55 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
    2013-09-08 07:54:55 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
    2013-09-08 07:54:55 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
    2013-09-08 07:54:55 -------- d-----w- C:\Program Files (x86)\OpenAL
    2013-09-04 22:14:40 -------- d-----w- C:\Users\Weazel\AppData\Roaming\0S1F1O2Z0S2Y1H1T
    2013-09-03 00:37:11 -------- d-----w- C:\Program Files (x86)\Blender Foundation
    2013-08-17 11:45:30 -------- d-----w- C:\Users\Weazel\AppData\Local\Google
    2013-08-15 09:36:07 -------- d-----w- C:\ProgramData\StarApp
    2013-08-15 09:34:09 -------- d-----w- C:\ProgramData\InstallMate
    .
    ==================== Find3M ====================
    .
    2013-09-13 05:09:11 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-09-13 05:09:11 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-08-30 07:48:10 72016 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
    2013-08-30 07:48:10 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
    2013-08-30 07:48:10 204880 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
    2013-08-30 07:48:10 1030952 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
    2013-08-30 07:48:09 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
    2013-08-30 07:47:40 41664 ----a-w- C:\Windows\avastSS.scr
    2013-08-10 05:22:18 2241024 ----a-w- C:\Windows\System32\wininet.dll
    2013-08-10 05:20:59 3959296 ----a-w- C:\Windows\System32\jscript9.dll
    2013-08-10 05:20:55 67072 ----a-w- C:\Windows\System32\iesetup.dll
    2013-08-10 05:20:55 136704 ----a-w- C:\Windows\System32\iesysprep.dll
    2013-08-10 03:59:10 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
    2013-08-10 03:58:09 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2013-08-10 03:58:06 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2013-08-10 03:58:06 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
    2013-08-10 03:17:38 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
    2013-08-10 03:07:50 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2013-08-10 02:27:59 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
    2013-08-10 02:17:19 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
    2013-08-08 01:20:43 3155456 ----a-w- C:\Windows\System32\win32k.sys
    2013-08-02 02:23:53 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2013-08-02 02:15:44 1732032 ----a-w- C:\Windows\System32\ntdll.dll
    2013-08-02 02:15:03 362496 ----a-w- C:\Windows\System32\wow64win.dll
    2013-08-02 02:15:03 243712 ----a-w- C:\Windows\System32\wow64.dll
    2013-08-02 02:15:03 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
    2013-08-02 02:14:57 215040 ----a-w- C:\Windows\System32\winsrv.dll
    2013-08-02 02:14:11 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
    2013-08-02 02:13:34 424448 ----a-w- C:\Windows\System32\KernelBase.dll
    2013-08-02 01:59:30 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2013-08-02 01:59:30 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2013-08-02 01:51:23 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
    2013-08-02 01:50:42 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2013-08-02 01:50:42 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
    2013-08-02 01:09:17 338432 ----a-w- C:\Windows\System32\conhost.exe
    2013-08-02 00:59:09 112640 ----a-w- C:\Windows\System32\smss.exe
    2013-08-02 00:45:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2013-08-02 00:45:36 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2013-08-02 00:45:35 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2013-08-02 00:45:34 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2013-08-02 00:43:05 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2013-08-02 00:43:05 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2013-08-02 00:43:05 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2013-08-02 00:43:05 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2013-08-01 23:59:51 57096 ----a-w- C:\Windows\System32\certsentry.dll
    2013-08-01 23:59:51 48392 ----a-w- C:\Windows\SysWow64\certsentry.dll
    2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
    2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
    2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll
    2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2013-07-09 05:52:52 224256 ----a-w- C:\Windows\System32\wintrust.dll
    2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll
    2013-07-09 05:46:20 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
    2013-07-09 05:46:20 1472512 ----a-w- C:\Windows\System32\crypt32.dll
    2013-07-09 05:46:20 139776 ----a-w- C:\Windows\System32\cryptnet.dll
    2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
    2013-07-09 04:52:10 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
    2013-07-09 04:46:31 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
    2013-07-09 04:46:31 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll
    2013-07-09 04:46:31 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
    2013-07-08 20:59:52 708632 ----a-w- C:\Windows\System32\drivers\cmdguard.sys
    2013-07-06 06:03:53 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2013-06-18 15:16:09 48360 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys
    2013-06-18 15:16:07 23168 ----a-w- C:\Windows\System32\drivers\cmderd.sys
    2013-06-18 15:15:49 43216 ----a-w- C:\Windows\System32\cmdcsr.dll
    2013-06-18 15:15:47 348584 ----a-w- C:\Windows\SysWow64\guard32.dll
    2013-06-18 15:15:46 437688 ----a-w- C:\Windows\System32\guard64.dll
    2013-06-18 15:15:38 45784 ----a-w- C:\Windows\System32\cmdkbd64.dll
    2013-06-18 15:15:38 344792 ----a-w- C:\Windows\System32\cmdvrt64.dll
    2013-06-18 15:15:35 278232 ----a-w- C:\Windows\SysWow64\cmdvrt32.dll
    2013-06-18 15:15:34 40664 ----a-w- C:\Windows\SysWow64\cmdkbd32.dll
    2013-06-16 22:58:27 270408 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
    2013-06-16 22:58:27 270408 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
    .
    ============= FINISH: 18:44:58.88 ===============
    Attach.txt
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 3/29/2013 7:53:21 PM
    System Uptime: 9/12/2013 3:59:49 PM (27 hours ago)
    .
    Motherboard: Sony Corporation | | VAIO
    Processor: Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz | N/A | 2401/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 453 GiB total, 218.267 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP96: 9/3/2013 3:14:32 PM - Windows Update
    RP97: 9/6/2013 4:18:10 PM - Windows Update
    RP98: 9/10/2013 6:19:14 PM - Windows Update
    RP99: 9/11/2013 5:37:38 AM - Windows Update
    RP100: 9/12/2013 2:50:38 AM - avast! Free Antivirus Setup
    .
    ==== Installed Programs ======================
    .
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.6) MUI
    Alien Swarm
    Alps Pointing-device for VAIO
    AMD APP SDK Runtime
    AMD Media Foundation Decoders
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Application Manager for VAIO
    ArcSoft Magic-I Visual Effects 2
    ArcSoft WebCam Companion 4
    Arma 2
    Arma 2: Operation Arrowhead
    Assassin's Creed Brotherhood
    Assassin's Creed II
    ATI Catalyst Install Manager
    AuthenTec TrueSuite
    AuthenTec WinBio FingerPrint Software
    avast! Ad Blocker
    avast! Free Antivirus
    BattlEye for OA Uninstall
    BattlEye Uninstall
    Blender
    Bonjour
    Castle Crashers
    Catalyst Control Center
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    Catalyst Control Center Profiles Mobile
    ccc-utility64
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Chaos on Deponia
    Comodo Dragon
    COMODO Internet Security
    Counter-Strike: Source
    D3DX10
    DayZ Commander
    Deponia
    Dolpin Emulator Packages
    Dropbox
    FlatOut
    Fraps (remove only)
    Galerie de photos Windows Live
    Garry's Mod
    GeekBuddy
    GoldenEye: Source
    Google Chrome
    Google Update Helper
    Guns of Icarus Online
    Half-Life 2
    Intel PROSet Wireless
    Intel(R) Display Audio Driver
    Intel(R) Identity Protection Technology 1.1.2.0
    Intel(R) Management Engine Components
    Intel(R) PROSet/Wireless for Bluetooth(R) 3.0 + High Speed
    Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
    Intel(R) PROSet/Wireless WiFi Software
    Intel(R) Rapid Storage Technology
    Intel(R) WiDi
    Intel(R) Wireless Display
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 26
    Java(TM) 6 Update 39 (64-bit)
    Keyboard Shortcuts
    Left 4 Dead 2
    LogMeIn Hamachi
    Malwarebytes Anti-Malware version 1.75.0.1300
    Media Gallery
    Media Go
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft IntelliPoint 7.1
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server Compact 3.5 SP2 ENU
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft XNA Framework Redistributable 4.0
    Mirror's Edge
    Monaco
    MorphVOX Junior
    Mozilla Firefox 23.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    MSXML 4.0 SP3 Parser
    MSXML 4.0 SP3 Parser (KB2758694)
    NVIDIA PhysX v8.10.17
    OOBE
    OpenAL
    OpenOffice.org 3.4.1
    Play withSIX
    PlayReady PC Runtime amd64
    PlayStation(R)Network Downloader
    PlayStation(R)Store
    PMB
    PMB VAIO Edition Guide
    PMB VAIO Edition Plug-in
    Portal 2
    PunkBuster Services
    PX Profile Update
    Quick Web Access
    Realtek Ethernet Controller Driver
    Realtek High Definition Audio Driver
    Realtek PCIE Card Reader
    Remote Keyboard
    Remote Play with PlayStation 3
    Renesas Electronics USB 3.0 Host Controller Driver
    Rome: Total War
    savenShhareE
    SaveShare 1.74
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
    Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
    Sid Meier's Civilization 4 - Beyond the Sword
    Sid Meier's Civilization 4 Complete
    Sid Meier's Civilization IV Colonization
    Sid Meier's Civilization V
    Skype™ 6.6
    Sony Corporation
    Source SDK
    Source SDK Base 2006
    Source SDK Base 2007
    SSLx64
    SSLx86
    Star Wars Jedi Knight: Jedi Academy
    Star Wars: Empire at War Gold
    Steam
    Synergy
    Team Fortress 2
    TeamSpeak 3 Client
    Terraria
    The Elder Scrolls V: Skyrim
    Ubisoft Game Launcher
    Unity Web Player
    VAIO - Media Gallery
    VAIO - PMB VAIO Edition Guide
    VAIO - PMB VAIO Edition Plug-in
    VAIO - Remote Keyboard
    VAIO - Remote Play with PlayStation®3
    VAIO Care
    VAIO Control Center
    VAIO CPU Fan Diagnostic
    VAIO Data Restore Tool
    VAIO Easy Connect
    VAIO Gate
    VAIO Gate Default
    VAIO Help and Support
    VAIO Improvement
    VAIO Manual
    VAIO Messenger
    VAIO Sample Contents
    VAIO Satisfaction Survey.
    VAIO Smart Network
    VAIO Transfer Support
    VAIO Update
    VAIO Update Merge Module x64
    VCCx64
    VCCx86
    VHD
    VIPAccess
    VIx64
    VIx86
    VPMx64
    VSNx64
    VSNx86
    VWSTx86
    WebConnect 3.0.0
    Windows Live
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    WinDS PRO 2012.10.0
    WinRAR 4.20 (32-bit)
    XCOM: Enemy Unknown
    .
    ==== Event Viewer Messages From Past Week ========
    .
    9/8/2013 1:38:02 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
    9/7/2013 3:16:34 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
    9/7/2013 3:14:33 PM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    9/7/2013 3:14:33 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    9/7/2013 3:14:33 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    9/7/2013 3:14:33 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    9/7/2013 3:14:33 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    9/7/2013 3:14:33 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    9/7/2013 3:14:33 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    9/7/2013 3:14:33 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    9/7/2013 3:14:33 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    9/7/2013 3:14:33 PM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    9/7/2013 3:14:33 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    9/7/2013 3:14:33 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    9/7/2013 3:14:33 PM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    9/7/2013 3:14:33 PM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    9/7/2013 3:14:08 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.103 with the system having network hardware address 28-0D-FC-B0-46-30. Network operations on this system may be disrupted as a result.
    9/13/2013 6:13:37 PM, Error: Service Control Manager [7011] - A timeout (60000 milliseconds) was reached while waiting for a transaction response from the IconMan_R service.
    9/13/2013 6:12:50 PM, Error: Service Control Manager [7034] - The COMODO Dragon Update Service service terminated unexpectedly. It has done this 1 time(s).
    9/13/2013 6:12:49 PM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.
    9/12/2013 9:31:07 PM, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
    9/12/2013 9:30:27 PM, Error: Service Control Manager [7034] - The Google Update Service (gupdate) service terminated unexpectedly. It has done this 1 time(s).
    9/12/2013 6:22:58 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: CFRMD
    9/12/2013 6:22:26 PM, Error: Service Control Manager [7000] - The Update WebConnect service failed to start due to the following error: The system cannot find the file specified.
    9/12/2013 3:26:05 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
    9/12/2013 3:22:16 AM, Error: Service Control Manager [7022] - The VAIO Care Performance Service service hung on starting.
    9/11/2013 8:06:54 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    9/11/2013 8:04:27 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    9/11/2013 7:57:53 PM, Error: Service Control Manager [7034] - The PEVSystemStart service terminated unexpectedly. It has done this 1 time(s).
    9/11/2013 5:30:38 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff8000310ad55). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 091113-30310-01.
    9/11/2013 4:51:08 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
    9/11/2013 2:03:57 PM, Error: Service Control Manager [7031] - The Update WebConnect service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    9/10/2013 9:18:20 PM, Error: Service Control Manager [7022] - The Intel(R) Management and Security Application User Notification Service service hung on starting.
    9/10/2013 11:02:36 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.
    .
    ==== End Of File ===========================
     
  5. Broni

    Broni Malware Annihilator Posts: 47,066   +257

    [​IMG] Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to:
    - Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
     
  6. Weazel99

    Weazel99 TS Rookie Topic Starter Posts: 40

    RogueKiller V8.6.11 _x64_ [Sep 11 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.adlice.com/forum/
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Weazel [Admin rights]
    Mode : Remove -- Date : 09/15/2013 22:43:02
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 8 ¤¤¤
    [HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
    [HJ POL] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
    [HJ POL] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
    [HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> [0x2] The system cannot find the file specified.
    [HJ POL] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
    [HJ POL] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> REPLACED (1)
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Scheduled tasks : 0 ¤¤¤

    ¤¤¤ Startup Entries : 0 ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

    ¤¤¤ External Hives: ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts


    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: TOSHIBA MK5059GSXP +++++
    --- User ---
    [MBR] d2df5ace3cdddef95551cb330d720b69
    [BSP] 5c23e0f38a75a075183805e4c10bb709 : Windows 7/8 MBR Code
    Partition table:
    0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 12554 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 25712640 | Size: 100 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 25917440 | Size: 464284 Mo
    User != LL1 ... KO!
    --- LL1 ---
    [MBR] 89ec384d863da0211915139e1ea73209
    [BSP] 26e7e04b15b70c3b38faf8a21a86983b : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 12554 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 25712640 | Size: 100 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 25917440 | Size: 464284 Mo
    User != LL2 ... KO!
    --- LL2 ---
    [MBR] 89ec384d863da0211915139e1ea73209
    [BSP] 26e7e04b15b70c3b38faf8a21a86983b : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 12554 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 25712640 | Size: 100 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 25917440 | Size: 464284 Mo

    +++++ PhysicalDrive1: TOSHIBA MK5059GSXP +++++
    --- User ---
    [MBR] ad33a3a547bba123744a073c3fd010a6
    [BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 8064 | Size: 14883 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[0]_D_09152013_224302.txt >>
    RKreport[0]_S_09152013_224242.txt
     
  7. Weazel99

    Weazel99 TS Rookie Topic Starter Posts: 40

    so I did two scans, this one is the first one, the second one showed up empty.

    Malwarebytes Anti-Rootkit BETA 1.07.0.1005
    www.malwarebytes.org

    Database version: v2013.09.16.01

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 10.0.9200.16686
    Weazel :: VAIO [administrator]

    9/15/2013 10:46:09 PM
    mbar-log-2013-09-15 (22-46-09).txt

    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
    Objects scanned: 250735
    Time elapsed: 15 minute(s), 52 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 3
    C:\Users\Weazel\Desktop\RK_Quarantine\PhysicalDrive0_LL1.dat (Rootkit.Harbinger.MBR) -> Delete on reboot.
    C:\Users\Weazel\Desktop\RK_Quarantine\PhysicalDrive0_LL2.dat (Rootkit.Harbinger.MBR) -> Delete on reboot.
    C:\Users\Weazel\AppData\Local\Temp\notepad.exe (Trojan.Backdoor) -> Delete on reboot.

    Physical Sectors Detected: 2
    Master Boot Record on Drive #0 (Rootkit.Harbinger.MBR) -> Replace on reboot.
    Physical Sector #976772900 on Drive #0 (Forged physical sector) -> Replace on reboot.

    (end)
     
  8. Weazel99

    Weazel99 TS Rookie Topic Starter Posts: 40

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.07.0.1005

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    Account is Administrative

    Internet Explorer version: 10.0.9200.16686

    Java version: 1.6.0_26

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 2.394000 GHz
    Memory total: 4206702592, free: 1499144192

    Downloaded database version: v2013.09.16.01
    Downloaded database version: v2013.08.06.01
    =======================================
    Initializing...
    ------------ Kernel report ------------
    09/15/2013 22:46:03
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_GenuineIntel.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\ACPI.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\system32\drivers\vdrvroot.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\DRIVERS\compbatt.sys
    \SystemRoot\system32\DRIVERS\BATTC.SYS
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\drivers\iaStor.sys
    \SystemRoot\system32\drivers\amdxata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\drivers\wd.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\drivers\disk.sys
    \SystemRoot\system32\drivers\CLASSPNP.SYS
    \SystemRoot\System32\Drivers\aswVmm.sys
    \SystemRoot\System32\Drivers\aswRvrt.sys
    \SystemRoot\System32\DRIVERS\cmderd.sys
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\System32\Drivers\aswSnx.SYS
    \SystemRoot\system32\DRIVERS\cmdguard.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\system32\drivers\rdprefmp.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\System32\Drivers\aswTdi.SYS
    \SystemRoot\System32\DRIVERS\cmdhlp.sys
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\System32\Drivers\aswrdr2.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\drivers\ws2ifsl.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\vwififlt.sys
    \SystemRoot\system32\DRIVERS\inspect.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\DRIVERS\termdd.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\system32\DRIVERS\mssmbios.sys
    \SystemRoot\System32\drivers\discache.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\blbdrive.sys
    \SystemRoot\System32\Drivers\aswSP.SYS
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\atikmpag.sys
    \SystemRoot\system32\DRIVERS\atikmdag.sys
    \SystemRoot\system32\DRIVERS\igdpmd64.sys
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\system32\DRIVERS\HECIx64.sys
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\NETwNs64.sys
    \SystemRoot\system32\DRIVERS\vwifibus.sys
    \SystemRoot\system32\DRIVERS\nusb3xhc.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\DRIVERS\Rt64win7.sys
    \SystemRoot\system32\DRIVERS\CmBatt.sys
    \SystemRoot\system32\DRIVERS\i8042prt.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\Apfiltr.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\SFEP.sys
    \SystemRoot\system32\drivers\tpm.sys
    \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\DRIVERS\AMPPAL.sys
    \SystemRoot\system32\DRIVERS\CompositeBus.sys
    \SystemRoot\system32\drivers\ScreamingBAudio64.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\ks.sys
    \SystemRoot\system32\drivers\ksthunk.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\DRIVERS\hamachi.sys
    \SystemRoot\system32\DRIVERS\swenum.sys
    \SystemRoot\system32\DRIVERS\iwdbus.sys
    \SystemRoot\system32\DRIVERS\umbus.sys
    \SystemRoot\system32\DRIVERS\WDKMD.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\RTKVHD64.sys
    \SystemRoot\system32\DRIVERS\IntcDAud.sys
    \SystemRoot\system32\DRIVERS\nusb3hub.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_iaStor.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\system32\DRIVERS\dc3d.sys
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\kbdhid.sys
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\system32\DRIVERS\point64k.sys
    \SystemRoot\system32\DRIVERS\ATSwpWDF.sys
    \SystemRoot\System32\Drivers\usbvideo.sys
    \SystemRoot\system32\DRIVERS\ArcSoftKsUFilter.sys
    \SystemRoot\system32\drivers\usbaudio.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\System32\ATMFD.DLL
    \SystemRoot\system32\drivers\luafv.sys
    \??\C:\Windows\system32\drivers\aswMonFlt.sys
    \SystemRoot\System32\Drivers\aswFsBlk.SYS
    \SystemRoot\system32\drivers\WudfPf.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\nwifi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\system32\DRIVERS\vwifimp.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\system32\DRIVERS\iBtFltCoex.sys
    \SystemRoot\system32\DRIVERS\btmhsf.sys
    \SystemRoot\System32\Drivers\BTHUSB.sys
    \SystemRoot\System32\Drivers\bthport.sys
    \SystemRoot\system32\DRIVERS\rfcomm.sys
    \SystemRoot\system32\drivers\BthEnum.sys
    \SystemRoot\system32\DRIVERS\bthpan.sys
    \SystemRoot\system32\DRIVERS\btmaux.sys
    \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    \SystemRoot\System32\Drivers\fastfat.SYS
    \SystemRoot\system32\DRIVERS\WUDFRd.sys
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    \Windows\System32\autochk.exe
    \Windows\System32\msctf.dll
    \Windows\System32\comdlg32.dll
    \Windows\System32\shlwapi.dll
    \Windows\System32\psapi.dll
    \Windows\System32\wininet.dll
    \Windows\System32\usp10.dll
    \Windows\System32\kernel32.dll
    \Windows\System32\iertutil.dll
    \Windows\System32\lpk.dll
    \Windows\System32\urlmon.dll
    \Windows\System32\imagehlp.dll
    \Windows\System32\setupapi.dll
    \Windows\System32\normaliz.dll
    \Windows\System32\Wldap32.dll
    \Windows\System32\oleaut32.dll
    \Windows\System32\clbcatq.dll
    \Windows\System32\shell32.dll
    \Windows\System32\gdi32.dll
    \Windows\System32\user32.dll
    \Windows\System32\sechost.dll
    \Windows\System32\advapi32.dll
    \Windows\System32\ole32.dll
    \Windows\System32\imm32.dll
    \Windows\System32\difxapi.dll
    \Windows\System32\rpcrt4.dll
    \Windows\System32\nsi.dll
    \Windows\System32\ws2_32.dll
    \Windows\System32\msvcrt.dll
    \Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
    \Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
    \Windows\System32\cfgmgr32.dll
    \Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    \Windows\System32\devobj.dll
    \Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
    \Windows\System32\wintrust.dll
    \Windows\System32\crypt32.dll
    \Windows\System32\comctl32.dll
    \Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
    \Windows\System32\KernelBase.dll
    \Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
    \Windows\System32\msasn1.dll
    \Windows\SysWOW64\normaliz.dll
    ----------- End -----------
    Done!
    <<<1>>>
    Upper Device Name: \Device\Harddisk1\DR1
    Upper Device Object: 0xfffffa8004827790
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\000000a2\
    Lower Device Object: 0xfffffa8004e38060
    Lower Device Driver Name: \Driver\USBSTOR\
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xfffffa800759b060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IAAStorageDevice-1\
    Lower Device Object: 0xfffffa8004cd1050
    Lower Device Driver Name: \00001467\
    IRP handler 0 of \Driver\iaStor points to an unknown module
    Unhooking enabled.
    <<<1>>>
    Upper Device Name: \Device\Harddisk1\DR1
    Upper Device Object: 0xfffffa8004827790
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\000000a2\
    Lower Device Object: 0xfffffa8004e38060
    Lower Device Driver Name: \Driver\USBSTOR\
    Driver name found: USBSTOR
    Initialization returned 0x0
    Load Function returned 0x0
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xfffffa800759b060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IAAStorageDevice-1\
    Lower Device Object: 0xfffffa8004cd1050
    Lower Device Driver Name: \00001467\
    Driver name found: iaStor
    Initialization returned 0x0
    Load Function returned 0x0
    <<<2>>>
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xfffffa800759b060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa800759bab0, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa800759b060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa80042ed040, DeviceName: Unknown, DriverName: \Driver\ACPI\
    DevicePointer: 0xfffffa8004cd1050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \00001467\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0xfffff8a00c16ac00, 0xfffffa800759b060, 0xfffffa800d181710
    Lower DeviceData: 0xfffff8a00becafe0, 0xfffffa8004cd1050, 0xfffffa8004c0e090
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Done!
    Drive 0
    Scanning MBR on drive 0...
    MBR buffers are not equal
    MBR is forged! [0c09dbfb6e001608950df0db533ee0d1]
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 929F33DD

    Partition information:

    Partition 0 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048 Numsec = 25710592

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 25712640 Numsec = 204800
    Partition is not bootable

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 25917440 Numsec = 950853632

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Infected: MBR on Drive 0 --> [Rootkit.Harbinger.MBR]
    Replacement MBR for a drive 0 found
    MBR infection found on drive 0
    Disk Size: 500107862016 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
    Sectors 976772900 - 976773167 --> [Forged physical sectors]
    Done!
    Physical Sector Size: 512
    Drive: 1, DevicePointer: 0xfffffa8004827790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa80075deb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8004827790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa8004e38060, DeviceName: \Device\000000a2\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    Upper DeviceData: 0xfffff8a00d957ab0, 0xfffffa8004827790, 0xfffffa8008031790
    Lower DeviceData: 0xfffff8a00d192270, 0xfffffa8004e38060, 0xfffffa800a6c01f0
    Drive 1
    Scanning MBR on drive 1...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: C3072E18

    Partition information:

    Partition 0 type is Other (0xc)
    Partition is ACTIVE.
    Partition starts at LBA: 8064 Numsec = 30481344
    Partition file system is FAT32
    Partition is not bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 15610576896 bytes
    Sector size: 512 bytes

    Done!
    Infected: C:\Users\Weazel\Desktop\RK_Quarantine\PhysicalDrive0_LL1.dat --> [Rootkit.Harbinger.MBR]
    Infected: C:\Users\Weazel\Desktop\RK_Quarantine\PhysicalDrive0_LL2.dat --> [Rootkit.Harbinger.MBR]
    Infected: C:\Users\Weazel\AppData\Local\Temp\notepad.exe --> [Trojan.Backdoor]
    Scan finished
    Creating System Restore point...
    Cleaning up...
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Removal scheduling successful. System shutdown needed.
    System shutdown occurred
    =======================================


    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.07.0.1005

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    Account is Administrative

    Internet Explorer version: 10.0.9200.16686

    Java version: 1.6.0_26

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 2.394000 GHz
    Memory total: 4206702592, free: 1954930688

    =======================================
    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.07.0.1005

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    Account is Administrative

    Internet Explorer version: 10.0.9200.16686

    Java version: 1.6.0_26

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 2.394000 GHz
    Memory total: 4206702592, free: 2276683776

    =======================================
    Initializing...
    ------------ Kernel report ------------
    09/15/2013 23:08:13
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_GenuineIntel.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\System32\drivers\imofugc.sys
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\ACPI.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\system32\drivers\vdrvroot.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\DRIVERS\compbatt.sys
    \SystemRoot\system32\DRIVERS\BATTC.SYS
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\drivers\iaStor.sys
    \SystemRoot\system32\drivers\amdxata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\drivers\wd.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\drivers\disk.sys
    \SystemRoot\system32\drivers\CLASSPNP.SYS
    \SystemRoot\System32\Drivers\aswVmm.sys
    \SystemRoot\System32\Drivers\aswRvrt.sys
    \SystemRoot\System32\DRIVERS\cmderd.sys
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\System32\Drivers\aswSnx.SYS
    \SystemRoot\system32\DRIVERS\cmdguard.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\system32\drivers\rdprefmp.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\System32\Drivers\aswTdi.SYS
    \SystemRoot\System32\DRIVERS\cmdhlp.sys
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\System32\Drivers\aswrdr2.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\drivers\ws2ifsl.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\vwififlt.sys
    \SystemRoot\system32\DRIVERS\inspect.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\DRIVERS\termdd.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\system32\DRIVERS\mssmbios.sys
    \SystemRoot\System32\drivers\discache.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\blbdrive.sys
    \SystemRoot\System32\Drivers\aswSP.SYS
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\atikmpag.sys
    \SystemRoot\system32\DRIVERS\atikmdag.sys
    \SystemRoot\system32\DRIVERS\igdpmd64.sys
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\system32\DRIVERS\HECIx64.sys
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\NETwNs64.sys
    \SystemRoot\system32\DRIVERS\vwifibus.sys
    \SystemRoot\system32\DRIVERS\nusb3xhc.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\DRIVERS\Rt64win7.sys
    \SystemRoot\system32\DRIVERS\CmBatt.sys
    \SystemRoot\system32\DRIVERS\i8042prt.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\Apfiltr.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\SFEP.sys
    \SystemRoot\system32\drivers\tpm.sys
    \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\DRIVERS\AMPPAL.sys
    \SystemRoot\system32\DRIVERS\CompositeBus.sys
    \SystemRoot\system32\drivers\ScreamingBAudio64.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\ks.sys
    \SystemRoot\system32\drivers\ksthunk.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\DRIVERS\hamachi.sys
    \SystemRoot\system32\DRIVERS\swenum.sys
    \SystemRoot\system32\DRIVERS\iwdbus.sys
    \SystemRoot\system32\DRIVERS\umbus.sys
    \SystemRoot\system32\DRIVERS\WDKMD.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\RTKVHD64.sys
    \SystemRoot\system32\DRIVERS\IntcDAud.sys
    \SystemRoot\system32\DRIVERS\nusb3hub.sys
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\system32\DRIVERS\dc3d.sys
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\kbdhid.sys
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\system32\DRIVERS\point64k.sys
    \SystemRoot\system32\DRIVERS\ATSwpWDF.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\System32\Drivers\usbvideo.sys
    \SystemRoot\system32\DRIVERS\ArcSoftKsUFilter.sys
    \SystemRoot\system32\drivers\usbaudio.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_iaStor.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\system32\drivers\luafv.sys
    \??\C:\Windows\system32\drivers\aswMonFlt.sys
    \SystemRoot\System32\Drivers\aswFsBlk.SYS
    \SystemRoot\system32\drivers\WudfPf.sys
    \SystemRoot\System32\ATMFD.DLL
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\nwifi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\System32\Drivers\fastfat.SYS
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\system32\DRIVERS\vwifimp.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    \Windows\System32\autochk.exe
    ----------- End -----------
    Done!
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xfffffa800757e060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IAAStorageDevice-1\
    Lower Device Object: 0xfffffa8004d04050
    Lower Device Driver Name: \Driver\iaStor\
    <<<2>>>
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xfffffa800757e060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa800757eb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa800757e060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa80042f8040, DeviceName: Unknown, DriverName: \Driver\ACPI\
    DevicePointer: 0xfffffa8004d04050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 929F33DD

    Partition information:

    Partition 0 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048 Numsec = 25710592

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 25712640 Numsec = 204800
    Partition is not bootable

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 25917440 Numsec = 950853632

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 500107862016 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
    Done!
    Scan finished
    =======================================


    Removal queue found; removal started
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_1_25712640_i.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
    Removal finished
     
  9. Broni

    Broni Malware Annihilator Posts: 47,066   +257

    Good.

    [​IMG] Create new restore point before proceeding with the next step....
    How to:
    - Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    [​IMG] Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  10. Weazel99

    Weazel99 TS Rookie Topic Starter Posts: 40

    Rkill 2.6.1 by Lawrence Abrams (Grinler)
    http://www.bleepingcomputer.com/
    Copyright 2008-2013 BleepingComputer.com
    More Information about Rkill can be found at this link:
    http://www.bleepingcomputer.com/forums/topic308364.html

    Program started at: 09/16/2013 09:39:07 PM in x64 mode. (Safe Mode)
    Windows Version: Windows 7 Home Premium Service Pack 1

    Checking for Windows services to stop:

    * No malware services found to stop.

    Checking for processes to terminate:

    * No malware processes found to kill.

    Checking Registry for malware related settings:

    * No issues found in the Registry.

    Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

    Performing miscellaneous checks:

    * Windows Firewall Disabled

    [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = dword:00000000

    ComboFix 13-09-16.01 - Weazel 09/16/2013 21:43:27.3.4 - x64 NETWORK
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4012.3164 [GMT -7:00]
    Running from: c:\users\Weazel\Desktop\Wes_Governale.exe
    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    FW: COMODO Firewall *Disabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: COMODO Antivirus *Disabled/Outdated* {0C2D2636-923D-EE52-2A83-E643204A8275}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Weazel\AppData\Local\Google\Chrome\User Data\Default\Preferences
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-08-17 to 2013-09-17 )))))))))))))))))))))))))))))))
    .
    .
    2013-09-17 04:52 . 2013-09-17 04:52 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-09-11 20:21 . 2013-09-14 10:44 -------- d-----w- c:\program files (x86)\AVAST Software
    2013-09-11 06:12 . 2013-09-14 10:45 -------- d-----w- c:\users\Weazel\AppData\Roaming\Malwarebytes
    2013-09-11 06:12 . 2013-09-14 10:45 -------- d-----w- c:\programdata\Malwarebytes
    2013-09-11 06:11 . 2013-04-04 21:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
    2013-09-11 06:11 . 2013-09-14 10:50 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2013-09-11 01:23 . 2013-08-02 02:12 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2013-09-08 07:54 . 2013-09-08 07:54 466456 ----a-w- c:\windows\system32\wrap_oal.dll
    2013-09-08 07:54 . 2013-09-14 10:50 -------- d-----w- c:\program files (x86)\OpenAL
    2013-09-08 07:54 . 2013-09-08 07:54 122904 ----a-w- c:\windows\system32\OpenAL32.dll
    2013-09-08 07:54 . 2013-09-08 07:54 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
    2013-09-08 07:54 . 2013-09-08 07:54 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
    2013-09-04 22:14 . 2013-09-14 10:50 -------- d-----w- c:\users\Weazel\AppData\Roaming\0S1F1O2Z0S2Y1H1T
    2013-09-03 00:37 . 2013-09-03 00:37 -------- d-----w- c:\program files (x86)\Blender Foundation
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-09-14 07:06 . 2013-03-30 01:10 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2013-09-14 07:06 . 2013-03-30 00:34 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-08-30 07:48 . 2013-03-30 00:36 378944 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2013-08-30 07:48 . 2013-03-30 00:36 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
    2013-08-30 07:48 . 2013-03-30 00:36 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
    2013-08-30 07:48 . 2013-03-30 00:36 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2013-08-30 07:48 . 2013-03-30 00:36 204880 ----a-w- c:\windows\system32\drivers\aswVmm.sys
    2013-08-30 07:48 . 2013-03-30 00:36 1030952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2013-08-30 07:48 . 2013-03-30 00:36 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2013-08-30 07:48 . 2013-03-30 00:36 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2013-08-30 07:47 . 2013-03-30 00:36 41664 ----a-w- c:\windows\avastSS.scr
    2013-08-30 07:47 . 2013-03-30 00:36 287840 ----a-w- c:\windows\system32\aswBoot.exe
    2013-08-02 01:48 . 2013-09-11 01:24 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2013-08-01 23:59 . 2013-08-01 23:59 57096 ----a-w- c:\windows\system32\certsentry.dll
    2013-08-01 23:59 . 2013-08-01 23:59 48392 ----a-w- c:\windows\SysWow64\certsentry.dll
    2013-07-25 09:25 . 2013-08-14 21:18 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
    2013-07-25 08:57 . 2013-08-14 21:18 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
    2013-07-19 01:58 . 2013-08-14 21:19 2048 ----a-w- c:\windows\system32\tzres.dll
    2013-07-19 01:41 . 2013-08-14 21:19 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2013-07-09 05:52 . 2013-08-14 21:19 224256 ----a-w- c:\windows\system32\wintrust.dll
    2013-07-09 05:51 . 2013-08-14 21:18 1217024 ----a-w- c:\windows\system32\rpcrt4.dll
    2013-07-09 05:46 . 2013-08-14 21:19 1472512 ----a-w- c:\windows\system32\crypt32.dll
    2013-07-09 05:46 . 2013-08-14 21:19 184320 ----a-w- c:\windows\system32\cryptsvc.dll
    2013-07-09 05:46 . 2013-08-14 21:19 139776 ----a-w- c:\windows\system32\cryptnet.dll
    2013-07-09 04:52 . 2013-08-14 21:18 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll
    2013-07-09 04:52 . 2013-08-14 21:19 175104 ----a-w- c:\windows\SysWow64\wintrust.dll
    2013-07-09 04:46 . 2013-08-14 21:19 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll
    2013-07-09 04:46 . 2013-08-14 21:19 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
    2013-07-09 04:46 . 2013-08-14 21:19 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
    2013-07-08 20:59 . 2013-01-17 02:51 708632 ----a-w- c:\windows\system32\drivers\cmdguard.sys
    2013-07-06 06:03 . 2013-08-14 21:18 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2013-04-04 22:12 130736 ----a-w- c:\users\Weazel\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2013-04-04 22:12 130736 ----a-w- c:\users\Weazel\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2013-04-04 22:12 130736 ----a-w- c:\users\Weazel\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2013-04-04 22:12 130736 ----a-w- c:\users\Weazel\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Steam"="c:\program files (x86)\Steam\steam.exe" [2013-09-06 1811368]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-02 336384]
    "ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2011-06-01 2801288]
    "PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2011-03-15 650080]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-08-30 4858968]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
    "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-06-28 2255184]
    "gbrspcontrol"="c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" [2013-05-30 1851088]
    .
    c:\users\Weazel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Weazel\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-24 27776968]
    OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Start GeekBuddy.lnk - c:\program files (x86)\Comodo\GeekBuddy\launcher.exe "unit_manager.exe" [2013-7-24 49360]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    R0 aswRvrt;aswRvrt; [x]
    R0 aswVmm;aswVmm; [x]
    R1 aswSnx;aswSnx; [x]
    R1 aswSP;aswSP; [x]
    R1 CFRMD;CFRMD;c:\windows\system32\DRIVERS\CFRMD.sys;c:\windows\SYSNATIVE\DRIVERS\CFRMD.sys [x]
    R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys;c:\windows\SYSNATIVE\DRIVERS\cmdguard.sys [x]
    R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
    R2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
    R2 aswFsBlk;aswFsBlk; [x]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
    R2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
    R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
    R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
    R2 CLPSLauncher;COMODO LPS Launcher;c:\program files (x86)\Common Files\COMODO\launcher_service.exe;c:\program files (x86)\Common Files\COMODO\launcher_service.exe [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 DragonUpdater;COMODO Dragon Update Service;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe [x]
    R2 FPLService;TrueSuiteService;c:\program files\TrueSuite\TrueSuite.Service.exe;c:\program files\TrueSuite\TrueSuite.Service.exe [x]
    R2 GeekBuddyRSP;GeekBuddyRSP Service;c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe;c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [x]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
    R2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
    R2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [x]
    R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [x]
    R2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe;c:\program files\Sony\VAIO Care\VCPerfService.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-I Visual Effects 2\uCamMonitor.exe;c:\program files (x86)\ArcSoft\Magic-I Visual Effects 2\uCamMonitor.exe [x]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
    R2 Update WebConnect;Update WebConnect;c:\program files (x86)\WebConnect\updateWebConnect.exe;c:\program files (x86)\WebConnect\updateWebConnect.exe [x]
    R2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe;c:\program files\Sony\VAIO Power Management\SPMService.exe [x]
    R2 VIPAppService;VIPAppService;c:\program files (x86)\Symantec\VIP Access Client\VIPAppService.exe;c:\program files (x86)\Symantec\VIP Access Client\VIPAppService.exe [x]
    R2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe;c:\program files\Sony\VAIO Smart Network\VSNService.exe [x]
    R3 AMPPAL;Intel(R) Centrino(R) Bluetooth 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
    R3 AMPPALP;Intel(R) Centrino(R) Bluetooth 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
    R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys;c:\windows\SYSNATIVE\DRIVERS\ArcSoftKsUFilter.sys [x]
    R3 ATSwpWDF;AuthenTec TruePrint WBF Driver;c:\windows\system32\DRIVERS\ATSwpWDF.sys;c:\windows\SYSNATIVE\DRIVERS\ATSwpWDF.sys [x]
    R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
    R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
    R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
    R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
    R3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [x]
    R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1y60x64.sys [x]
    R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
    R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
    R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
    R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
    R3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
    R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
    R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
    R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys;c:\windows\SYSNATIVE\drivers\ScreamingBAudio64.sys [x]
    R3 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [x]
    R3 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [x]
    R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
    R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [x]
    R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [x]
    R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [x]
    R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [x]
    R3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe;c:\program files\Sony\VAIO Care\VCService.exe [x]
    R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe;c:\program files\Sony\VAIO Update Common\VUAgent.exe [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]
    S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys;c:\windows\SYSNATIVE\DRIVERS\cmderd.sys [x]
    S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys;c:\windows\SYSNATIVE\DRIVERS\cmdhlp.sys [x]
    S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
    S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
    S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
    S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64k.sys;c:\windows\SYSNATIVE\DRIVERS\point64k.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
    S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys;c:\windows\SYSNATIVE\DRIVERS\SFEP.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-09-03 22:05 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-09-17 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-30 07:06]
    .
    2013-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-17 11:45]
    .
    2013-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-17 11:45]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2013-08-30 07:47 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2013-04-04 22:12 164016 ----a-w- c:\users\Weazel\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2013-04-04 22:12 164016 ----a-w- c:\users\Weazel\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2013-04-04 22:12 164016 ----a-w- c:\users\Weazel\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2013-04-04 22:12 164016 ----a-w- c:\users\Weazel\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-16 11490408]
    "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-06-16 2179688]
    "IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120]
    "BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-07-12 10372368]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-07-19 167704]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-07-19 392472]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-07-19 416024]
    "Apoint"="c:\program files (x86)\Apoint\Apoint.exe" [BU]
    "ClientAppLogon"="c:\program files\TrueSuite\TrueSuite.ClientAppLogonExe.exe" [2011-04-26 421192]
    "ClientAppLogon32"="c:\program files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe" [2011-04-26 308040]
    "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2013-07-08 1502424]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-05 2320752]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://sony.msn.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    TCP: DhcpNameServer = 208.67.222.123 208.67.220.123 66.189.0.100
    FF - ProfilePath - c:\users\Weazel\AppData\Roaming\Mozilla\Firefox\Profiles\lhhfp41y.default\
    FF - prefs.js: browser.search.defaulturl -
    FF - prefs.js: browser.search.selectedEngine -
    FF - prefs.js: browser.startup.homepage - google.com
    FF - prefs.js: keyword.URL -
    FF - ExtSQL: 2013-08-29 19:16; firefox@webconnect.co; c:\users\Weazel\AppData\Roaming\Mozilla\Firefox\Profiles\lhhfp41y.default\extensions\firefox@webconnect.co.xpi
    .
    - - - - ORPHANS REMOVED - - - -
    .
    AddRemove-BattlEye for A2 - c:\program files (x86)\Steam\steamapps\common\Arma 2BattlEye\UnInstallBE.exe
    AddRemove-SP_703c874a - c:\program files (x86)\SaveShare\uninstall.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\SampleCollector]
    "ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"&_\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\%C3 &_ Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_174_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_174_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2013-09-16 21:53:51
    ComboFix-quarantined-files.txt 2013-09-17 04:53
    ComboFix2.txt 2013-09-12 03:42
    .
    Pre-Run: 236,487,876,608 bytes free
    Post-Run: 236,507,213,824 bytes free
    .
    - - End Of File - - F75374D99D03672E65DC82F94CC870DC
     
  11. Weazel99

    Weazel99 TS Rookie Topic Starter Posts: 40

    Btw my original problem is gone. Avast isn't blocking random Malicious sites every two seconds anymore. So thank you, once again for your patience and assistance. Unless we're aren't done yet... should I run more scans?
     
     
  12. Broni

    Broni Malware Annihilator Posts: 47,066   +257

    I'm glad to hear good news but we need to make sure some other stuff is not hiding there.

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  13. Weazel99

    Weazel99 TS Rookie Topic Starter Posts: 40

    # AdwCleaner v3.004 - Report created 18/09/2013 at 00:04:54
    # Updated 15/09/2013 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : Weazel - VAIO
    # Running from : C:\Users\Weazel\Desktop\adwcleaner.exe
    # Option : Clean

    ***** [ Services ] *****

    [#] Service Deleted : Update WebConnect

    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\StarApp
    Folder Deleted : C:\Users\Weazel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieakfmpjhljbpbfpldjkddkjmmgjmgon
    File Deleted : C:\Users\Weazel\AppData\Roaming\Mozilla\Firefox\Profiles\lhhfp41y.default\Extensions\firefox@webconnect.co.xpi

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ieakfmpjhljbpbfpldjkddkjmmgjmgon
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_703c874a
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
    Key Deleted : HKLM\Software\DeviceVM
    Key Deleted : HKLM\Software\SP Global
    Key Deleted : HKLM\Software\SProtector
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
    Key Deleted : [x64] HKLM\SOFTWARE\DeviceVM

    ***** [ Browsers ] *****

    -\\ Internet Explorer v10.0.9200.16686


    -\\ Mozilla Firefox v23.0.1 (en-US)

    [ File : C:\Users\Weazel\AppData\Roaming\Mozilla\Firefox\Profiles\lhhfp41y.default\prefs.js ]

    Line Deleted : user_pref("aol_toolbar.default.homepage.check", false);
    Line Deleted : user_pref("aol_toolbar.default.search.check", false);
    Line Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
    Line Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
    Line Deleted : user_pref("extensions.JlRhz2uwSF.scode", "if(window.self.location.protocol.indexOf('hxxp')>-1 && window.self==window.top){var script=document.createElement('script');script.type='text/javascript';scri[...]
    Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
    Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
    Line Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
    Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
    Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
    Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
    Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
    Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");

    -\\ Google Chrome v29.0.1547.66

    [ File : C:\Users\Weazel\AppData\Local\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R0].txt - [3017 octets] - [18/09/2013 00:03:35]
    AdwCleaner[S0].txt - [2994 octets] - [18/09/2013 00:04:54]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3054 octets] ##########
     
  14. Weazel99

    Weazel99 TS Rookie Topic Starter Posts: 40

    OTL logfile created on: 9/18/2013 12:20:54 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Weazel\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16686)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.92 Gb Total Physical Memory | 1.47 Gb Available Physical Memory | 37.56% Memory free
    7.83 Gb Paging File | 4.63 Gb Available in Paging File | 59.16% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 453.40 Gb Total Space | 214.65 Gb Free Space | 47.34% Space Free | Partition Type: NTFS

    Computer Name: VAIO | User Name: Weazel | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/09/18 00:01:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Weazel\Desktop\OTL.exe
    PRC - [2013/09/12 22:09:11 | 001,862,024 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
    PRC - [2013/09/06 13:55:38 | 001,811,368 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
    PRC - [2013/08/30 00:47:34 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2013/08/30 00:47:33 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2013/08/17 06:13:12 | 000,276,376 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    PRC - [2013/08/01 04:20:22 | 002,095,808 | ---- | M] () -- C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
    PRC - [2013/07/24 08:50:04 | 000,224,464 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe
    PRC - [2013/07/24 08:50:04 | 000,213,712 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe
    PRC - [2013/07/24 08:50:04 | 000,070,352 | ---- | M] (Comodo Security Solutions Inc.) -- C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
    PRC - [2013/06/28 14:02:06 | 002,255,184 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
    PRC - [2013/05/30 08:47:44 | 001,851,088 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
    PRC - [2013/05/24 17:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\Weazel\AppData\Roaming\Dropbox\bin\Dropbox.exe
    PRC - [2013/05/15 20:46:49 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
    PRC - [2013/01/28 13:08:14 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
    PRC - [2012/12/18 06:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/08/13 10:57:02 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
    PRC - [2012/08/13 10:57:02 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
    PRC - [2011/07/24 05:16:36 | 000,053,176 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Care\VCService.exe
    PRC - [2011/07/22 13:59:30 | 000,081,336 | ---- | M] (Sony of America Corporation) -- C:\Program Files\Sony\VAIO Care\listener.exe
    PRC - [2011/07/12 16:10:34 | 001,001,808 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
    PRC - [2011/07/12 16:10:32 | 001,321,296 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
    PRC - [2011/07/12 16:10:28 | 000,923,984 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
    PRC - [2011/07/12 16:10:26 | 000,985,424 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
    PRC - [2011/07/07 15:44:12 | 000,183,432 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
    PRC - [2011/07/07 15:44:12 | 000,066,696 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
    PRC - [2011/06/17 13:02:56 | 002,656,536 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2011/06/17 13:02:41 | 000,326,424 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2011/05/31 17:28:04 | 002,801,288 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
    PRC - [2011/05/20 10:10:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    PRC - [2011/05/20 10:10:12 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    PRC - [2011/04/26 04:25:48 | 000,308,040 | ---- | M] (AuthenTec, Inc.) -- C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe
    PRC - [2011/04/13 05:58:14 | 000,084,088 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
    PRC - [2011/03/15 14:44:30 | 000,428,384 | ---- | M] (Sony Corporation) -- c:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
    PRC - [2011/03/15 14:44:28 | 000,650,080 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
    PRC - [2011/02/24 00:10:24 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
    PRC - [2011/02/23 14:05:04 | 000,105,024 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-I Visual Effects 2\uCamMonitor.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/09/12 22:09:10 | 016,177,544 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
    MOD - [2013/09/06 13:55:40 | 001,120,680 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
    MOD - [2013/08/21 15:18:28 | 000,687,104 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL2.dll
    MOD - [2013/08/20 22:03:40 | 000,492,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\97ce162bb354fcf9c8d9eae8252ee216\IAStorUtil.ni.dll
    MOD - [2013/08/17 06:13:11 | 003,551,640 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
    MOD - [2013/08/17 04:47:34 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\40b43527d6fdbeb6e905a7b6123f3a42\System.Web.ni.dll
    MOD - [2013/08/17 04:47:21 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\dd8f4efb7e81c75fe444a180f6f1aacf\System.Runtime.Remoting.ni.dll
    MOD - [2013/08/17 04:46:38 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\28ea347a952d20959ac6ae02d7457d39\System.Windows.Forms.ni.dll
    MOD - [2013/08/17 04:46:30 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
    MOD - [2013/08/17 04:46:06 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1f6f220f9efe936d1158c79b9d4b451f\WindowsBase.ni.dll
    MOD - [2013/08/17 04:45:58 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
    MOD - [2013/08/17 04:45:54 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\8f7d83126a3cf283e5ac97f2d6d99f12\System.Configuration.ni.dll
    MOD - [2013/08/17 04:45:25 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
    MOD - [2013/08/07 12:31:06 | 020,625,832 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
    MOD - [2013/07/13 12:21:00 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\22d36f517c7545fdb65ccddae680a3eb\IAStorCommon.ni.dll
    MOD - [2013/07/12 04:12:04 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
    MOD - [2013/06/14 16:49:12 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
    MOD - [2013/06/14 16:49:12 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
    MOD - [2013/06/14 16:49:12 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
    MOD - [2013/03/13 13:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Weazel\AppData\Roaming\Dropbox\bin\libcef.dll
    MOD - [2013/01/28 13:08:56 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2013/01/28 13:08:28 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2012/11/13 16:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Weazel\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
    MOD - [2012/08/10 16:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2013/08/30 00:47:33 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV:64bit: - [2013/07/08 13:59:40 | 006,199,520 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
    SRV:64bit: - [2013/06/18 08:15:29 | 000,158,936 | ---- | M] (COMODO) [On_Demand | Stopped] -- C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe -- (cmdvirth)
    SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2011/07/24 05:16:36 | 000,053,176 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Care\VCService.exe -- (VCService)
    SRV:64bit: - [2011/07/22 14:01:12 | 000,259,512 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector)
    SRV:64bit: - [2011/07/19 15:33:46 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2011/07/15 16:43:38 | 000,969,352 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe -- (VSNService)
    SRV:64bit: - [2011/06/30 14:18:06 | 001,380,480 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Update Common\VUAgent.exe -- (VUAgent)
    SRV:64bit: - [2011/05/31 16:51:20 | 000,552,584 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
    SRV:64bit: - [2011/05/19 19:15:44 | 000,549,616 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
    SRV:64bit: - [2011/05/02 14:27:50 | 001,517,328 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
    SRV:64bit: - [2011/05/02 14:13:54 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
    SRV:64bit: - [2011/05/02 14:10:26 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
    SRV:64bit: - [2011/04/26 04:25:04 | 000,294,216 | ---- | M] (AuthenTec, Inc) [Auto | Running] -- C:\Program Files\TrueSuite\TrueSuite.Service.exe -- (FPLService)
    SRV:64bit: - [2011/04/21 09:34:16 | 001,136,640 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
    SRV:64bit: - [2011/04/21 08:42:50 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
    SRV:64bit: - [2011/02/18 22:15:06 | 000,099,104 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
    SRV:64bit: - [2011/02/18 22:02:08 | 000,385,336 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)
    SRV:64bit: - [2011/01/20 12:27:18 | 000,286,936 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe -- (SpfService)
    SRV - [2013/09/14 00:06:31 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/09/06 13:55:40 | 000,565,672 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2013/08/17 06:13:11 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2013/08/01 04:20:22 | 002,095,808 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe -- (DragonUpdater)
    SRV - [2013/07/24 19:16:51 | 000,049,152 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe -- (BEService)
    SRV - [2013/07/24 08:50:04 | 000,070,352 | ---- | M] (Comodo Security Solutions Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe -- (CLPSLauncher)
    SRV - [2013/06/28 14:02:04 | 002,470,736 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
    SRV - [2013/06/21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2013/05/30 08:47:44 | 001,851,088 | ---- | M] (Comodo Security Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe -- (GeekBuddyRSP)
    SRV - [2013/05/15 20:46:49 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
    SRV - [2012/12/18 06:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2011/07/12 16:10:34 | 001,001,808 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
    SRV - [2011/07/12 16:10:32 | 001,321,296 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
    SRV - [2011/07/12 16:10:28 | 000,923,984 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
    SRV - [2011/07/07 15:44:12 | 000,066,696 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe -- (VAIO Event Service)
    SRV - [2011/06/17 13:02:56 | 002,656,536 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
    SRV - [2011/06/17 13:02:41 | 000,326,424 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2011/06/16 13:51:30 | 002,375,168 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
    SRV - [2011/05/20 10:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
    SRV - [2011/04/13 05:58:14 | 000,084,088 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe -- (VIPAppService)
    SRV - [2011/03/15 14:44:30 | 000,428,384 | ---- | M] (Sony Corporation) [Auto | Running] -- c:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
    SRV - [2011/02/24 00:10:24 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)
    SRV - [2011/02/23 14:05:04 | 000,105,024 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-I Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
    SRV - [2011/02/21 12:55:08 | 000,113,824 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
    SRV - [2011/02/21 12:55:08 | 000,067,232 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
    SRV - [2011/01/20 12:16:26 | 000,887,000 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
    SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2013/08/30 00:48:10 | 001,030,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
    DRV:64bit: - [2013/08/30 00:48:10 | 000,378,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
    DRV:64bit: - [2013/08/30 00:48:10 | 000,204,880 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
    DRV:64bit: - [2013/08/30 00:48:10 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
    DRV:64bit: - [2013/08/30 00:48:10 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
    DRV:64bit: - [2013/08/30 00:48:10 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
    DRV:64bit: - [2013/08/30 00:48:09 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV:64bit: - [2013/08/30 00:48:09 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV:64bit: - [2013/06/18 08:16:07 | 000,023,168 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\cmderd.sys -- (cmderd)
    DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2012/07/31 10:45:10 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
    DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/07/19 15:42:15 | 012,230,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
    DRV:64bit: - [2011/07/19 15:34:07 | 009,360,896 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2011/07/19 15:34:07 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2011/07/19 15:30:07 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
    DRV:64bit: - [2011/07/06 17:16:40 | 000,059,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)
    DRV:64bit: - [2011/07/06 16:34:00 | 000,274,944 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
    DRV:64bit: - [2011/07/06 16:33:58 | 000,052,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
    DRV:64bit: - [2011/06/24 20:13:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2011/06/21 15:19:16 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
    DRV:64bit: - [2011/06/21 15:19:14 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
    DRV:64bit: - [2011/06/21 15:19:12 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
    DRV:64bit: - [2011/06/17 13:02:39 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
    DRV:64bit: - [2011/06/16 13:51:52 | 000,337,512 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
    DRV:64bit: - [2011/06/15 13:17:49 | 000,316,024 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV:64bit: - [2011/06/13 21:24:06 | 000,207,872 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
    DRV:64bit: - [2011/06/13 21:24:06 | 000,087,552 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
    DRV:64bit: - [2011/05/01 14:33:06 | 008,593,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
    DRV:64bit: - [2011/04/21 09:09:26 | 000,294,912 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
    DRV:64bit: - [2011/04/21 09:09:26 | 000,294,912 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
    DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/01/29 18:19:52 | 000,425,064 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2011/01/27 12:41:18 | 000,894,240 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATSwpWDF.sys -- (ATSwpWDF)
    DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 20:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2010/04/26 13:20:29 | 000,012,032 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
    DRV:64bit: - [2009/11/05 13:35:45 | 000,034,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64k.sys -- (Point64)
    DRV:64bit: - [2009/11/05 13:35:45 | 000,027,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
    DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 17:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
    DRV:64bit: - [2009/07/13 16:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
    DRV:64bit: - [2009/06/19 19:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
    DRV:64bit: - [2009/06/10 13:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress)
    DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/26 14:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
    DRV:64bit: - [2009/03/18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
    DRV - [2012/09/03 00:20:00 | 000,037,976 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | System | Stopped] -- C:\Windows\SysWOW64\drivers\CFRMD.sys -- (CFRMD)
    DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
     
  15. Weazel99

    Weazel99 TS Rookie Topic Starter Posts: 40

    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SNYVDF&pc=MASA&src=IE-SearchBox
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-171069205-1298168295-2454606942-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://sony.msn.com
    IE - HKU\S-1-5-21-171069205-1298168295-2454606942-1000\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-171069205-1298168295-2454606942-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-171069205-1298168295-2454606942-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: ""
    FF - prefs.js..browser.search.defaultenginename,S: S", ""
    FF - prefs.js..browser.search.defaultthis.engineName: ""
    FF - prefs.js..browser.search.defaulturl: ""
    FF - prefs.js..browser.search.order.1: ""
    FF - prefs.js..browser.search.order.1,S: S", ""
    FF - prefs.js..browser.search.selectedEngine: ""
    FF - prefs.js..browser.search.selectedEngine,S: S", ""
    FF - prefs.js..browser.startup.homepage: "google.com"
    FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1497
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
    FF - prefs.js..keyword.URL: ""
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_39: C:\Windows\system32\npdeployJava1.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Weazel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\VIP@verisign.com: C:\Program Files (x86)\Symantec\VIP Access Client\ [2013/09/14 03:50:23 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/09/11 13:11:02 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

    [2013/03/29 17:03:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Weazel\AppData\Roaming\Mozilla\Extensions
    [2013/09/18 00:04:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Weazel\AppData\Roaming\Mozilla\Firefox\Profiles\lhhfp41y.default\extensions
    [2013/09/18 00:06:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2013/09/18 00:06:53 | 000,000,000 | ---D | M] (TrueSuite Website Log On) -- C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon_toolbar@truesuite.com
    [2013/08/17 06:13:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
    [2013/08/17 06:13:13 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    [2013/09/11 13:11:02 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:eek:mniboxStartMarginParameter}ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
    CHR - Extension: Bookmark Manager = C:\Users\Weazel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
    CHR - Extension: Bookmark Manager = C:\Users\Weazel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
    CHR - Extension: Bookmark Manager = C:\Users\Weazel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
    CHR - Extension: Bookmark Manager = C:\Users\Weazel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
    CHR - Extension: Bookmark Manager = C:\Users\Weazel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Bookmark Manager = C:\Users\Weazel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
    CHR - Extension: Bookmark Manager = C:\Users\Weazel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: Bookmark Manager = C:\Users\Weazel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
    CHR - Extension: No name found = C:\Users\Weazel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fplhdcjmbpfkejbhngmlngaecbjmoimd\8.0_0\
    CHR - Extension: No name found = C:\Users\Weazel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\
    CHR - Extension: No name found = C:\Users\Weazel\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiokdoppleiafjmfmggefbkghfblaplo\1.0_0\
    CHR - Extension: No name found = C:\Users\Weazel\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiokdoppleiafjmfmggefbkghfblaplo\1.0_1\
    CHR - Extension: First user = C:\Users\Weazel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2013/09/16 21:52:16 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\TrueSuite\TrueSuite.IEBHO.dll (AuthenTec Inc.)
    O2:64bit: - BHO: (Symantec VIP Access Add-On) - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
    O2:64bit: - BHO: (avast! Ad Blocker) - {FFCB3198-32F3-4E8B-9539-4324694ED663} - C:\Program Files (x86)\AVAST Software\avast! Ad Blocker IE\Adblocker64.dll (AVAST Software)
    O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\TrueSuite\x86\TrueSuite.IEBHO.dll (AuthenTec Inc.)
    O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Symantec VIP Access Add-On) - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)
    O2 - BHO: (avast! Ad Blocker) - {FFCB3198-32F3-4E8B-9539-4324694ED663} - C:\Program Files (x86)\AVAST Software\avast! Ad Blocker IE\Adblocker32.dll (AVAST Software)
    O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKU\S-1-5-21-171069205-1298168295-2454606942-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
    O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
    O4:64bit: - HKLM..\Run: [ClientAppLogon] C:\Program Files\TrueSuite\TrueSuite.ClientAppLogonExe.exe (AuthenTec, Inc.)
    O4:64bit: - HKLM..\Run: [ClientAppLogon32] C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe (AuthenTec, Inc.)
    O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe (COMODO)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [gbrspcontrol] C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe (Comodo Security Solutions, Inc.)
    O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
    O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
    O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
    O4 - HKLM..\Run: [PMBVolumeWatcher] c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
    O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKU\S-1-5-21-171069205-1298168295-2454606942-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
    O4 - Startup: C:\Users\Weazel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Weazel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O4 - Startup: C:\Users\Weazel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-171069205-1298168295-2454606942-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-171069205-1298168295-2454606942-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
    O16:64bit: - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3BD40B49-DE02-4CE5-9050-195792D98DC4}: DhcpNameServer = 208.67.222.123 208.67.220.123 66.189.0.100
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{86E43F0F-B1D2-42F9-B68E-4EC736E50620}: DhcpNameServer = 192.168.10.1
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/09/18 00:03:32 | 000,000,000 | ---D | C] -- C:\AdwCleaner
    [2013/09/18 00:01:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Weazel\Desktop\OTL.exe
    [2013/09/18 00:01:43 | 001,029,675 | ---- | C] (Thisisu) -- C:\Users\Weazel\Desktop\JRT.exe
    [2013/09/17 01:50:22 | 000,000,000 | ---D | C] -- C:\Users\Weazel\Documents\makable games
    [2013/09/17 01:00:45 | 000,000,000 | ---D | C] -- C:\Users\Weazel\AppData\Roaming\Clickteam
    [2013/09/16 23:17:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Multimedia Fusion Developer 2
    [2013/09/16 23:16:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Multimedia Fusion Developer 2
    [2013/09/16 23:06:38 | 000,000,000 | ---D | C] -- C:\Users\Weazel\Desktop\mmf2
    [2013/09/16 22:31:30 | 000,000,000 | ---D | C] -- C:\Users\Weazel\Desktop\logs
    [2013/09/16 21:53:55 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2013/09/16 21:53:53 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2013/09/16 21:38:15 | 000,000,000 | ---D | C] -- C:\Users\Weazel\Desktop\New folder
    [2013/09/15 22:45:25 | 000,000,000 | ---D | C] -- C:\Users\Weazel\Desktop\mbar
    [2013/09/15 22:39:58 | 000,000,000 | ---D | C] -- C:\Users\Weazel\Desktop\RK_Quarantine
    [2013/09/12 02:51:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
    [2013/09/11 17:04:46 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2013/09/11 17:04:46 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2013/09/11 17:04:46 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2013/09/11 16:57:03 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2013/09/11 16:53:09 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2013/09/11 16:51:15 | 000,000,000 | ---D | C] -- C:\Users\Weazel\Desktop\Savior Package
    [2013/09/11 13:21:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVAST Software
    [2013/09/10 23:12:44 | 000,000,000 | ---D | C] -- C:\Users\Weazel\AppData\Roaming\Malwarebytes
    [2013/09/10 23:12:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2013/09/10 23:12:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2013/09/10 23:11:51 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2013/09/10 23:11:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2013/09/10 18:04:01 | 000,000,000 | ---D | C] -- C:\Users\Weazel\Desktop\karoshi2
    [2013/09/08 00:54:56 | 000,466,456 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
    [2013/09/08 00:54:55 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
    [2013/09/08 00:54:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
    [2013/09/08 00:54:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDS PRO
    [2013/09/08 00:54:39 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\WinDS PRO
    [2013/09/04 15:14:40 | 000,000,000 | ---D | C] -- C:\Users\Weazel\AppData\Roaming\0S1F1O2Z0S2Y1H1T
    [2013/09/03 00:19:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GoldenEye Source v4.2.3
    [2013/09/02 21:32:34 | 000,000,000 | ---D | C] -- C:\Users\Weazel\Desktop\Mc server
    [2013/09/02 17:37:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blender Foundation
    [2013/09/02 17:37:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Blender Foundation
    [2013/09/01 18:28:13 | 000,000,000 | ---D | C] -- C:\Users\Weazel\Desktop\Roms
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/09/18 00:17:15 | 000,021,200 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/09/18 00:17:15 | 000,021,200 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/09/18 00:13:57 | 000,779,266 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2013/09/18 00:13:57 | 000,660,530 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2013/09/18 00:13:57 | 000,121,426 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2013/09/18 00:07:21 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/09/18 00:06:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/09/18 00:06:14 | 3155,025,920 | -HS- | M] () -- C:\hiberfil.sys
    [2013/09/18 00:01:54 | 001,039,554 | ---- | M] () -- C:\Users\Weazel\Desktop\adwcleaner.exe
    [2013/09/18 00:01:50 | 001,029,675 | ---- | M] (Thisisu) -- C:\Users\Weazel\Desktop\JRT.exe
    [2013/09/18 00:01:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Weazel\Desktop\OTL.exe
    [2013/09/17 23:56:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/09/17 23:06:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/09/16 23:21:57 | 856,078,036 | ---- | M] () -- C:\Users\Weazel\Desktop\mmf2.rar
    [2013/09/16 23:19:23 | 000,001,130 | ---- | M] () -- C:\Users\Public\Desktop\Multimedia Fusion Developer 2.lnk
    [2013/09/16 21:52:16 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2013/09/13 18:16:27 | 000,001,838 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk
    [2013/09/12 15:53:55 | 003,875,028 | ---- | M] () -- C:\Users\Weazel\Desktop\anti-sad song.mp3
    [2013/09/12 03:01:08 | 000,001,133 | ---- | M] () -- C:\Users\Weazel\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
    [2013/09/12 02:51:57 | 000,001,922 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2013/09/12 02:51:55 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
    [2013/09/11 17:30:17 | 723,799,792 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2013/09/11 05:44:39 | 000,320,936 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2013/09/09 16:38:37 | 000,001,349 | ---- | M] () -- C:\Users\Weazel\Desktop\TeamSpeak 3 Client.lnk
    [2013/09/09 16:38:37 | 000,001,187 | ---- | M] () -- C:\Users\Weazel\Desktop\Dropbox.lnk
    [2013/09/08 00:54:56 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
    [2013/09/08 00:54:55 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
    [2013/09/03 15:10:08 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2013/09/02 17:37:46 | 000,002,104 | ---- | M] () -- C:\Users\Public\Desktop\Blender.lnk
    [2013/08/30 00:48:10 | 001,030,952 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
    [2013/08/30 00:48:10 | 000,378,944 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
    [2013/08/30 00:48:10 | 000,204,880 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
    [2013/08/30 00:48:10 | 000,072,016 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
    [2013/08/30 00:48:10 | 000,065,336 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
    [2013/08/30 00:48:10 | 000,064,288 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
    [2013/08/30 00:48:09 | 000,080,816 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
    [2013/08/30 00:48:09 | 000,033,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
    [2013/08/30 00:47:40 | 000,041,664 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
    [2013/08/30 00:47:14 | 000,287,840 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
    [2013/08/24 06:43:30 | 000,002,279 | ---- | M] () -- C:\Users\Weazel\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/09/18 00:01:39 | 001,039,554 | ---- | C] () -- C:\Users\Weazel\Desktop\adwcleaner.exe
    [2013/09/16 23:17:57 | 000,001,130 | ---- | C] () -- C:\Users\Public\Desktop\Multimedia Fusion Developer 2.lnk
    [2013/09/16 23:17:41 | 856,078,036 | ---- | C] () -- C:\Users\Weazel\Desktop\mmf2.rar
    [2013/09/12 15:55:16 | 003,875,028 | ---- | C] () -- C:\Users\Weazel\Desktop\anti-sad song.mp3
    [2013/09/11 17:04:46 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2013/09/11 17:04:46 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2013/09/11 17:04:46 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2013/09/11 17:04:46 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2013/09/11 17:04:46 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2013/09/10 23:12:04 | 000,001,133 | ---- | C] () -- C:\Users\Weazel\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
    [2013/09/02 17:37:46 | 000,002,104 | ---- | C] () -- C:\Users\Public\Desktop\Blender.lnk
    [2013/04/17 21:37:44 | 000,270,408 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
    [2013/04/17 21:37:40 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
    [2013/03/29 17:01:54 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2013/03/29 16:53:16 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat

    ========== ZeroAccess Check ==========

    [2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 19:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 18:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2013/09/02 22:10:19 | 000,000,000 | ---D | M] -- C:\Users\Weazel\AppData\Roaming\.minecraft
    [2013/06/28 19:18:44 | 000,000,000 | ---D | M] -- C:\Users\Weazel\AppData\Roaming\.StarMade
    [2013/09/14 03:50:28 | 000,000,000 | ---D | M] -- C:\Users\Weazel\AppData\Roaming\0S1F1O2Z0S2Y1H1T
    [2013/09/17 01:00:45 | 000,000,000 | ---D | M] -- C:\Users\Weazel\AppData\Roaming\Clickteam
    [2013/09/18 00:09:08 | 000,000,000 | ---D | M] -- C:\Users\Weazel\AppData\Roaming\Dropbox
    [2013/06/29 13:44:03 | 000,000,000 | ---D | M] -- C:\Users\Weazel\AppData\Roaming\Fatshark
    [2013/06/12 22:33:09 | 000,000,000 | ---D | M] -- C:\Users\Weazel\AppData\Roaming\GameRanger
    [2013/04/03 21:53:25 | 000,000,000 | ---D | M] -- C:\Users\Weazel\AppData\Roaming\OpenOffice.org
    [2013/07/24 18:51:14 | 000,000,000 | ---D | M] -- C:\Users\Weazel\AppData\Roaming\Play withSIX
    [2013/08/01 00:04:30 | 000,000,000 | ---D | M] -- C:\Users\Weazel\AppData\Roaming\Screaming Bee
    [2013/09/10 03:10:18 | 000,000,000 | ---D | M] -- C:\Users\Weazel\AppData\Roaming\TS3Client
    [2013/07/04 22:52:43 | 000,000,000 | ---D | M] -- C:\Users\Weazel\AppData\Roaming\Ubisoft
    [2013/06/01 18:25:37 | 000,000,000 | ---D | M] -- C:\Users\Weazel\AppData\Roaming\Unity

    ========== Purity Check ==========



    < End of report >
     
  16. Weazel99

    Weazel99 TS Rookie Topic Starter Posts: 40

    OTL Extras logfile created on: 9/18/2013 12:20:54 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Weazel\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16686)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.92 Gb Total Physical Memory | 1.47 Gb Available Physical Memory | 37.56% Memory free
    7.83 Gb Paging File | 4.63 Gb Available in Paging File | 59.16% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 453.40 Gb Total Space | 214.65 Gb Free Space | 47.34% Space Free | Partition Type: NTFS

    Computer Name: VAIO | User Name: Weazel | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-171069205-1298168295-2454606942-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{1854BF3F-46F1-41A7-A9C8-15450F7FB202}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{2EEAAE20-0887-4E3E-9ECB-4F6CFCDBD55D}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
    "{542A5E9A-511C-4285-91D2-9B785F443AB7}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{01332A46-CA49-4391-AEA8-FC9148C007AB}" = protocol=17 | dir=in | app=c:\program files (x86)\2k games\firaxis games\sid meier's civilization iv colonization\colonization.exe |
    "{04F07C69-E319-423C-B1C2-678B594AF9AE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
    "{06DFB665-9FBD-484B-A7F4-71A392058966}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe |
    "{073F942B-D9F6-4FB7-B0D8-6E6356172FBE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rome total war gold\rometw.exe |
    "{0A9E80E7-F477-4345-83BE-7EEA5E6DCA4B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike source\hl2.exe |
    "{0C3B00E5-FBAC-4EE7-907B-65457262AEE5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
    "{0F231EC7-73B3-402A-A7DA-03D3AB804FA7}" = protocol=17 | dir=in | app=c:\program files (x86)\2k games\firaxis games\sid meier's civilization 4 complete\beyond the sword\civ4beyondsword.exe |
    "{10BFA966-6480-4E3C-8D25-C46F2D6C29A2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike source\hl2.exe |
    "{117D9FA4-AE72-4A38-A823-60C30BBBEC50}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deponia\deponia.exe |
    "{158A357E-248C-43E7-A4B1-1091C57F0130}" = protocol=6 | dir=in | app=c:\program files (x86)\2k games\firaxis games\sid meier's civilization 4 complete\warlords\civ4warlords.exe |
    "{17DEC1DF-C42E-4553-AD54-E19BBF46770E}" = protocol=6 | dir=in | app=c:\program files (x86)\2k games\firaxis games\sid meier's civilization 4 complete\civilization4.exe |
    "{18333A4F-8551-4F0C-9CF8-9933BFDC3022}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rome total war gold\rometw-bi.exe |
    "{1AD2E8B4-F53D-4A62-B2CC-685951D22AC1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe |
    "{1F2E92A8-1FE2-47B5-B41E-7537BBD35608}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe |
    "{20CD44E0-FFE5-459E-BCFA-533F8A8FE690}" = protocol=6 | dir=in | app=c:\users\weazel\appdata\roaming\dropbox\bin\dropbox.exe |
    "{24ED65F6-FD9B-4A8F-9CED-EF55A6DC6BB6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\guns of icarus online\gunsoficarusonline.exe |
    "{2EE2C883-B24D-45BA-88CA-21966E45AB4F}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
    "{2F0B0FE7-B20A-4CBE-B1ED-738C200DBD71}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\weazel99\synergy\hl2.exe |
    "{301964D2-8617-46DB-9D7A-F532C98C6451}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\garrysmod\hl2.exe |
    "{33296C20-8C5A-49B1-BAF6-B5A7471ABF68}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star wars empire at war\runme.exe |
    "{34A2F477-0B50-4FEB-B2B0-92C5FF1F49A4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\war of the roses\run_game.exe |
    "{3B5EE9C5-76D5-4EA5-843D-E443400E84B9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\weazel99\synergy\hl2.exe |
    "{3C6C543B-249E-4B0E-9020-65E691484A75}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe |
    "{3E996ECE-925C-42C7-8CE7-504B2DD8C25C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\castlecrashers\castle.exe |
    "{3EF528B8-CB44-493B-9051-8DC2DFF40B83}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{41054110-E79C-4971-B564-F3802CF88349}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\monaco\monaco.exe |
    "{48F5C76E-4BC1-43B4-B204-0600F2DCBBAC}" = protocol=17 | dir=in | app=c:\program files (x86)\2k games\firaxis games\sid meier's civilization 4 complete\civilization4.exe |
    "{4B2546F6-DE4D-463B-8DDE-30456E02526D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
    "{51733F6A-34BF-4286-ACC7-F70F403DB9B8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mirrors edge\binaries\mirrorsedge.exe |
    "{5380273F-F764-4F79-82A3-742B012B56F9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe |
    "{59E8F7A7-2075-4DF5-8C02-8AF5DEC316AA}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{59F2BAAF-507A-418A-B0FA-43C90A167713}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike source\hl2.exe |
    "{5BBC3FC7-8606-43DF-8CC1-A75FC2387B80}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mirrors edge\support\ea help\electronic_arts_technical_support.htm |
    "{6027D09B-3E2C-4AC2-9D1A-C9A34784C30F}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
    "{608115E4-7859-4ACA-A5A6-AD97A046D866}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chaos on deponia\visionaireconfigurationtool.exe |
    "{65C68F2D-5251-4C32-A148-67B1A06117FD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\vindictus\en-us\nmservice.exe |
    "{67C4D07C-24FF-4330-A6A4-FF86C489FFA0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chaos on deponia\deponia2.exe |
    "{696D5B5E-2512-4A62-A0FC-2AA44021541C}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
    "{6B372394-5D7F-43D0-AD90-607CA53FF32A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stalker shadow of chernobyl\bin\xr_3da.exe |
    "{6C12AF41-21F2-474A-96FB-AA435265BFAE}" = protocol=6 | dir=in | app=c:\program files (x86)\2k games\firaxis games\sid meier's civilization iv colonization\colonization.exe |
    "{71AE5CB8-A7FF-4C51-A0BA-1DBA39A5057D}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
    "{73D3D631-39A1-4010-8112-7610BB19C25A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\war of the roses\run_game.exe |
    "{746093CC-46CD-4A9D-A06D-0BE46CF92CB6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\jedi academy\gamedata\jamp.exe |
    "{74919B1D-6540-4376-83F3-F5B69AFF5802}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chaos on deponia\visionaireconfigurationtool.exe |
    "{75F3A16F-E58B-4F4C-9F56-781372244305}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chaos on deponia\deponia2.exe |
    "{76ED92EE-E27F-4D84-8585-53D246EE85D1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\guns of icarus online\gunsoficarusonline.exe |
    "{78C9DDFE-94F7-4805-8A05-425DD1D0EE6A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\weazel99\synergy\hl2.exe |
    "{7AFB1CB6-EE59-44F3-B29F-FFF5C979F791}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe |
    "{7B18175F-4A27-42BA-8523-411B75569681}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe |
    "{7BD54E83-B212-44FB-A84A-3D59478E8A8B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\vindictus\en-us\vslauncher.exe |
    "{7CBB801F-EF2F-400D-85D7-38D447E0493B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragonnest\dragonnest.exe |
    "{7DF1E67F-271D-4683-8BDD-CF884E4EB26D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\half-life 2\hl2.exe |
    "{80796941-D767-49E1-9F17-126246EC7A5C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\jedi academy\gamedata\jamp.exe |
    "{8287A980-4C34-490F-A727-6F566766EDFE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\half-life 2\hl2.exe |
    "{83AD0952-1E32-467C-8DCC-3CEAAF5AF89C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\monaco\monaco.exe |
    "{8450A080-C77B-4EBE-9D93-C0D5812422DA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassin's creed 2\assassinscreediigame.exe |
    "{84997445-073E-41F1-A07B-00DC6113DF66}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
    "{85F5BCD7-64C3-411D-8444-DE2EFEB8831D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
    "{8A477F61-3A1A-41D4-AA1E-D527E0AB56EF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rome total war gold\rometw.exe |
    "{8AD5C9BF-213D-42A0-9C3D-A2C57DFBEEED}" = protocol=6 | dir=in | app=c:\program files (x86)\2k games\firaxis games\sid meier's civilization 4 complete\beyond the sword\civ4beyondsword.exe |
    "{8D0B5CA5-6156-4585-AFEF-54C80E105EE7}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
    "{8ECAD306-88E4-4689-AB66-128DF8008E52}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terraria.exe |
    "{8ED9A11A-43CA-4F9E-AB44-89298BCD7A61}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike source\hl2.exe |
    "{8F0A8CFB-0BB6-41D7-8CC7-8BF4CDABF54E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{8FF2C8F7-0396-43C5-ACF4-DFE6DBC2D2C7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warframe\tools\launcher.exe |
    "{906960B4-4488-4EA9-B9EC-B0C89172CA17}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{91436DD5-7817-4035-A585-4314DDDB6D86}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragonnest\dragonnest.exe |
    "{977E56E2-DEBA-40A2-9DFA-148260F8CA2C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\vindictus\en-us\vslauncher.exe |
    "{9E02DD12-464D-44F2-AB6B-EFB487D7CF07}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mirrors edge\binaries\mirrorsedge.exe |
    "{9F615F52-EDA8-4402-9D27-64C0AC217121}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
    "{A39216A5-06E1-4668-8F19-E287A8D3EA6D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe |
    "{A3CF1BB7-D40F-441E-A5FB-818F63CDBC91}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{A5758D0D-168B-4EE9-8B27-741E39F888EC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\castlecrashers\castle.exe |
    "{A639F094-B269-4877-9A2D-AE552678963A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star wars empire at war\runme2.exe |
    "{ADDC8B0D-DF9E-46A9-A4A9-55D4E35606D0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mirrors edge\support\ea help\electronic_arts_technical_support.htm |
    "{AE3E4CA3-609D-4DB2-B26A-01A7B994132B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{AE946E4F-CEF4-4EE6-B591-8A64CF91C9CA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\half-life 2\hl2.exe |
    "{AFDC7F35-22E2-455D-89BC-238E429BA9E5}" = protocol=17 | dir=in | app=c:\program files (x86)\2k games\firaxis games\sid meier's civilization 4 complete\warlords\civ4warlords.exe |
    "{B094F774-9B1C-4BF9-94EF-2199CC4E2814}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
    "{B0B5055A-DB8C-4628-814B-2A566F7198C1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe |
    "{B2E5A6AB-D939-49FD-A91F-D2904E3D4E49}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stalker shadow of chernobyl\bin\xr_3da.exe |
    "{B8F679F0-CC5C-4E79-9FDF-727D9A175975}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\half-life 2\hl2.exe |
    "{B9EF928D-FD1B-4705-9FC1-29240D833C06}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{BCFCF9CF-53F4-41C5-BAFF-81152FC2D26E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warframe\tools\launcher.exe |
    "{BE14806F-8E56-4A2F-9E7E-D861E2A5AE8E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe |
    "{C2107B67-2A86-406C-8AF1-99814237020F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe |
    "{C22F81A1-FD92-4D20-ABA4-D11389B9E33A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassins creed brotherhood\acbsp.exe |
    "{C6975D57-D8B8-42CC-A927-F19F3C95213F}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\comodo\geekbuddyrsp.exe |
    "{C6F28A0E-D6B0-41B5-90A1-F2241ECAACA1}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
    "{CA6296A3-1DB8-4AA4-A6E1-8858CE8438D8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star wars empire at war\runme.exe |
    "{CC41E574-AA2E-4CAD-89A0-5BD93433BC76}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deponia\deponia.exe |
    "{CD521E91-7572-42C1-95C8-66E12A6EFC91}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
    "{CD66031E-936C-4911-9CB3-07503F788746}" = protocol=17 | dir=in | app=c:\users\weazel\appdata\roaming\dropbox\bin\dropbox.exe |
    "{CE8772D7-5F54-4A59-AEEE-27EB0AC7EEA0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star wars empire at war\runme2.exe |
    "{D0D80133-0B65-4EF5-BEC4-DAF2EB3C6C4D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe |
    "{D0E56749-0E0C-4269-A607-30EE2B64CD5D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\flatout\flatout.exe |
    "{D39C7C72-049B-4E6A-B187-86A9DD48E2F5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\flatout\flatout.exe |
    "{D5976294-885F-49AC-A86B-49A5876AA48C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassins creed brotherhood\acbsp.exe |
    "{D5E8B905-EB3D-4545-96F2-7782B0033778}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\weazel99\synergy\hl2.exe |
    "{D77269E7-B1CD-4C27-9E34-77544CC5F800}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
    "{D7E3D007-9BD8-4D93-B5CF-DC9C440207B1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{DDDD1072-1217-45FB-B9E8-A01DC4A2DA5B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\vindictus\en-us\nmservice.exe |
    "{DE36DE86-FE60-4A15-84AA-C9139C84DF28}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\garrysmod\hl2.exe |
    "{E653021D-52FD-440D-BB01-883F1CE91087}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terraria.exe |
    "{E7DD3FFE-6F5E-42B9-BFFA-AC97914BAE13}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{EA346421-300F-4685-8CE4-B37BA3BB9088}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassin's creed 2\assassinscreediigame.exe |
    "{EB5DBD1A-AB81-4B5A-ABF1-233DCF0F205C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe |
    "{EEEAF0D2-A710-4286-9CA8-BC7F954232ED}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
    "{F0917FC5-02A8-4936-B76B-18201FA2FAC2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\jedi academy\gamedata\jasp.exe |
    "{F39AFD1E-5F02-4798-BFC5-C40FF5D7CE6C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\jedi academy\gamedata\jasp.exe |
    "{F7EF864C-2992-4895-ACF7-D3D38BAD737D}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
    "{F815E59F-9E15-44F5-A813-A619C1FDF932}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\comodo\geekbuddyrsp.exe |
    "{FD20AF28-90AD-4C48-9B5D-7F23C09B0F1E}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{FDAA87DC-5D85-4E05-ABFE-AF3080F9828F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rome total war gold\rometw-bi.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
    "{0EF86E06-C755-4C6F-8E47-2528D0546C0A}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
    "{115B60D5-BBDB-490E-AF2E-064D37A3CE01}" = Media Gallery
    "{133D3F07-D558-46CE-80E8-F4D75DBBAD63}" = PMB VAIO Edition Plug-in
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    "{20F5F93B-9A27-4508-87B0-BFD7494FBEC4}" = AuthenTec WinBio FingerPrint Software
    "{2106A845-79C0-426B-9B91-9CBEAF3DE0F2}" = VAIO Update Merge Module x64
    "{26A24AE4-039D-4CA4-87B4-2F86416039FF}" = Java(TM) 6 Update 39 (64-bit)
    "{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
    "{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
    "{312395BC-7CC2-434C-A660-30250276A926}" = SSLx64
    "{3A4170BE-09B7-5658-285E-6D35E9C87101}" = ATI Catalyst Install Manager
    "{3C41721F-AF0F-4086-AA1C-4C7F29076228}" = Intel(R) PROSet/Wireless WiFi Software
    "{4237FF56-4BD0-481E-BD44-C1A8DDA9C753}_is1" = WinDS PRO 2012.10.0
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{4F31AC31-0A28-4F5A-8416-513972DA1F79}" = Sony Corporation
    "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
    "{549AD5FB-F52D-4307-864A-C0008FB35D96}" = VCCx64
    "{5EBE0F1F-45DF-4298-AC6B-E8E54EAEC834}" = Microsoft IntelliPoint 7.1
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{6C8F7FE6-6D5E-49FE-A4EB-6597B41C2BCA}" = VAIO Care
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{81B43AC9-B334-45D0-8D15-0A3642AFBDA1}" = AuthenTec TrueSuite
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{82F3914F-383E-4345-9451-B4E34541B6F1}" = AMD Media Foundation Decoders
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
    "{A0E106D2-4815-4B7A-BAA7-7E21B530CFB4}" = Intel(R) PROSet/Wireless for Bluetooth(R) 3.0 + High Speed
    "{AAE37DF4-D7E4-9FB9-ACBE-BD785F900240}" = ccc-utility64
    "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
    "{BCC0552D-76C0-4130-BFBD-49BE49ACC594}" = COMODO Internet Security
    "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
    "{D55EAC07-7207-44BD-B524-0F063F327743}" = VIx64
    "{DBEAA361-F8A4-4298-B41C-9E9DCB9AAB84}" = VPMx64
    "{F2611404-06BF-4E67-A5B7-8DB2FFC1CBF6}" = VSNx64
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "Blender" = Blender
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "ProInst" = Intel PROSet Wireless
    "WebConnect" = WebConnect 3.0.0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0170930E-68D6-4E85-88B2-82761CDE1F94}" = DayZ Commander
    "{021C6667-63D3-4416-B537-865E77F4DF4F}" = avast! Ad Blocker
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
    "{07441A52-E208-478A-92B7-5C337CA8C131}" = VAIO - Remote Play with PlayStation®3
    "{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network
    "{0ACC2993-2058-4BE7-9A92-9DCDAA9B3412}" = LogMeIn Hamachi
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
    "{0F895695-33CC-4203-9C47-25EF2AC9441C}" = Media Go
    "{103FCC16-8501-C8E8-2A8C-93102D3251D3}" = CCC Help Finnish
    "{13EC74A6-4707-4D26-B9B9-E173403F3B08}" = Quick Web Access
    "{14A9CAFF-0C9F-FC97-C846-3C8ACD93936B}" = CCC Help Korean
    "{18894D16-5448-4BF9-A128-F7E937322F91}" = OOBE
    "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1E908A99-3D67-3634-8242-44E91A121035}" = CCC Help Polish
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{2594059F-25BF-028A-9AF9-01890A70D1C0}" = CCC Help French
    "{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
    "{270380EB-8812-42E1-8289-53700DB840D2}" = PMB VAIO Edition Plug-in
    "{270B5FA2-363F-255D-DE7D-48EA599E0642}" = CCC Help Dutch
    "{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
    "{2CC7C829-048B-3DD8-790D-13F5DF7AA86A}" = CCC Help Chinese Traditional
    "{30D1F3D2-54CF-481D-A005-F94B0E98FEEC}" = Sid Meier's Civilization 4 Complete
    "{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{364CB34F-039F-2688-0C57-FF3E7A32BDB6}" = CCC Help Danish
    "{3A26D9BD-0F73-432D-B522-2BA18138F7EF}" = VAIO Improvement
    "{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
    "{3C83762B-4AF9-E183-0586-DD35618A20EB}" = Catalyst Control Center
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
    "{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4BF87DDC-2B9B-1904-89FE-FB84FC016C21}" = CCC Help Russian
    "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.6
    "{542ABB05-DC1D-E332-D153-44D997380C82}" = CCC Help Thai
    "{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
    "{547C9EB4-4CA6-402F-9D1B-8BD30DC71E44}" = VAIO Sample Contents
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
    "{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable
    "{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
    "{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO Transfer Support
    "{5DF8AD8E-3597-2699-D7C9-694CBD07E617}" = CCC Help Japanese
    "{62D82EC1-0D3A-DF54-8E3E-07E1337A5311}" = savenShhareE
    "{630C8469-7638-A7C2-D4DF-FA4117FF81AF}" = CCC Help Greek
    "{63C43435-F428-42BA-8E7B-5848749D9262}" = SSLx86
    "{63E64E94-7D42-EDB9-DDE8-CDF82C067E8C}" = Catalyst Control Center Profiles Mobile
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{66081CDD-C1FE-415F-BB3A-F2622BA27461}" = PMB VAIO Edition Guide
    "{67898C03-26AE-FA57-052F-DC4957232ADF}" = CCC Help Portuguese
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6A183D7E-D76F-8E0E-7DB1-007F521F0056}" = CCC Help German
    "{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
    "{6E899F31-606A-E6E1-42D2-D1A91B7FA30C}" = CCC Help Italian
    "{70991E0A-1108-437E-BA7D-085702C670C0}" =
    "{70DE9E60-DE22-4362-B868-1B8922F78C1A}" = Remote Keyboard
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{71FC647F-E91F-4DD2-BEA4-7B4172015DCE}" = VHD
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{7396FB15-9AB4-4B78-BDD8-24A9C15D2C65}" = VAIO - Remote Keyboard
    "{781A93CD-1608-427D-B7F0-D05C07795B25}" = Intel(R) WiDi
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7C80D30A-AC02-4E3F-B95D-29F0E4FF937B}" = VAIO Easy Connect
    "{8004AD43-6058-0058-0EF9-46EDB04221FF}" = CCC Help Turkish
    "{803E4FA5-A940-4420-B89D-A8BC2E160247}" =
    "{82F09B1C-F602-4552-9C40-5BD5F8EAF750}" =
    "{8356CB97-A48F-44CB-837A-A12838DC4669}" = PMB VAIO Edition Plug-in
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{855DDD3C-131E-42A8-BCBD-F9581F80CACB}" =
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
    "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
    "{8AA8BC62-929A-6FF2-655B-79E2FB4B1810}" = Catalyst Control Center Graphics Previews Common
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8E797841-A110-41FD-B17A-3ABC0641187A}" = VAIO Control Center
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9A30289C-813A-D9E7-0F75-D26EA7BB533F}" = CCC Help Hungarian
    "{9AE76A96-BF2F-8AB9-46B8-74F1FB68AD4C}" = PX Profile Update
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}" = OpenOffice.org 3.4.1
    "{A49A517F-5332-4665-922C-6D9AD31ADD4F}" = VSNx86
    "{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.6) MUI
    "{AE35BB59-31F9-C205-1915-08B73D5A4D8C}" = CCC Help Chinese Standard
    "{AF0893D0-63E2-5356-6E79-09974852DBC4}" = CCC Help Swedish
    "{B1893E3F-9BDF-443F-BED0-1AAA2D9E0D68}" = ArcSoft Magic-I Visual Effects 2
    "{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
    "{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
    "{B7546697-2A80-4256-A24B-1C33163F535B}" = VAIO Gate Default
    "{B77DE05C-7C84-4011-B93F-A29D0D2840F4}" = ArcSoft WebCam Companion 4
    "{B8991D99-88FD-41F2-8C32-DB70278D5C30}" = VWSTx86
    "{BA185E4B-55BC-9788-371A-24705F4923BB}" = CCC Help English
    "{BA469F53-3131-47B0-9683-2C27F3546CD3}" = Remote Play with PlayStation 3
    "{BCE6E3D7-B565-4E1B-AC77-F780666A35FB}" = VAIO CPU Fan Diagnostic
    "{BD04DEBE-923A-4157-993E-2C727C5FFB5C}" = VAIO Help and Support
    "{BE9E4DD1-6228-46C6-8EF9-42F7A4F6CC9D}" = VAIO Data Restore Tool
    "{C01A86F5-56E7-101F-9BC9-E3F1025EB779}" = Intel(R) Identity Protection Technology 1.1.2.0
    "{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
    "{C5DF93B9-89DF-40AF-BD79-B172B27AC977}" = GeekBuddy
    "{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}" = VAIO Manual
    "{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D17C2A58-E0EA-4DD7-A2D6-C448FD25B6F6}" = VIx86
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D7F13995-E383-848E-7925-ABDEC6B1E2EA}" = CCC Help Spanish
    "{D7F3EEAD-183C-47DE-BDC5-593539573F97}" = Play withSIX
    "{D9173CE7-83E1-D410-06A2-49F2798A72DB}" = Catalyst Control Center InstallProxy
    "{DB1DAF88-F975-DD6B-5287-15A02DE306A6}" = CCC Help Czech
    "{DF184496-1CA2-4D07-92E7-0BD251D7DEF0}" = VCCx86
    "{DFE03E4C-4B8D-4B0B-BFC8-F473889E4149}" = Catalyst Control Center - Branding
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E4D15328-8C89-484B-B9AA-F5BE9EA6D01C}" = NVIDIA PhysX v8.10.17
    "{E6C7380F-15DD-445E-BA02-B7A180BA0A5A}" = MorphVOX Junior
    "{E8D46836-CD55-453C-A107-A59EC51CB8DC}" = VIPAccess
    "{EF36A836-BF89-4A4F-B079-057B0C68C1E0}" = Sid Meier's Civilization IV Colonization
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Display Audio Driver
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F6EC0360-CAC5-1272-7258-FC182F61A945}" = CCC Help Norwegian
    "{FA870BF1-44A1-4B7D-93E1-C101369AF0C1}" = VAIO - Media Gallery
    "{FB22916E-D494-91F2-7CC0-910867BF2C03}" = Catalyst Control Center Localization All
    "{FB77DB0C-6951-47B6-9D80-A0FDBEE0334C}" =
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FE8974B4-479C-4DBA-8544-9E5342ABB26A}" = Keyboard Shortcuts
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Application Manager for VAIO" = Application Manager for VAIO
    "avast" = avast! Free Antivirus
    "BattlEye for A2" = BattlEye Uninstall
    "BattlEye for OA" = BattlEye for OA Uninstall
    "Comodo Dragon" = Comodo Dragon
    "Fraps" = Fraps (remove only)
    "GoldenEye Source" = GoldenEye: Source
    "Google Chrome" = Google Chrome
    "InstallShield_{270380EB-8812-42E1-8289-53700DB840D2}" = VAIO - PMB VAIO Edition Plug-in
    "InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
    "InstallShield_{66081CDD-C1FE-415F-BB3A-F2622BA27461}" = VAIO - PMB VAIO Edition Guide
    "LogMeIn Hamachi" = LogMeIn Hamachi
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
    "Mozilla Firefox 23.0.1 (x86 en-US)" = Mozilla Firefox 23.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "Multimedia Fusion Developer 2" = Multimedia Fusion Developer 2
    "OpenAL" = OpenAL
    "ProInst" = Intel PROSet Wireless
    "PunkBusterSvc" = PunkBuster Services
    "splashtop" = Quick Web Access
    "Steam App 105600" = Terraria
    "Steam App 113020" = Monaco
    "Steam App 17410" = Mirror's Edge
    "Steam App 17520" = Synergy
    "Steam App 200510" = XCOM: Enemy Unknown
    "Steam App 204360" = Castle Crashers
    "Steam App 209080" = Guns of Icarus Online
    "Steam App 211" = Source SDK
    "Steam App 214340" = Deponia
    "Steam App 215" = Source SDK Base 2006
    "Steam App 218" = Source SDK Base 2007
    "Steam App 220" = Half-Life 2
    "Steam App 220740" = Chaos on Deponia
    "Steam App 240" = Counter-Strike: Source
    "Steam App 32470" = Star Wars: Empire at War Gold
    "Steam App 33230" = Assassin's Creed II
    "Steam App 33900" = Arma 2
    "Steam App 33930" = Arma 2: Operation Arrowhead
    "Steam App 4000" = Garry's Mod
    "Steam App 440" = Team Fortress 2
    "Steam App 4760" = Rome: Total War
    "Steam App 48190" = Assassin's Creed Brotherhood
    "Steam App 550" = Left 4 Dead 2
    "Steam App 6020" = Star Wars Jedi Knight: Jedi Academy
    "Steam App 620" = Portal 2
    "Steam App 6220" = FlatOut
    "Steam App 630" = Alien Swarm
    "Steam App 72850" = The Elder Scrolls V: Skyrim
    "Steam App 8930" = Sid Meier's Civilization V
    "VAIO Messenger" = VAIO Messenger
    "VAIO Satisfaction Survey.3.0" = VAIO Satisfaction Survey.
    "WinLiveSuite" = Windows Live Essentials
    "WinRAR archiver" = WinRAR 4.20 (32-bit)

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-171069205-1298168295-2454606942-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Dolpin Emulator Packages" = Dolpin Emulator Packages
    "Dropbox" = Dropbox
    "Multimedia Fusion Developer 2 Extension Pack" = Multimedia Fusion Developer 2 Extension Pack
    "TeamSpeak 3 Client" = TeamSpeak 3 Client
    "UnityWebPlayer" = Unity Web Player

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 9/3/2013 4:42:43 AM | Computer Name = Vaio | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 3463

    Error - 9/3/2013 4:42:43 AM | Computer Name = Vaio | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 3463

    Error - 9/3/2013 8:40:25 PM | Computer Name = Vaio | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 9/3/2013 8:40:25 PM | Computer Name = Vaio | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 1029

    Error - 9/3/2013 8:40:25 PM | Computer Name = Vaio | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 1029

    Error - 9/5/2013 3:23:57 AM | Computer Name = Vaio | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 9/5/2013 3:24:00 AM | Computer Name = Vaio | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 999

    Error - 9/5/2013 3:24:00 AM | Computer Name = Vaio | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 999

    Error - 9/5/2013 3:24:01 AM | Computer Name = Vaio | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 9/5/2013 3:24:01 AM | Computer Name = Vaio | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 4868

    Error - 9/5/2013 3:24:01 AM | Computer Name = Vaio | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 4868

    [ System Events ]
    Error - 9/17/2013 2:05:33 AM | Computer Name = Vaio | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk1\DR1.

    Error - 9/17/2013 2:05:40 AM | Computer Name = Vaio | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk1\DR1.

    Error - 9/17/2013 2:05:41 AM | Computer Name = Vaio | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk1\DR1.

    Error - 9/17/2013 2:05:41 AM | Computer Name = Vaio | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk1\DR1.

    Error - 9/17/2013 2:05:42 AM | Computer Name = Vaio | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk1\DR1.

    Error - 9/17/2013 2:05:44 AM | Computer Name = Vaio | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk1\DR1.

    Error - 9/17/2013 2:05:45 AM | Computer Name = Vaio | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk1\DR1.

    Error - 9/18/2013 1:27:58 AM | Computer Name = Vaio | Source = Service Control Manager | ID = 7011
    Description = A timeout (60000 milliseconds) was reached while waiting for a transaction
    response from the VAIO Event Service service.

    Error - 9/18/2013 3:05:16 AM | Computer Name = Vaio | Source = DCOM | ID = 10010
    Description =

    Error - 9/18/2013 3:08:11 AM | Computer Name = Vaio | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    CFRMD


    < End of report >
     
  17. Weazel99

    Weazel99 TS Rookie Topic Starter Posts: 40

    BTW JRT says access is denied, so I cannot run it
     
  18. Broni

    Broni Malware Annihilator Posts: 47,066   +257

    Did you?
     
  19. Broni

    Broni Malware Annihilator Posts: 47,066   +257

    Still with me?
     
  20. Broni

    Broni Malware Annihilator Posts: 47,066   +257

    This topic is marked as abandoned and closed due to inactivity.
    This member will NOT be eligible to receive any more help in malware removal forum.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.