Alex111 Posted March 20, 2014 ID:805364 Share Posted March 20, 2014 Hi guys, I run Malwarebytes and Comodo AV. Comodo is not working - Defense+ is not working properly.Malwarebytes is not working even through chameleon, so I tried uninstalling and reinstalling but now cannot reinstall as it states I do not have access to the folder. Here are the DDS and attach logs: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 11.0.9600.16521 BrowserJavaVersion: 10.51.2Run by Alex at 9:24:14 on 2014-03-20Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.5998.3238 [GMT 0:00].AV: COMODO Antivirus *Disabled/Updated* {B74CC7D2-B407-E1DC-1033-DD315BCDC8C8}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: COMODO Antivirus *Disabled/Updated* {0C2D2636-923D-EE52-2A83-E643204A8275}FW: COMODO Firewall *Disabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Program Files\COMODO\COMODO Internet Security\cmdagent.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exeC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Windows\SysWOW64\svchost.exe -k AkamaiC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeC:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exeC:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exeC:\Program Files\Sony\VAIO Smart Network\VSNService.exeC:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exeC:\Windows\SysWOW64\DllHost.exeC:\Windows\system32\taskeng.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files (x86)\Google\Update\GoogleUpdate.exeC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exeC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\System32\WUDFHost.exeC:\Program Files\Sony\VAIO Power Management\SPMService.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files\COMODO\COMODO Internet Security\cavwp.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exeC:\Windows\system32\atieclxx.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Apoint\Apoint.exeC:\Program Files\Realtek\Audio\HDA\RAVBg64.exeC:\Program Files\COMODO\COMODO Internet Security\cistray.exeC:\Users\Alex\AppData\Local\Akamai\netsession_win.exeC:\Program Files\Apoint\ApMsgFwd.exeC:\Users\Alex\AppData\Local\FluxSoftware\Flux\flux.exeC:\Users\Alex\Data\SpotifyWebHelper.exeC:\Windows\system32\taskeng.exeC:\Program Files\Sony\VAIO Smart Network\VSNClient.exeC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exeC:\Program Files (x86)\SONY\PMB\PMBVolumeWatcher.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Users\Alex\AppData\Local\Akamai\netsession_win.exeC:\Program Files\Sony\VAIO Power Management\SPMgr.exeC:\Program Files\Apoint\Apntex.exeC:\Program Files\Apoint\Apvfb.exeC:\Program Files\COMODO\COMODO Internet Security\cis.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Users\Alex\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Users\Alex\AppData\Local\Temp\nsaE810.tmp\PEV.DATC:\Users\Alex\AppData\Local\Temp\nsgCC56.tmp\PEV.DATC:\Users\Alex\AppData\Local\Google\Update\GoogleUpdate.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uProxyServer = proxy.bucksgfl.org.uk:8080uURLSearchHooks: {3B81079D-2AC9-425f-A494-A1C7D93AFA3C} - <orphaned>uURLSearchHooks: <No Name>: - LocalServer32 - <no file>mURLSearchHooks: <No Name>: - LocalServer32 - <no file>BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLLBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dlluRun: [Akamai NetSession Interface] "C:\Users\Alex\AppData\Local\Akamai\netsession_win.exe"uRun: [Google Update] "C:\Users\Alex\AppData\Local\Google\Update\GoogleUpdate.exe" /cuRun: [f.lux] "C:\Users\Alex\AppData\Local\FluxSoftware\Flux\flux.exe" /noshowuRun: [spotify Web Helper] "C:\Users\Alex\Data\SpotifyWebHelper.exe"uRun: [iFunBox Price Watch] C:\Program Files (x86)\iFunbox 2014\iFunBox2014.exe /traymRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exemRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exemRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" amlmRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunmRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\STARTG~1.LNK - C:\Program Files (x86)\Comodo\GeekBuddy\launcher.exeuPolicies-Explorer: NoDriveTypeAutoRun = dword:255mPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoDriveTypeAutoRun = dword:255mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0mPolicies-System: DisableStartupSound = dword:1IE: Clip Image - C:\Users\Alex\AppData\Local\Apps\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4IE: Clip selection - C:\Users\Alex\AppData\Local\Apps\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3IE: Clip this page - C:\Users\Alex\AppData\Local\Apps\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1IE: Clip URL - C:\Users\Alex\AppData\Local\Apps\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000IE: New Note - C:\Users\Alex\AppData\Local\Apps\Evernote\Evernote\\EvernoteIERes\NewNote.htmlIE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmIE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dllIE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllIE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmTrusted Zone: clonewarsadventures.comTrusted Zone: freerealms.comTrusted Zone: soe.comTrusted Zone: sony.comTCP: NameServer = 10.84.152.2 10.84.152.3TCP: Interfaces\{1EFB8A60-ADE3-4852-AA62-C8616E1EABDA} : DHCPNameServer = 10.84.152.2 10.84.152.3TCP: Interfaces\{1EFB8A60-ADE3-4852-AA62-C8616E1EABDA}\377756C6C6 : DHCPNameServer = 192.168.43.1TCP: Interfaces\{1EFB8A60-ADE3-4852-AA62-C8616E1EABDA}\377756C6C6370247A6E676 : DHCPNameServer = 192.168.43.1Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLHandler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dllHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllNotify: VESWinlogon - VESWinlogon.dllAppInit_DLLs= c:\windows\syswow64\guard32.dll c:\progra~2\sprote~1\sprote~1.dllSSODL: WebCheck - <orphaned>mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLLx64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dllx64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -sx64-Run: [Apoint] C:\Program Files (x86)\Apoint\Apoint.exex64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3 x64-Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exex64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dllx64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dllx64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmx64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLx64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-Notify: igfxcui - igfxdev.dllx64-SSODL: WebCheck - <orphaned>.============= SERVICES / DRIVERS ===============.R0 MxEFUF;Matrox Extio Upper Function Filter;C:\Windows\System32\drivers\MxEFUF64.sys [2012-8-6 157696]R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-5-22 55280]R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2013-6-18 48872]R1 RAMDiskVE;RAMDiskVE;C:\Windows\System32\drivers\RAMDiskVE.sys [2012-4-29 73000]R2 ADExchange;ArcSoft Exchange Service;C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [2012-2-16 43112]R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 27136]R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-7-28 202752]R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-5-19 13336]R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\SONY\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]R2 regi;regi;C:\Windows\System32\drivers\regi.sys [2010-5-22 14112]R2 rimspci;rimspci;C:\Windows\System32\drivers\rimssne64.sys [2010-5-19 93696]R2 risdpcie;risdpcie;C:\Windows\System32\drivers\risdpe64.sys [2012-8-6 81920]R2 risdsnpe;risdsnpe;C:\Windows\System32\drivers\risdsne64.sys [2010-5-19 75776]R2 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-9-14 642416]R2 VSNService;VSNService;C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2010-11-28 845312]R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-5-19 56344]R3 HP8207_8307;HP-HP8207_8307;C:\Windows\System32\drivers\HP8207_8307.sys [2010-2-4 15360]R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2012-8-8 158976]R3 pneteth;PdaNet Broadband;C:\Windows\System32\drivers\pneteth.sys [2013-12-1 15360]R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2010-5-19 11392]R3 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2010-5-22 571248]R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2010-5-19 395264]RUnknown mbamchameleon;mbamchameleon; [x]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]S2 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-8-31 362992]S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]S2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-10 2320920]S3 androidusb;ADB Interface Driver;C:\Windows\System32\drivers\androidusb.sys [2013-12-1 36256]S3 BEService;BattlEye Service;C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2013-8-2 49152]S3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2010-5-19 52264]S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-5-19 35104]S3 cmdvirth;COMODO Virtual Service Manager;C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2013-6-18 164056]S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-7-16 48488]S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-3-12 111616]S3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-5-19 244736]S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2012-12-25 117520]S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-23 19456]S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-8-31 313840]S3 SampleCollector;Intel® Sample Collector;C:\Program Files\Sony\VAIO Care\collsvc.exe [2010-5-22 167424]S3 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-5-22 120104]S3 SOHDBSvr;VAIO Media plus Database Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2010-5-22 70952]S3 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-5-22 427304]S3 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-5-22 75048]S3 SOHPlMgr;VAIO Media plus Playlist Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2010-5-22 91432]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-23 57856]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-5-22 480624]S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-5-22 361840]S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-5-22 110960]S3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update Common\VUAgent.exe [2011-9-23 1429608]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-10-11 1255736]S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-14 25088].=============== Created Last 30 ================.2014-03-20 09:14:36 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2014-03-18 22:12:18 -------- d-----w- C:\Users\Alex\AppData\Roaming\iFunbox_UserCache2014-03-18 22:05:39 -------- d-----w- C:\Users\Alex\AppData\Roaming\iFunBox.NXGen2014-03-18 22:05:36 -------- d-----w- C:\Program Files (x86)\iFunbox 20142014-03-12 21:55:46 624128 ----a-w- C:\Windows\System32\qedit.dll2014-03-12 21:55:46 509440 ----a-w- C:\Windows\SysWow64\qedit.dll2014-03-12 21:55:44 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll2014-03-12 21:55:44 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll2014-03-07 09:30:55 -------- d-----w- C:\Users\Alex\AppData\Local\Aiseesoft Studio2014-03-07 09:30:38 -------- d-----w- C:\Users\Alex\AppData\Roaming\Aiseesoft Studio2014-03-07 09:30:38 -------- d-----w- C:\Program Files (x86)\Aiseesoft Studio2014-03-05 22:51:12 -------- d-----w- C:\Program Files (x86)\Anvisoft2014-03-05 21:38:55 62464 ----a-w- C:\Users\Alex\SpotifyLauncher.exe2014-03-02 19:01:40 -------- d-----w- C:\Users\Alex\AppData\Roaming\REAPER2014-03-02 19:01:31 -------- d-----w- C:\Program Files\Common Files\Propellerhead Software2014-03-02 19:01:27 -------- d-----w- C:\Program Files\REAPER (x64)2014-02-26 22:52:23 -------- d-----w- C:\Users\Alex\AppData\Local\Wisdom-soft2014-02-26 22:51:29 -------- d-----w- C:\Program Files (x86)\Wisdom-soft ScreenHunter 6.0 Free2014-02-26 20:45:00 -------- d-----w- C:\ProgramData\AVS4YOU2014-02-26 20:44:53 -------- d-----w- C:\Users\Alex\AppData\Roaming\AVS4YOU2014-02-26 20:43:09 24576 ----a-w- C:\Windows\SysWow64\msxml3a.dll2014-02-26 20:43:09 -------- d-----w- C:\Program Files (x86)\Common Files\AVSMedia2014-02-26 20:43:08 -------- d-----w- C:\Program Files (x86)\AVS4YOU2014-02-26 20:38:37 -------- d-----w- C:\Users\Alex\AppData\Local\{C8C5207B-434E-4ABB-A072-39F141D634A6}2014-02-26 20:28:09 -------- d-----w- C:\Users\Alex\AppData\Roaming\avidemux2014-02-26 20:27:57 -------- d-----w- C:\Program Files (x86)\Avidemux 2.62014-02-20 12:36:14 -------- d-----w- C:\Users\Alex\AppData\Local\FluxSoftware.==================== Find3M ====================.2014-03-12 13:50:18 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2014-03-12 13:50:18 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2014-03-05 21:38:55 6118400 ----a-w- C:\Users\Alex\spotify.exe2014-03-01 05:17:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb2014-03-01 05:16:26 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll2014-03-01 04:52:55 66048 ----a-w- C:\Windows\System32\iesetup.dll2014-03-01 04:51:59 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll2014-03-01 04:33:52 139264 ----a-w- C:\Windows\System32\ieUnatt.exe2014-03-01 04:33:34 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe2014-03-01 04:32:59 708608 ----a-w- C:\Windows\System32\jscript9diag.dll2014-03-01 04:23:49 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe2014-03-01 04:11:20 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb2014-03-01 03:54:33 5768704 ----a-w- C:\Windows\System32\jscript9.dll2014-03-01 03:52:43 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll2014-03-01 03:51:53 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll2014-03-01 03:38:26 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe2014-03-01 03:37:35 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll2014-03-01 03:35:11 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl2014-03-01 03:14:15 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll2014-03-01 03:10:28 2334208 ----a-w- C:\Windows\System32\wininet.dll2014-03-01 03:00:08 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl2014-03-01 02:32:16 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll2014-02-07 01:23:30 3156480 ----a-w- C:\Windows\System32\win32k.sys2014-01-29 02:32:18 484864 ----a-w- C:\Windows\System32\wer.dll2014-01-29 02:06:47 381440 ----a-w- C:\Windows\SysWow64\wer.dll2014-01-28 02:32:46 228864 ----a-w- C:\Windows\System32\wwansvc.dll2013-12-24 23:09:41 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll2013-12-24 22:48:32 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll2013-12-21 09:53:45 548864 ----a-w- C:\Windows\System32\vbscript.dll2013-12-21 08:56:47 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll.============= FINISH: 9:40:42.22 =============== .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2Install Date: 10/10/2010 14:46:50System Uptime: 20/03/2014 08:29:56 (1 hours ago).Motherboard: Sony Corporation | | VAIOProcessor: Intel® Core i5 CPU M 430 @ 2.27GHz | N/A | 2267/133mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 287 GiB total, 40.579 GiB free.D: is RemovableE: is RemovableF: is CDROM ()G: is FIXED (FAT) - 0 GiB total, 0.39 GiB free..==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP565: 18/03/2014 17:00:15 - Windows UpdateRP566: 18/03/2014 21:09:51 - Installed Universal Adb DriverRP567: 18/03/2014 21:14:13 - Device Driver Package Install: Google, Inc. Android DeviceRP568: 18/03/2014 21:15:10 - Device Driver Package Install: Google, Inc. Android DeviceRP569: 18/03/2014 21:30:25 - Device Driver Package Install: Google, Inc. Android DeviceRP570: 20/03/2014 07:53:43 - Revo Uninstaller's restore point - Malwarebytes Anti-Malware version 1.75.0.1300RP571: 20/03/2014 07:57:31 - Revo Uninstaller's restore point - BitTorrent.==== Installed Programs ======================..==== End Of File =========================== Thanks for the help in advance guys! Link to post Share on other sites More sharing options...
Maniac Posted March 20, 2014 ID:805568 Share Posted March 20, 2014 Hello Alex111 and ! My name is Borislav and I will be glad to help you solve your malware problem. Please note:If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.Make sure you read all of the instructions and fixes thoroughly before continuing with them.Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.Step 1 Please run a Quick Scan with Malwarebytes and post the log: Open up Malwarebytes => Settings Tab => Scanner Settings => Under action for PUP > Select: Show in Results List and Check for removal. Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report. Make sure that everything is checked, and click Remove Selected. Step 2 Download OTL to your DesktopDouble click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.In your next reply, post the following log files:Malwarebytes' Anti-Malware logOTL log files Link to post Share on other sites More sharing options...
Alex111 Posted March 20, 2014 Author ID:805586 Share Posted March 20, 2014 Hi Borislav, thank you for helping me out! I can no longer open up Malwarebytes, it seems as it says: Run-time error '372': Failed to load 'vbalgrid' from 'vbalgrid.ocx'. Your version of vbalgrid.ocx may be outdated. Make sure you are using the version of the control that came with your application. Link to post Share on other sites More sharing options...
Maniac Posted March 21, 2014 ID:806117 Share Posted March 21, 2014 Please proceed with second step. Link to post Share on other sites More sharing options...
Alex111 Posted March 22, 2014 Author ID:806282 Share Posted March 22, 2014 Thanks, Here is the OTL log: OTL logfile created on: 22/03/2014 00:46:38 - Run 1OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Alex\Desktop64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 9.11.9600.16521)Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 5.86 Gb Total Physical Memory | 3.58 Gb Available Physical Memory | 61.16% Memory free13.67 Gb Paging File | 11.06 Gb Available in Paging File | 80.92% Paging File freePaging file location(s): c:\pagefile.sys 8000 8000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 287.01 Gb Total Space | 38.65 Gb Free Space | 13.47% Space Free | Partition Type: NTFSDrive G: | 399.77 Mb Total Space | 399.72 Mb Free Space | 99.99% Space Free | Partition Type: FAT Computer Name: SATURN | User Name: Alex | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit ScansCompany Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2014/03/22 00:45:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exePRC - [2014/03/05 21:38:51 | 001,171,968 | ---- | M] (Spotify Ltd) -- C:\Users\Alex\Data\SpotifyWebHelper.exePRC - [2013/10/23 22:39:14 | 001,017,224 | ---- | M] (Flux Software LLC) -- C:\Users\Alex\AppData\Local\FluxSoftware\Flux\flux.exePRC - [2013/09/03 13:53:50 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exePRC - [2013/06/05 00:01:52 | 004,489,472 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Alex\AppData\Local\Akamai\netsession_win.exePRC - [2012/02/16 02:46:42 | 000,043,112 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exePRC - [2009/12/14 20:06:08 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exePRC - [2009/12/01 21:03:52 | 000,204,648 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exePRC - [2009/12/01 21:03:52 | 000,112,488 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\SONY\VAIO Event Service\VESMgrSub.exePRC - [2009/11/20 22:25:24 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exePRC - [2009/11/20 22:25:22 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exePRC - [2009/10/24 02:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\SONY\PMB\PMBDeviceInfoProvider.exePRC - [2009/10/24 02:18:52 | 000,597,792 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\SONY\PMB\PMBVolumeWatcher.exePRC - [2009/09/14 18:24:08 | 000,206,336 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exePRC - [2009/09/14 17:53:48 | 000,642,416 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exePRC - [2007/07/24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exePRC - [2007/01/04 18:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe ========== Modules (No Company Name) ========== MOD - [2014/02/13 10:23:35 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\59312674865dc2a19c27f9f460b1673b\System.Runtime.Remoting.ni.dllMOD - [2014/02/13 10:22:58 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dllMOD - [2014/02/13 10:22:51 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dllMOD - [2014/02/13 10:22:41 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dllMOD - [2014/02/13 10:22:36 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dllMOD - [2014/02/13 10:22:18 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1d696b2d3de530f7ee971070263667ff\WindowsBase.ni.dllMOD - [2014/02/13 10:22:14 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dllMOD - [2014/02/13 10:22:05 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll ========== Services (SafeList) ========== SRV:64bit: - [2014/03/01 04:33:34 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)SRV:64bit: - [2013/10/20 01:23:22 | 006,254,152 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)SRV:64bit: - [2013/09/24 10:53:30 | 000,164,056 | ---- | M] (COMODO) [On_Demand | Stopped] -- C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe -- (cmdvirth)SRV:64bit: - [2013/05/27 05:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)SRV:64bit: - [2011/09/23 14:37:08 | 001,429,608 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Update Common\VUAgent.exe -- (VUAgent)SRV:64bit: - [2010/10/08 06:55:08 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)SRV:64bit: - [2010/08/11 08:46:06 | 000,845,312 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe -- (VSNService)SRV:64bit: - [2009/11/30 18:51:18 | 000,571,248 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)SRV:64bit: - [2009/09/16 22:28:42 | 000,167,424 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Care\collsvc.exe -- (SampleCollector)SRV:64bit: - [2009/09/16 12:27:12 | 000,480,624 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)SRV:64bit: - [2009/09/08 17:09:20 | 000,110,960 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)SRV:64bit: - [2009/09/04 20:35:12 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)SRV:64bit: - [2009/09/01 20:42:00 | 000,361,840 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)SRV - [2014/03/12 13:50:19 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)SRV - [2014/02/25 21:57:46 | 000,568,512 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)SRV - [2013/09/03 13:53:50 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)SRV - [2013/08/02 10:12:41 | 000,049,152 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe -- (BEService)SRV - [2013/07/01 18:46:14 | 004,569,856 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll -- (Akamai)SRV - [2012/02/16 02:46:42 | 000,043,112 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe -- (ADExchange)SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)SRV - [2009/12/14 20:06:24 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)SRV - [2009/12/14 20:06:08 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)SRV - [2009/12/01 21:03:52 | 000,204,648 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)SRV - [2009/11/20 22:25:24 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)SRV - [2009/10/24 02:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\SONY\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)SRV - [2009/10/15 15:34:36 | 000,427,304 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)SRV - [2009/10/15 15:34:36 | 000,091,432 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe -- (SOHPlMgr)SRV - [2009/10/15 15:34:36 | 000,075,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)SRV - [2009/10/15 15:34:34 | 000,120,104 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)SRV - [2009/10/15 15:34:34 | 000,070,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe -- (SOHDBSvr)SRV - [2009/09/14 18:24:08 | 000,206,336 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)SRV - [2009/09/14 18:24:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)SRV - [2009/09/14 17:53:48 | 000,642,416 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)SRV - [2009/08/31 00:59:30 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10)SRV - [2009/08/31 00:59:18 | 000,313,840 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10)SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)SRV - [2007/07/24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)SRV - [2007/01/04 18:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013/09/24 10:54:10 | 000,023,168 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\cmderd.sys -- (cmderd)DRV:64bit: - [2013/02/12 04:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)DRV:64bit: - [2012/12/23 11:27:23 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)DRV:64bit: - [2012/12/23 11:27:22 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)DRV:64bit: - [2012/06/05 12:45:16 | 000,237,968 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)DRV:64bit: - [2012/04/29 06:27:00 | 000,073,000 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RAMDiskVE.sys -- (RAMDiskVE)DRV:64bit: - [2012/03/08 17:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)DRV:64bit: - [2012/03/01 06:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)DRV:64bit: - [2011/11/25 00:25:52 | 000,015,360 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pneteth.sys -- (pneteth)DRV:64bit: - [2011/10/20 10:24:06 | 000,157,696 | ---- | M] (Matrox Graphics Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\MxEFUF64.sys -- (MxEFUF)DRV:64bit: - [2011/08/30 00:54:28 | 000,117,520 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)DRV:64bit: - [2011/07/20 13:58:22 | 000,044,032 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)DRV:64bit: - [2010/11/20 13:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)DRV:64bit: - [2010/11/20 09:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)DRV:64bit: - [2010/10/08 06:55:08 | 006,661,120 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)DRV:64bit: - [2010/10/08 06:55:08 | 006,661,120 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)DRV:64bit: - [2010/10/08 06:55:08 | 000,195,584 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)DRV:64bit: - [2010/09/13 12:57:08 | 000,081,920 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdpe64.sys -- (risdpcie)DRV:64bit: - [2010/08/19 19:24:34 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)DRV:64bit: - [2010/02/27 08:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)DRV:64bit: - [2010/02/04 22:20:26 | 000,015,360 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HP8207_8307.sys -- (HP8207_8307)DRV:64bit: - [2009/12/16 20:03:59 | 000,244,736 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)DRV:64bit: - [2009/12/16 20:03:04 | 007,778,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)DRV:64bit: - [2009/12/14 20:06:07 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)DRV:64bit: - [2009/11/20 22:09:48 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)DRV:64bit: - [2009/11/18 04:30:44 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)DRV:64bit: - [2009/11/18 04:30:32 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)DRV:64bit: - [2009/11/18 04:30:32 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)DRV:64bit: - [2009/11/18 04:30:21 | 000,052,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)DRV:64bit: - [2009/11/18 04:23:46 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)DRV:64bit: - [2009/11/13 23:05:36 | 000,036,256 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\androidusb.sys -- (androidusb)DRV:64bit: - [2009/11/12 20:16:19 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)DRV:64bit: - [2009/11/12 20:06:44 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)DRV:64bit: - [2009/11/06 20:27:30 | 000,093,696 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssne64.sys -- (rimspci)DRV:64bit: - [2009/11/04 09:59:59 | 000,253,488 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)DRV:64bit: - [2009/09/15 20:09:08 | 000,075,776 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsne64.sys -- (risdsnpe)DRV:64bit: - [2009/08/19 20:09:21 | 000,011,392 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)DRV:64bit: - [2009/07/14 00:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)DRV:64bit: - [2009/07/14 00:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)DRV:64bit: - [2009/07/14 00:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)DRV:64bit: - [2009/05/20 10:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)DRV:64bit: - [2009/03/18 15:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)DRV:64bit: - [2007/04/17 10:51:50 | 000,014,112 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmIE - HKLM\..\URLSearchHook: - No CLSID value foundIE - HKLM\..\SearchScopes,DefaultScope = {AA74FE59-BC4C-4172-9AC4-73315F71CFFE}IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7IE - HKLM\..\SearchScopes\{AA74FE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://search.gboxapp.com/?q={searchTerms}IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://search.gboxapp.com/?q={searchTerms} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3086550058-3092056842-1324180859-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=SVEC&bmod=EU01IE - HKU\S-1-5-21-3086550058-3092056842-1324180859-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1IE - HKU\S-1-5-21-3086550058-3092056842-1324180859-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/IE - HKU\S-1-5-21-3086550058-3092056842-1324180859-1000\..\URLSearchHook: - No CLSID value foundIE - HKU\S-1-5-21-3086550058-3092056842-1324180859-1000\..\URLSearchHook: {3B81079D-2AC9-425f-A494-A1C7D93AFA3C} - No CLSID value foundIE - HKU\S-1-5-21-3086550058-3092056842-1324180859-1000\..\SearchScopes,DefaultScope = {F089810F-4D64-416C-8CC2-F1AFBB6D0F02}IE - HKU\S-1-5-21-3086550058-3092056842-1324180859-1000\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.conduit.com/Results.aspx?ctid=CT3323880&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP2B63C9E7-8C41-481E-9918-7DAF2D827DC6&q={searchTerms}&SSPV=IE - HKU\S-1-5-21-3086550058-3092056842-1324180859-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SRIE - HKU\S-1-5-21-3086550058-3092056842-1324180859-1000\..\SearchScopes\{68E485A1-2B98-4B0C-B563-5767C065C961}: "URL" = http://rover.ebay.com/rover/1/710-42480-16445-5/4?satitle={searchTerms}IE - HKU\S-1-5-21-3086550058-3092056842-1324180859-1000\..\SearchScopes\{92FF631F-B921-400D-9587-DDDDE61A4A9F}: "URL" = http://uk.shopping.com/?linkin_id=8056359IE - HKU\S-1-5-21-3086550058-3092056842-1324180859-1000\..\SearchScopes\{AA74FE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://search.gboxapp.com/?q={searchTerms}IE - HKU\S-1-5-21-3086550058-3092056842-1324180859-1000\..\SearchScopes\{CC9E9D40-AF07-46F2-AA97-B1413C3AE948}: "URL" = http://www.zinio.com/search/index.jsp?s={searchTerms}&rf=sonyie8searchIE - HKU\S-1-5-21-3086550058-3092056842-1324180859-1000\..\SearchScopes\{F089810F-4D64-416C-8CC2-F1AFBB6D0F02}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SVECIE - HKU\S-1-5-21-3086550058-3092056842-1324180859-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-21-3086550058-3092056842-1324180859-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>IE - HKU\S-1-5-21-3086550058-3092056842-1324180859-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.bucksgfl.org.uk:8080 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not foundFF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Alex\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Alex\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Alex\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Alex\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Alex\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Alex\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)FF - HKCU\Software\MozillaPlugins\electronicarts.com/GameFacePlugin: C:\Users\Alex\AppData\Roaming\Electronic Arts\Game Face\1.0.0.18\npGameFacePlugin.dll (Electronic Arts)FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ ========== Chrome ========== CHR - default_search_provider: Google (Enabled)CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},CHR - homepage: http://www.google.co.uk/CHR - plugin: Error reading preferences fileCHR - Extension: CharityAd = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\acaolmpphmfnffmelignomoddonoiphm\2013.9.7.1_0\CHR - Extension: Google Drive = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\CHR - Extension: YouTube = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\CHR - Extension: Block site = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimnmioipafcokbfikbljfdeojpcgbh\3.0.5_0\CHR - Extension: Block site = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimnmioipafcokbfikbljfdeojpcgbh\3.0.6_0\CHR - Extension: Block site = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimnmioipafcokbfikbljfdeojpcgbh\3.0.7_0\CHR - Extension: Block site = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimnmioipafcokbfikbljfdeojpcgbh\3.0.8_0\CHR - Extension: Gmail Offline = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk\1.20_0\CHR - Extension: AdBlock = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.18_0\CHR - Extension: A Journey through Middle-earth = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjgkjeheegjnnmheaflhdocglkiegoni\0.0.1.3_0\CHR - Extension: Don't Starve = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiledapehlkhdehbhppgmekfalnlfajc\1.0.0.37_0\CHR - Extension: Google Keep = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14055.1333_0\CHR - Extension: Google Keep = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14101.1403_0\CHR - Extension: Google Keep = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14105.1392_0\CHR - Extension: Google Keep = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14114.424_0\CHR - Extension: Google Keep = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14121.1015_0\CHR - Extension: Google Keep = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14122.372_0\CHR - Extension: Google Keep = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14125.1342_0\CHR - Extension: Reddit Enhancement Suite = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb\4.3.1.2_0\CHR - Extension: Auto HD For YouTubeâ„¢ = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\koiaokdomkpjdgniimnkhgbilbjgpeak\6.1.5_0\CHR - Extension: Auto HD For YouTubeâ„¢ = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\koiaokdomkpjdgniimnkhgbilbjgpeak\6.1.6_0\CHR - Extension: Auto HD For YouTubeâ„¢ = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\koiaokdomkpjdgniimnkhgbilbjgpeak\6.1.7_0\CHR - Extension: Auto HD For YouTubeâ„¢ = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\koiaokdomkpjdgniimnkhgbilbjgpeak\6.1.8_0\CHR - Extension: Auto HD For YouTubeâ„¢ = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\koiaokdomkpjdgniimnkhgbilbjgpeak\6.1.9_0\CHR - Extension: Auto HD For YouTubeâ„¢ = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\koiaokdomkpjdgniimnkhgbilbjgpeak\6.2.0_0\CHR - Extension: Auto HD For YouTubeâ„¢ = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\koiaokdomkpjdgniimnkhgbilbjgpeak\6.2.1_0\CHR - Extension: Pocket = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjcnijlhddpbdemagnpefmlkjdagkogk\0.600_0\CHR - Extension: Google Wallet = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\CHR - Extension: Gmail = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009/06/10 21:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hostsO2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe (COMODO)O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)O4 - HKLM..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml File not foundO4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\SONY\PMB\PMBVolumeWatcher.exe (Sony Corporation)O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)O4 - HKU\S-1-5-21-3086550058-3092056842-1324180859-1000..\Run: [Akamai NetSession Interface] C:\Users\Alex\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)O4 - HKU\S-1-5-21-3086550058-3092056842-1324180859-1000..\Run: [f.lux] C:\Users\Alex\AppData\Local\FluxSoftware\Flux\flux.exe (Flux Software LLC)O4 - HKU\S-1-5-21-3086550058-3092056842-1324180859-1000..\Run: [iFunBox Price Watch] C:\Program Files (x86)\iFunbox 2014\iFunBox2014.exe (i-Funbox.com)O4 - HKU\S-1-5-21-3086550058-3092056842-1324180859-1000..\Run: [spotify Web Helper] C:\Users\Alex\Data\SpotifyWebHelper.exe (Spotify Ltd)O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not foundO4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not foundO6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStartupSound = 1O7 - HKU\S-1-5-21-3086550058-3092056842-1324180859-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255O8:64bit: - Extra context menu item: Clip Image - C:\Users\Alex\AppData\Local\Apps\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4 File not foundO8:64bit: - Extra context menu item: Clip selection - C:\Users\Alex\AppData\Local\Apps\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not foundO8:64bit: - Extra context menu item: Clip this page - C:\Users\Alex\AppData\Local\Apps\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not foundO8:64bit: - Extra context menu item: Clip URL - C:\Users\Alex\AppData\Local\Apps\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not foundO8:64bit: - Extra context menu item: New Note - C:\Users\Alex\AppData\Local\Apps\Evernote\Evernote\\EvernoteIERes\NewNote.html ()O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()O8 - Extra context menu item: Clip Image - C:\Users\Alex\AppData\Local\Apps\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4 File not foundO8 - Extra context menu item: Clip selection - C:\Users\Alex\AppData\Local\Apps\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not foundO8 - Extra context menu item: Clip this page - C:\Users\Alex\AppData\Local\Apps\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not foundO8 - Extra context menu item: Clip URL - C:\Users\Alex\AppData\Local\Apps\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not foundO8 - Extra context menu item: New Note - C:\Users\Alex\AppData\Local\Apps\Evernote\Evernote\\EvernoteIERes\NewNote.html ()O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)O1364bit: - gopher Prefix: missingO13 - gopher Prefix: missingO15 - HKU\S-1-5-21-3086550058-3092056842-1324180859-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)O15 - HKU\S-1-5-21-3086550058-3092056842-1324180859-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)O15 - HKU\S-1-5-21-3086550058-3092056842-1324180859-1000\..Trusted Domains: soe.com ([]* in Trusted sites)O15 - HKU\S-1-5-21-3086550058-3092056842-1324180859-1000\..Trusted Domains: sony.com ([]* in Trusted sites)O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Reg Error: Key error.)O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 10.51.2)O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)O16 - DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 1.7.0_21)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 10.51.2)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.13.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1EFB8A60-ADE3-4852-AA62-C8616E1EABDA}: DhcpNameServer = 10.0.13.1O18:64bit: - Protocol\Handler\livecall - No CLSID value foundO18:64bit: - Protocol\Handler\ms-help - No CLSID value foundO18:64bit: - Protocol\Handler\msnim - No CLSID value foundO18:64bit: - Protocol\Handler\skype4com - No CLSID value foundO18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value foundO18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value foundO18:64bit: - Protocol\Handler\wlpg - No CLSID value foundO18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not foundO18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not foundO18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not foundO18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not foundO18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not foundO18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not foundO20 - AppInit_DLLs: (c:\windows\syswow64\guard32.dll) - c:\Windows\SysWOW64\guard32.dll (COMODO)O20 - AppInit_DLLs: (c:\progra~2\sprote~1\sprote~1.dll) - File not foundO20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - File not foundO20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - File not foundO20 - HKLM Winlogon: Shell - (explorer.exe) - File not foundO20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - File not foundO20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - File not foundO20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - File not foundO21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O29:64bit: - HKLM SecurityProviders - (credssp.dll) - File not foundO29 - HKLM SecurityProviders - (credssp.dll) - File not foundO32 - HKLM CDRom: AutoRun - 1O34 - HKLM BootExecute: (autocheck autochk *)O35:64bit: - HKLM\..comfile [open] -- "%1" %*O35:64bit: - HKLM\..exefile [open] -- "%1" %*O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2014/03/22 00:45:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe[2014/03/20 21:25:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware[2014/03/20 21:25:08 | 000,000,000 | ---D | C] -- C:\Users\Alex\Malwarebytes' Anti-Malware[2014/03/20 09:47:58 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys[2014/03/20 09:28:53 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Alex\Desktop\dds.com[2014/03/20 09:14:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware[2014/03/18 22:12:18 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\iFunbox_UserCache[2014/03/18 22:05:39 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\iFunBox.NXGen[2014/03/18 22:05:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iFunBox 2014[2014/03/18 22:05:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iFunbox 2014[2014/03/08 19:07:07 | 000,000,000 | ---D | C] -- C:\Users\Alex\Documents\butterfly_data[2014/03/07 09:30:55 | 000,000,000 | ---D | C] -- C:\Users\Alex\Documents\Aiseesoft Studio[2014/03/07 09:30:55 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\Aiseesoft Studio[2014/03/07 09:30:44 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aiseesoft[2014/03/07 09:30:38 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Aiseesoft Studio[2014/03/07 09:30:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Aiseesoft Studio[2014/03/05 22:51:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft[2014/03/05 22:51:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Anvisoft[2014/03/05 21:38:55 | 000,062,464 | ---- | C] (Spotify Ltd) -- C:\Users\Alex\SpotifyLauncher.exe[2014/03/02 19:11:50 | 000,000,000 | ---D | C] -- C:\Users\Alex\Documents\REAPER Media[2014/03/02 19:01:40 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\REAPER[2014/03/02 19:01:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REAPER (x64)[2014/03/02 19:01:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Propellerhead Software[2014/03/02 19:01:27 | 000,000,000 | ---D | C] -- C:\Program Files\REAPER (x64)[2014/02/26 22:52:23 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\Wisdom-soft[2014/02/26 22:51:31 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wisdom-soft ScreenHunter 6 Free[2014/02/26 22:51:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wisdom-soft ScreenHunter 6 Free[2014/02/26 22:51:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wisdom-soft ScreenHunter 6.0 Free[2014/02/26 21:22:05 | 000,000,000 | ---D | C] -- C:\Users\Alex\Documents\AVS4YOU[2014/02/26 20:45:00 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU[2014/02/26 20:44:53 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\AVS4YOU[2014/02/26 20:44:29 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU[2014/02/26 20:43:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU[2014/02/26 20:43:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVSMedia[2014/02/26 20:43:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVS4YOU[2014/02/26 20:38:37 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{C8C5207B-434E-4ABB-A072-39F141D634A6}[2014/02/26 20:28:09 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\avidemux[2014/02/26 20:27:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avidemux[2014/02/26 20:27:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avidemux 2.6[2014/02/20 12:36:16 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux[2014/02/20 12:36:14 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\FluxSoftware[2010/11/11 11:40:20 | 006,118,400 | ---- | C] (Spotify Ltd) -- C:\Users\Alex\spotify.exe[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ][1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2014/03/22 00:50:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job[2014/03/22 00:45:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe[2014/03/22 00:23:35 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3086550058-3092056842-1324180859-1000UA.job[2014/03/22 00:06:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job[2014/03/21 22:43:01 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3086550058-3092056842-1324180859-1000UA.job[2014/03/21 22:43:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3086550058-3092056842-1324180859-1000Core.job[2014/03/21 18:30:10 | 000,121,201 | ---- | M] () -- C:\Users\Alex\Documents\CisReport_v6.3.301686.2974_20140321-183001.zip[2014/03/21 17:00:19 | 000,013,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0[2014/03/21 17:00:19 | 000,013,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0[2014/03/21 16:50:29 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job[2014/03/21 16:50:16 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3086550058-3092056842-1324180859-1000Core.job[2014/03/21 16:50:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[2014/03/21 16:49:07 | 422,100,991 | -HS- | M] () -- C:\hiberfil.sys[2014/03/20 21:25:09 | 000,000,941 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[2014/03/20 10:24:16 | 000,782,470 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI[2014/03/20 10:24:16 | 000,667,096 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat[2014/03/20 10:24:16 | 000,126,740 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat[2014/03/20 10:15:33 | 419,430,400 | ---- | M] () -- C:\RAMDisk.img[2014/03/20 10:15:23 | 419,430,400 | ---- | M] () -- C:\RAMDisk.img.bak[2014/03/20 09:29:04 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Alex\Desktop\dds.com[2014/03/19 22:13:13 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat[2014/03/18 22:05:37 | 000,001,054 | ---- | M] () -- C:\Users\Public\Desktop\iFunBox 2014.lnk[2014/03/18 21:14:26 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01007.Wdf[2014/03/14 12:44:27 | 000,446,184 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT[2014/03/10 20:19:14 | 000,030,825 | ---- | M] () -- C:\Users\Alex\Documents\butterfly.aup[2014/03/07 09:35:00 | 000,001,241 | ---- | M] () -- C:\Users\Alex\Desktop\AVS Video Converter.lnk[2014/03/07 09:30:44 | 000,001,778 | ---- | M] () -- C:\Users\Alex\Application Data\Microsoft\Internet Explorer\Quick Launch\Aiseesoft Total Video Converter Platinum.lnk[2014/03/07 09:30:44 | 000,001,754 | ---- | M] () -- C:\Users\Alex\Desktop\Aiseesoft Total Video Converter Platinum.lnk[2014/03/05 23:12:29 | 000,120,851 | ---- | M] () -- C:\Users\Alex\Documents\CisReport_v6.3.301686.2974_20140305-231225.zip[2014/03/05 21:38:56 | 000,000,020 | ---- | M] () -- C:\Users\Alex\inst_ver.dat[2014/03/05 21:38:55 | 006,118,400 | ---- | M] (Spotify Ltd) -- C:\Users\Alex\spotify.exe[2014/03/05 21:38:55 | 000,062,464 | ---- | M] (Spotify Ltd) -- C:\Users\Alex\SpotifyLauncher.exe[2014/03/02 19:01:33 | 000,000,828 | ---- | M] () -- C:\Users\Public\Desktop\REAPER (x64).lnk[2014/02/26 22:51:31 | 000,002,018 | ---- | M] () -- C:\Users\Alex\Desktop\ScreenHunter 6.0 Free.lnk[2014/02/26 22:49:18 | 000,001,274 | ---- | M] () -- C:\Users\Alex\Desktop\Continue CamStudio Installation.lnk[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ][1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files Created - No Company Name ========== [2014/03/21 18:30:08 | 000,121,201 | ---- | C] () -- C:\Users\Alex\Documents\CisReport_v6.3.301686.2974_20140321-183001.zip[2014/03/20 21:25:09 | 000,000,941 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[2014/03/18 22:05:37 | 000,001,054 | ---- | C] () -- C:\Users\Public\Desktop\iFunBox 2014.lnk[2014/03/18 21:14:26 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01007.Wdf[2014/03/08 19:07:08 | 000,030,825 | ---- | C] () -- C:\Users\Alex\Documents\butterfly.aup[2014/03/07 09:35:00 | 000,001,241 | ---- | C] () -- C:\Users\Alex\Desktop\AVS Video Converter.lnk[2014/03/07 09:30:44 | 000,001,778 | ---- | C] () -- C:\Users\Alex\Application Data\Microsoft\Internet Explorer\Quick Launch\Aiseesoft Total Video Converter Platinum.lnk[2014/03/07 09:30:44 | 000,001,754 | ---- | C] () -- C:\Users\Alex\Desktop\Aiseesoft Total Video Converter Platinum.lnk[2014/03/05 23:12:27 | 000,120,851 | ---- | C] () -- C:\Users\Alex\Documents\CisReport_v6.3.301686.2974_20140305-231225.zip[2014/03/02 19:01:33 | 000,000,828 | ---- | C] () -- C:\Users\Public\Desktop\REAPER (x64).lnk[2014/02/26 22:51:31 | 000,002,018 | ---- | C] () -- C:\Users\Alex\Desktop\ScreenHunter 6.0 Free.lnk[2014/02/26 22:49:18 | 000,001,274 | ---- | C] () -- C:\Users\Alex\Desktop\Continue CamStudio Installation.lnk[2013/06/06 09:15:27 | 000,000,044 | ---- | C] () -- C:\Users\Alex\jagex_cl_runescape_LIVE1.dat[2013/06/06 09:11:37 | 000,000,045 | ---- | C] () -- C:\Users\Alex\jagex_cl_loginapplet_LIVE.dat[2013/06/06 09:09:19 | 000,000,024 | ---- | C] () -- C:\Users\Alex\random.dat[2012/12/16 11:35:33 | 000,000,299 | ---- | C] () -- C:\Users\Alex\.JavaPowUpload.properties[2012/11/14 21:10:11 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll[2012/10/11 17:37:56 | 000,679,936 | R--- | C] () -- C:\Windows\SysWow64\xvidcore.dll[2012/10/11 17:37:56 | 000,155,648 | R--- | C] () -- C:\Windows\SysWow64\xvidvfw.dll[2012/08/01 23:10:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat[2012/08/01 23:10:11 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat[2012/06/14 08:27:19 | 000,014,848 | ---- | C] () -- C:\Users\Alex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2012/01/28 22:38:58 | 000,000,020 | ---- | C] () -- C:\Users\Alex\inst_ver.dat[2011/11/06 09:06:57 | 000,007,616 | ---- | C] () -- C:\Users\Alex\AppData\Local\resmon.resmoncfg[2011/11/02 20:21:55 | 000,000,043 | ---- | C] () -- C:\Users\Alex\jagex_cl_runescape_LIVE.dat[2011/04/18 18:23:43 | 000,000,129 | ---- | C] () -- C:\Users\Alex\jagex_runescape_preferences2.dat[2011/04/18 18:22:51 | 000,000,034 | ---- | C] () -- C:\Users\Alex\jagex_runescape_preferences.dat[2011/02/06 00:15:24 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat[2010/10/30 18:58:41 | 000,090,877 | ---- | C] () -- C:\Users\Alex\Uninstall.exe[2010/05/22 09:36:53 | 000,000,221 | ---- | C] () -- C:\ProgramData\MusicStation.xml ========== ZeroAccess Check ========== [2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 02:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 01:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2010/10/10 21:01:53 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Auslogics[2012/12/24 11:31:18 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\IObit[2011/05/30 10:24:03 | 000,000,000 | -HSD | M] -- C:\Users\Alex\AppData\Roaming\.#[2014/02/22 12:26:57 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\.minecraft[2010/12/25 06:56:56 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Ableton[2012/04/07 11:07:01 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Acoustica[2014/03/07 09:30:38 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Aiseesoft Studio[2012/09/03 14:02:53 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Amazon[2013/10/22 20:05:54 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\AnvSoft[2014/02/15 11:37:03 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Armory[2014/03/19 19:29:46 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Audacity[2013/06/09 15:14:30 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Auslogics[2014/03/07 10:05:38 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\avidemux[2014/03/02 09:58:55 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Bitcoin[2013/02/10 11:21:35 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Canneverbe Limited[2012/10/24 15:59:40 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\com.7digital.downloadmanager[2012/07/04 21:25:45 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\com.greatfridays.sainsburys.DLM[2012/10/16 15:23:41 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\com.hmvdigital.downloadmanager[2011/01/01 16:40:10 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\COWON[2014/02/26 18:48:24 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Dropbox[2010/10/12 16:22:54 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Electronic Arts[2012/06/07 08:31:40 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\FMRTEv5[2011/10/25 15:20:20 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Foxit Software[2010/11/04 17:13:37 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Hardcore[2011/06/19 15:03:19 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Hi-Rez Studios[2014/03/18 22:09:57 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\iFunBox.NXGen[2014/03/18 22:12:18 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\iFunbox_UserCache[2013/03/15 17:50:22 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Iminent[2012/12/23 11:02:59 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\IObit[2014/02/09 10:26:08 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\library_dir[2014/02/06 19:07:22 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\LolClient[2012/12/25 18:23:33 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\MotioninJoy[2010/10/29 18:17:06 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Notepad++[2013/08/06 09:25:16 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Origin[2010/10/18 20:26:09 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Philipp Winterberg[2014/02/04 16:10:27 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Process Hacker 2[2014/02/09 10:37:58 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Raptr[2014/03/02 19:36:03 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\REAPER[2014/02/06 16:07:16 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Riot Games[2013/06/07 16:25:08 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\RSBot[2012/07/30 12:46:59 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\six-updater[2012/07/18 21:45:40 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\six-zsync[2012/12/08 08:44:27 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Sports Interactive[2014/03/05 23:01:46 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Spotify[2010/11/04 17:06:24 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\SynthMaker[2014/02/09 10:27:27 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\SystemRequirementsLab[2012/03/11 09:25:26 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\TuneUp Software[2014/01/29 17:53:02 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\webex[2010/11/14 12:50:36 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Windows Live Writer ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:07BF512B < End of report > Link to post Share on other sites More sharing options...
Alex111 Posted March 22, 2014 Author ID:806283 Share Posted March 22, 2014 And here is the extras log: OTL Extras logfile created on: 22/03/2014 00:46:38 - Run 1OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Alex\Desktop64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 9.11.9600.16521)Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 5.86 Gb Total Physical Memory | 3.58 Gb Available Physical Memory | 61.16% Memory free13.67 Gb Paging File | 11.06 Gb Available in Paging File | 80.92% Paging File freePaging file location(s): c:\pagefile.sys 8000 8000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 287.01 Gb Total Space | 38.65 Gb Free Space | 13.47% Space Free | Partition Type: NTFSDrive G: | 399.77 Mb Total Space | 399.72 Mb Free Space | 99.99% Space Free | Partition Type: FAT Computer Name: SATURN | User Name: Alex | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit ScansCompany Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.).url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation).reg [@ = regfile] -- regedit.exe "%1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation).html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.).reg [@ = regfile] -- regedit.exe "%1" [HKEY_USERS\S-1-5-21-3086550058-3092056842-1324180859-1000\SOFTWARE\Classes\<extension>].html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)piffile [open] -- "%1" %*regfile [open] -- regedit.exe "%1"regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [cmd] -- cmd.exe /s /k pushd "%V"Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [explore] -- Reg Error: Value error.Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)piffile [open] -- "%1" %*regfile [open] -- regedit.exe "%1"regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [cmd] -- cmd.exe /s /k pushd "%V"Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [explore] -- Reg Error: Value error.Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]"AntiVirusOverride" = 0"AntiSpywareOverride" = 0"FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]"DisableNotifications" = 0"EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"DisableNotifications" = 0"EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]"DisableNotifications" = 0"EnableFirewall" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{073A5385-90D3-4BA6-A406-325DF9182D69}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{09C42977-BC9F-4BF8-970E-F24EEC9E82F0}" = lport=445 | protocol=6 | dir=in | app=system | "{1025D0CA-C376-4FF3-8F44-492E4706CF68}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{15A2891A-B951-446A-B015-E07E3E1903EA}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{26DE4485-B731-4025-A491-07A93620F00A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{285A9969-FD3A-4AE4-915C-470A1D539291}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{2CF86CD3-33BF-464B-A80D-A3949079E1B5}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{2E63EDB2-6A67-433C-BD4A-23E91B0BB034}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{301D68CD-1ABA-48B7-BE62-B8E5C4C1D616}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{34B6DEF0-EFC7-42A1-8E09-E56E66821F84}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{366B6734-39DF-4B6E-AA43-788672066C93}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{46A47FBD-E3D8-47F2-910E-F43309276D6D}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | "{507C91F7-BD9F-41A8-ADCC-0BB978A756E2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{59C790E4-9BDF-431E-B0D0-B2BAFF54020D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{5F90F691-55B3-4A1A-8722-6C983B035619}" = lport=51517 | protocol=6 | dir=in | name=akamai netsession interface | "{68396A94-EDEB-4102-99E3-6C9EB6FEF6E4}" = lport=137 | protocol=17 | dir=in | app=system | "{6A7335C4-EF42-473E-A298-36BA96FF3931}" = rport=445 | protocol=6 | dir=out | app=system | "{725EF0C4-7597-4483-96A8-BC3C227D9656}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{73F3D445-3A29-4449-8246-90DAA5A72EE6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{76CAC582-59D3-4CE4-A869-5B3E43482740}" = lport=10243 | protocol=6 | dir=in | app=system | "{7B284C8A-5629-492D-BDBE-B5F16D8F58F4}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{7C5BE5C5-7CD7-4658-B28D-71FBE5C5DCDF}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{920C7B90-0D84-49AF-8376-E78A9199630A}" = lport=138 | protocol=17 | dir=in | app=system | "{9A5D0700-9C4D-4CB8-AEE1-140C46E33B23}" = rport=139 | protocol=6 | dir=out | app=system | "{9B1DF5F6-0236-48FD-8577-44DE60E03242}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{A164D873-EF74-4455-B66A-C495AB5C825F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{AACA909A-2E02-446C-BEDF-8212FF2F58AD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{BB760AB7-6D6F-4D8C-972C-C01880EB5398}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C8B0129D-2383-4EFE-A5C9-E6E8CF7F0C0C}" = rport=10243 | protocol=6 | dir=out | app=system | "{CE73B77C-694A-4F9D-B455-38B1F5F626A9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D31D6A92-103C-4F79-B17D-2D4C6242F3C8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{D3CE4163-B71F-4A61-BCC5-704D5A7B2966}" = rport=137 | protocol=17 | dir=out | app=system | "{E0B50A6D-E33C-41CA-ADF2-BCF081FCB0A3}" = rport=138 | protocol=17 | dir=out | app=system | "{E3C96966-EC54-4528-A991-698E087E9C04}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | "{E6980FC1-41BA-4285-931E-16745546A8BB}" = lport=2869 | protocol=6 | dir=in | app=system | "{E7C68600-A0D2-4B71-BD3E-03D674C8E9AD}" = lport=2869 | protocol=6 | dir=in | app=system | "{E915BAA2-DE3F-4C90-94D5-2575344D1E66}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{EF4B13A0-A46D-4276-BF44-CD15CA93E741}" = lport=139 | protocol=6 | dir=in | app=system | "{F7A087E3-A923-43D6-8E3C-3D0E6DD134DB}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{00996BC9-F424-406B-BE31-505BDAA5BC31}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terraria.exe | "{07130E68-4769-4491-88B0-9828B7E686B6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dayz\dayz.exe | "{0C2C5832-EC7E-4BCA-B82D-416BDFF4B6EE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dayz\dayz.exe | "{1354BB8E-1A35-4755-B651-2AC5ED2F8895}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{1DB29441-5CDD-4788-A735-9E6F917C74E4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{26DFDBFC-AAFB-435D-AFA0-EE4A504F7E1D}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{29C3B6B9-B6D9-45DF-B697-CE35C5BA58CA}" = protocol=17 | dir=in | app=c:\users\alex\appdata\local\google\google talk plugin\googletalkplugin.exe | "{2DE6BEEF-57FC-4434-9776-579644FBDBF7}" = protocol=6 | dir=in | app=c:\users\alex\appdata\roaming\dropbox\bin\dropbox.exe | "{2F7F39B9-4471-4092-9C0C-128FD45DF66A}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{35694FBB-4A8A-4D97-B7A8-4ED88A3CB378}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{368EEEB7-4620-480D-B4EC-4797C5FAC016}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{385C03F6-96CE-45C2-ADC6-A872C9A87AD2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{3E68FA29-F091-4A60-9424-C98EE586BD9B}" = protocol=6 | dir=in | app=c:\users\alex\appdata\local\google\google talk plugin\googletalkplugin.exe | "{3EB0C516-B822-4D56-87A4-AB0328E6E2A1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{3ED3F741-EB35-400F-B858-4DFC2FA1FAFB}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{44A08C48-52D2-4B84-A8BF-8981C7A8228A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{4752B5DC-D06A-46CE-9F40-9D9A565032D0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{5038D00F-9763-4FF9-A941-162AEC811AF2}" = dir=in | app=c:\users\alex\appdata\local\facebook\video\skype\facebookvideocalling.exe | "{50A2489F-CD4A-42A7-B6E7-10E966001358}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{529CD813-8D45-4371-8203-AC9040056F67}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{5E8B7CE8-8214-4D67-B51D-A3B79D31D16D}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{6863D885-08FD-4206-98B9-A85DAE44BBA1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{722C27E5-0B0D-4B89-B7F2-30409CAB7D90}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\game dev tycoon\gamedevtycoon.exe | "{756AD055-6639-4665-A3F5-6DDF2E903CFD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{7E492E91-1840-49D2-A60C-56436B45045D}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{7F666F65-3999-4F0A-8EE3-42D3A3D57856}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{83AFE38B-A522-4FB3-BC2A-D25658C51F2A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{874BE698-C423-42E4-BD9B-95F1CFC095FB}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr.exe | "{88773069-E85D-4DF0-849D-AA8AA7B6513B}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{8A1C91AC-1D48-4760-811B-A765D711003C}" = protocol=17 | dir=in | app=c:\users\alex\appdata\local\akamai\netsession_win.exe | "{9230C86E-2C11-4CD2-B435-5F266E9363F0}" = protocol=6 | dir=in | app=c:\users\alex\appdata\local\akamai\netsession_win.exe | "{93A9F330-9695-4513-AE69-B3F44B3429EA}" = protocol=6 | dir=out | app=system | "{9767A9ED-9FA0-4A57-8C71-3E0E8F67D4AB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\game dev tycoon\gamedevtycoon.exe | "{A0BDF0DB-DC3F-4168-8D63-A387B5152773}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{AF529F26-B4D0-4532-9B0F-C569570E4DEB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{BFA7F01D-49E1-4318-BB60-9DEE7764C18C}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{C6E3CB62-5756-421C-BBF1-CDAAA83F9814}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{C7E49295-14FF-4C17-8A98-EF93151C37D0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{D6383F76-AC78-45FB-B5A5-70455A4FA5A7}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{D69E1E80-236B-4FEE-9877-607D907CE505}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe | "{D8323DF2-776B-498C-8A8B-38B6AF1BAA04}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{D986BDC3-4CA9-4D35-AB84-C5C3A9A073C2}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{DB42F539-E859-4FFB-9B84-9EEDC38DE70B}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{DEA0B31B-E793-4494-B57F-F035740AD820}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr.exe | "{E3214297-52B5-410C-A344-7A0F2AB37353}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terraria.exe | "{E4279261-D929-42D7-AE2F-1B435EC09BCB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{EA72DE84-0744-4F4D-9F92-86F79F585199}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{EDED540E-62D0-4A6C-A551-40F2758E4C14}" = protocol=17 | dir=in | app=c:\users\alex\appdata\roaming\dropbox\bin\dropbox.exe | "{EE6F4BD0-0863-444D-A325-C2B69A601863}" = protocol=17 | dir=in | app=c:\users\alex\appdata\roaming\dropbox\bin\dropbox.exe | "{F7D32FD7-EAB6-47B7-9B13-AE4DF4D1AFD6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{F7DF60BF-C64C-4FAA-9710-490C9DFC115A}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe | "{FA50E70A-FCF3-45B8-94E7-3BD3B75506D1}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{FBC620EE-9B50-4445-A96B-B572898FD43C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{FE5C2A55-3400-4F99-BD8F-FF69B1DD1721}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{FF12B885-A871-4109-A936-D159078BE62A}" = protocol=6 | dir=in | app=c:\users\alex\appdata\roaming\dropbox\bin\dropbox.exe | "TCP Query User{011B8483-DFBB-450A-B52A-45E851B81D51}C:\users\alex\downloads\spotify.exe" = protocol=6 | dir=in | app=c:\users\alex\downloads\spotify.exe | "TCP Query User{060F05A5-781F-4B9D-998B-0CDE89483CF6}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{09E51F2B-8DA2-4148-99A7-68EC04E3AE19}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | "TCP Query User{1B89D0E4-6B7E-45E1-9CD6-2AF5B4F9A761}C:\program files (x86)\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\spotify.exe | "TCP Query User{BBBA2369-A809-4877-A254-E84AFC77D82F}C:\users\alex\spotify.exe" = protocol=6 | dir=in | app=c:\users\alex\spotify.exe | "UDP Query User{2813447A-26C0-46F5-B110-4AAF0C8C4A77}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{3B9DFFA0-0E23-466A-9037-8F724D29B7FA}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | "UDP Query User{4F849ED3-E4A8-4D6D-A3A6-505B3AD20AFC}C:\users\alex\downloads\spotify.exe" = protocol=17 | dir=in | app=c:\users\alex\downloads\spotify.exe | "UDP Query User{D689EB10-F328-4910-A0A9-2FAE1BF64BA5}C:\program files (x86)\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\spotify.exe | "UDP Query User{F712307D-DE62-49CA-A336-9693A0C824BD}C:\users\alex\spotify.exe" = protocol=17 | dir=in | app=c:\users\alex\spotify.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety"{0E931A51-A183-4E66-8562-D82896E74C67}" = BCool Gadget"{0EDB29CF-5FFC-4824-9F13-3D1C4286CA98}_is1" = Audio Transcoder"{11D25EF7-85FC-4B58-8278-485939C8637F}" = VAIO Update Merge Module x64"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219"{26A24AE4-039D-4CA4-87B4-2F86416016FF}" = Java 6 Update 16 (64-bit)"{26A24AE4-039D-4CA4-87B4-2F86417000FF}" = Java 7 (64-bit)"{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy DS3 driver version 0.6.0004"{3C28BFD4-90C7-3138-87EF-418DC16E9598}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148"{4BC310C4-B898-46E2-B5FB-B85A30AA7142}" = iCloud"{5969857A-B3B6-4CB8-8AC0-240E1A099246}" = COMODO Internet Security Premium"{5AF4E09F-5C9B-3AAF-B731-544D3DC821DD}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106"{5E03A267-415E-5383-FA8F-3CE4145663B9}" = AMD Catalyst Install Manager"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161"{64DFC00F-2502-41AE-8E92-B6E7F10F9A62}" = One-click FLAC to MP3 Converter (x64 add-on)"{6C2E334F-37F5-C312-53BA-1482F9A6FD4D}" = ccc-utility64"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour"{7C3AC18F-F19B-4082-8D13-7D603848E06C}" = VAIO Update Merge Module x64"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO"{A71060CF-81D0-EC17-2252-78CA0E96CCCF}" = AMD Drag and Drop Transcoding"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053"{BABA4667-CF82-B330-A8E5-6E8A09B2D911}" = AMD Accelerated Video Transcoding"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter"{E6F5D8BE-0B00-6DD9-18F9-D4045798FCBE}" = AMD Media Foundation Decoders"{F73A118B-8271-47E2-8790-0C636B2539C5}" = iTunes"{F83779DF-E1F5-43A2-A7BE-732F856FADB7}" = Microsoft SQL Server Compact 3.5 SP1 x64 English"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)"930E4792BDAEAFB62A9514EE7578775658A5D07C" = Windows Driver Package - Broadcom Bluetooth (09/09/2009 6.2.0.9405)"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module"CCleaner" = CCleaner"Defraggler" = Defraggler"Process_Hacker2_is1" = Process Hacker 2.33 (r5590)"REAPER" = REAPER (x64) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148"{01496C89-6117-AD97-3CB3-98AF2026070C}" = CCC Help German"{01D5FF1F-BB19-4387-8EF1-C6319037EC12}" = RAMDisk"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam"{0486991B-63F4-5106-06CE-404D7BA55041}" = CCC Help Italian"{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer"{12D0BE8D-538C-4AB1-86DE-C540308F50DA}" = VAIO Content Metadata Manager Settings"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR"{177A3BC5-ECD3-BFF1-4D87-C4B417924DF2}" = CCC Help Russian"{1873FFC1-FDCB-47E1-B7C7-F418211E3530}" = PMB VAIO Edition plug-in (VAIO Image Optimizer)"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker"{19D368B2-5601-007B-A296-535706E00D97}" = CCC Help English"{1E450972-E996-4EC1-A4C3-1518A46928D0}" = VAIO Content Metadata Intelligent Network Service Manager"{1EBDF6D2-CEA0-484C-A23E-2DDAD7FD0DD0}" = System Requirements Lab for Intel"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update"{1FD416D0-CC16-41D1-A25C-C9986CD8BBAB}" = VAIO Content Metadata Intelligent Analyzing Manager"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions"{208345BE-27BB-4367-B245-A5B6E764FDD0}" = VAIO Content Metadata Intelligent Analyzing Manager"{2110ECBD-BF15-4673-8852-8C68DDEB26AC}" = Media Gallery"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Monitoring Settings"{269C93DC-3A29-450F-A3F2-7BF96C6A7E93}" = CDBurnerXP"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 51"{278FA289-F502-D888-A3BA-5FA10308AAAD}" = CCC Help Danish"{291FB4BF-EEC7-4CF9-8469-F39ED1DBC4D8}" = VAIO Content Metadata XML Interface Library"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0"{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}" = Six Updater"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery"{34DC654E-6E43-4BFA-9E00-6C16CFA7B9F0}" = VAIO Data Restore Tool"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery"{3661F243-518C-4d05-8BDF-7B10CC22689F}_is1" = Aiseesoft Total Video Converter Platinum 7.1.26"{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care"{37531547-B1F4-45E6-98FC-8AF5F2F0EAA4}" = VAIO Content Metadata Manager Settings"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology"{4427F384-B5BE-4769-B7D0-C784FC321EB1}" = VAIO Content Metadata Intelligent Network Service Manager"{44F77218-4BBD-1B74-88B7-FC302868F2B3}" = CCC Help Japanese"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support"{4882EBF5-CA37-4EF4-BCB8-9B0E78B907D0}" = VAIO Content Metadata Intelligent Analyzing Manager"{489BC3B4-AEF9-E14A-11BC-B70FDE9D543D}" = CCC Help Chinese Traditional"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater"{4A85AE1B-9727-261D-9EAF-07C1AECCF977}" = CCC Help Turkish"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = PMB VAIO Edition plug-in (Click to Disc)"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11"{50020B66-4BA5-4E35-939E-98A0D648EE88}_is1" = Fast MP4 3GP AVI MPG WMV RM MOV FLV Converter 6.3"{502699FF-F586-54B1-91E8-E85D9FAE0D6D}" = CCC Help Greek"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ"{53EF1C4D-0705-98F2-1889-A69BBF9F03F3}" = CCC Help Thai"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI"{548A4EF3-BD97-0813-B469-E1E2FC9DE487}" = CCC Help Korean"{55533224-CAD0-39B5-6297-E1B2D1D8F176}" = Catalyst Control Center"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool"{590828E0-9BA6-3E4D-8491-A1D9CC3EB8CE}" = CCC Help French"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data"{5BACF1F4-82ED-157E-976C-70C931008CF7}" = Sainsburys MP3 Manager"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update"{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD"{5D6D605B-E4B7-490B-A794-9284BC3D2A8B}" = Driver Detective"{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO Transfer Support"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM"{6146B9DC-C33D-11E2-BDE1-984BE15F174E}" = Evernote v. 4.6.6"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components"{6563FAF5-84F9-0A35-C032-182EBC4C3BDB}" = CCC Help Finnish"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE"{69039A13-9ABB-4264-A570-0023FB2D4F18}" = ArcSoft MediaConverter 7.5"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform"{6C772996-BFF3-3C8C-860B-B3D48FF05D65}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106"{6D46F639-5F2F-90F3-4B60-EB2EF264B82E}" = CCC Help Spanish"{6D8ED20E-E792-4DAC-BB66-009836CBD80B}" = VAIO Content Monitoring Settings"{6e8f74e0-43bd-4dce-8477-6ff6828acc07}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data"{70210CF8-CAB1-8FEB-D964-C33AFE18730B}" = CCC Help Czech"{70991E0A-1108-437E-BA7D-085702C670C0}" = "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable"{7392AA60-133D-4761-94DB-8FBC9B6CD5EA}" = VAIO Content Metadata Intelligent Network Service Manager"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update"{803E4FA5-A940-4420-B89D-A8BC2E160247}" = VAIO Power Management"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync"{88C252C8-A7EE-4B60-BF74-8E5919A8048F}" = PMB VAIO Edition Guide"{8B1AEC85-4507-28BD-F3BA-4A5D732752E7}" = CCC Help Hungarian"{8C5ACED4-34D3-23BB-F90E-2F90420321BC}" = Catalyst Control Center Localization All"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT"{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus"{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}" = Facebook Video Calling 2.0.0.447"{8e70e4e1-06d7-470b-9f74-a51bef21088e}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010"{9238E8A4-BEBA-43A3-B926-769BDBF194C5}" = VAIO Media plus Opening Movie"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker"{931FE23C-BB40-4C7A-A594-DB35908D8E83}" = VAIO Quick Web Access"{935B5086-C002-0FBC-0723-5741D2478EE7}" = Catalyst Control Center InstallProxy"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" = "{96D8E26D-70CB-44DE-AE50-43095A39E5B2}" = VAIO Entertainment Platform"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17"{9A781940-AC41-4D5E-8E1E-76A04B916FB9}" = Helium"{9B163B82-3B46-4CE5-BF01-A53E550A8E58}" = Sony Home Network Library"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail"{9DA53D22-D922-494C-B1D7-51CD9BCB9E4A}" = VAIO Hardware Diagnostics"{A3563827-B0DB-44DC-B037-15CC4E5E692F}" = VAIO Content Metadata XML Interface Library"{A407FC22-36BF-4C82-A516-59D94BC505A9}" = System Requirements Lab Detection"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Settings"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer"{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper"{A95187EF-BCF4-4468-B501-C0BAB976ADD1}" = VAIO Personalization Manager"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer"{AB259D46-F851-41B0-9AFA-AED8998AD68A}" = MusicStation"{AC050677-EAFC-4B57-8F83-8205F65134D2}" = VAIO Content Metadata XML Interface Library"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.8)"{AE710981-9CAE-463F-817F-48F7BB6F93CF}_is1" = Free WAV to MP3 Converter"{B0B1A8A5-4711-BB6C-DD59-9794AD928368}" = CCC Help Dutch"{B1DADBEB-7F82-4B29-84D6-5F14A020F0A0}" = VAIO Content Metadata Intelligent Analyzing Manager"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = PMB VAIO Edition plug-in (VAIO Movie Story)"{B33D2348-2938-1A03-0CD3-E6F7101244E0}" = CCC Help Polish"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call"{B7546697-2A80-4256-A24B-1C33163F535B}" = VAIO Gate Default"{B7C8D838-9C3A-1177-B80A-E3C512FD8AF5}" = CCC Help Swedish"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX"{BCA907B6-5A0F-473E-8C63-0FF0CFAEB7B7}" = VAIO Personalization Manager"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform"{D03D02D8-AB64-4785-A48E-5AA8B0FB8C14}" = Sony Home Network Library"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents"{D62576C2-C084-4698-974A-5BE77714FDDD}" = System Requirements Lab Test"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel® Turbo Boost Technology Driver"{D9C4202E-6D51-4B06-A8F1-22316E654BCA}" = Universal Adb Driver"{DB179A5E-BDE5-4565-AE14-AA10C64C0572}" = League of Legends"{DD88F979-FA58-41AC-980C-A6E1A82B61D9}" = Media Gallery"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources"{DDCB737A-EEC8-3815-42DA-69011A55E3E5}" = Catalyst Control Center Graphics Previews Common"{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}" = ArcSoft WebCam Companion 3"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics DiskDefrag"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10"{E121A4FE-009B-385B-BB0D-B934E2A88288}" = Google Talk Plugin"{E170E984-6B20-79C2-1E9F-0256EC5ADFB4}" = CCC Help Chinese Standard"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding"{E3DC1111-5D32-40F9-BB81-64E31294C1A4}" = VAIO Personalization Manager"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime"{E5269D4B-82AB-52B9-448E-5426A36790B3}" = 7digital Download Manager"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger"{E5F05232-96B6-4552-A480-785A60A94B21}" = System Requirements Lab CYRI"{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106"{E866E52C-1F56-4CCF-0071-CA915F8CFEDA}" = CCC Help Norwegian"{E87022D3-C8C9-4C76-8E27-BC7F18F9B8FB}" = Google Drive"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver"{F1432614-6183-49E6-98E8-674485463CFE}" = VAIO Original Function Settings"{F5D245CC-C332-1E8E-CCB1-75E0C3C4D6F1}" = CCC Help Portuguese"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center"{FB77DB0C-6951-47B6-9D80-A0FDBEE0334C}" = "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials"{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home"7-Zip" = 7-Zip 9.20"Acoustica Effects Pack" = Acoustica Effects Pack"Acoustica Mixcraft 5" = Acoustica Mixcraft 5"Adobe AIR" = Adobe AIR"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin"Adobe Shockwave Player" = Adobe Shockwave Player 11.6"Akamai" = Akamai NetSession Interface Service"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.17"Any Video Converter_is1" = Any Video Converter 5.0.9"ASIO4ALL" = ASIO4ALL"Audacity_is1" = Audacity 2.0.5"Avidemux 2.6" = Avidemux 2.6 (32-bit)"AviSynth" = AviSynth 2.5"AVS Video Editor_is1" = AVS Video Editor 6.5"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool"com.7digital.downloadmanager" = 7digital Download Manager"com.greatfridays.sainsburys.DLM" = Sainsburys MP3 Manager"Debut" = Debut Video Capture Software"Drumaxx" = Drumaxx"Emicsoft M2TS Converter_is1" = Emicsoft M2TS Converter"Foxit Reader_is1" = Foxit Reader 5.0"Fraps" = Fraps"Free YouTube To Mp3 Downloader_is1" = Free YouTube To Mp3 Downloader"Freemake Video Converter_is1" = Freemake Video Converter version 3.1.2"Google Chrome" = Google Chrome"Graph_is1" = Graph 4.4"Hardcore" = Hardcore"iFunBox 2014_is1" = iFunBox 2014 (v3.1.562.425), iFunbox DevTeam"InstallShield_{1873FFC1-FDCB-47E1-B7C7-F418211E3530}" = PMB VAIO Edition plug-in (VAIO Image Optimizer)"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = PMB VAIO Edition plug-in (Click to Disc)"InstallShield_{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data"InstallShield_{88C252C8-A7EE-4B60-BF74-8E5919A8048F}" = PMB VAIO Edition Guide"InstallShield_{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = PMB VAIO Edition plug-in (VAIO Movie Story)"KLiteCodecPack_is1" = K-Lite Codec Pack 7.1.0 (Basic)"LAME for Audacity_is1" = LAME v3.98.3 for Audacity"LastFM Motorokr Screensaver" = LastFM Motorokr Screensaver"LastFM_is1" = Last.fm Scrobbler 2.1.36"League of Legends 3.0.1" = League of Legends"Live 8.0.9" = Live 8.0.9"Live 8.2.1" = Live 8.2.1"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300"MarketingTools" = VAIO Marketing Tools"Notepad++" = Notepad++"Office14.SingleImage" = Microsoft Office Professional 2010"Origin" = Origin"PdaNet_is1" = PdaNet for Android 3.50"PoiZone" = PoiZone"Prism" = Prism Video File Converter"Raptr" = Raptr"Revo Uninstaller" = Revo Uninstaller 1.80"Rockstar Games Social Club" = Rockstar Games Social Club"Sakura" = Sakura"Sawer" = Sawer"Scratch" = Scratch"SpeedFan" = SpeedFan (remove only)"splashtop" = VAIO Quick Web Access"Spotify" = Spotify"Steam App 105600" = Terraria"Steam App 12120" = Grand Theft Auto: San Andreas"Steam App 211820" = Starbound"Steam App 220200" = Kerbal Space Program"Steam App 221100" = DayZ"Steam App 224540" = Ace of Spades"Steam App 231140" = Cities XL Platinum"Steam App 239820" = Game Dev Tycoon"Steam App 240" = Counter-Strike: Source"Steam App 280" = Half-Life: Source"Steam App 360" = Half-Life Deathmatch: Source"Steam App 38400" = Fallout"Steam App 4000" = Garry's Mod"Steam App 70" = Half-Life"Toxic Biohazard" = Toxic Biohazard"Traverso_is1" = Traverso 0.49.1"Uplay" = Uplay"VAIO Help and Support" = "VAIO Premium Partners" = VAIO Premium Partners"VAIO screensaver" = VAIO screensaver"VideoPad" = VideoPad Video Editor"Virtual DJ Home - Atomix Productions" = Virtual DJ Home - Atomix Productions"Winamp" = Winamp"WinISO_is1" = WinISO 5.3"WinLiveSuite" = Windows Live Essentials"Wisdom-soft ScreenHunter 6.0 Free" = Wisdom-soft ScreenHunter 6.0 Free ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-3086550058-3092056842-1324180859-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"ActiveTouchMeetingClient" = Cisco WebEx Meetings"Akamai" = Akamai NetSession Interface"Dropbox" = Dropbox"EA SPORTS Game Face Browser Plugin" = EA SPORTS Game Face Browser Plugin 1.0.0.18"Flux" = f.lux"Mozilla Firefox Packages" = Mozilla Firefox Packages"Spotify" = Spotify"UnityWebPlayer" = Unity Web Player"Winamp Detect" = Winamp Detector Plug-in ========== Last 20 Event Log Errors ========== [ Application Events ]Error - 21/03/2014 07:17:26 | Computer Name = Saturn | Source = Google Update | ID = 20Description = Error - 21/03/2014 08:39:59 | Computer Name = Saturn | Source = Application Error | ID = 1000Description = Faulting application name: wmprph.exe, version: 12.0.7600.16385, time stamp: 0x4a5bd018 Faulting module name: jscript.dll, version: 5.8.9600.16428, time stamp: 0x525b8c45 Exception code: 0xc0000005 Fault offset: 0x0000000000010e04 Faulting process id: 0x1570 Faulting application start time: 0x01cf44ee018c914f Faulting application path: C:\Program Files\Windows Media Player\wmprph.exe Faulting module path: C:\Windows\system32\jscript.dllReport Id: e9881a91-b0f5-11e3-9347-5442496aa0b7 Error - 21/03/2014 08:40:01 | Computer Name = Saturn | Source = Application Error | ID = 1000Description = Faulting application name: wmprph.exe, version: 12.0.7600.16385, time stamp: 0x4a5bd018 Faulting module name: jscript.dll, version: 5.8.9600.16428, time stamp: 0x525b8c45 Exception code: 0xc000041d Fault offset: 0x0000000000010e04 Faulting process id: 0x1570 Faulting application start time: 0x01cf44ee018c914f Faulting application path: C:\Program Files\Windows Media Player\wmprph.exe Faulting module path: C:\Windows\system32\jscript.dllReport Id: ea9c4dbc-b0f5-11e3-9347-5442496aa0b7 Error - 21/03/2014 10:00:28 | Computer Name = Saturn | Source = Bonjour Service | ID = 100Description = Task Scheduling Error: Continuously busy for more than a second Error - 21/03/2014 10:00:29 | Computer Name = Saturn | Source = Bonjour Service | ID = 100Description = Task Scheduling Error: m->NextScheduledEvent 1198509 Error - 21/03/2014 10:00:29 | Computer Name = Saturn | Source = Bonjour Service | ID = 100Description = Task Scheduling Error: m->NextScheduledSPRetry 1198509 Error - 21/03/2014 10:00:36 | Computer Name = Saturn | Source = Google Update | ID = 20Description = Error - 21/03/2014 10:23:46 | Computer Name = Saturn | Source = Application Error | ID = 1000Description = Faulting application name: APSDaemon.exe, version: 2.2.9.2, time stamp: 0x516e136b Faulting module name: pthreadVC2.dll, version: 12.0.0.24, time stamp: 0x4be48880 Exception code: 0xc0000005 Fault offset: 0x00003496 Faulting process id: 0x1874 Faulting application start time: 0x01cf451052b8be47 Faulting application path: C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exeFaulting module path: C:\Program Files (x86)\Common Files\Apple\Apple Application Support\pthreadVC2.dllReport Id: 69182b48-b104-11e3-9347-5442496aa0b7 Error - 21/03/2014 12:50:32 | Computer Name = Saturn | Source = VzCdbSvc | ID = 7Description = Failed to load the plug-in module. (GUID = {48512A59-C8A5-4805-9048-23C9E4194BFA})(Error code = 0x80042000) Error - 21/03/2014 12:50:33 | Computer Name = Saturn | Source = VzCdbSvc | ID = 7Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error code = 0x80042019) [ System Events ]Error - 20/03/2014 06:18:03 | Computer Name = Saturn | Source = DCOM | ID = 10016Description = Error - 20/03/2014 06:19:44 | Computer Name = Saturn | Source = Service Control Manager | ID = 7023Description = The Intel® Management & Security Application User Notification Service service terminated with the following error: %%-2147024882 Error - 21/03/2014 12:29:00 | Computer Name = Saturn | Source = Service Control Manager | ID = 7023Description = The Skype Updater service terminated with the following error: %%-2147024882 Error - 21/03/2014 12:29:30 | Computer Name = Saturn | Source = DCOM | ID = 10010Description = Error - 21/03/2014 12:50:15 | Computer Name = Saturn | Source = EventLog | ID = 6008Description = The previous system shutdown at 16:47:15 on ?21/?03/?2014 was unexpected. Error - 21/03/2014 12:50:19 | Computer Name = Saturn | Source = Service Control Manager | ID = 7009Description = A timeout was reached (30000 milliseconds) while waiting for the Roxio Upnp Server 10 service to connect. Error - 21/03/2014 12:51:40 | Computer Name = Saturn | Source = DCOM | ID = 10016Description = Error - 21/03/2014 12:52:43 | Computer Name = Saturn | Source = Service Control Manager | ID = 7023Description = The Skype Updater service terminated with the following error: %%-2147024882 Error - 21/03/2014 12:53:40 | Computer Name = Saturn | Source = DCOM | ID = 10010Description = Error - 21/03/2014 12:55:20 | Computer Name = Saturn | Source = Service Control Manager | ID = 7023Description = The Intel® Management & Security Application User Notification Service service terminated with the following error: %%-2147024882 < End of report > Link to post Share on other sites More sharing options...
Maniac Posted March 23, 2014 ID:806849 Share Posted March 23, 2014 Step 1 Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.The tool will open and start scanning your system.Please be patient as this can take a while to complete depending on your system's specifications.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next message.Step 2 Please download AdwCleaner by Xplode onto your desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click on Scan button. Wait until is finished.Click on Clean.Confirm each time with Ok.Your computer will be rebooted automatically. A text file will open after the restart.Please post the content of that logfile with your next answer.You can find the logfile at C:\AdwCleaner\AdwCleaner[s0].txt as well.In your next reply, post the following log files:Junkware Removal Tool logAdwCleaner log Link to post Share on other sites More sharing options...
Alex111 Posted March 23, 2014 Author ID:806963 Share Posted March 23, 2014 Unfortunately JRT does not seem to run, even with Comodo shut down. However here is the Adwcleaner log: # AdwCleaner v3.022 - Report created 23/03/2014 at 22:18:15# Updated 13/03/2014 by Xplode# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : Alex - SATURN# Running from : C:\Users\Alex\Desktop\AdwCleaner.exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\GboxUpdaterFolder Deleted : C:\ProgramData\PartnerFolder Deleted : C:\ProgramData\PremiumFolder Deleted : C:\Windows\SysWOW64\AI_RecycleBinFolder Deleted : C:\Users\Alex\AppData\Roaming\IminentFolder Deleted : C:\Users\Admin\AppData\Local\Temp\boost_interprocessFile Deleted : C:\ENDFile Deleted : C:\Users\Alex\Uninstall.exe ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_nonsearch_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_nonsearch_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasapi32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasmancsKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancsKey Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdaterKey Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AA74FE59-BC4C-4172-9AC4-73315F71CFFE}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA74FE59-BC4C-4172-9AC4-73315F71CFFE}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}Key Deleted : HKCU\Software\APN PIPKey Deleted : HKCU\Software\ConduitKey Deleted : HKCU\Software\SProtectorKey Deleted : HKCU\Software\YahooPartnerToolbarKey Deleted : HKCU\Software\AppDataLow\Software\Video-Saver-1Key Deleted : HKLM\Software\ConduitKey Deleted : HKLM\Software\DeviceVMKey Deleted : HKLM\Software\PIPKey Deleted : HKLM\Software\SProtectorKey Deleted : HKLM\Software\WajamKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARPKey Deleted : [x64] HKLM\SOFTWARE\DeviceVMData Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\sprote~1\sprote~1.dllData Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local;127.0.0.1:9421;<local> ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.16521 -\\ Google Chrome v33.0.1750.154 [ File : C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [4157 octets] - [23/03/2014 22:15:28]AdwCleaner[R1].txt - [4217 octets] - [23/03/2014 22:16:53]AdwCleaner[s0].txt - [3961 octets] - [23/03/2014 22:18:15] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [4021 octets] ########## Link to post Share on other sites More sharing options...
Maniac Posted March 25, 2014 ID:807860 Share Posted March 25, 2014 Please boot into Safe mode and try again with JRE. http://windows.microsoft.com/en-US/windows/start-computer-safe-mode#start-computer-safe-mode=windows-7 Link to post Share on other sites More sharing options...
Alex111 Posted March 25, 2014 Author ID:807877 Share Posted March 25, 2014 Unfortunately it still doesn't run, when I run as administrator a command prompt box pops up for about 0.1seconds, so I cannot read the text in it. It automatically closes and JRT doesn't run. Sorry about this. Link to post Share on other sites More sharing options...
Maniac Posted March 25, 2014 ID:807878 Share Posted March 25, 2014 No problem.Download and run mbam-clean.exe from hereIt will ask to restart your computer, please allow it to do so very importantAfter the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from hereNote: You will need to reactivate the program using the license you were sent via email if using the Pro version Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates. Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or ask and we'll explain how to do it. Link to post Share on other sites More sharing options...
Alex111 Posted March 25, 2014 Author ID:807898 Share Posted March 25, 2014 Thanks Borislav, that's all working, anything else I need to do? Link to post Share on other sites More sharing options...
Maniac Posted March 25, 2014 ID:807936 Share Posted March 25, 2014 Yes, please:Launch Malwarebytes' Anti-MalwareGo to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.Go to Scanner tab and select Perform Quick Scan, then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately. Link to post Share on other sites More sharing options...
Alex111 Posted March 25, 2014 Author ID:807979 Share Posted March 25, 2014 Here is the log: Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 25/03/2014Scan Time: 17:56:04Logfile: Administrator: Yes Version: 2.00.0.1000Malware Database: v2014.03.25.05Rootkit Database: v2014.03.18.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledChameleon: Disabled OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: Alex Scan Type: Threat ScanResult: CompletedObjects Scanned: 297119Time Elapsed: 36 min, 5 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledShuriken: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 0(No malicious items detected) Physical Sectors: 0(No malicious items detected) (end) Link to post Share on other sites More sharing options...
Maniac Posted March 28, 2014 ID:809766 Share Posted March 28, 2014 How are things now? Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted April 3, 2014 Root Admin ID:812683 Share Posted April 3, 2014 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts