Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-09-2013 01 Ran by x (administrator) on X-VAIO on 06-09-2013 02:05:16 Running from C:\Users\x\Downloads Windows 7 Home Premium (X64) OS Language: Polish Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe (The Within Network, LLC) C:\Windows\UnsignedThemesSvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (AMD) C:\Windows\system32\atieclxx.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe () C:\Program Files (x86)\Connectify\ConnectifyService.exe (Connectify) C:\Program Files (x86)\Connectify\ConnectifyD.exe (Option) C:\Program Files (x86)\ERA\GlobeTrotter Connect\GtDetectSc.exe () C:\ProgramData\DatacardService\HWDeviceService64.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe (ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe (Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Chris Pietschmann (http://pietschsoft.com)) C:\Program Files (x86)\Virtual Router\VirtualRouterService.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe (Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe (Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe (Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe (DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7938080 2009-07-24] (Realtek Semiconductor) HKLM\...\Run: [Skytel] - C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-07-24] (Realtek Semiconductor Corp.) HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Java\jre6\bin\jusched.exe [171520 2009-08-19] (Sun Microsystems, Inc.) HKLM\...\Policies\Explorer: [NoActiveDesktop] 1 HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1 HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [357696 2010-04-01] (DT Soft Ltd) HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-10] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.) AppInit_DLLs-x32: C:\PROGRA~2\Google\GOOGLE~1\GO36F4~1.DLL [123392 2010-06-28] (Google) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=SVEA&bmod=EU01 HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKCU - {927C6F51-5D9A-43FB-B85F-92FDF6C2D4F7} URL = http://services.zinio.com/search?s={selection}&rf=sonyslices SearchScopes: HKCU - {C41F4CCE-3EEF-4A6F-BEBE-63F69959C781} URL = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta= SearchScopes: HKCU - {DA61334C-DC28-403C-8168-4A997FCDD16E} URL = http://rover.ebay.com/rover/1/710-42480-16445-5/4?satitle={searchTerms} BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) Toolbar: HKLM-x32 - &Tłumaczenie - {0D704FAD-66E9-4F0A-BFED-4F665770DDB3} - C:\Program Files (x86)\Techland\Common\InternetTranslator\InternetTranslator.dll (Techland) Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Winsock: Catalog9 12 %SystemRoot%\system32\vsocklib.dll [63088] (VMware, Inc.) Winsock: Catalog9 13 %SystemRoot%\system32\vsocklib.dll [63088] (VMware, Inc.) Winsock: Catalog9-x64 12 %SystemRoot%\system32\vsocklib.dll [67184] (VMware, Inc.) Winsock: Catalog9-x64 13 %SystemRoot%\system32\vsocklib.dll [67184] (VMware, Inc.) Tcpip\Parameters: [DhcpNameServer] 62.179.1.60 62.179.1.61 Tcpip\..\Interfaces\{47180757-35F2-4827-B29E-1A913C02E96C}: [NameServer]89.108.195.20 217.17.34.10 Tcpip\..\Interfaces\{8DAA83D3-064F-43BF-A44C-77122563FE08}: [NameServer]89.108.195.20 217.17.34.10 Tcpip\..\Interfaces\{E1E3C00A-741D-4BAA-88B9-580ED8A4FC9D}: [NameServer]89.108.195.20 217.17.34.10 FireFox: ======== FF ProfilePath: C:\Users\x\AppData\Roaming\Mozilla\Firefox\Profiles\jdzczjhs.default FF Homepage: hxxp://www.google.pl/ FF NetworkProxy: "gopher", "" FF NetworkProxy: "gopher_port", 0 FF NetworkProxy: "share_proxy_settings", true FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @ganymede/GanymedeNetPlugin,version=1.0 - C:\Program Files (x86)\Ganymede\Plugins\npganymedenet.dll ( ) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @real.com/nppl3260;version=6.0.12.450 - C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.448 - C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 - C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 - C:\Users\x\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( ) FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\x\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\x\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\googledesktop.xml FF Extension: No Name - C:\Users\x\AppData\Roaming\Mozilla\Firefox\Profiles\jdzczjhs.default\Extensions\staged FF Extension: Greasemonkey - C:\Users\x\AppData\Roaming\Mozilla\Firefox\Profiles\jdzczjhs.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} FF Extension: support - C:\Users\x\AppData\Roaming\Mozilla\Firefox\Profiles\jdzczjhs.default\Extensions\support@real-hide-ip.com.xpi FF Extension: No Name - C:\Users\x\AppData\Roaming\Mozilla\Firefox\Profiles\jdzczjhs.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi FF Extension: No Name - C:\Users\x\AppData\Roaming\Mozilla\Firefox\Profiles\jdzczjhs.default\Extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} Chrome: ======= CHR HomePage: hxxp://www.google.com/ig/redirectdomain?brand=SVEA&bmod=SVEA CHR RestoreOnStartup: "hxxp://www.google.com/ig/redirectdomain?brand=SVEA&bmod=SVEA" CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding} CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter} CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\pdf.dll () CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation) CHR Plugin: (LiveVDO plug-in) - C:\Program Files (x86)\Mozilla Firefox\plugins\npvsharetvplg.dll No File CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.) CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (GanymedeNet.Detector) - C:\Program Files (x86)\Ganymede\Plugins\npganymedenet.dll ( ) CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) CHR Plugin: (Media Go Detector) - C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC) CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Unity Player) - C:\Users\x\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\x\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) CHR Plugin: (Facebook Plugin) - C:\Users\x\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( ) CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll () CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) CHR Extension: (Chrome In-App Payments service) - C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0 ==================== Services (Whitelisted) ================= S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) R2 Connectify; C:\Program Files (x86)\Connectify\ConnectifyService.exe [69632 2011-09-29] () S3 GoogleDesktopManager-051210-111108; C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-06-28] (Google) R2 GtDetectSc; C:\Program Files (x86)\ERA\GlobeTrotter Connect\GtDetectSc.exe [204915 2007-11-05] (Option) R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [339456 2010-11-16] () R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [66872 2009-11-26] () S3 Roxio UPnP Renderer 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2009-06-26] (Sonic Solutions) S2 Roxio Upnp Server 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2009-06-26] (Sonic Solutions) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [189984 2009-07-24] (Realtek Semiconductor) R2 SOHDBSvr; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [70952 2009-07-28] (Sony Corporation) R2 SOHPlMgr; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [91432 2009-07-28] (Sony Corporation) S3 Sony Ericsson PCCompanion; C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [152064 2011-04-20] (Avanquest Software) R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.) R2 UnsignedThemes; C:\Windows\UnsignedThemesSvc.exe [24168 2009-07-13] (The Within Network, LLC) S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [69632 2009-07-23] (Sony Corporation) R2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [642920 2009-07-23] (Sony Corporation) R3 Vcsw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [313264 2009-07-23] (Sony Corporation) R2 Virtual Router; C:\Program Files (x86)\Virtual Router\VirtualRouterService.exe [12288 2009-11-18] (Chris Pietschmann (http://pietschsoft.com)) S2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [11839488 2011-11-13] () R2 VzCdbSvc; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [206336 2009-07-23] (Sony Corporation) ==================== Drivers (Whitelisted) ==================== R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.) R1 cnnctfy2; C:\Windows\System32\DRIVERS\cnnctfy2.sys [31344 2011-09-20] (Connectify) S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [256000 2010-08-31] (Huawei Technologies Co., Ltd.) R2 risdptsk; C:\Windows\system32\DRIVERS\risdsn64.sys [76288 2009-07-31] (REDC) S3 s1018bus; C:\Windows\System32\DRIVERS\s1018bus.sys [113704 2009-03-25] (MCCI Corporation) S3 s1018mdfl; C:\Windows\System32\DRIVERS\s1018mdfl.sys [19496 2009-03-25] (MCCI Corporation) S3 s1018mdm; C:\Windows\System32\DRIVERS\s1018mdm.sys [153128 2009-03-25] (MCCI Corporation) S3 s1018mgmt; C:\Windows\System32\DRIVERS\s1018mgmt.sys [133160 2009-03-25] (MCCI Corporation) S3 s1018nd5; C:\Windows\System32\DRIVERS\s1018nd5.sys [34856 2009-03-25] (MCCI Corporation) S3 s1018obex; C:\Windows\System32\DRIVERS\s1018obex.sys [128552 2009-03-25] (MCCI Corporation) S3 s1018unic; C:\Windows\System32\DRIVERS\s1018unic.sys [146472 2009-03-25] (MCCI Corporation) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2009-11-25] () R2 uxpatch; C:\Windows\system32\drivers\uxpatch.sys [30568 2009-07-13] () U3 a07p7jrl; C:\Windows\System32\Drivers\a07p7jrl.sys [0 ] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-09-06 01:49 - 2013-09-06 01:50 - 01037222 _____ C:\Users\x\Downloads\AdwCleaner.exe 2013-09-06 01:49 - 2013-09-06 01:49 - 00448512 _____ (OldTimer Tools) C:\Users\x\Downloads\TFC.exe 2013-09-03 18:28 - 2013-09-03 18:28 - 00000000 ____D C:\Program Files (x86)\HD Tune 2013-09-03 18:27 - 2013-09-03 18:28 - 00642632 _____ (EFD Software ) C:\Users\x\Downloads\hdtune_255.exe 2013-09-03 17:41 - 2009-07-14 03:41 - 02851328 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll.backup 2013-09-03 17:41 - 2009-07-14 03:41 - 00332288 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll.backup 2013-09-03 17:41 - 2009-07-14 03:41 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\themeservice.dll.backup 2013-09-03 17:39 - 2009-07-14 03:16 - 02755072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themeui.dll.backup 2013-09-03 17:39 - 2009-07-14 03:11 - 00245760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll.backup 2013-09-03 17:38 - 2013-09-03 17:38 - 00000000 ____D C:\Users\x\Downloads\Universal.Theme.Patcher 2013-09-03 17:36 - 2013-09-03 17:36 - 00000000 ____D C:\Users\x\Downloads\Mac_7_Version_2_by_Aaron_A_Arts 2013-09-03 17:35 - 2013-09-03 17:35 - 35329299 _____ C:\Users\x\Downloads\Mac_7_Version_2_by_Aaron_A_Arts.zip 2013-09-03 17:30 - 2013-09-03 17:30 - 00000000 ____D C:\Users\x\Downloads\snow_leopard_for_win7_final_by_sagorpirbd-d2h65m9 2013-09-03 13:33 - 2013-09-03 13:33 - 00104671 _____ C:\Users\x\Downloads\ringtone-NOON.m4r 2013-09-03 13:16 - 2013-09-03 13:16 - 00000000 ____D C:\Users\x\AppData\Roaming\iFunbox_UserCache 2013-09-03 13:15 - 2013-09-03 13:16 - 00000000 ____D C:\Program Files (x86)\i-Funbox DevTeam 2013-09-03 13:15 - 2013-09-03 13:15 - 00001016 _____ C:\Users\Public\Desktop\iFunbox.lnk 2013-09-03 10:34 - 2013-09-03 10:34 - 00141898 _____ C:\Users\x\Downloads\Extras.Txt 2013-09-03 10:32 - 2013-09-03 10:32 - 00135588 _____ C:\Users\x\Downloads\OTL.Txt 2013-09-03 09:38 - 2013-09-03 09:38 - 03191888 _____ (McAfee, Inc.) C:\Users\x\Downloads\MCPR.exe 2013-09-03 09:00 - 2013-09-03 09:00 - 00000000 ____D C:\FRST 2013-09-03 08:55 - 2013-09-03 08:55 - 01950474 _____ (Farbar) C:\Users\x\Downloads\FRST64.exe 2013-08-28 15:51 - 2013-08-28 15:56 - 00602112 _____ (OldTimer Tools) C:\Users\x\Downloads\OTL.exe 2013-08-28 10:05 - 2013-08-28 10:05 - 00000000 ____D C:\Users\Public\Desktop\CC Support 2013-08-28 10:03 - 2013-08-28 10:04 - 04009167 _____ C:\Users\x\Downloads\ServicesRepair.exe 2013-08-28 10:03 - 2013-08-28 10:03 - 01404229 _____ C:\Users\x\Downloads\BDDnsChangerDetector.zip 2013-08-28 09:59 - 2013-08-28 10:00 - 19275792 _____ (Bitdefender LLC) C:\Users\x\Downloads\BootkitRemoval_x64.exe 2013-08-26 08:22 - 2013-09-06 01:52 - 00005690 _____ C:\Windows\PFRO.log 2013-08-26 00:29 - 2013-08-26 00:29 - 00000000 ____D C:\Users\x\AppData\Roaming\Malwarebytes 2013-08-26 00:29 - 2013-08-26 00:29 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-08-26 00:29 - 2013-08-26 00:29 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-08-26 00:29 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2013-08-26 00:28 - 2013-08-26 00:28 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\x\Downloads\mbam-setup-1.75.0.1300 (1).exe 2013-08-26 00:25 - 2013-08-26 00:25 - 00000000 ____D C:\Program Files (x86)\DLLSuite 2013-08-26 00:24 - 2013-08-26 00:25 - 16214030 _____ ( ) C:\Users\x\Downloads\DLLSuite_Setup.exe 2013-08-26 00:23 - 2013-08-26 00:22 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\x\Downloads\mbam-setup-1.75.0.1300.exe 2013-08-13 22:30 - 2013-09-06 01:59 - 00050244 _____ C:\Windows\WindowsUpdate.log 2013-08-13 22:21 - 2013-09-06 02:02 - 00002744 _____ C:\Windows\setupact.log 2013-08-13 22:21 - 2013-08-13 22:21 - 00000000 _____ C:\Windows\setuperr.log 2013-08-13 22:15 - 2013-08-13 22:15 - 00004620 _____ C:\Users\Public\Documents\cc_20130813_221526.reg ==================== One Month Modified Files and Folders ======= 2013-09-06 02:02 - 2013-08-13 22:21 - 00002744 _____ C:\Windows\setupact.log 2013-09-06 02:02 - 2012-12-02 21:34 - 00000000 ____D C:\ProgramData\VMware 2013-09-06 02:02 - 2009-09-10 12:45 - 00001058 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-09-06 02:02 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-09-06 01:59 - 2013-08-13 22:30 - 00050244 _____ C:\Windows\WindowsUpdate.log 2013-09-06 01:59 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-09-06 01:59 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-09-06 01:52 - 2013-08-26 08:22 - 00005690 _____ C:\Windows\PFRO.log 2013-09-06 01:51 - 2013-09-06 01:50 - 00000000 ____D C:\AdwCleaner 2013-09-06 01:51 - 2009-11-25 20:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-09-06 01:50 - 2013-09-06 01:49 - 01037222 _____ C:\Users\x\Downloads\AdwCleaner.exe 2013-09-06 01:49 - 2013-09-06 01:49 - 00448512 _____ (OldTimer Tools) C:\Users\x\Downloads\TFC.exe 2013-09-06 01:41 - 2009-09-10 12:45 - 00001062 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-09-06 00:11 - 2009-11-29 22:03 - 00000000 ____D C:\Users\x\Desktop\Sample 2013-09-05 23:34 - 2011-10-19 17:13 - 00001062 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3030527572-2691701499-366312743-1000UA.job 2013-09-05 17:34 - 2011-10-19 17:13 - 00001040 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3030527572-2691701499-366312743-1000Core.job 2013-09-05 02:29 - 2009-11-23 14:11 - 00003942 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{EE6EA6C2-B416-49C9-A23D-069EDD817DAD} 2013-09-03 18:28 - 2013-09-03 18:28 - 00000000 ____D C:\Program Files (x86)\HD Tune 2013-09-03 18:28 - 2013-09-03 18:27 - 00642632 _____ (EFD Software ) C:\Users\x\Downloads\hdtune_255.exe 2013-09-03 17:41 - 2009-07-14 01:55 - 00332288 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll 2013-09-03 17:41 - 2009-07-14 01:54 - 02851328 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll 2013-09-03 17:41 - 2009-07-14 01:54 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\themeservice.dll 2013-09-03 17:39 - 2009-07-14 01:39 - 02755072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themeui.dll 2013-09-03 17:39 - 2009-07-14 01:39 - 00245760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll 2013-09-03 17:38 - 2013-09-03 17:38 - 00000000 ____D C:\Users\x\Downloads\Universal.Theme.Patcher 2013-09-03 17:36 - 2013-09-03 17:36 - 00000000 ____D C:\Users\x\Downloads\Mac_7_Version_2_by_Aaron_A_Arts 2013-09-03 17:35 - 2013-09-03 17:35 - 35329299 _____ C:\Users\x\Downloads\Mac_7_Version_2_by_Aaron_A_Arts.zip 2013-09-03 17:30 - 2013-09-03 17:30 - 00000000 ____D C:\Users\x\Downloads\snow_leopard_for_win7_final_by_sagorpirbd-d2h65m9 2013-09-03 13:40 - 2010-01-31 12:57 - 00000000 ____D C:\Users\x\Desktop\W960i 2013-09-03 13:33 - 2013-09-03 13:33 - 00104671 _____ C:\Users\x\Downloads\ringtone-NOON.m4r 2013-09-03 13:16 - 2013-09-03 13:16 - 00000000 ____D C:\Users\x\AppData\Roaming\iFunbox_UserCache 2013-09-03 13:16 - 2013-09-03 13:15 - 00000000 ____D C:\Program Files (x86)\i-Funbox DevTeam 2013-09-03 13:15 - 2013-09-03 13:15 - 00001016 _____ C:\Users\Public\Desktop\iFunbox.lnk 2013-09-03 11:00 - 2009-08-19 01:17 - 00611628 _____ C:\Windows\system32\perfh01F.dat 2013-09-03 11:00 - 2009-08-19 01:17 - 00124344 _____ C:\Windows\system32\perfc01F.dat 2013-09-03 11:00 - 2009-08-19 01:11 - 00619136 _____ C:\Windows\system32\perfh01D.dat 2013-09-03 11:00 - 2009-08-19 01:11 - 00126792 _____ C:\Windows\system32\perfc01D.dat 2013-09-03 11:00 - 2009-08-19 00:50 - 00706328 _____ C:\Windows\system32\perfh015.dat 2013-09-03 11:00 - 2009-08-19 00:50 - 00138088 _____ C:\Windows\system32\perfc015.dat 2013-09-03 11:00 - 2009-08-19 00:44 - 00633090 _____ C:\Windows\system32\perfh00E.dat 2013-09-03 11:00 - 2009-08-19 00:44 - 00150426 _____ C:\Windows\system32\perfc00E.dat 2013-09-03 11:00 - 2009-07-14 07:13 - 03828980 _____ C:\Windows\system32\PerfStringBackup.INI 2013-09-03 10:34 - 2013-09-03 10:34 - 00141898 _____ C:\Users\x\Downloads\Extras.Txt 2013-09-03 10:32 - 2013-09-03 10:32 - 00135588 _____ C:\Users\x\Downloads\OTL.Txt 2013-09-03 09:38 - 2013-09-03 09:38 - 03191888 _____ (McAfee, Inc.) C:\Users\x\Downloads\MCPR.exe 2013-09-03 09:38 - 2010-02-20 15:49 - 00000000 _____ C:\Windows\SysWOW64\config.nt 2013-09-03 09:00 - 2013-09-03 09:00 - 00000000 ____D C:\FRST 2013-09-03 08:55 - 2013-09-03 08:55 - 01950474 _____ (Farbar) C:\Users\x\Downloads\FRST64.exe 2013-08-28 15:56 - 2013-08-28 15:51 - 00602112 _____ (OldTimer Tools) C:\Users\x\Downloads\OTL.exe 2013-08-28 14:53 - 2009-07-14 07:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-08-28 10:05 - 2013-08-28 10:05 - 00000000 ____D C:\Users\Public\Desktop\CC Support 2013-08-28 10:04 - 2013-08-28 10:03 - 04009167 _____ C:\Users\x\Downloads\ServicesRepair.exe 2013-08-28 10:03 - 2013-08-28 10:03 - 01404229 _____ C:\Users\x\Downloads\BDDnsChangerDetector.zip 2013-08-28 10:00 - 2013-08-28 09:59 - 19275792 _____ (Bitdefender LLC) C:\Users\x\Downloads\BootkitRemoval_x64.exe 2013-08-26 23:38 - 2009-11-25 21:58 - 00000000 ___RD C:\Users\x\Desktop\Filmy 2013-08-26 23:37 - 2009-11-25 20:55 - 00000000 ____D C:\Users\x\AppData\Roaming\Winamp 2013-08-26 00:29 - 2013-08-26 00:29 - 00000000 ____D C:\Users\x\AppData\Roaming\Malwarebytes 2013-08-26 00:29 - 2013-08-26 00:29 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-08-26 00:29 - 2013-08-26 00:29 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-08-26 00:28 - 2013-08-26 00:28 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\x\Downloads\mbam-setup-1.75.0.1300 (1).exe 2013-08-26 00:25 - 2013-08-26 00:25 - 00000000 ____D C:\Program Files (x86)\DLLSuite 2013-08-26 00:25 - 2013-08-26 00:24 - 16214030 _____ ( ) C:\Users\x\Downloads\DLLSuite_Setup.exe 2013-08-26 00:22 - 2013-08-26 00:23 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\x\Downloads\mbam-setup-1.75.0.1300.exe 2013-08-13 22:21 - 2013-08-13 22:21 - 00000000 _____ C:\Windows\setuperr.log 2013-08-13 22:15 - 2013-08-13 22:15 - 00004620 _____ C:\Users\Public\Documents\cc_20130813_221526.reg 2013-08-12 18:05 - 2011-09-07 12:38 - 00000432 _____ C:\Windows\system32\Drivers\etc\hosts.ics ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-09-05 18:23 ==================== End Of Log ============================