Jump to content

dec31

Members
  • Posts

    17
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Kevin, I'm reading through all the information you posted, if I can still access it once this is locked, please lock at your convenience. If I lose access to the information, can I get 24 hours or so to go over everything. One more question, can I assume that my system is safe to use if I would like to donate using paypal? Again, many thanks for your helpful knowledge. ~R
  2. Good morning C:\_OTM\MovedFiles\07082013_115220\C_Program Files\InfoSeeker\IE\common.dll a variant of Win32/ExFriendAlert.B application C:\_OTM\MovedFiles\07082013_115220\C_Users\Robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0WWHMWFF\api_Downloader[1].exe a variant of Win32/BundleInstaller.C application C:\_OTM\MovedFiles\07082013_115220\C_Users\Robin\AppData\Local\Temp\DefaultTabSetup.exe a variant of Win32/Toolbar.DefaultTab.B application C:\_OTM\MovedFiles\07082013_115220\C_Users\Robin\AppData\Local\Temp\hsbing_717_active.exe multiple threats C:\_OTM\MovedFiles\07082013_115220\C_Users\Robin\AppData\Local\Temp\Shortcut_sweetpacks_dlcom_6212013.exe probably a variant of Win32/SweetIM.C application C:\_OTM\MovedFiles\07082013_115220\C_Users\Robin\AppData\Local\Temp\WSSetup.exe Win32/SweetIM.E application C:\_OTM\MovedFiles\07082013_115220\C_Users\Robin\Downloads\cbsidlm-tr1_13-HitmanPro_3_32bit-SEO-10895604.exe Win32/DownloadAdmin.G application C:\_OTM\MovedFiles\07082013_115220\C_Users\Robin\Downloads\frzfonts_d165396.exe a variant of Win32/InstallIQ.A application C:\_OTM\MovedFiles\07082013_115220\C_Windows\System32\ARFC\wrtc.exe Win32/SweetIM.E application
  3. System is working good. I know its late where you are so I'll run the AV scan whenever you have time to post instructions. Should I leave the programs/logs on the desktop? ex. FRST,OTL, OTM
  4. Is this the correct one? Sorry I have three different ones on the desktop. RogueKiller V8.6.2 [Jul 5 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version Started in : Normal mode User : Robin [Admin rights] Mode : Remove -- Date : 07/09/2013 13:16:52 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 10 ¤¤¤ [RUN][sUSP PATH] HKCU\[...]\Run : ROC_ROC_APR2013_AV (C:\Users\Robin\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 63bd65ee127de984aa78ba928c4b1bcf-c64db3337c0ec4f557b9be95062e29be2c303342 --CMPID ROC_APR2013_AV --CMPIDEXTRA 2012 [x][x][x][x]) -> DELETED [RUN][sUSP PATH] HKUS\S-1-5-21-442901960-3515935546-1508612407-1000\[...]\Run : ROC_ROC_APR2013_AV (C:\Users\Robin\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 63bd65ee127de984aa78ba928c4b1bcf-c64db3337c0ec4f557b9be95062e29be2c303342 --CMPID ROC_APR2013_AV --CMPIDEXTRA 2012 [x][x][x][x]) -> [0x2] The system cannot find the file specified. [sHELL][sUSP PATH] HKCU\[...]\Windows : load (C:\Users\Robin\LOCALS~1\Temp\msuaofao.com [x]) -> DELETED [sHELL][sUSP PATH] HKUS\[...]\Windows : load (C:\Users\Robin\LOCALS~1\Temp\msuaofao.com [x]) -> [0x2] The system cannot find the file specified. [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) [HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0) [HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) [HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Scheduled tasks : 2 ¤¤¤ [V1][sUSP PATH] ROC_REG_JAN_DELETE.job : C:\ProgramData\AVG January 2013 Campaign\ROC.exe - /DELETE_FROM_SYSTEM=1 [7] -> DELETED [V2][sUSP PATH] ROC_REG_JAN_DELETE : C:\ProgramData\AVG January 2013 Campaign\ROC.exe - /DELETE_FROM_SYSTEM=1 [7] -> DELETED ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ::1 localhost
  5. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 09-07-2013 Ran by Robin at 2013-07-09 13:12:30 Run:2 Running from C:\Users\Robin\Desktop Boot Mode: Normal ============================================== HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\\Load => Error setting value. ==== End of Fixlog ==== RogueKiller V8.6.2 [Jul 5 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version Started in : Normal mode User : Robin [Admin rights] Mode : Scan -- Date : 07/09/2013 13:16:07 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 10 ¤¤¤ [RUN][sUSP PATH] HKCU\[...]\Run : ROC_ROC_APR2013_AV (C:\Users\Robin\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 63bd65ee127de984aa78ba928c4b1bcf-c64db3337c0ec4f557b9be95062e29be2c303342 --CMPID ROC_APR2013_AV --CMPIDEXTRA 2012 [x][x][x][x]) -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-21-442901960-3515935546-1508612407-1000\[...]\Run : ROC_ROC_APR2013_AV (C:\Users\Robin\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 63bd65ee127de984aa78ba928c4b1bcf-c64db3337c0ec4f557b9be95062e29be2c303342 --CMPID ROC_APR2013_AV --CMPIDEXTRA 2012 [x][x][x][x]) -> FOUND [sHELL][sUSP PATH] HKCU\[...]\Windows : load (C:\Users\Robin\LOCALS~1\Temp\msuaofao.com [x]) -> FOUND [sHELL][sUSP PATH] HKUS\[...]\Windows : load (C:\Users\Robin\LOCALS~1\Temp\msuaofao.com [x]) -> FOUND [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND [HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 2 ¤¤¤ [V1][sUSP PATH] ROC_REG_JAN_DELETE.job : C:\ProgramData\AVG January 2013 Campaign\ROC.exe - /DELETE_FROM_SYSTEM=1 [7] -> FOUND [V2][sUSP PATH] ROC_REG_JAN_DELETE : C:\ProgramData\AVG January 2013 Campaign\ROC.exe - /DELETE_FROM_SYSTEM=1 [7] -> FOUND ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: TOSHIBA MK2552GSX +++++ --- User --- [MBR] dd2deb73353eef532d60874a5dc4900b [bSP] e942978e47cced8436e0fb06ecdb212e : Windows Vista MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 8091 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 16572416 | Size: 230382 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_07092013_131607.txt >> RKreport[0]_S_07092013_105046.txt;RKreport[0]_S_07092013_105225.txt Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.07.07.03 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Robin :: ROBIN-PC [administrator] 7/9/2013 1:18:12 PM mbam-log-2013-07-09 (13-18-12).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 210871 Time elapsed: 8 minute(s), 52 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  6. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-07-2013 Ran by Robin (administrator) on 08-07-2013 21:14:53 Running from C:\Users\Robin\Desktop Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2013\avgrsx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgcsrvx.exe (Microsoft Corporation) C:\Windows\system32\SLsvc.exe (SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe (Microsoft Corporation) C:\Windows\system32\WLANExt.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgwdsvc.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE (ArcSoft, Inc.) C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe (Sony Corporation) C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSpt.exe (AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe (Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation) C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgnsx.exe (Intel Corporation) C:\Windows\system32\igfxext.exe (Sony Corporation) C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe (Intel Corporation) C:\Windows\system32\igfxsrvc.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgemcx.exe (Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe (Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgui.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Spotify Ltd) C:\Users\Robin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe (Sony of America Corporation) C:\Program Files\Sony\VAIO Care\listener.exe (Microsoft Corporation) C:\Windows\system32\wuauclt.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCsystray.exe (Microsoft Corporation) C:\Windows\system32\msiexec.exe (Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [] [x] HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.) HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [41056 2013-05-08] (Adobe Systems Incorporated) HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.) HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.) HKLM\...\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY [4408368 2013-04-29] (AVG Technologies CZ, s.r.o.) HKLM\...\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation) HKLM\...\Winlogon: [userinit] C:\Windows\system32\userinit.exe, [x] Winlogon\Notify\VESWinlogon: VESWinlogon.dll (Sony Corporation) HKCU\...\Run: [spotify Web Helper] "C:\Users\Robin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1104384 2013-06-19] (Spotify Ltd) HKCU\...\Run: [spotify] "C:\Users\Robin\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart [4643328 2013-06-19] (Spotify Ltd) HKCU\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation) HKCU\...\Run: [ROC_ROC_APR2013_AV] C:\Users\Robin\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 63bd65ee127de984aa78ba928c4b1bcf-c64db3337c0ec4f557b9be95062e29be2c303342 --CMPID ROC_APR2013_AV --CMPIDEXTRA 2012 [x] HKCU\...\Runonce: [shockwave Updater] C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; GTB7.1; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; BRI/2; 899703750903; compat/00302)" -"http://www.pearsonsuccessnet.com/iText/products/0-328-30608-8/index.html" [x] HKCU\...\CurrentVersion\Windows: [Load] C:\Users\Robin\LOCALS~1\Temp\msuaofao.com ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople_f08 HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople_f08 SearchScopes: HKCU - {9E1E49AC-C20E-4545-999A-B8994837F61D} URL = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=843&invocationType=tb50sonyie7&query={searchTerms} SearchScopes: HKCU - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://search.avg.com/?d=4d540858&i=23&tp=chrome&q={searchTerms}&lng={language}&nt=1 BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" No File BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) DPF: {055B4212-4C81-448E-AFA9-C3CA4AAE8F95} http://games.bigfishgames.com/en_dairy-dash-game/online/DairyDashWeb.1.0.0.15.cab DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} https://secureaccess.darden.com/cab/,DSID=8481af39266ee63f8e7e4d131a9ad305,DanaInfo=ikitchen.darden.com,ST=1+/smsx.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {195B4BBF-E1E4-4020-9773-0A8C6F65EA35} http://aolsvc.aol.com/onlinegames/free-trial-cooking-dash/CookingDashWeb.1.0.0.9.cab DPF: {4DCA1E08-4147-4A3D-8CA6-E095DF189FAB} http://games.bigfishgames.com/en_nightshift-legacy-the-jaguars-eye/online/Nightshift2Web.1.0.0.9.cab DPF: {74EF5274-F439-2168-B543-14745B625C72} http://games.bigfishgames.com/en_wedding-dash-2-rings-around-world-game/online/WeddingDash2Web.1.0.0.11.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} http://aolsvc.aol.com/onlinegames/free-trial-burger-shop/GoBitGamesPlayer_v4.cab DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab DPF: {CEBE157C-C91E-4A45-BB3C-45F8C77C012F} http://aolsvc.aol.com/onlinegames/free-trial-wandering-willows/WanderingWillowsWeb.1.0.0.18.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T27L10NSP32EP5-14362/webex/ieatgpc1.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {F135A813-7152-4532-AC8D-28AC2136DFC7} http://games.bigfishgames.com/en_parking-dash/online/parkingdash.1.0.0.10.cab DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\bi8vod73.default FF SelectedSearchEngine: Bing FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @nsroblox.roblox.com/launcher - C:\Users\Robin\AppData\Local\Roblox\Versions\version-6cfc785e896545ae\\NPRobloxProxy.dll ( ROBLOX Corporation) FF Extension: No Name - C:\Users\Robin\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} FF Extension: Microsoft .NET Framework Assistant - C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\bi8vod73.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ========================== Services (Whitelisted) ================= R2 AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [4937264 2013-05-14] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [283136 2013-04-18] (AVG Technologies CZ, s.r.o.) R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [106280 2013-07-07] (SurfRight B.V.) R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [187792 2010-08-12] (Sony Corporation) S3 SOHCImp; C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe [103712 2008-05-20] (Sony Corporation) S3 SOHDms; C:\Program Files\Sony\VAIO Media plus\SOHDms.exe [353568 2008-05-20] (Sony Corporation) S3 SOHDs; C:\Program Files\Sony\VAIO Media plus\SOHDs.exe [62752 2008-05-20] (Sony Corporation) R2 uCamMonitor; C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe [104960 2008-03-25] (ArcSoft, Inc.) S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [73728 2008-05-22] (Sony Corporation) R2 VCFw; C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [415744 2008-06-20] (Sony Corporation) S3 VcmIAlzMgr; C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [337184 2008-06-12] (Sony Corporation) R3 Vcsw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [279848 2008-06-19] (Sony Corporation) R2 vToolbarUpdater15.3.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [1598128 2013-07-07] (AVG Secure Search) S3 VUAgent; C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [722288 2010-06-09] (Sony Corporation) R2 VzCdbSvc; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [192512 2008-05-22] (Sony Corporation) S3 MSCSPTISRV; "C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe" [x] S3 SPTISRV; "C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe" [x] ==================== Drivers (Whitelisted) ==================== R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [17408 2008-01-30] (ArcSoft, Inc.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [208184 2013-03-29] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [60216 2013-02-08] (AVG Technologies CZ, s.r.o.) R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22328 2013-03-01] (AVG Technologies CZ, s.r.o.) R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [170808 2013-02-08] (AVG Technologies CZ, s.r.o.) R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [245048 2013-02-08] (AVG Technologies CZ, s.r.o.) R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [96568 2013-02-08] (AVG Technologies CZ, s.r.o.) R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [39224 2013-02-08] (AVG Technologies CZ, s.r.o.) R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [182072 2013-03-21] (AVG Technologies CZ, s.r.o.) R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-07-07] (AVG Technologies) S3 IpInIp; system32\DRIVERS\ipinip.sys [x] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-07-08 21:14 - 2013-07-08 21:14 - 01216596 ____A (Farbar) C:\Users\Robin\Desktop\FRST.exe 2013-07-08 17:38 - 2013-07-08 17:38 - 00056406 ____A C:\Users\Robin\Desktop\Extras.Txt 2013-07-08 17:35 - 2013-07-08 17:35 - 00167088 ____A C:\Users\Robin\Desktop\OTL.Txt 2013-07-08 17:22 - 2013-07-08 17:22 - 00602112 ____A (OldTimer Tools) C:\Users\Robin\Desktop\OTL.exe 2013-07-08 17:11 - 2013-07-08 17:11 - 00000000 ____D C:\Users\Robin\AppData\Roaming\Oracle 2013-07-08 17:10 - 2013-07-08 17:10 - 00000000 ____D C:\Program Files\Common Files\Java 2013-07-08 17:10 - 2013-07-08 17:09 - 00263592 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe 2013-07-08 17:10 - 2013-07-08 17:09 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe 2013-07-08 17:10 - 2013-07-08 17:09 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\java.exe 2013-07-08 17:10 - 2013-07-08 17:09 - 00094632 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll 2013-07-08 11:52 - 2013-07-08 11:52 - 00000000 ____D C:\_OTM 2013-07-08 11:49 - 2013-07-08 11:49 - 00522240 ____A (OldTimer Tools) C:\Users\Robin\Desktop\OTM.exe 2013-07-07 22:25 - 2013-07-07 22:25 - 00000901 ____A C:\Users\Robin\Desktop\esetscan.txt 2013-07-07 19:44 - 2013-07-07 19:44 - 00890988 ____A C:\Users\Robin\Desktop\SecurityCheck.exe 2013-07-07 19:40 - 2013-07-07 19:40 - 00000933 ____A C:\Users\Robin\Desktop\AdwCleaner[s2].txt 2013-07-07 19:26 - 2013-07-07 19:26 - 00650027 ____A C:\Users\Robin\Desktop\AdwCleaner.exe 2013-07-07 19:26 - 2013-07-07 19:26 - 00000933 ____A C:\AdwCleaner[s2].txt 2013-07-07 18:48 - 2013-07-07 19:22 - 00000000 ____D C:\FRST 2013-07-07 18:37 - 2013-07-07 19:26 - 00000230 ____A C:\Windows\DeleteOnReboot.bat 2013-07-07 18:37 - 2013-07-07 18:37 - 00014213 ____A C:\AdwCleaner[s1].txt 2013-07-07 17:54 - 2013-07-07 17:58 - 00021498 ____A C:\Users\Robin\Desktop\dds.txt 2013-07-07 17:54 - 2013-07-07 17:57 - 00008690 ____A C:\Users\Robin\Desktop\attach.txt 2013-07-07 16:34 - 2013-07-07 16:34 - 00001737 ____A C:\Users\Public\Desktop\HitmanPro.lnk 2013-07-07 16:34 - 2013-07-07 16:34 - 00000000 ____D C:\Program Files\HitmanPro 2013-07-07 16:31 - 2013-07-07 16:31 - 00000000 ____D C:\ProgramData\Real 2013-07-07 16:30 - 2013-07-07 16:38 - 00000000 ____D C:\ProgramData\HitmanPro 2013-07-07 16:30 - 2013-07-07 16:30 - 09171472 ____A (SurfRight B.V.) C:\Users\Robin\Downloads\HitmanPro.exe 2013-07-07 16:28 - 2013-07-08 11:52 - 00000000 ____D C:\Windows\System32\ARFC 2013-07-07 16:28 - 2013-07-07 16:28 - 00000000 ____D C:\Windows\System32\jmdp 2013-07-07 16:28 - 2013-02-05 03:25 - 00554832 ____A (Microsoft Corporation) C:\Windows\System32\msvcp80.dll 2013-07-07 16:28 - 2013-02-05 03:25 - 00479232 ____A (Microsoft Corporation) C:\Windows\System32\msvcm80.dll 2013-07-07 16:28 - 2013-02-05 03:25 - 00001870 ____A C:\Windows\System32\Microsoft.VC80.CRT.manifest 2013-07-07 15:09 - 2013-07-08 11:56 - 00000847 ____A C:\Users\Public\Desktop\AVG 2013.lnk 2013-07-07 15:09 - 2013-07-07 16:31 - 00000000 ____D C:\ProgramData\AVG SafeGuard toolbar 2013-07-07 15:09 - 2013-07-07 15:09 - 00037664 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx86.sys 2013-07-07 15:09 - 2013-07-07 15:09 - 00000000 ____D C:\Program Files\AVG SafeGuard toolbar 2013-07-07 14:58 - 2013-07-07 14:58 - 04464544 ____A (AVG Technologies) C:\Users\Robin\Downloads\avg_isct_stb_all_2013_3345(1).exe 2013-07-07 14:57 - 2013-07-07 14:57 - 04464544 ____A (AVG Technologies) C:\Users\Robin\Downloads\avg_isct_stb_all_2013_3345.exe 2013-07-07 12:16 - 2013-07-07 12:16 - 00000911 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-07-07 10:48 - 2013-07-07 16:58 - 00018232 ____A C:\Windows\PFRO.log 2013-07-07 05:37 - 2013-07-07 05:37 - 00000000 ____D C:\Users\Robin\AppData\Roaming\AVG2013 2013-07-07 05:33 - 2013-07-07 05:33 - 00000000 ____D C:\Users\Robin\AppData\Local\AVG SafeGuard toolbar 2013-07-07 05:32 - 2013-07-07 18:37 - 00000000 ____D C:\Program Files\Common Files\AVG Secure Search 2013-07-07 05:32 - 2013-07-07 05:32 - 00000000 ____D C:\Users\Robin\AppData\Roaming\TuneUp Software 2013-07-07 05:29 - 2013-07-07 15:07 - 00000000 ____D C:\ProgramData\AVG2013 2013-07-07 05:18 - 2013-07-07 15:23 - 00000000 ____D C:\Users\Robin\AppData\Local\Avg2013 2013-07-07 05:18 - 2013-07-07 05:18 - 00000000 ____D C:\Users\Robin\AppData\Local\MFAData 2013-07-04 18:44 - 2013-07-04 18:44 - 00000000 ____D C:\Program Files\Mozilla Firefox(0) 2013-07-01 17:27 - 2013-07-01 17:27 - 266675880 ____A C:\Windows\MEMORY.DMP 2013-07-01 17:27 - 2013-07-01 17:27 - 00142512 ____A C:\Windows\Minidump\Mini070113-01.dmp 2013-06-20 03:20 - 2013-05-16 19:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-06-20 03:20 - 2013-05-16 18:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-06-20 03:20 - 2013-05-16 18:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-06-20 03:20 - 2013-05-16 18:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-06-20 03:20 - 2013-05-16 18:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-06-20 03:20 - 2013-05-16 18:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2013-06-20 03:20 - 2013-05-16 18:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2013-06-20 03:20 - 2013-05-16 18:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-06-20 03:20 - 2013-05-16 18:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-06-20 03:20 - 2013-05-16 18:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2013-06-20 03:20 - 2013-05-16 18:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2013-06-20 03:20 - 2013-05-16 18:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-06-20 03:20 - 2013-05-16 18:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-06-20 03:20 - 2013-05-16 18:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2013-06-20 03:20 - 2013-05-16 18:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-06-20 03:20 - 2013-05-16 18:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-06-19 21:54 - 2013-05-08 00:37 - 00905576 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2013-06-19 21:54 - 2013-05-02 18:03 - 03603832 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe 2013-06-19 21:54 - 2013-05-02 18:03 - 03551096 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2013-06-19 21:54 - 2013-05-02 00:04 - 00443904 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll 2013-06-19 21:54 - 2013-05-02 00:03 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\printcom.dll 2013-06-19 21:54 - 2013-04-24 00:00 - 00985600 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2013-06-19 21:54 - 2013-04-24 00:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2013-06-19 21:54 - 2013-04-24 00:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2013-06-19 21:54 - 2013-04-24 00:00 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll 2013-06-19 21:54 - 2013-04-23 21:46 - 00812544 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe 2013-06-19 21:54 - 2013-04-17 08:30 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll 2013-06-15 16:54 - 2013-07-02 13:39 - 00001158 ____A C:\Users\Robin\Desktop\ROBLOX Player.lnk 2013-06-15 16:53 - 2013-07-04 22:42 - 00001170 ____A C:\Users\Robin\Desktop\ROBLOX Studio 2013.lnk 2013-06-15 16:53 - 2013-06-15 16:55 - 00000000 ____D C:\Users\Robin\AppData\Local\Roblox 2013-06-15 16:53 - 2013-06-15 16:53 - 00542576 ____A (ROBLOX Corporation) C:\Users\Robin\Downloads\RobloxPlayerLauncher.exe 2013-06-15 16:53 - 2013-06-15 16:53 - 00542576 ____A (ROBLOX Corporation) C:\Users\Robin\Downloads\RobloxPlayerLauncher(1).exe ==================== One Month Modified Files and Folders ======= 2013-07-08 21:14 - 2013-07-08 21:14 - 01216596 ____A (Farbar) C:\Users\Robin\Desktop\FRST.exe 2013-07-08 20:55 - 2006-11-02 08:47 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2013-07-08 20:55 - 2006-11-02 08:47 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2013-07-08 20:38 - 2010-01-29 14:11 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-07-08 20:36 - 2012-05-08 15:50 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-07-08 20:29 - 2012-06-05 19:19 - 00000338 ____A C:\Windows\Tasks\HP Photo Creations Communicator.job 2013-07-08 19:12 - 2011-02-10 11:31 - 00000000 ____D C:\ProgramData\MFAData 2013-07-08 18:59 - 2011-01-09 23:47 - 01561042 ____A C:\Windows\WindowsUpdate.log 2013-07-08 18:57 - 2012-12-26 13:40 - 00000000 ____D C:\Users\Robin\AppData\Roaming\Spotify 2013-07-08 18:55 - 2010-01-29 14:11 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-07-08 18:55 - 2006-11-02 09:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-07-08 18:54 - 2008-07-24 05:09 - 00000012 ____A C:\Windows\bthservsdp.dat 2013-07-08 18:54 - 2006-11-02 09:01 - 00032630 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2013-07-08 17:38 - 2013-07-08 17:38 - 00056406 ____A C:\Users\Robin\Desktop\Extras.Txt 2013-07-08 17:35 - 2013-07-08 17:35 - 00167088 ____A C:\Users\Robin\Desktop\OTL.Txt 2013-07-08 17:22 - 2013-07-08 17:22 - 00602112 ____A (OldTimer Tools) C:\Users\Robin\Desktop\OTL.exe 2013-07-08 17:11 - 2013-07-08 17:11 - 00000000 ____D C:\Users\Robin\AppData\Roaming\Oracle 2013-07-08 17:10 - 2013-07-08 17:10 - 00000000 ____D C:\Program Files\Common Files\Java 2013-07-08 17:09 - 2013-07-08 17:10 - 00263592 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe 2013-07-08 17:09 - 2013-07-08 17:10 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe 2013-07-08 17:09 - 2013-07-08 17:10 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\java.exe 2013-07-08 17:09 - 2013-07-08 17:10 - 00094632 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll 2013-07-08 17:09 - 2012-05-08 15:22 - 00867240 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll 2013-07-08 17:09 - 2010-05-04 10:48 - 00789416 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll 2013-07-08 17:04 - 2012-05-08 15:52 - 00001892 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk 2013-07-08 11:56 - 2013-07-07 15:09 - 00000847 ____A C:\Users\Public\Desktop\AVG 2013.lnk 2013-07-08 11:56 - 2011-02-10 11:38 - 00000000 ___HD C:\$AVG 2013-07-08 11:52 - 2013-07-08 11:52 - 00000000 ____D C:\_OTM 2013-07-08 11:52 - 2013-07-07 16:28 - 00000000 ____D C:\Windows\System32\ARFC 2013-07-08 11:49 - 2013-07-08 11:49 - 00522240 ____A (OldTimer Tools) C:\Users\Robin\Desktop\OTM.exe 2013-07-07 22:25 - 2013-07-07 22:25 - 00000901 ____A C:\Users\Robin\Desktop\esetscan.txt 2013-07-07 19:44 - 2013-07-07 19:44 - 00890988 ____A C:\Users\Robin\Desktop\SecurityCheck.exe 2013-07-07 19:40 - 2013-07-07 19:40 - 00000933 ____A C:\Users\Robin\Desktop\AdwCleaner[s2].txt 2013-07-07 19:26 - 2013-07-07 19:26 - 00650027 ____A C:\Users\Robin\Desktop\AdwCleaner.exe 2013-07-07 19:26 - 2013-07-07 19:26 - 00000933 ____A C:\AdwCleaner[s2].txt 2013-07-07 19:26 - 2013-07-07 18:37 - 00000230 ____A C:\Windows\DeleteOnReboot.bat 2013-07-07 19:22 - 2013-07-07 18:48 - 00000000 ____D C:\FRST 2013-07-07 18:37 - 2013-07-07 18:37 - 00014213 ____A C:\AdwCleaner[s1].txt 2013-07-07 18:37 - 2013-07-07 05:32 - 00000000 ____D C:\Program Files\Common Files\AVG Secure Search 2013-07-07 17:58 - 2013-07-07 17:54 - 00021498 ____A C:\Users\Robin\Desktop\dds.txt 2013-07-07 17:57 - 2013-07-07 17:54 - 00008690 ____A C:\Users\Robin\Desktop\attach.txt 2013-07-07 16:58 - 2013-07-07 10:48 - 00018232 ____A C:\Windows\PFRO.log 2013-07-07 16:58 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\Web 2013-07-07 16:38 - 2013-07-07 16:30 - 00000000 ____D C:\ProgramData\HitmanPro 2013-07-07 16:34 - 2013-07-07 16:34 - 00001737 ____A C:\Users\Public\Desktop\HitmanPro.lnk 2013-07-07 16:34 - 2013-07-07 16:34 - 00000000 ____D C:\Program Files\HitmanPro 2013-07-07 16:31 - 2013-07-07 16:31 - 00000000 ____D C:\ProgramData\Real 2013-07-07 16:31 - 2013-07-07 15:09 - 00000000 ____D C:\ProgramData\AVG SafeGuard toolbar 2013-07-07 16:30 - 2013-07-07 16:30 - 09171472 ____A (SurfRight B.V.) C:\Users\Robin\Downloads\HitmanPro.exe 2013-07-07 16:28 - 2013-07-07 16:28 - 00000000 ____D C:\Windows\System32\jmdp 2013-07-07 16:28 - 2013-05-19 20:36 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-07-07 16:26 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\Resources 2013-07-07 15:23 - 2013-07-07 05:18 - 00000000 ____D C:\Users\Robin\AppData\Local\Avg2013 2013-07-07 15:14 - 2009-09-10 23:06 - 00000000 ____D C:\Program Files\AVG 2013-07-07 15:09 - 2013-07-07 15:09 - 00037664 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx86.sys 2013-07-07 15:09 - 2013-07-07 15:09 - 00000000 ____D C:\Program Files\AVG SafeGuard toolbar 2013-07-07 15:07 - 2013-07-07 05:29 - 00000000 ____D C:\ProgramData\AVG2013 2013-07-07 14:58 - 2013-07-07 14:58 - 04464544 ____A (AVG Technologies) C:\Users\Robin\Downloads\avg_isct_stb_all_2013_3345(1).exe 2013-07-07 14:57 - 2013-07-07 14:57 - 04464544 ____A (AVG Technologies) C:\Users\Robin\Downloads\avg_isct_stb_all_2013_3345.exe 2013-07-07 12:36 - 2006-11-02 08:37 - 00000000 ____D C:\Windows\ShellNew 2013-07-07 12:16 - 2013-07-07 12:16 - 00000911 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-07-07 12:16 - 2009-09-21 13:16 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-07-07 12:12 - 2006-11-02 06:22 - 50855936 ____A C:\Windows\System32\config\software_previous 2013-07-07 12:12 - 2006-11-02 06:22 - 38797312 ____A C:\Windows\System32\config\components_previous 2013-07-07 12:12 - 2006-11-02 06:22 - 21233664 ____A C:\Windows\System32\config\system_previous 2013-07-07 12:12 - 2006-11-02 06:22 - 00524288 ____A C:\Windows\System32\config\default_previous 2013-07-07 12:12 - 2006-11-02 06:22 - 00262144 ____A C:\Windows\System32\config\security_previous 2013-07-07 12:12 - 2006-11-02 06:22 - 00262144 ____A C:\Windows\System32\config\sam_previous 2013-07-07 12:11 - 2012-04-27 10:49 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2013-07-07 12:11 - 2011-01-26 04:53 - 00000000 ____D C:\Windows\Minidump 2013-07-07 12:11 - 2009-05-20 12:06 - 00000000 ____D C:\users\Robin 2013-07-07 12:11 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\System32\spool 2013-07-07 12:11 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\System32\Msdtc 2013-07-07 12:11 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\registration 2013-07-07 05:37 - 2013-07-07 05:37 - 00000000 ____D C:\Users\Robin\AppData\Roaming\AVG2013 2013-07-07 05:33 - 2013-07-07 05:33 - 00000000 ____D C:\Users\Robin\AppData\Local\AVG SafeGuard toolbar 2013-07-07 05:32 - 2013-07-07 05:32 - 00000000 ____D C:\Users\Robin\AppData\Roaming\TuneUp Software 2013-07-07 05:18 - 2013-07-07 05:18 - 00000000 ____D C:\Users\Robin\AppData\Local\MFAData 2013-07-04 22:42 - 2013-06-15 16:53 - 00001170 ____A C:\Users\Robin\Desktop\ROBLOX Studio 2013.lnk 2013-07-04 18:44 - 2013-07-04 18:44 - 00000000 ____D C:\Program Files\Mozilla Firefox(0) 2013-07-02 13:39 - 2013-06-15 16:54 - 00001158 ____A C:\Users\Robin\Desktop\ROBLOX Player.lnk 2013-07-01 17:27 - 2013-07-01 17:27 - 266675880 ____A C:\Windows\MEMORY.DMP 2013-07-01 17:27 - 2013-07-01 17:27 - 00142512 ____A C:\Windows\Minidump\Mini070113-01.dmp 2013-07-01 13:19 - 2012-12-26 13:41 - 00000000 ____D C:\Users\Robin\AppData\Local\Spotify 2013-06-25 14:35 - 2006-11-02 06:33 - 00709710 ____A C:\Windows\System32\PerfStringBackup.INI 2013-06-21 09:34 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\Microsoft.NET 2013-06-20 04:00 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\rescache 2013-06-15 16:55 - 2013-06-15 16:53 - 00000000 ____D C:\Users\Robin\AppData\Local\Roblox 2013-06-15 16:53 - 2013-06-15 16:53 - 00542576 ____A (ROBLOX Corporation) C:\Users\Robin\Downloads\RobloxPlayerLauncher.exe 2013-06-15 16:53 - 2013-06-15 16:53 - 00542576 ____A (ROBLOX Corporation) C:\Users\Robin\Downloads\RobloxPlayerLauncher(1).exe 2013-06-12 18:36 - 2012-05-08 15:50 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe 2013-06-12 18:36 - 2011-09-05 20:40 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-07-08 19:01 ==================== End Of Log ============================ RogueKiller V8.6.2 [Jul 5 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version Started in : Normal mode User : Robin [Admin rights] Mode : Scan -- Date : 07/09/2013 10:52:25 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 10 ¤¤¤ [RUN][sUSP PATH] HKCU\[...]\Run : ROC_ROC_APR2013_AV (C:\Users\Robin\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 63bd65ee127de984aa78ba928c4b1bcf-c64db3337c0ec4f557b9be95062e29be2c303342 --CMPID ROC_APR2013_AV --CMPIDEXTRA 2012 [x][x][x][x]) -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-21-442901960-3515935546-1508612407-1000\[...]\Run : ROC_ROC_APR2013_AV (C:\Users\Robin\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 63bd65ee127de984aa78ba928c4b1bcf-c64db3337c0ec4f557b9be95062e29be2c303342 --CMPID ROC_APR2013_AV --CMPIDEXTRA 2012 [x][x][x][x]) -> FOUND [sHELL][sUSP PATH] HKCU\[...]\Windows : load (C:\Users\Robin\LOCALS~1\Temp\msuaofao.com [x]) -> FOUND [sHELL][sUSP PATH] HKUS\[...]\Windows : load (C:\Users\Robin\LOCALS~1\Temp\msuaofao.com [x]) -> FOUND [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND [HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 2 ¤¤¤ [V1][sUSP PATH] ROC_REG_JAN_DELETE.job : C:\ProgramData\AVG January 2013 Campaign\ROC.exe - /DELETE_FROM_SYSTEM=1 [7] -> FOUND [V2][sUSP PATH] ROC_REG_JAN_DELETE : C:\ProgramData\AVG January 2013 Campaign\ROC.exe - /DELETE_FROM_SYSTEM=1 [7] -> FOUND ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: TOSHIBA MK2552GSX +++++ --- User --- [MBR] dd2deb73353eef532d60874a5dc4900b [bSP] e942978e47cced8436e0fb06ecdb212e : Windows Vista MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 8091 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 16572416 | Size: 230382 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_07092013_105225.txt >> RKreport[0]_S_07092013_105046.txt
  7. When I try to download RogueKiller it's telling me "I do not have permission to save to desktop. Contact the admin for permission. Would I like to save it in a folder instead?" I'll wait till I hear from you to continue. I think my head is spinning from all these codes and such!! I'm glad for your help. R
  8. Computer is working good but I ran Malware Bytes again and Trajon Ransom is still coming up. Log below. Internet Explorer 9.0.8112.16421 Robin :: ROBIN-PC [administrator] 7/8/2013 6:42:27 PM mbam-log-2013-07-08 (18-42-27).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 210965 Time elapsed: 7 minute(s), 37 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 2 HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Data: C:\Users\Robin\LOCALS~1\Temp\msuaofao.com -> Delete on reboot. HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Ransom) -> Data: C:\Users\Robin\LOCALS~1\Temp\msuaofao.com -> Delete on reboot. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  9. Post too long. Also for Java it keeps asking if I want to enable the Java Plug-In 2 ssv helper add on. Should I enable it? Extra log OTL Extras logfile created on: 7/8/2013 5:25:43 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Robin\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.87 Gb Total Physical Memory | 1.27 Gb Available Physical Memory | 44.20% Memory free 5.95 Gb Paging File | 4.07 Gb Available in Paging File | 68.48% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 224.98 Gb Total Space | 128.38 Gb Free Space | 57.06% Space Free | Partition Type: NTFS Computer Name: ROBIN-PC | User Name: Robin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-442901960-3515935546-1508612407-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{14C38092-9237-429D-A963-E406170C00C4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{1966A9AB-F39A-405A-991B-0058AB34324F}" = lport=139 | protocol=6 | dir=in | app=system | "{7FB57642-3C6E-47B7-99E6-2BB761AE1A69}" = rport=138 | protocol=17 | dir=out | app=system | "{888CFF05-5D80-46DD-9C06-D798B2586AA6}" = rport=139 | protocol=6 | dir=out | app=system | "{8FFBAC6C-75E4-44EB-AF3D-C3F108D6D597}" = rport=137 | protocol=17 | dir=out | app=system | "{992ED136-72C9-47AC-A0EC-C2D346DD443E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{A484B6F9-CABB-4F31-8A95-159C7B37BBE9}" = rport=445 | protocol=6 | dir=out | app=system | "{B73D545F-E1D4-4EFA-B9E1-2E59D656084C}" = lport=138 | protocol=17 | dir=in | app=system | "{D6C3F3EA-350D-48F7-8C62-CF47D49DD96E}" = lport=445 | protocol=6 | dir=in | app=system | "{FD8D0450-8006-400F-A98F-345128A01A84}" = lport=137 | protocol=17 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01C7D9B3-3C02-4F17-A1C7-036075F3F425}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{09B922EC-4083-413D-BE70-680AE4F253ED}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\devicesetup.exe | "{0A3B74F0-CAA0-46B4-9AEA-38162221767A}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe | "{29F0EB78-7B6D-4D71-824A-F01704307E15}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{3241E2D7-9828-4B0A-865F-EC10E3C8F7A0}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{33825249-CE34-48B2-B4B2-3C79C364A6F4}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\devicesetup.exe | "{41871A15-53EA-4151-9A0D-800883371958}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{48BF36EC-E3F0-4C0F-8D78-600B9341862F}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | "{4C3C394B-A5BE-44EF-B40E-D17969C9B118}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe | "{4CD69963-4D96-4496-B581-720AEF9706AB}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe | "{592FE4A3-75A8-4BDA-A6E3-CCCFD51549BA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{5ABE7E83-9469-426D-BCF4-69026F84B5B9}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe | "{5D935215-5FB6-4222-BF20-444D30713156}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe | "{63471E63-B3EC-4390-B5D1-57AA2180102C}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | "{63AC77DE-4B12-43EF-AFA0-8F9799B6CD34}" = protocol=17 | dir=in | app=c:\program files\aol\rc\regclient.exe | "{678C4B35-6DEF-45D2-BD2B-2F0ED1BB634B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{68813704-B873-4CA4-942B-EFF270423500}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | "{7B637932-B211-4E1B-8321-BF766CEE4B04}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe | "{7E20437A-1137-4241-BB61-252F2E6C7726}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe | "{8B14E673-1E28-40D5-9FA1-4DC11D2C4826}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe | "{911B7568-B948-4CB6-AD1B-E3847CAEE3F6}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe | "{9165A38F-0D75-4644-8049-A463109AA630}" = dir=in | app=c:\program files\itunes\itunes.exe | "{9E184923-B1E2-4FCD-8F10-737E3D3F8C81}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe | "{A66B1FA7-4A32-4BBD-8247-5639A12FA960}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe | "{AACC6775-1163-4DEF-958E-97EE6BBCECE7}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe | "{B1201DFF-DAD6-4EAA-BBD4-2444557916C4}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe | "{C998FF7A-F795-4200-BEBA-12DAA4D8899E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{CD3061AF-28BA-4E94-8EA8-3A57050FE3BE}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe | "{D1B5FB44-E5C6-472A-B938-9F2F6D79F87D}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe | "{D98B1E3D-D270-41E4-98BE-8BBE592610CC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{D9E23EFB-8060-4972-BDFE-901629EC0DA0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{E007BB50-B903-45FA-9778-84A687DD801D}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe | "{ECDDFAF1-4A6B-4609-8AA7-C094817C3D45}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | "{F53510FD-BD14-4D64-BA22-9D84AD35CC1F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{F5CD81CE-4634-4127-A326-76C57D0FD411}" = protocol=6 | dir=in | app=c:\program files\aol\rc\regclient.exe | "{FBCD6D93-B062-4DAA-892D-AA8EEB7E2B78}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe | "{FD9986B8-47DE-42D7-8402-184005C1A372}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe | "{FFA8754D-AE60-4275-AAFB-151B9062E33B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "TCP Query User{160B4053-BDEC-440D-9578-F994F3C9827F}C:\programdata\65cb823\ms65cb_302.exe" = protocol=6 | dir=in | app=c:\programdata\65cb823\ms65cb_302.exe | "TCP Query User{55924E42-FA8F-4BB1-ABED-78B60AD4D8D3}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | "TCP Query User{865CF6ED-BF65-48D4-ACA6-A37D99208AD3}C:\users\robin\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\robin\appdata\roaming\spotify\spotify.exe | "TCP Query User{E1B25ABD-4265-4348-8FB4-05263002285B}C:\users\robin\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\robin\appdata\roaming\spotify\spotify.exe | "UDP Query User{029261E9-2A1E-4B83-8C0B-859BDE225F9F}C:\users\robin\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\robin\appdata\roaming\spotify\spotify.exe | "UDP Query User{ABBA77D7-DCF5-4C86-988D-A12E663F6964}C:\programdata\65cb823\ms65cb_302.exe" = protocol=17 | dir=in | app=c:\programdata\65cb823\ms65cb_302.exe | "UDP Query User{B1422D9C-8703-4853-A40C-48335292C49A}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | "UDP Query User{E6D12408-D4B1-4278-830F-1F8B9CFB217F}C:\users\robin\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\robin\appdata\roaming\spotify\spotify.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library "{02F5BEE7-0AB6-4E42-9BF8-2588AAECC7F2}" = EZ Fonts "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{1316AEF2-E086-46C7-B1FB-8C9A39A2ABF9}" = VAIO Media plus "{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo "{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher "{1798D459-6B8B-474B-868D-1229EADA3B95}" = Adobe AIR "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail "{1B500D37-E7CF-480B-8054-8A563594EC4E}" = VAIO OOBE and Welcome Center "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools "{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting "{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes "{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25 "{291FB4BF-EEC7-4CF9-8469-F39ED1DBC4D8}" = VAIO Content Metadata XML Interface Library "{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}" = Windows Live Photo Gallery "{34B37A74-125E-4406-87BA-E4BD3D097AE5}" = VAIO Survey "{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor "{4EA55D20-27FB-45D7-8726-147E8A5F6C62}" = VAIO MusicBox "{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ "{554E34DB-1EDD-4CE4-B63D-9E9973C6FFA5}" = VAIO Care "{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool "{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic "{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update "{5C5EE8F2-0B38-4C13-AE4E-A87A237FE718}" = "{5E4339CF-F287-4DB9-BE23-D8460487B3A3}" = AVG 2013 "{5F5867F0-2D23-4338-A206-01A76C823924}" = VAIO Power Management "{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works "{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform "{6C50525A-2D77-4C22-B058-9AA2F27ACFF2}" = VAIO Content Metadata Intelligent Analyzing Manager "{6DA93E66-5FA8-44ED-9CCA-40773444C10D}" = HP Deskjet 3050 J610 series Basic Device Software "{6EA78F57-89F2-4B2E-8ADB-3FA6865D32EF}" = AVG 2013 "{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center "{72EEB695-388B-4835-8EA6-0C04545B06B9}" = Intel® PROSet/Wireless WiFi Software "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com "{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar "{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects "{7C404084-C5A6-42FF-B731-0BAC79A6E134}" = VAIO Original Function Settings "{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}_is1" = Updater By SweetPacks 2.0.0.586 "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8BD60AEF-3F9D-47AE-B80A-FB7FFCE335A0}" = VAIO Movie Story "{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{9176251A-4CC1-4DDB-B343-B487195EB397}" = Windows Live Writer "{925F1DB6-E86E-4378-9091-D1F68B0583C9}" = iCloud "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95229EF6-F4A1-413A-BA50-668311FAFE19}" = VAIO Original Function Settings "{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" = "{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music "{9973498D-EA29-4A68-BE0B-C88D6E03E928}" = ArcSoft WebCam Companion 2 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A3563827-B0DB-44DC-B037-15CC4E5E692F}" = VAIO Content Metadata XML Interface Library "{A552C4EA-D41E-4C61-A0FB-C0E05440F7D7}" = VAIO Entertainment Platform "{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.5 "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{AEA6A4C2-7C4E-48F9-A770-879DE2EDEE1B}" = OpenMG Secure Module 5.4.00 "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story "{B513C7B0-024A-498F-B0F5-00C67E2440A9}" = VAIO Content Metadata Intelligent Analyzing Manager "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy "{BACD22AE-5B6B-4F23-B506-3FCFF13AC137}" = VAIO Media plus "{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster "{BCED773C-99EE-48DD-8915-25733F69F0A8}" = VAIO Wireless Wizard "{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service "{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D47FE987-EA3D-424B-9886-B752501D7CE7}" = VAIO Help and Support "{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility "{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents "{DF15B43C-3951-684C-34A1-C45C82DC2F21}" = PrintCoupon "{DFD0E9A9-F24A-492B-8975-8C938E32408F}" = VAIO Startup Assistant "{E1497C00-2605-433E-822E-3E82649CE056}" = HP Deskjet 3050 J610 series Product Improvement Study "{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support "{E1D25278-B51A-4163-BC3D-20A4D2D09F98}" = VAIO My Memory Center "{E464702F-5433-46EC-8F65-159276C0A54F}" = WIDCOMM Bluetooth Software 6.2.0.4100 "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F485E43D-18B1-4B40-AF4B-EDA78E91DA80}" = Dolby Control Center "{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" = "{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}" = HP Deskjet 3050 J610 series Help "{FD72E69E-CF34-4071-BFD6-FD081A365E2C}" = VAIO Content Metadata Intelligent Analyzing Manager "{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home "ActiveTouchMeetingClient" = Cisco WebEx Meetings "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "AVG" = AVG 2013 "Big Brainz 1.11" = Big Brainz "CCleaner" = CCleaner (remove only) "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_104D1700" = HDAUDIO Soft Data Fax Modem with SmartCP "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows "HDMI" = Intel® Graphics Media Accelerator Driver "HitmanPro37" = HitmanPro 3.7 "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "HP Photo Creations" = HP Photo Creations "InfoSeeker" = InfoSeeker "InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO "InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor "InstallShield_{AEA6A4C2-7C4E-48F9-A770-879DE2EDEE1B}" = OpenMG Secure Module 5.4.00 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Mozilla Firefox 21.0 (x86 en-US)" = Mozilla Firefox 21.0 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "NVIDIA Drivers" = NVIDIA Drivers "Photo Viewer_is1" = Photo Viewer s2.5 "PrintCoupon" = PrintCoupon "ProInst" = Intel PROSet Wireless "SynTPDeinstKey" = Synaptics Pointing Device Driver ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-442901960-3515935546-1508612407-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}" = ROBLOX Studio 2013 for Robin "{373B1718-8CC5-4567-8EE2-9033AD08A680}" = ROBLOX Player for Robin "Spotify" = Spotify ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 7/8/2013 11:47:21 AM | Computer Name = Robin-PC | Source = WinMgmt | ID = 10 Description = Error - 7/8/2013 11:47:21 AM | Computer Name = Robin-PC | Source = VzCdbSvc | ID = 7 Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error code = 0x80042019) Error - 7/8/2013 5:00:09 PM | Computer Name = Robin-PC | Source = VzCdbSvc | ID = 7 Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error code = 0x80042019) Error - 7/8/2013 5:00:13 PM | Computer Name = Robin-PC | Source = WinMgmt | ID = 10 Description = Error - 7/8/2013 5:19:41 PM | Computer Name = Robin-PC | Source = WinMgmt | ID = 10 Description = Error - 7/8/2013 5:19:42 PM | Computer Name = Robin-PC | Source = VzCdbSvc | ID = 7 Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error code = 0x80042019) Error - 7/8/2013 5:20:04 PM | Computer Name = Robin-PC | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe". Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 7/8/2013 5:20:05 PM | Computer Name = Robin-PC | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe". Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 7/8/2013 5:20:05 PM | Computer Name = Robin-PC | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe". Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 7/8/2013 5:20:05 PM | Computer Name = Robin-PC | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe". Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found. Please use sxstrace.exe for detailed diagnosis. [ Media Center Events ] Error - 6/9/2009 10:58:02 AM | Computer Name = Robin-PC | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule. [ System Events ] Error - 7/8/2013 5:52:13 AM | Computer Name = Robin-PC | Source = Service Control Manager | ID = 7000 Description = Error - 7/8/2013 5:53:25 AM | Computer Name = Robin-PC | Source = Service Control Manager | ID = 7006 Description = Error - 7/8/2013 11:39:00 AM | Computer Name = Robin-PC | Source = DCOM | ID = 10010 Description = Error - 7/8/2013 11:39:56 AM | Computer Name = Robin-PC | Source = Service Control Manager | ID = 7011 Description = Error - 7/8/2013 11:46:09 AM | Computer Name = Robin-PC | Source = EventLog | ID = 6008 Description = The previous system shutdown at 11:42:03 AM on 7/8/2013 was unexpected. Error - 7/8/2013 4:58:18 PM | Computer Name = Robin-PC | Source = Service Control Manager | ID = 7006 Description = Error - 7/8/2013 5:03:48 PM | Computer Name = Robin-PC | Source = DCOM | ID = 10005 Description = Error - 7/8/2013 5:03:48 PM | Computer Name = Robin-PC | Source = Service Control Manager | ID = 7009 Description = Error - 7/8/2013 5:03:48 PM | Computer Name = Robin-PC | Source = Service Control Manager | ID = 7000 Description = Error - 7/8/2013 5:17:19 PM | Computer Name = Robin-PC | Source = Service Control Manager | ID = 7006 Description = [ Windows OneCare Events ] Error - 6/17/2009 9:48:19 PM | Computer Name = Robin-PC | Source = WinSS | ID = 1011 Description = Error - 11/8/2009 1:05:17 AM | Computer Name = Robin-PC | Source = WinSS | ID = 1011 Description = Error - 11/10/2009 12:38:40 AM | Computer Name = Robin-PC | Source = WinSS | ID = 1011 Description = Error - 3/31/2010 3:17:13 AM | Computer Name = Robin-PC | Source = WinSS | ID = 1011 Description = < End of report >
  10. It would not let me highlight the log to copy it. Left it there for a couple hours and computer rebooted but I can't find the log now. I typed in the filelisted above and it says it can not be found. I checked the move files folder and I don't see anything there either. I know it ran because the log was listed in the results window. It said all processes killed. OTL OTL logfile created on: 7/8/2013 5:25:43 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Robin\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.87 Gb Total Physical Memory | 1.27 Gb Available Physical Memory | 44.20% Memory free 5.95 Gb Paging File | 4.07 Gb Available in Paging File | 68.48% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 224.98 Gb Total Space | 128.38 Gb Free Space | 57.06% Space Free | Partition Type: NTFS Computer Name: ROBIN-PC | User Name: Robin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/07/08 17:22:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Robin\Desktop\OTL.exe PRC - [2013/07/07 16:34:04 | 000,106,280 | ---- | M] (SurfRight B.V.) -- C:\Program Files\HitmanPro\hmpsched.exe PRC - [2013/07/07 15:09:21 | 001,598,128 | ---- | M] (AVG Secure Search) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe PRC - [2013/06/19 21:45:45 | 001,104,384 | ---- | M] (Spotify Ltd) -- C:\Users\Robin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe PRC - [2013/05/14 00:54:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe PRC - [2013/04/29 00:58:42 | 004,408,368 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe PRC - [2013/04/18 04:34:38 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe PRC - [2013/04/04 03:15:08 | 001,117,232 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe PRC - [2013/03/28 02:48:36 | 000,763,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe PRC - [2013/03/18 02:38:48 | 000,799,280 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgemcx.exe PRC - [2013/02/19 04:01:14 | 000,328,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcfgex.exe PRC - [2013/02/19 04:00:58 | 000,448,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE PRC - [2010/09/02 14:00:10 | 001,146,256 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Care\VCsystray.exe PRC - [2010/08/12 15:15:34 | 000,187,792 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe PRC - [2010/08/12 15:15:34 | 000,081,296 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Care\VCSpt.exe PRC - [2010/06/09 14:00:32 | 001,459,568 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe PRC - [2010/05/18 13:38:46 | 000,075,776 | ---- | M] (Sony of America Corporation) -- C:\Program Files\Sony\VAIO Care\listener.exe PRC - [2009/05/21 14:28:38 | 000,874,768 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe PRC - [2009/05/21 13:04:14 | 000,473,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008/07/15 21:04:08 | 000,182,112 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe PRC - [2008/07/15 21:04:08 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe PRC - [2008/06/20 11:56:44 | 000,415,744 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe PRC - [2008/06/19 22:53:20 | 001,771,360 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe PRC - [2008/06/19 22:53:20 | 000,411,488 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe PRC - [2008/06/19 11:55:48 | 000,279,848 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe PRC - [2008/05/22 17:23:10 | 000,192,512 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe PRC - [2008/03/25 17:32:18 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe PRC - [2007/01/04 22:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe ========== Modules (No Company Name) ========== MOD - [2013/05/16 03:30:32 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\44fb632fb043f5b251d29b0ea750d4f4\System.Windows.Forms.ni.dll MOD - [2013/01/10 04:31:17 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll MOD - [2013/01/10 04:30:48 | 001,593,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll MOD - [2013/01/10 04:29:46 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll MOD - [2013/01/10 04:29:40 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll MOD - [2012/12/12 01:34:13 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll MOD - [2012/10/08 07:01:09 | 000,110,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMDiagnostics.dll MOD - [2012/10/08 07:01:06 | 005,967,872 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll MOD - [2012/10/08 07:01:03 | 000,970,752 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll MOD - [2012/10/08 07:01:03 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll MOD - [2012/10/05 06:59:03 | 003,194,880 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll MOD - [2012/10/05 06:59:03 | 000,630,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll MOD - [2012/08/31 07:01:10 | 004,550,656 | ---- | M] () -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll MOD - [2011/12/26 22:51:23 | 005,251,072 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2009/03/30 00:42:20 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll MOD - [2009/03/30 00:42:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll MOD - [2009/03/30 00:42:17 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll MOD - [2009/03/30 00:42:10 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll MOD - [2009/02/18 14:38:39 | 000,126,976 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll MOD - [2008/07/24 06:10:38 | 000,086,016 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\SPMCommon\3.1.0.6020__e3c7096ba83f9295\SPMCommon.dll MOD - [2008/07/24 06:10:38 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\SPMDam\3.1.0.6020__1b3c579b6925895f\SPMDam.dll ========== Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV) SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV) SRV - [2013/07/07 16:34:04 | 000,106,280 | ---- | M] (SurfRight B.V.) [Auto | Running] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler) SRV - [2013/07/07 15:09:21 | 001,598,128 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe -- (vToolbarUpdater15.3.0) SRV - [2013/06/12 18:36:18 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/05/19 20:36:15 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013/05/14 00:54:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent) SRV - [2013/04/18 04:34:38 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd) SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort) SRV - [2010/08/12 15:15:34 | 000,187,792 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector) SRV - [2010/06/09 14:00:32 | 000,722,288 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Update 5\VUAgent.exe -- (VUAgent) SRV - [2009/09/08 18:09:14 | 000,083,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper) SRV - [2009/05/21 14:28:38 | 000,874,768 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2009/05/21 13:04:14 | 000,473,360 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2009/04/02 00:15:30 | 000,114,688 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR) SRV - [2008/07/15 21:04:08 | 000,182,112 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service) SRV - [2008/06/20 11:56:44 | 000,415,744 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw) SRV - [2008/06/19 22:53:20 | 000,411,488 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management) SRV - [2008/06/19 11:55:48 | 000,279,848 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw) SRV - [2008/06/12 02:13:24 | 000,337,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr) SRV - [2008/05/22 17:23:10 | 000,192,512 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc) SRV - [2008/05/22 17:21:44 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service) SRV - [2008/05/20 22:05:40 | 000,353,568 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHDms.exe -- (SOHDms) SRV - [2008/05/20 22:05:40 | 000,103,712 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe -- (SOHCImp) SRV - [2008/05/20 22:05:40 | 000,062,752 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHDs.exe -- (SOHDs) SRV - [2008/03/25 17:32:18 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe -- (uCamMonitor) SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007/01/04 22:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) ========== Driver Services (All) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2013/07/07 15:09:22 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp) DRV - [2013/05/08 00:37:21 | 000,905,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tcpip.sys -- (Tcpip6) DRV - [2013/05/08 00:37:21 | 000,905,576 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tcpip.sys -- (Tcpip) DRV - [2013/04/15 10:20:04 | 000,638,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dxgkrnl.sys -- (DXGKrnl) DRV - [2013/03/29 02:53:48 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver) DRV - [2013/03/21 03:08:24 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix) DRV - [2013/03/03 15:07:52 | 001,082,232 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\ntfs.sys -- (Ntfs) DRV - [2013/03/01 10:32:20 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim) DRV - [2013/02/08 04:37:58 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86) DRV - [2013/02/08 04:37:56 | 000,245,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx) DRV - [2013/02/08 04:37:52 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX) DRV - [2013/02/08 04:37:44 | 000,170,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86) DRV - [2013/02/08 04:37:40 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86) DRV - [2012/12/13 13:50:38 | 000,045,056 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbaapl.sys -- (USBAAPL) DRV - [2012/08/21 14:01:22 | 000,026,840 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV - [2012/08/21 07:47:42 | 000,224,640 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\volsnap.sys -- (volsnap) DRV - [2012/07/25 23:39:21 | 000,526,952 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\Wdf01000.sys -- (Wdf01000) DRV - [2012/07/25 22:33:43 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WUDFPf.sys -- (WudfPf) DRV - [2012/07/25 22:32:51 | 000,155,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WUDFRd.sys -- (WUDFRd) DRV - [2012/06/04 11:26:04 | 000,440,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ksecdd.sys -- (KSecDD) DRV - [2012/05/01 10:03:49 | 000,180,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpwd.sys -- (RDPWD) DRV - [2012/03/20 19:28:50 | 000,053,120 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\partmgr.sys -- (partmgr) DRV - [2012/02/29 09:32:37 | 000,012,800 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\System32\drivers\fs_rec.sys -- (Fs_Rec) DRV - [2011/07/06 11:31:47 | 000,214,016 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mrxsmb10.sys -- (mrxsmb10) DRV - [2011/04/29 09:25:10 | 000,146,432 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\srv2.sys -- (srv2) DRV - [2011/04/29 09:25:09 | 000,102,400 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\srvnet.sys -- (srvnet) DRV - [2011/04/29 09:24:42 | 000,079,872 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mrxsmb20.sys -- (mrxsmb20) DRV - [2011/04/29 09:24:40 | 000,106,496 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mrxsmb.sys -- (mrxsmb) DRV - [2011/04/21 09:58:27 | 000,273,408 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\afd.sys -- (AFD) DRV - [2011/04/21 09:55:05 | 000,508,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bthport.sys -- (BTHPORT) DRV - [2011/04/14 10:59:03 | 000,075,264 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\dfsc.sys -- (DfsC) DRV - [2011/02/22 09:23:55 | 000,069,632 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\bowser.sys -- (bowser) DRV - [2011/02/18 10:03:32 | 000,305,152 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\srv.sys -- (srv) DRV - [2010/02/20 16:53:34 | 000,411,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\http.sys -- (HTTP) DRV - [2010/02/18 07:28:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tunnel.sys -- (tunnel) DRV - [2009/12/08 13:26:18 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tcpipreg.sys -- (tcpipreg) DRV - [2009/09/30 21:01:54 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WpdUsb.sys -- (WpdUsb) DRV - [2009/06/17 09:23:23 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BTHUSB.SYS -- (BTHUSB) DRV - [2009/05/28 22:41:28 | 004,233,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) DRV - [2009/04/11 02:33:03 | 000,292,840 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\volmgrx.sys -- (volmgrx) DRV - [2009/04/11 02:32:55 | 000,149,480 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pci.sys -- (pci) DRV - [2009/04/11 02:32:52 | 000,053,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\termdd.sys -- (TermDD) DRV - [2009/04/11 02:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ndis.sys -- (NDIS) DRV - [2009/04/11 02:32:46 | 000,265,688 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\acpi.sys -- (ACPI) DRV - [2009/04/11 02:32:46 | 000,245,736 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\clfs.sys -- (CLFS) DRV - [2009/04/11 02:32:46 | 000,190,424 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\fltMgr.sys -- (FltMgr) DRV - [2009/04/11 02:32:46 | 000,180,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\msiscsi.sys -- (iScsiPrt) DRV - [2009/04/11 02:32:46 | 000,161,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\msrpc.sys -- (MsRPC) DRV - [2009/04/11 02:32:43 | 000,141,288 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ecache.sys -- (Ecache) DRV - [2009/04/11 02:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\disk.sys -- (disk) DRV - [2009/04/11 02:32:31 | 000,048,104 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\mup.sys -- (Mup) DRV - [2009/04/11 00:46:40 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rassstp.sys -- (RasSstp) DRV - [2009/04/11 00:46:32 | 000,121,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ndiswan.sys -- (NdisWan) DRV - [2009/04/11 00:46:30 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\raspppoe.sys -- (RasPppoe) DRV - [2009/04/11 00:45:56 | 000,072,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tdx.sys -- (tdx) DRV - [2009/04/11 00:45:51 | 000,072,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\pacer.sys -- (PSched) DRV - [2009/04/11 00:45:37 | 000,185,856 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\netbt.sys -- (netbt) DRV - [2009/04/11 00:45:22 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\smb.sys -- (Smb) DRV - [2009/04/11 00:43:28 | 000,148,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nwifi.sys -- (NativeWifiP) DRV - [2009/04/11 00:43:16 | 000,196,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbhub.sys -- (usbhub) DRV - [2009/04/11 00:43:12 | 000,148,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rfcomm.sys -- (RFCOMM) DRV - [2009/04/11 00:43:10 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bthenum.sys -- (BthEnum) DRV - [2009/04/11 00:43:04 | 000,062,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ohci1394.sys -- (ohci1394) DRV - [2009/04/11 00:42:55 | 000,065,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBSTOR.SYS -- (USBSTOR) DRV - [2009/04/11 00:42:52 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbehci.sys -- (usbehci) DRV - [2009/04/11 00:42:48 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hidusb.sys -- (HidUsb) DRV - [2009/04/11 00:42:42 | 000,561,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2009/04/11 00:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdrom.sys -- (cdrom) DRV - [2009/04/11 00:14:40 | 000,114,688 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mrxdav.sys -- (MRxDAV) DRV - [2009/04/11 00:14:29 | 000,225,280 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\rdbss.sys -- (rdbss) DRV - [2009/04/11 00:14:01 | 000,035,328 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\npfs.sys -- (Npfs) DRV - [2009/04/11 00:13:59 | 000,226,816 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\udfs.sys -- (udfs) DRV - [2009/04/11 00:13:53 | 000,136,704 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\exfat.sys -- (exfat) DRV - [2009/04/11 00:13:52 | 000,142,848 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fastfat.sys -- (fastfat) DRV - [2008/07/31 10:10:32 | 000,324,120 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\IaStor.sys -- (iaStor) DRV - [2008/07/11 19:42:58 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall) DRV - [2008/07/04 15:45:41 | 002,377,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx) DRV - [2008/07/04 08:49:51 | 000,018,088 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid) DRV - [2008/07/04 08:49:49 | 000,108,072 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt) DRV - [2008/07/04 08:49:49 | 000,084,008 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio) DRV - [2008/07/04 08:48:46 | 000,029,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwl2cap.sys -- (btwl2cap) DRV - [2008/07/03 08:11:57 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2008/07/03 08:11:49 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV) DRV - [2008/07/03 08:11:49 | 000,012,672 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mdmxsdk.sys -- (mdmxsdk) DRV - [2008/07/03 08:11:46 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf) DRV - [2008/07/03 08:11:46 | 000,209,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL) DRV - [2008/07/03 08:06:20 | 000,199,728 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP) DRV - [2008/06/23 13:50:20 | 002,126,688 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) DRV - [2008/06/19 08:04:20 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\risdptsk.sys -- (risdptsk) DRV - [2008/06/19 08:03:19 | 000,068,608 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2008/06/06 08:46:44 | 000,299,008 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh) DRV - [2008/06/06 08:39:49 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2008/06/06 02:25:47 | 000,131,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr) DRV - [2008/04/08 06:00:00 | 000,044,944 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pxhelp20.sys -- (PxHelp20) DRV - [2008/03/10 06:45:53 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP) DRV - [2008/01/30 20:33:28 | 000,017,408 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter) DRV - [2008/01/20 22:24:59 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tssecsrv.sys -- (tssecsrv) DRV - [2008/01/20 22:24:57 | 000,031,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\modem.sys -- (Modem) DRV - [2008/01/20 22:24:55 | 000,076,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rasl2tp.sys -- (Rasl2tp) DRV - [2008/01/20 22:24:55 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\raspptp.sys -- (PptpMiniport) DRV - [2008/01/20 22:24:55 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ndisuio.sys -- (Ndisuio) DRV - [2008/01/20 22:24:51 | 000,006,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mstee.sys -- (MSTEE) DRV - [2008/01/20 22:24:51 | 000,005,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mspclock.sys -- (MSPCLOCK) DRV - [2008/01/20 22:24:51 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mspqm.sys -- (MSPQM) DRV - [2008/01/20 22:24:50 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vga.sys -- (VgaSave) DRV - [2008/01/20 22:24:50 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mskssrv.sys -- (MSKSSRV) DRV - [2008/01/20 22:24:50 | 000,006,144 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPENCDD.sys -- (RDPENCDD) DRV - [2008/01/20 22:24:47 | 000,064,000 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mpsdrv.sys -- (mpsdrv) DRV - [2008/01/20 22:24:47 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\nsiproxy.sys -- (nsiproxy) DRV - [2008/01/20 22:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ws2ifsl.sys -- (ws2ifsl) DRV - [2008/01/20 22:24:45 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ipfltdrv.sys -- (IpFilterDriver) DRV - [2008/01/20 22:24:37 | 000,084,480 | ---- | M] (Microsoft Corporation) [File_System | Auto | Running] -- C:\Windows\System32\drivers\luafv.sys -- (luafv) DRV - [2008/01/20 22:24:37 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rspndr.sys -- (rspndr) DRV - [2008/01/20 22:24:37 | 000,047,104 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lltdio.sys -- (lltdio) DRV - [2008/01/20 22:24:25 | 000,100,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ipnat.sys -- (IPNAT) DRV - [2008/01/20 22:24:25 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wanarp.sys -- (Wanarpv6) DRV - [2008/01/20 22:24:25 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wanarp.sys -- (Wanarp) DRV - [2008/01/20 22:24:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ndproxy.sys -- (NDProxy) DRV - [2008/01/20 22:24:25 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ndistapi.sys -- (NdisTapi) DRV - [2008/01/20 22:24:25 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\TUNMP.SYS -- (tunmp) DRV - [2008/01/20 22:24:21 | 000,027,648 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\filetrace.sys -- (Filetrace) DRV - [2008/01/20 22:24:20 | 000,035,840 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\netbios.sys -- (NetBIOS) DRV - [2008/01/20 22:24:19 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\rasacd.sys -- (RasAcd) DRV - [2008/01/20 22:24:11 | 000,021,048 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\spldr.sys -- (spldr) DRV - [2008/01/20 22:24:08 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tdtcp.sys -- (TDTCP) DRV - [2008/01/20 22:24:08 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tdpipe.sys -- (TDPIPE) DRV - [2008/01/20 22:24:06 | 000,006,144 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPCDD.sys -- (RDPCDD) DRV - [2008/01/20 22:24:04 | 000,058,936 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\fileinfo.sys -- (FileInfo) DRV - [2008/01/20 22:24:04 | 000,017,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\asyncmac.sys -- (AsyncMac) DRV - [2008/01/20 22:23:54 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\irenum.sys -- (IRENUM) DRV - [2008/01/20 22:23:51 | 000,070,144 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\Windows\System32\drivers\cdfs.sys -- (cdfs) DRV - [2008/01/20 22:23:51 | 000,022,528 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\msfs.sys -- (Msfs) DRV - [2008/01/20 22:23:50 | 000,004,608 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\null.sys -- (Null) DRV - [2008/01/20 22:23:44 | 000,006,144 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\beep.sys -- (Beep) DRV - [2008/01/20 22:23:43 | 000,057,400 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mountmgr.sys -- (MountMgr) DRV - [2008/01/20 22:23:31 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\qwavedrv.sys -- (QWAVEdrv) DRV - [2008/01/20 22:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\MegaSR.sys -- (MegaSR) DRV - [2008/01/20 22:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adpu320.sys -- (adpu320) DRV - [2008/01/20 22:23:27 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbscan.sys -- (usbscan) DRV - [2008/01/20 22:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\megasas.sys -- (megasas) DRV - [2008/01/20 22:23:26 | 000,134,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbvideo.sys -- (usbvideo) DRV - [2008/01/20 22:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adpu160m.sys -- (adpu160m) DRV - [2008/01/20 22:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2008/01/20 22:23:26 | 000,041,016 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sisraid2.sys -- (SiSRaid2) DRV - [2008/01/20 22:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\HpCISSs.sys -- (HpCISSs) DRV - [2008/01/20 22:23:26 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\circlass.sys -- (circlass) DRV - [2008/01/20 22:23:26 | 000,014,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CmBatt.sys -- (CmBatt) DRV - [2008/01/20 22:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adpahci.sys -- (adpahci) DRV - [2008/01/20 22:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2008/01/20 22:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ql2300.sys -- (ql2300) DRV - [2008/01/20 22:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) DRV - [2008/01/20 22:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\arcsas.sys -- (arcsas) DRV - [2008/01/20 22:23:24 | 000,022,072 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\wd.sys -- (Wd) DRV - [2008/01/20 22:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iaStorV.sys -- (iaStorV) DRV - [2008/01/20 22:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\vsmraid.sys -- (vsmraid) DRV - [2008/01/20 22:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ulsata2.sys -- (ulsata2) DRV - [2008/01/20 22:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2008/01/20 22:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2008/01/20 22:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\arc.sys -- (arc) DRV - [2008/01/20 22:23:23 | 000,035,384 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\kbdclass.sys -- (kbdclass) DRV - [2008/01/20 22:23:23 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\kbdhid.sys -- (kbdhid) DRV - [2008/01/20 22:23:23 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sffdisk.sys -- (sffdisk) DRV - [2008/01/20 22:23:23 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sffp_mmc.sys -- (sffp_mmc) DRV - [2008/01/20 22:23:23 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sffp_sd.sys -- (sffp_sd) DRV - [2008/01/20 22:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\elxstor.sys -- (elxstor) DRV - [2008/01/20 22:23:22 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL) DRV - [2008/01/20 22:23:22 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\IPMIDrv.sys -- (IPMIDRV) DRV - [2008/01/20 22:23:22 | 000,061,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GAGP30KX.SYS -- (gagp30kx) DRV - [2008/01/20 22:23:22 | 000,059,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UAGP35.SYS -- (uagp35) DRV - [2008/01/20 22:23:22 | 000,041,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\monitor.sys -- (monitor) DRV - [2008/01/20 22:23:22 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\umbus.sys -- (umbus) DRV - [2008/01/20 22:23:22 | 000,024,632 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\crcdisk.sys -- (crcdisk) DRV - [2008/01/20 22:23:22 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbprint.sys -- (usbprint) DRV - [2008/01/20 22:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adp94xx.sys -- (adp94xx) DRV - [2008/01/20 22:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvraid.sys -- (nvraid) DRV - [2008/01/20 22:23:21 | 000,094,776 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\msdsm.sys -- (msdsm) DRV - [2008/01/20 22:23:21 | 000,088,576 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sdbus.sys -- (sdbus) DRV - [2008/01/20 22:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvstor.sys -- (nvstor) DRV - [2008/01/20 22:23:21 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\drmkaud.sys -- (drmkaud) DRV - [2008/01/20 22:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\uliahci.sys -- (uliahci) DRV - [2008/01/20 22:23:20 | 000,105,016 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\mpio.sys -- (mpio) DRV - [2008/01/20 22:23:20 | 000,092,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bthpan.sys -- (BthPan) DRV - [2008/01/20 22:23:20 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbccgp.sys -- (usbccgp) DRV - [2008/01/20 22:23:20 | 000,054,784 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\i8042prt.sys -- (i8042prt) DRV - [2008/01/20 22:23:20 | 000,034,360 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\mouclass.sys -- (mouclass) DRV - [2008/01/20 22:23:20 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\fdc.sys -- (fdc) DRV - [2008/01/20 22:23:20 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\flpydisk.sys -- (flpydisk) DRV - [2008/01/20 22:23:20 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sermouse.sys -- (sermouse) DRV - [2008/01/20 22:23:20 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mouhid.sys -- (mouhid) DRV - [2008/01/20 22:23:03 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbuhci.sys -- (usbuhci) DRV - [2008/01/20 22:23:02 | 000,030,264 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\i2omp.sys -- (i2omp) DRV - [2008/01/20 22:23:02 | 000,026,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vgapnp.sys -- (vga) DRV - [2008/01/20 22:23:01 | 000,248,832 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\rdpdr.sys -- (rdpdr) DRV - [2008/01/20 22:23:01 | 000,109,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NV_AGP.SYS -- (nv_agp) DRV - [2008/01/20 22:23:01 | 000,060,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ULIAGPKX.SYS -- (uliagpkx) DRV - [2008/01/20 22:23:01 | 000,057,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AMDAGP.SYS -- (amdagp) DRV - [2008/01/20 22:23:01 | 000,056,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VIAAGP.SYS -- (viaagp) DRV - [2008/01/20 22:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGP440.sys -- (agp440) DRV - [2008/01/20 22:23:01 | 000,055,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SISAGP.SYS -- (sisagp) DRV - [2008/01/20 22:23:01 | 000,052,792 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\volmgr.sys -- (volmgr) DRV - [2008/01/20 22:23:01 | 000,049,720 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\isapnp.sys -- (isapnp) DRV - [2008/01/20 22:23:01 | 000,045,568 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive) DRV - [2008/01/20 22:23:01 | 000,031,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mssmbios.sys -- (mssmbios) DRV - [2008/01/20 22:23:01 | 000,016,440 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\msisadrv.sys -- (msisadrv) DRV - [2008/01/20 22:23:01 | 000,015,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\swenum.sys -- (swenum) DRV - [2008/01/20 22:23:00 | 000,044,032 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\amdk8.sys -- (AmdK8) DRV - [2008/01/20 22:23:00 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\viac7.sys -- (ViaC7) DRV - [2008/01/20 22:23:00 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\intelppm.sys -- (intelppm) DRV - [2008/01/20 22:23:00 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\amdk7.sys -- (AmdK7) DRV - [2008/01/20 22:23:00 | 000,040,960 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\processr.sys -- (Processor) DRV - [2008/01/20 22:23:00 | 000,040,960 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\crusoe.sys -- (Crusoe) DRV - [2008/01/20 22:23:00 | 000,028,728 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\msahci.sys -- (msahci) DRV - [2008/01/20 22:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\atapi.sys -- (atapi) DRV - [2008/01/20 22:23:00 | 000,020,792 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\compbatt.sys -- (Compbatt) DRV - [2008/01/20 22:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\viaide.sys -- (viaide) DRV - [2008/01/20 22:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\cmdide.sys -- (cmdide) DRV - [2008/01/20 22:23:00 | 000,017,976 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\intelide.sys -- (intelide) DRV - [2008/01/20 22:23:00 | 000,017,976 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\amdide.sys -- (amdide) DRV - [2008/01/20 22:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\aliide.sys -- (aliide) DRV - [2008/01/20 22:23:00 | 000,016,440 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\pciide.sys -- (pciide) DRV - [2008/01/20 22:23:00 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\wmiacpi.sys -- (WmiAcpi) DRV - [2008/01/20 22:23:00 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\errdev.sys -- (ErrDev) DRV - [2007/04/17 23:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi) DRV - [2006/11/02 05:51:12 | 000,167,528 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\pcmcia.sys -- (pcmcia) DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ulsata.sys -- (UlSata) DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iirsp.sys -- (iirsp) DRV - [2006/11/02 05:50:16 | 000,076,392 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sbp2port.sys -- (sbp2port) DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\djsvs.sys -- (aic78xx) DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iteraid.sys -- (iteraid) DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\Mraid35x.sys -- (Mraid35x) DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006/11/02 05:04:35 | 000,878,080 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PEAuth.sys -- (PEAUTH) DRV - [2006/11/02 04:55:23 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\bthmodem.sys -- (BTHMODEM) DRV - [2006/11/02 04:55:22 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\hidbth.sys -- (HidBth) DRV - [2006/11/02 04:55:09 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\usbcir.sys -- (usbcir) DRV - [2006/11/02 04:55:05 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\usbohci.sys -- (usbohci) DRV - [2006/11/02 04:55:01 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\hidir.sys -- (HidIr) DRV - [2006/11/02 04:52:52 | 000,020,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\wacompen.sys -- (WacomPen) DRV - [2006/11/02 04:51:40 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sfloppy.sys -- (sfloppy) DRV - [2006/11/02 04:51:30 | 000,083,456 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial) DRV - [2006/11/02 04:51:30 | 000,079,360 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\parport.sys -- (Parport) DRV - [2006/11/02 04:51:25 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serenum.sys -- (Serenum) DRV - [2006/11/02 04:51:23 | 000,008,704 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\parvdm.sys -- (Parvdm) DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\BrSerId.sys -- (Brserid) DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrUsbSer.sys -- (BrUsbSer) DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrFiltUp.sys -- (BrFiltUp) DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrFiltLo.sys -- (BrFiltLo) DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\BrSerWdm.sys -- (BrSerWdm) DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\BrUsbMdm.sys -- (BrUsbMdm) DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2006/11/02 03:36:49 | 000,235,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HdAudio.sys -- (HdAudAddService) DRV - [2006/11/02 03:10:22 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand | Unknown] -- C:\Windows\System32\WINSOCK.DLL -- (Winsock) DRV - [2006/11/02 02:37:21 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople_f08 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-442901960-3515935546-1508612407-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople_f08 IE - HKU\S-1-5-21-442901960-3515935546-1508612407-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie IE - HKU\S-1-5-21-442901960-3515935546-1508612407-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKU\S-1-5-21-442901960-3515935546-1508612407-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-442901960-3515935546-1508612407-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\S-1-5-21-442901960-3515935546-1508612407-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-442901960-3515935546-1508612407-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-442901960-3515935546-1508612407-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-442901960-3515935546-1508612407-1000\..\SearchScopes\{105E99FF-8B9A-4492-B155-06194B9056D2}: "URL" = http://www.bing.com/search?FORM=IPGTDF&PC=IPGTDF&q={searchTerms}&src=IE-SearchBox IE - HKU\S-1-5-21-442901960-3515935546-1508612407-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-442901960-3515935546-1508612407-1000\..\SearchScopes\{9E1E49AC-C20E-4545-999A-B8994837F61D}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=843&invocationType=tb50sonyie7&query={searchTerms} IE - HKU\S-1-5-21-442901960-3515935546-1508612407-1000\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.avg.com/?d=4d540858&i=23&tp=chrome&q={searchTerms}&lng={language}&nt=1 IE - HKU\S-1-5-21-442901960-3515935546-1508612407-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-442901960-3515935546-1508612407-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Bing" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.selectedEngine: "Bing" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1912 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\Robin\AppData\Local\Roblox\Versions\version-6cfc785e896545ae\\NPRobloxProxy.dll () FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/07/08 17:04:04 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/07/08 17:04:04 | 000,000,000 | ---D | M] [2009/11/20 14:30:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robin\AppData\Roaming\Mozilla\Extensions [2013/07/07 18:37:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\bi8vod73.default\extensions [2010/05/29 17:05:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\bi8vod73.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2013/07/07 16:29:43 | 000,000,000 | ---D | M] (InfoSeeker) -- C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\bi8vod73.default\extensions\support@infoseekerapp.com [2013/07/07 16:28:49 | 000,001,793 | ---- | M] () -- C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\bi8vod73.default\searchplugins\Bing.xml [2009/11/06 12:37:19 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll [2009/11/06 12:37:20 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll O1 HOSTS File: ([2010/09/12 18:40:44 | 000,000,822 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-442901960-3515935546-1508612407-1000..\Run: [ROC_ROC_APR2013_AV] C:\Users\Robin\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 63bd65ee127de984aa78ba928c4b1bcf-c64db3337c0ec4f557b9be95062e29be2c303342 --CMPID ROC_APR2013_AV --CMPIDEXTRA 2012 File not found O4 - HKU\S-1-5-21-442901960-3515935546-1508612407-1000..\Run: [spotify] C:\Users\Robin\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) O4 - HKU\S-1-5-21-442901960-3515935546-1508612407-1000..\Run: [spotify Web Helper] C:\Users\Robin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O4 - HKU\S-1-5-21-442901960-3515935546-1508612407-1000..\RunOnce: [shockwave Updater] C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; GTB7.1; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; BRI/2; 899703750903; compat/00302)" -"http://www.pearsonsuccessnet.com/iText/products/0-328-30608-8/index.html" File not found F3 - HKU\S-1-5-21-442901960-3515935546-1508612407-1000 WinNT: Load - (C:\Users\Robin\LOCALS~1\Temp\msuaofao.com) - File not found O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {055B4212-4C81-448E-AFA9-C3CA4AAE8F95} http://games.bigfishgames.com/en_dairy-dash-game/online/DairyDashWeb.1.0.0.15.cab (CPlayFirstDairyDashWControl Object) O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} https://secureaccess.darden.com/cab/,DSID=8481af39266ee63f8e7e4d131a9ad305,DanaInfo=ikitchen.darden.com,ST=1+/smsx.cab (MeadCo ScriptX) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {195B4BBF-E1E4-4020-9773-0A8C6F65EA35} http://aolsvc.aol.com/onlinegames/free-trial-cooking-dash/CookingDashWeb.1.0.0.9.cab (CPlayFirstCookingDasControl Object) O16 - DPF: {4DCA1E08-4147-4A3D-8CA6-E095DF189FAB} http://games.bigfishgames.com/en_nightshift-legacy-the-jaguars-eye/online/Nightshift2Web.1.0.0.9.cab (CPlayFirstNightshiftControl Object) O16 - DPF: {74EF5274-F439-2168-B543-14745B625C72} http://games.bigfishgames.com/en_wedding-dash-2-rings-around-world-game/online/WeddingDash2Web.1.0.0.11.cab (CPlayFirstWeddingDasControl Object) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 10.25.2) O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} http://aolsvc.aol.com/onlinegames/free-trial-burger-shop/GoBitGamesPlayer_v4.cab (GoBit Games Player) O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 1.7.0_04) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 10.25.2) O16 - DPF: {CEBE157C-C91E-4A45-BB3C-45F8C77C012F} http://aolsvc.aol.com/onlinegames/free-trial-wandering-willows/WanderingWillowsWeb.1.0.0.18.cab (CPlayFirstWanderingWControl Object) O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T27L10NSP32EP5-14362/webex/ieatgpc1.cab (GpcContainer Class) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {F135A813-7152-4532-AC8D-28AC2136DFC7} http://games.bigfishgames.com/en_parking-dash/online/parkingdash.1.0.0.10.cab (CPlayFirstParkingDasControl Object) O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{17D60D02-F4EE-4645-BFA7-3911B42F6699}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013/07/08 17:22:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Robin\Desktop\OTL.exe [2013/07/08 17:11:56 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Roaming\Oracle [2013/07/08 17:10:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2013/07/08 17:10:32 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013/07/08 17:10:01 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013/07/08 17:10:01 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013/07/08 17:10:01 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013/07/08 17:03:47 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013/07/08 11:56:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2013/07/08 11:52:20 | 000,000,000 | ---D | C] -- C:\_OTM [2013/07/08 11:49:38 | 000,522,240 | ---- | C] (OldTimer Tools) -- C:\Users\Robin\Desktop\OTM.exe [2013/07/07 18:48:51 | 000,000,000 | ---D | C] -- C:\FRST [2013/07/07 18:48:05 | 001,373,373 | ---- | C] (Farbar) -- C:\Users\Robin\Desktop\FRST.exe [2013/07/07 16:34:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro [2013/07/07 16:34:03 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro [2013/07/07 16:31:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Real [2013/07/07 16:30:53 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro [2013/07/07 16:29:43 | 000,000,000 | ---D | C] -- C:\Program Files\InfoSeeker [2013/07/07 16:28:47 | 000,554,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp80.dll [2013/07/07 16:28:47 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcm80.dll [2013/07/07 16:28:47 | 000,000,000 | ---D | C] -- C:\Windows\System32\jmdp [2013/07/07 16:28:47 | 000,000,000 | ---D | C] -- C:\Windows\System32\ARFC [2013/07/07 15:09:38 | 000,037,664 | ---- | C] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys [2013/07/07 15:09:32 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG SafeGuard toolbar [2013/07/07 15:09:30 | 000,000,000 | ---D | C] -- C:\Program Files\AVG SafeGuard toolbar [2013/07/07 05:37:15 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Roaming\AVG2013 [2013/07/07 05:33:06 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Local\AVG SafeGuard toolbar [2013/07/07 05:32:48 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Roaming\TuneUp Software [2013/07/07 05:32:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search [2013/07/07 05:29:15 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013 [2013/07/07 05:18:13 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Local\MFAData [2013/07/07 05:18:13 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Local\Avg2013 [2013/07/04 18:44:08 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox(0) [2013/06/20 03:20:09 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013/06/20 03:20:07 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013/06/20 03:20:07 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013/06/20 03:20:07 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013/06/20 03:20:07 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013/06/20 03:20:06 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013/06/20 03:20:06 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013/06/20 03:20:04 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013/06/19 21:54:59 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printcom.dll [2013/06/19 21:54:53 | 000,812,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe [2013/06/19 21:54:53 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certenc.dll [2013/06/19 21:54:48 | 003,603,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2013/06/19 21:54:48 | 003,551,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2013/06/19 21:54:35 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptdlg.dll [2013/06/15 16:53:50 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox [2013/06/15 16:53:47 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Local\Roblox ========== Files - Modified Within 30 Days ========== [2013/07/08 17:29:00 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job [2013/07/08 17:22:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Robin\Desktop\OTL.exe [2013/07/08 17:19:26 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/07/08 17:19:24 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013/07/08 17:19:24 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013/07/08 17:19:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/07/08 17:19:13 | 3081,744,384 | -HS- | M] () -- C:\hiberfil.sys [2013/07/08 17:17:22 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2013/07/08 17:09:46 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013/07/08 17:09:40 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll [2013/07/08 17:09:40 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll [2013/07/08 17:09:40 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013/07/08 17:09:40 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013/07/08 17:09:40 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013/07/08 17:04:05 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2013/07/08 16:38:04 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/07/08 16:36:08 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/07/08 11:56:55 | 000,000,847 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk [2013/07/08 11:49:38 | 000,522,240 | ---- | M] (OldTimer Tools) -- C:\Users\Robin\Desktop\OTM.exe [2013/07/07 19:44:36 | 000,890,988 | ---- | M] () -- C:\Users\Robin\Desktop\SecurityCheck.exe [2013/07/07 19:26:56 | 000,000,230 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat [2013/07/07 19:26:13 | 000,650,027 | ---- | M] () -- C:\Users\Robin\Desktop\AdwCleaner.exe [2013/07/07 18:48:05 | 001,373,373 | ---- | M] (Farbar) -- C:\Users\Robin\Desktop\FRST.exe [2013/07/07 16:34:04 | 000,001,737 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk [2013/07/07 15:09:22 | 000,037,664 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys [2013/07/07 12:16:49 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/07/04 22:42:25 | 000,001,170 | ---- | M] () -- C:\Users\Robin\Desktop\ROBLOX Studio 2013.lnk [2013/07/02 19:16:58 | 000,182,911 | ---- | M] () -- C:\Users\Robin\Documents\03.11 Discussion Based Assessment.pdf [2013/07/02 13:39:07 | 000,001,158 | ---- | M] () -- C:\Users\Robin\Desktop\ROBLOX Player.lnk [2013/07/01 17:27:39 | 266,675,880 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013/06/25 14:35:27 | 000,608,894 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013/06/25 14:35:27 | 000,106,364 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013/06/25 11:57:54 | 000,336,612 | ---- | M] () -- C:\Users\Robin\Documents\Assessment Lesson 03_08 Pascal’s Triangle..pdf [2013/06/12 18:36:17 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013/06/12 18:36:17 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013/06/12 13:38:51 | 000,179,313 | ---- | M] () -- C:\Users\Robin\Documents\02.12 Discussion Based Assessment.pdf [2013/06/09 13:49:58 | 000,258,808 | ---- | M] () -- C:\Users\Robin\Documents\Assessment 02_08 Higher-Level Word Problems (Honors Only)..pdf ========== Files Created - No Company Name ========== [2013/07/07 19:44:36 | 000,890,988 | ---- | C] () -- C:\Users\Robin\Desktop\SecurityCheck.exe [2013/07/07 19:26:13 | 000,650,027 | ---- | C] () -- C:\Users\Robin\Desktop\AdwCleaner.exe [2013/07/07 18:37:20 | 000,000,230 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat [2013/07/07 16:34:04 | 000,001,737 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk [2013/07/07 15:09:48 | 000,000,847 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk [2013/07/07 12:16:49 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/07/07 12:12:57 | 3081,744,384 | -HS- | C] () -- C:\hiberfil.sys [2013/07/02 19:16:57 | 000,182,911 | ---- | C] () -- C:\Users\Robin\Documents\03.11 Discussion Based Assessment.pdf [2013/07/01 17:27:39 | 266,675,880 | ---- | C] () -- C:\Windows\MEMORY.DMP [2013/06/25 11:57:53 | 000,336,612 | ---- | C] () -- C:\Users\Robin\Documents\Assessment Lesson 03_08 Pascal’s Triangle..pdf [2013/06/15 16:54:06 | 000,001,158 | ---- | C] () -- C:\Users\Robin\Desktop\ROBLOX Player.lnk [2013/06/15 16:53:51 | 000,001,170 | ---- | C] () -- C:\Users\Robin\Desktop\ROBLOX Studio 2013.lnk [2013/06/12 13:38:50 | 000,179,313 | ---- | C] () -- C:\Users\Robin\Documents\02.12 Discussion Based Assessment.pdf [2013/06/09 13:49:58 | 000,258,808 | ---- | C] () -- C:\Users\Robin\Documents\Assessment 02_08 Higher-Level Word Problems (Honors Only)..pdf [2013/05/22 11:21:06 | 004,325,376 | ---- | C] () -- C:\ProgramData\ReadOnlyInstaller.msi [2012/10/27 18:25:55 | 000,140,961 | ---- | C] () -- C:\Users\Robin\halloween.jpg [2009/11/19 22:35:31 | 000,001,490 | ---- | C] () -- C:\Users\Robin\AppData\Roaming\wklnhst.dat [2009/06/07 23:20:52 | 000,017,920 | ---- | C] () -- C:\Users\Robin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006/11/02 08:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 13:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 02:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 02:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013/01/31 13:53:36 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software [2013/01/31 13:53:36 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software [2013/07/07 05:37:15 | 000,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\AVG2013 [2013/04/25 21:29:53 | 000,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\Blackboard [2013/05/29 19:40:16 | 000,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\Elluminate [2009/11/22 10:24:50 | 000,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\InterVideo [2012/10/10 17:53:45 | 000,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\Juniper Networks [2013/07/08 17:11:56 | 000,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\Oracle [2013/07/08 17:21:46 | 000,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\Spotify [2011/02/18 19:14:22 | 000,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\Template [2013/07/07 05:32:48 | 000,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\TuneUp Software [2012/06/06 15:16:01 | 000,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\Visan [2012/10/10 14:10:34 | 000,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\webex ========== Purity Check ========== < End of report >
  11. When I try to highlight the OTM results it says not responding and the cursor just spins. After a few minutes it stopped doing that until I tried copying and then it repeats everything. Is there something I'm doing wrong? Thanks!
  12. It looks even worse now. C:\Program Files\InfoSeeker\IE\common.dll a variant of Win32/ExFriendAlert.B application C:\Users\Robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0WWHMWFF\api_Downloader[1].exe a variant of Win32/BundleInstaller.C application C:\Users\Robin\AppData\Local\Temp\DefaultTabSetup.exe a variant of Win32/Toolbar.DefaultTab.B application C:\Users\Robin\AppData\Local\Temp\hsbing_717_active.exe multiple threats C:\Users\Robin\AppData\Local\Temp\Shortcut_sweetpacks_dlcom_6212013.exe probably a variant of Win32/SweetIM.C application C:\Users\Robin\AppData\Local\Temp\WSSetup.exe Win32/SweetIM.E application C:\Users\Robin\Downloads\cbsidlm-tr1_13-HitmanPro_3_32bit-SEO-10895604.exe Win32/DownloadAdmin.G application C:\Users\Robin\Downloads\frzfonts_d165396.exe a variant of Win32/InstallIQ.A application C:\Windows\System32\ARFC\wrtc.exe Win32/SweetIM.E application
  13. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 04-07-2013 Ran by Robin at 2013-07-07 19:22:16 Run:1 Running from C:\Users\Robin\Desktop Boot Mode: Normal ============================================== HKCU\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} => Key deleted successfully. HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\\Load => Error setting value. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} => Value deleted successfully. HKCR\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f} => Key deleted successfully. HKLM\Software\Mozilla\Firefox\Extensions\\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D} => Value deleted successfully. Firefox Proxy settings were reset. Firefox Proxy settings were reset. "C:\$Recycle.Bin\S-1-5-21-442901960-3515935546-1508612407-1000\$8e217c54ea1961022d3e8875693d015c\n." => File/Directory not found. "C:\Program Files\Updater By SweetPacks" => File/Directory not found. C:\$Recycle.Bin\S-1-5-21-442901960-3515935546-1508612407-1000\$8e217c54ea1961022d3e8875693d015c => Directory moved successfully. C:\ProgramData\uninstaller.exe => Moved successfully. ==== End of Fixlog ==== # AdwCleaner v2.304 - Logfile created 07/07/2013 at 19:26:36 # Updated 03/07/2013 by Xplode # Operating system : Windows Vista Home Premium Service Pack 2 (32 bits) # User : Robin - ROBIN-PC # Boot Mode : Normal # Running from : C:\Users\Robin\Desktop\AdwCleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.07.07.03 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Robin :: ROBIN-PC [administrator] 7/7/2013 7:31:21 PM mbam-log-2013-07-07 (19-31-21).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 211563 Time elapsed: 8 minute(s), 16 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 2 HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Data: C:\Users\Robin\LOCALS~1\Temp\msuaofao.com -> Delete on reboot. HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Ransom) -> Data: C:\Users\Robin\LOCALS~1\Temp\msuaofao.com -> Delete on reboot. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Results of screen317's Security Check version 0.99.68 Windows Vista Service Pack 2 x86 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! AVG Internet Security 2013 Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 CCleaner (remove only) JavaFX 2.1.1 Java 7 Update 5 Java version out of Date! Adobe Flash Player 11.7.700.224 Adobe Reader 9 Adobe Reader out of Date! Mozilla Firefox 21.0 Firefox out of Date! ````````Process Check: objlist.exe by Laurent```````` AVG avgwdsvc.exe AVG avgrsx.exe AVG avgnsx.exe AVG avgemc.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0 % ````````````````````End of Log``````````````````````
  14. Thank you, Kevin. Requested logs # AdwCleaner v2.304 - Logfile created 07/07/2013 at 18:37:10 # Updated 03/07/2013 by Xplode # Operating system : Windows Vista Home Premium Service Pack 2 (32 bits) # User : Robin - ROBIN-PC # Boot Mode : Normal # Running from : C:\Users\Robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T925SWYN\AdwCleaner.exe # Option [Delete] ***** [services] ***** Stopped & Deleted : Updater By SweetPacks ***** [Files / Folders] ***** Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search File Deleted : C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\bi8vod73.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi File Deleted : C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\bi8vod73.default\searchplugins\SweetIm.xml File Deleted : C:\Windows\system32\ImhxxpComm.dll Folder Deleted : C:\Program Files\SweetIM Folder Deleted : C:\Program Files\Updater By SweetPacks Folder Deleted : C:\ProgramData\APN Folder Deleted : C:\Users\Robin\AppData\LocalLow\SweetIM Folder Deleted : C:\Windows\system32\WNLT ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE Key Deleted : HKCU\Software\IM Key Deleted : HKCU\Software\ImInstaller Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{DD85D6BF-4787-4A93-99A5-3F0CF0AE8834} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WNLT Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7D4F1959-3F72-49D5-8E59-F02F8AA6815D} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7D4F1959-3F72-49D5-8E59-F02F8AA6815D} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKCU\Software\wecarereminder Key Deleted : HKCU\Software\WNLT Key Deleted : HKCU\Software\YahooPartnerToolbar Key Deleted : HKLM\Software\AVG Secure Search Key Deleted : HKLM\Software\AVG Security Toolbar Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB} Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7D4F1959-3F72-49D5-8E59-F02F8AA6815D} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1 Key Deleted : HKLM\Software\Classes\Installer\Features\FB6D58DD787439A4995AF3C00FEA8843 Key Deleted : HKLM\Software\Classes\Installer\Products\FB6D58DD787439A4995AF3C00FEA8843 Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol Key Deleted : HKLM\SOFTWARE\Classes\S Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1 Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1 Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1 Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj Key Deleted : HKLM\Software\InstallIQ Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7D4F1959-3F72-49D5-8E59-F02F8AA6815D} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FB6D58DD787439A4995AF3C00FEA8843 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DD85D6BF-4787-4A93-99A5-3F0CF0AE8834} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin Key Deleted : HKLM\Software\WNLT Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16490 -\\ Mozilla Firefox v21.0 (en-US) File : C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\bi8vod73.default\prefs.js Deleted : user_pref("playsushi.position.button", true); Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "Google"); ************************* AdwCleaner[s1].txt - [14082 octets] - [07/07/2013 18:37:10] ########## EOF - C:\AdwCleaner[s1].txt - [14143 octets] ########## Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-07-2013 Ran by Robin (administrator) on 07-07-2013 18:49:27 Running from C:\Users\Robin\Desktop Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2013\avgrsx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgcsrvx.exe (Microsoft Corporation) C:\Windows\system32\SLsvc.exe (SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe (Microsoft Corporation) C:\Windows\system32\WLANExt.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgwdsvc.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE (ArcSoft, Inc.) C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe (Sony Corporation) C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Sony Corporation) C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe (Intel Corporation) C:\Windows\system32\igfxext.exe (Intel Corporation) C:\Windows\system32\igfxsrvc.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgnsx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgemcx.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSpt.exe (Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe (Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe (Sony Corporation) C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgui.exe (Spotify Ltd) C:\Users\Robin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe (Sony of America Corporation) C:\Program Files\Sony\VAIO Care\listener.exe (Microsoft Corporation) C:\Windows\system32\wuauclt.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCsystray.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [] [x] HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.) HKLM\...\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre7\bin\jusched.exe" [x] HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [38872 2012-07-31] (Adobe Systems Incorporated) HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-11] (Adobe Systems Incorporated) HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.) HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.) HKLM\...\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY [4408368 2013-04-29] (AVG Technologies CZ, s.r.o.) Winlogon\Notify\VESWinlogon: VESWinlogon.dll (Sony Corporation) HKCU\...\Run: [spotify Web Helper] "C:\Users\Robin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1104384 2013-06-19] (Spotify Ltd) HKCU\...\Run: [spotify] "C:\Users\Robin\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart [4643328 2013-06-19] (Spotify Ltd) HKCU\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation) HKCU\...\Run: [ROC_ROC_APR2013_AV] C:\Users\Robin\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 63bd65ee127de984aa78ba928c4b1bcf-c64db3337c0ec4f557b9be95062e29be2c303342 --CMPID ROC_APR2013_AV --CMPIDEXTRA 2012 [x] HKCU\...\Runonce: [shockwave Updater] C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; GTB7.1; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; BRI/2; 899703750903; compat/00302)" -"http://www.pearsonsuccessnet.com/iText/products/0-328-30608-8/index.html" [x] HKCR\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-442901960-3515935546-1508612407-1000\$8e217c54ea1961022d3e8875693d015c\n. ATTENTION! ====> ZeroAccess? HKCU\...\CurrentVersion\Windows: [Load] C:\Users\Robin\LOCALS~1\Temp\msuaofao.com ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople_f08 HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople_f08 SearchScopes: HKCU - {9E1E49AC-C20E-4545-999A-B8994837F61D} URL = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=843&invocationType=tb50sonyie7&query={searchTerms} SearchScopes: HKCU - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://search.avg.com/?d=4d540858&i=23&tp=chrome&q={searchTerms}&lng={language}&nt=1 BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" No File BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" No File Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) DPF: {055B4212-4C81-448E-AFA9-C3CA4AAE8F95} http://games.bigfishgames.com/en_dairy-dash-game/online/DairyDashWeb.1.0.0.15.cab DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} https://secureaccess.darden.com/cab/,DSID=8481af39266ee63f8e7e4d131a9ad305,DanaInfo=ikitchen.darden.com,ST=1+/smsx.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {195B4BBF-E1E4-4020-9773-0A8C6F65EA35} http://aolsvc.aol.com/onlinegames/free-trial-cooking-dash/CookingDashWeb.1.0.0.9.cab DPF: {4DCA1E08-4147-4A3D-8CA6-E095DF189FAB} http://games.bigfishgames.com/en_nightshift-legacy-the-jaguars-eye/online/Nightshift2Web.1.0.0.9.cab DPF: {74EF5274-F439-2168-B543-14745B625C72} http://games.bigfishgames.com/en_wedding-dash-2-rings-around-world-game/online/WeddingDash2Web.1.0.0.11.cab DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} http://aolsvc.aol.com/onlinegames/free-trial-burger-shop/GoBitGamesPlayer_v4.cab DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab DPF: {CEBE157C-C91E-4A45-BB3C-45F8C77C012F} http://aolsvc.aol.com/onlinegames/free-trial-wandering-willows/WanderingWillowsWeb.1.0.0.18.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T27L10NSP32EP5-14362/webex/ieatgpc1.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {F135A813-7152-4532-AC8D-28AC2136DFC7} http://games.bigfishgames.com/en_parking-dash/online/parkingdash.1.0.0.10.cab DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\bi8vod73.default FF SelectedSearchEngine: Bing FF NetworkProxy: "http", "61.172.249.94:80 " FF NetworkProxy: "http_port", 80 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @java.com/DTPlugin,version=10.5.1 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.5.1 - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @nsroblox.roblox.com/launcher - C:\Users\Robin\AppData\Local\Roblox\Versions\version-6cfc785e896545ae\\NPRobloxProxy.dll ( ROBLOX Corporation) FF Extension: No Name - C:\Users\Robin\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} FF Extension: InfoSeeker - C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\bi8vod73.default\Extensions\support@infoseekerapp.com FF Extension: Microsoft .NET Framework Assistant - C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\bi8vod73.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF HKLM\...\Firefox\Extensions: [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}] C:\Program Files\Updater By SweetPacks\Firefox ========================== Services (Whitelisted) ================= R2 AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [4937264 2013-05-14] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [283136 2013-04-18] (AVG Technologies CZ, s.r.o.) R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [106280 2013-07-07] (SurfRight B.V.) R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [187792 2010-08-12] (Sony Corporation) S3 SOHCImp; C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe [103712 2008-05-20] (Sony Corporation) S3 SOHDms; C:\Program Files\Sony\VAIO Media plus\SOHDms.exe [353568 2008-05-20] (Sony Corporation) S3 SOHDs; C:\Program Files\Sony\VAIO Media plus\SOHDs.exe [62752 2008-05-20] (Sony Corporation) R2 uCamMonitor; C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe [104960 2008-03-25] (ArcSoft, Inc.) S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [73728 2008-05-22] (Sony Corporation) R2 VCFw; C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [415744 2008-06-20] (Sony Corporation) S3 VcmIAlzMgr; C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [337184 2008-06-12] (Sony Corporation) R3 Vcsw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [279848 2008-06-19] (Sony Corporation) R2 vToolbarUpdater15.3.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [1598128 2013-07-07] (AVG Secure Search) S3 VUAgent; C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [722288 2010-06-09] (Sony Corporation) R2 VzCdbSvc; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [192512 2008-05-22] (Sony Corporation) S3 MSCSPTISRV; "C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe" [x] S3 SPTISRV; "C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe" [x] ==================== Drivers (Whitelisted) ==================== R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [17408 2008-01-30] (ArcSoft, Inc.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [208184 2013-03-29] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [60216 2013-02-08] (AVG Technologies CZ, s.r.o.) R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22328 2013-03-01] (AVG Technologies CZ, s.r.o.) R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [170808 2013-02-08] (AVG Technologies CZ, s.r.o.) R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [245048 2013-02-08] (AVG Technologies CZ, s.r.o.) R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [96568 2013-02-08] (AVG Technologies CZ, s.r.o.) R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [39224 2013-02-08] (AVG Technologies CZ, s.r.o.) R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [182072 2013-03-21] (AVG Technologies CZ, s.r.o.) R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-07-07] (AVG Technologies) S3 IpInIp; system32\DRIVERS\ipinip.sys [x] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-07-07 18:48 - 2013-07-07 18:48 - 01373373 ____A (Farbar) C:\Users\Robin\Desktop\FRST.exe 2013-07-07 18:48 - 2013-07-07 18:48 - 00000000 ____D C:\FRST 2013-07-07 18:37 - 2013-07-07 18:37 - 00014213 ____A C:\AdwCleaner[s1].txt 2013-07-07 18:37 - 2013-07-07 18:37 - 00000115 ____A C:\Windows\DeleteOnReboot.bat 2013-07-07 17:54 - 2013-07-07 17:58 - 00021498 ____A C:\Users\Robin\Desktop\dds.txt 2013-07-07 17:54 - 2013-07-07 17:57 - 00008690 ____A C:\Users\Robin\Desktop\attach.txt 2013-07-07 16:34 - 2013-07-07 16:34 - 00001737 ____A C:\Users\Public\Desktop\HitmanPro.lnk 2013-07-07 16:34 - 2013-07-07 16:34 - 00000000 ____D C:\Program Files\HitmanPro 2013-07-07 16:31 - 2013-07-07 16:31 - 00000000 ____D C:\ProgramData\Real 2013-07-07 16:30 - 2013-07-07 16:38 - 00000000 ____D C:\ProgramData\HitmanPro 2013-07-07 16:30 - 2013-07-07 16:30 - 09171472 ____A (SurfRight B.V.) C:\Users\Robin\Downloads\HitmanPro.exe 2013-07-07 16:30 - 2013-07-07 16:30 - 00033958 ____A C:\ProgramData\uninstaller.exe 2013-07-07 16:29 - 2013-07-07 16:29 - 00000000 ____D C:\Program Files\InfoSeeker 2013-07-07 16:28 - 2013-07-07 16:28 - 00000000 ____D C:\Windows\System32\jmdp 2013-07-07 16:28 - 2013-07-07 16:28 - 00000000 ____D C:\Windows\System32\ARFC 2013-07-07 16:28 - 2013-02-05 03:25 - 00554832 ____A (Microsoft Corporation) C:\Windows\System32\msvcp80.dll 2013-07-07 16:28 - 2013-02-05 03:25 - 00479232 ____A (Microsoft Corporation) C:\Windows\System32\msvcm80.dll 2013-07-07 16:28 - 2013-02-05 03:25 - 00001870 ____A C:\Windows\System32\Microsoft.VC80.CRT.manifest 2013-07-07 16:26 - 2013-07-07 16:26 - 00584600 ____A C:\Users\Robin\Downloads\cbsidlm-tr1_13-HitmanPro_3_32bit-SEO-10895604.exe 2013-07-07 15:09 - 2013-07-07 16:31 - 00000000 ____D C:\ProgramData\AVG SafeGuard toolbar 2013-07-07 15:09 - 2013-07-07 15:09 - 00037664 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx86.sys 2013-07-07 15:09 - 2013-07-07 15:09 - 00000847 ____A C:\Users\Public\Desktop\AVG 2013.lnk 2013-07-07 15:09 - 2013-07-07 15:09 - 00000000 ____D C:\Program Files\AVG SafeGuard toolbar 2013-07-07 14:58 - 2013-07-07 14:58 - 04464544 ____A (AVG Technologies) C:\Users\Robin\Downloads\avg_isct_stb_all_2013_3345(1).exe 2013-07-07 14:57 - 2013-07-07 14:57 - 04464544 ____A (AVG Technologies) C:\Users\Robin\Downloads\avg_isct_stb_all_2013_3345.exe 2013-07-07 12:16 - 2013-07-07 12:16 - 00000911 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-07-07 10:48 - 2013-07-07 16:58 - 00018232 ____A C:\Windows\PFRO.log 2013-07-07 05:37 - 2013-07-07 05:37 - 00000000 ____D C:\Users\Robin\AppData\Roaming\AVG2013 2013-07-07 05:33 - 2013-07-07 05:33 - 00000000 ____D C:\Users\Robin\AppData\Local\AVG SafeGuard toolbar 2013-07-07 05:32 - 2013-07-07 18:37 - 00000000 ____D C:\Program Files\Common Files\AVG Secure Search 2013-07-07 05:32 - 2013-07-07 05:32 - 00000000 ____D C:\Users\Robin\AppData\Roaming\TuneUp Software 2013-07-07 05:29 - 2013-07-07 15:07 - 00000000 ____D C:\ProgramData\AVG2013 2013-07-07 05:18 - 2013-07-07 15:23 - 00000000 ____D C:\Users\Robin\AppData\Local\Avg2013 2013-07-07 05:18 - 2013-07-07 05:18 - 00000000 ____D C:\Users\Robin\AppData\Local\MFAData 2013-07-04 18:44 - 2013-07-04 18:44 - 00000000 ____D C:\Program Files\Mozilla Firefox(0) 2013-07-01 17:27 - 2013-07-01 17:27 - 266675880 ____A C:\Windows\MEMORY.DMP 2013-07-01 17:27 - 2013-07-01 17:27 - 00142512 ____A C:\Windows\Minidump\Mini070113-01.dmp 2013-06-20 03:20 - 2013-05-16 19:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-06-20 03:20 - 2013-05-16 18:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-06-20 03:20 - 2013-05-16 18:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-06-20 03:20 - 2013-05-16 18:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-06-20 03:20 - 2013-05-16 18:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-06-20 03:20 - 2013-05-16 18:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2013-06-20 03:20 - 2013-05-16 18:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2013-06-20 03:20 - 2013-05-16 18:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-06-20 03:20 - 2013-05-16 18:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-06-20 03:20 - 2013-05-16 18:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2013-06-20 03:20 - 2013-05-16 18:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2013-06-20 03:20 - 2013-05-16 18:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-06-20 03:20 - 2013-05-16 18:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-06-20 03:20 - 2013-05-16 18:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2013-06-20 03:20 - 2013-05-16 18:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-06-20 03:20 - 2013-05-16 18:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-06-19 21:54 - 2013-05-08 00:37 - 00905576 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2013-06-19 21:54 - 2013-05-02 18:03 - 03603832 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe 2013-06-19 21:54 - 2013-05-02 18:03 - 03551096 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2013-06-19 21:54 - 2013-05-02 00:04 - 00443904 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll 2013-06-19 21:54 - 2013-05-02 00:03 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\printcom.dll 2013-06-19 21:54 - 2013-04-24 00:00 - 00985600 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2013-06-19 21:54 - 2013-04-24 00:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2013-06-19 21:54 - 2013-04-24 00:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2013-06-19 21:54 - 2013-04-24 00:00 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll 2013-06-19 21:54 - 2013-04-23 21:46 - 00812544 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe 2013-06-19 21:54 - 2013-04-17 08:30 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll 2013-06-15 16:54 - 2013-07-02 13:39 - 00001158 ____A C:\Users\Robin\Desktop\ROBLOX Player.lnk 2013-06-15 16:53 - 2013-07-04 22:42 - 00001170 ____A C:\Users\Robin\Desktop\ROBLOX Studio 2013.lnk 2013-06-15 16:53 - 2013-06-15 16:55 - 00000000 ____D C:\Users\Robin\AppData\Local\Roblox 2013-06-15 16:53 - 2013-06-15 16:53 - 00542576 ____A (ROBLOX Corporation) C:\Users\Robin\Downloads\RobloxPlayerLauncher.exe 2013-06-15 16:53 - 2013-06-15 16:53 - 00542576 ____A (ROBLOX Corporation) C:\Users\Robin\Downloads\RobloxPlayerLauncher(1).exe ==================== One Month Modified Files and Folders ======== 2013-07-07 18:48 - 2013-07-07 18:48 - 01373373 ____A (Farbar) C:\Users\Robin\Desktop\FRST.exe 2013-07-07 18:48 - 2013-07-07 18:48 - 00000000 ____D C:\FRST 2013-07-07 18:43 - 2011-01-09 23:47 - 01491574 ____A C:\Windows\WindowsUpdate.log 2013-07-07 18:41 - 2012-12-26 13:40 - 00000000 ____D C:\Users\Robin\AppData\Roaming\Spotify 2013-07-07 18:39 - 2010-01-29 14:11 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-07-07 18:39 - 2006-11-02 09:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-07-07 18:39 - 2006-11-02 08:47 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2013-07-07 18:39 - 2006-11-02 08:47 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2013-07-07 18:38 - 2008-07-24 05:09 - 00000012 ____A C:\Windows\bthservsdp.dat 2013-07-07 18:38 - 2006-11-02 09:01 - 00032610 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2013-07-07 18:37 - 2013-07-07 18:37 - 00014213 ____A C:\AdwCleaner[s1].txt 2013-07-07 18:37 - 2013-07-07 18:37 - 00000115 ____A C:\Windows\DeleteOnReboot.bat 2013-07-07 18:37 - 2013-07-07 05:32 - 00000000 ____D C:\Program Files\Common Files\AVG Secure Search 2013-07-07 18:36 - 2012-05-08 15:50 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-07-07 18:33 - 2010-01-29 14:11 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-07-07 18:29 - 2012-06-05 19:19 - 00000338 ____A C:\Windows\Tasks\HP Photo Creations Communicator.job 2013-07-07 17:58 - 2013-07-07 17:54 - 00021498 ____A C:\Users\Robin\Desktop\dds.txt 2013-07-07 17:57 - 2013-07-07 17:54 - 00008690 ____A C:\Users\Robin\Desktop\attach.txt 2013-07-07 16:58 - 2013-07-07 10:48 - 00018232 ____A C:\Windows\PFRO.log 2013-07-07 16:58 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\Web 2013-07-07 16:38 - 2013-07-07 16:30 - 00000000 ____D C:\ProgramData\HitmanPro 2013-07-07 16:34 - 2013-07-07 16:34 - 00001737 ____A C:\Users\Public\Desktop\HitmanPro.lnk 2013-07-07 16:34 - 2013-07-07 16:34 - 00000000 ____D C:\Program Files\HitmanPro 2013-07-07 16:31 - 2013-07-07 16:31 - 00000000 ____D C:\ProgramData\Real 2013-07-07 16:31 - 2013-07-07 15:09 - 00000000 ____D C:\ProgramData\AVG SafeGuard toolbar 2013-07-07 16:30 - 2013-07-07 16:30 - 09171472 ____A (SurfRight B.V.) C:\Users\Robin\Downloads\HitmanPro.exe 2013-07-07 16:30 - 2013-07-07 16:30 - 00033958 ____A C:\ProgramData\uninstaller.exe 2013-07-07 16:29 - 2013-07-07 16:29 - 00000000 ____D C:\Program Files\InfoSeeker 2013-07-07 16:28 - 2013-07-07 16:28 - 00000000 ____D C:\Windows\System32\jmdp 2013-07-07 16:28 - 2013-07-07 16:28 - 00000000 ____D C:\Windows\System32\ARFC 2013-07-07 16:28 - 2013-05-19 20:36 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-07-07 16:26 - 2013-07-07 16:26 - 00584600 ____A C:\Users\Robin\Downloads\cbsidlm-tr1_13-HitmanPro_3_32bit-SEO-10895604.exe 2013-07-07 16:26 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\Resources 2013-07-07 15:23 - 2013-07-07 05:18 - 00000000 ____D C:\Users\Robin\AppData\Local\Avg2013 2013-07-07 15:22 - 2011-02-10 11:31 - 00000000 ____D C:\ProgramData\MFAData 2013-07-07 15:14 - 2009-09-10 23:06 - 00000000 ____D C:\Program Files\AVG 2013-07-07 15:13 - 2011-02-10 11:38 - 00000000 ___HD C:\$AVG 2013-07-07 15:09 - 2013-07-07 15:09 - 00037664 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx86.sys 2013-07-07 15:09 - 2013-07-07 15:09 - 00000847 ____A C:\Users\Public\Desktop\AVG 2013.lnk 2013-07-07 15:09 - 2013-07-07 15:09 - 00000000 ____D C:\Program Files\AVG SafeGuard toolbar 2013-07-07 15:07 - 2013-07-07 05:29 - 00000000 ____D C:\ProgramData\AVG2013 2013-07-07 14:58 - 2013-07-07 14:58 - 04464544 ____A (AVG Technologies) C:\Users\Robin\Downloads\avg_isct_stb_all_2013_3345(1).exe 2013-07-07 14:57 - 2013-07-07 14:57 - 04464544 ____A (AVG Technologies) C:\Users\Robin\Downloads\avg_isct_stb_all_2013_3345.exe 2013-07-07 12:36 - 2006-11-02 08:37 - 00000000 ____D C:\Windows\ShellNew 2013-07-07 12:16 - 2013-07-07 12:16 - 00000911 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-07-07 12:16 - 2009-09-21 13:16 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-07-07 12:12 - 2006-11-02 06:22 - 50855936 ____A C:\Windows\System32\config\software_previous 2013-07-07 12:12 - 2006-11-02 06:22 - 38797312 ____A C:\Windows\System32\config\components_previous 2013-07-07 12:12 - 2006-11-02 06:22 - 21233664 ____A C:\Windows\System32\config\system_previous 2013-07-07 12:12 - 2006-11-02 06:22 - 00524288 ____A C:\Windows\System32\config\default_previous 2013-07-07 12:12 - 2006-11-02 06:22 - 00262144 ____A C:\Windows\System32\config\security_previous 2013-07-07 12:12 - 2006-11-02 06:22 - 00262144 ____A C:\Windows\System32\config\sam_previous 2013-07-07 12:11 - 2012-04-27 10:49 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2013-07-07 12:11 - 2011-01-26 04:53 - 00000000 ____D C:\Windows\Minidump 2013-07-07 12:11 - 2009-05-20 12:06 - 00000000 ____D C:\users\Robin 2013-07-07 12:11 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\System32\spool 2013-07-07 12:11 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\System32\Msdtc 2013-07-07 12:11 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\registration 2013-07-07 05:37 - 2013-07-07 05:37 - 00000000 ____D C:\Users\Robin\AppData\Roaming\AVG2013 2013-07-07 05:33 - 2013-07-07 05:33 - 00000000 ____D C:\Users\Robin\AppData\Local\AVG SafeGuard toolbar 2013-07-07 05:32 - 2013-07-07 05:32 - 00000000 ____D C:\Users\Robin\AppData\Roaming\TuneUp Software 2013-07-07 05:18 - 2013-07-07 05:18 - 00000000 ____D C:\Users\Robin\AppData\Local\MFAData 2013-07-04 22:42 - 2013-06-15 16:53 - 00001170 ____A C:\Users\Robin\Desktop\ROBLOX Studio 2013.lnk 2013-07-04 18:44 - 2013-07-04 18:44 - 00000000 ____D C:\Program Files\Mozilla Firefox(0) 2013-07-02 13:39 - 2013-06-15 16:54 - 00001158 ____A C:\Users\Robin\Desktop\ROBLOX Player.lnk 2013-07-01 17:27 - 2013-07-01 17:27 - 266675880 ____A C:\Windows\MEMORY.DMP 2013-07-01 17:27 - 2013-07-01 17:27 - 00142512 ____A C:\Windows\Minidump\Mini070113-01.dmp 2013-07-01 13:19 - 2012-12-26 13:41 - 00000000 ____D C:\Users\Robin\AppData\Local\Spotify 2013-06-25 14:35 - 2006-11-02 06:33 - 00709710 ____A C:\Windows\System32\PerfStringBackup.INI 2013-06-21 09:34 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\Microsoft.NET 2013-06-20 04:00 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\rescache 2013-06-15 16:55 - 2013-06-15 16:53 - 00000000 ____D C:\Users\Robin\AppData\Local\Roblox 2013-06-15 16:53 - 2013-06-15 16:53 - 00542576 ____A (ROBLOX Corporation) C:\Users\Robin\Downloads\RobloxPlayerLauncher.exe 2013-06-15 16:53 - 2013-06-15 16:53 - 00542576 ____A (ROBLOX Corporation) C:\Users\Robin\Downloads\RobloxPlayerLauncher(1).exe 2013-06-12 18:36 - 2012-05-08 15:50 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe 2013-06-12 18:36 - 2011-09-05 20:40 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl ZeroAccess: C:\$Recycle.Bin\S-1-5-21-442901960-3515935546-1508612407-1000\$8e217c54ea1961022d3e8875693d015c Files to move or delete: ==================== C:\ProgramData\uninstaller.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-07-07 18:48 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x86) Version: 04-07-2013 Ran by Robin at 2013-07-07 18:50:20 Running from C:\Users\Robin\Desktop Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= Update for Microsoft Office 2007 (KB2508958) Acrobat.com (Version: 0.0.0) Acrobat.com (Version: 1.1.377) Adobe AIR (Version: 3.5.0.1060) Adobe Flash Player 11 ActiveX (Version: 11.7.700.224) Adobe Flash Player 11 Plugin (Version: 11.7.700.224) Adobe Reader 9.5.2 (Version: 9.5.2) Adobe Shockwave Player 11.5 (Version: 11.5) Apple Application Support (Version: 2.3.3) Apple Mobile Device Support (Version: 6.1.0.13) Apple Software Update (Version: 2.1.3.127) ArcSoft Magic-i Visual Effects ArcSoft WebCam Companion 2 AVG 2013 (Version: 13.0.3204) AVG 2013 (Version: 13.0.3345) AVG 2013 (Version: 2013.0.3345) Big Brainz (Version: 1.11) Bing Bar (Version: 7.0.609.0) Bonjour (Version: 3.0.0.10) CCleaner (remove only) Cisco WebEx Meetings Click to Disc Editor (Version: 2.0.02) Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000) Coupon Printer for Windows (Version: 5.0.0.0) Dolby Control Center (Version: 1.1.0402) EZ Fonts (Version: 1.0.0) Google Toolbar for Internet Explorer (Version: 1.0.0) Google Toolbar for Internet Explorer (Version: 7.5.4209.2358) Google Update Helper (Version: 1.3.21.145) HDAUDIO Soft Data Fax Modem with SmartCP HitmanPro 3.7 (Version: 3.7.6.201) HP Deskjet 3050 J610 series Basic Device Software (Version: 22.0.334.0) HP Deskjet 3050 J610 series Help (Version: 140.0.63.63) HP Deskjet 3050 J610 series Product Improvement Study (Version: 22.0.334.0) HP Photo Creations (Version: 1.0.0.8812) HP Update (Version: 5.002.005.003) iCloud (Version: 2.1.2.8) InfoSeeker (Version: 2.6.17) Intel PROSet Wireless Intel® Graphics Media Accelerator Driver Intel® PROSet/Wireless WiFi Software (Version: 12.04.3000) iTunes (Version: 11.0.2.26) Java Auto Updater (Version: 2.1.6.0) Java 7 Update 5 (Version: 7.0.50) JavaFX 2.1.1 (Version: 2.1.1) Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300) Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6012.5000) Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office File Validation Add-In (Version: 14.0.5130.5003) Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000) Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000) Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000) Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014) Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Suite Activation Assistant (Version: 2.9) Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Silverlight (Version: 5.1.20125.0) Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Works (Version: 9.7.0621) Mozilla Firefox 21.0 (x86 en-US) (Version: 21.0) Mozilla Maintenance Service (Version: 21.0) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0) Music Transfer (Version: 1.2.00.17290) Napster (Version: 4.5.1.1) Napster Burn Engine (Version: 3.5.0000) NVIDIA Drivers OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0) OpenMG Secure Module 5.4.00 (Version: 5.4.00.04020) Photo Viewer s2.5 Primo (Version: 1.00.0000) PrintCoupon (Version: 1.0) QuickTime (Version: 7.73.80.64) Realtek High Definition Audio Driver (Version: 6.0.1.5610) ROBLOX Player for Robin ROBLOX Studio 2013 for Robin Roxio Central Audio (Version: 3.7.0) Roxio Central Copy (Version: 3.7.0) Roxio Central Core (Version: 3.7.0) Roxio Central Data (Version: 3.7.0) Roxio Central Tools (Version: 3.7.0) Roxio Easy Media Creator 10 LJ (Version: 10.1) Roxio Easy Media Creator Home (Version: 10.1.177) Setting Utility Series (Version: 4.1.00.07170) Sony Picture Utility (Version: 3.2.02.06170) Sony Video Shared Library (Version: 3.4.00) Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0) Spotify (HKCU Version: 0.9.1.53.g876fa9df) Synaptics Pointing Device Driver (Version: 11.1.16.0) Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB2836940) (Version: 1) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Updater By SweetPacks 2.0.0.586 (Version: 2.0.0.586) VAIO Care (Version: 6.3.0.09020) VAIO Content Folder Setting (Version: 2.0.00.17290) VAIO Content Metadata Intelligent Analyzing Manager (Version: 3.2.00.06115) VAIO Content Metadata XML Interface Library (Version: 3.6.0.09080) VAIO Control Center (Version: 3.1.00.07110) VAIO Data Restore Tool (Version: 1.0.04.01170) VAIO DVD Menu Data Basic (Version: 1.0.00.08130) VAIO Entertainment Platform (Version: 3.2.00.06200) VAIO Event Service (Version: 4.1.00.07150) VAIO Help and Support (Version: 6.00.0801.CS) VAIO Launcher (Version: 2.1.00.06130) VAIO Media plus (Version: 1.1.00.05240) VAIO Movie Story (Version: 1.3.00.06240) VAIO Movie Story Template Data (Version: 1.3.00.06120) VAIO MusicBox (Version: 2.1.00.06110) VAIO MusicBox Sample Music (Version: 1.1.00.14140) VAIO My Memory Center (Version: 1.00.0229) VAIO OOBE and Welcome Center (Version: 6.00.0729.US) VAIO Original Function Settings (Version: 2.0.2.02240) VAIO Power Management (Version: 3.1.00.06190) VAIO Startup Assistant (Version: 3.00.0731) VAIO Survey (Version: 6.00.0722) VAIO Update (Version: 5.1.1.06090) VAIO Wallpaper Contents (Version: 1.2.00.05200) VAIO Wireless Wizard (Version: 1.01.0722) WIDCOMM Bluetooth Software 6.2.0.4100 (Version: 6.2.0.4100) Windows Live ID Sign-in Assistant (Version: 6.500.3165.0) Windows Live Mail (Version: 12.0.1606.1023) Windows Live Photo Gallery (Version: 12.0.1329.0201) Windows Live Writer (Version: 12.0.1370.0325) WinDVD for VAIO (Version: 8.0-B9.513) ==================== Restore Points ========================= 25-06-2013 01:20:08 Scheduled Checkpoint 25-06-2013 16:58:37 Scheduled Checkpoint 26-06-2013 19:25:00 Scheduled Checkpoint 27-06-2013 22:22:35 Scheduled Checkpoint 29-06-2013 00:05:27 Scheduled Checkpoint 29-06-2013 20:06:17 Scheduled Checkpoint 01-07-2013 18:27:37 Scheduled Checkpoint 02-07-2013 19:08:51 Scheduled Checkpoint 04-07-2013 04:03:53 Scheduled Checkpoint 05-07-2013 04:32:55 Scheduled Checkpoint 06-07-2013 15:18:01 Scheduled Checkpoint 07-07-2013 07:28:26 Scheduled Checkpoint 07-07-2013 09:28:19 Installed AVG 2013 07-07-2013 09:29:30 Installed AVG 2013 07-07-2013 15:42:00 Windows Update 07-07-2013 19:02:41 Installed AVG 2013 07-07-2013 19:06:00 Installed AVG 2013 07-07-2013 20:42:02 Removed ASPCA Reminder by We-Care.com v4.1.22.1 07-07-2013 20:42:42 Removed ASPCA Reminder by We-Care.com v4.1.22.1 ==================== Hosts content: ========================== 2010-09-12 18:40 - 2010-09-12 18:40 - 00000822 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {0262392C-2187-4765-B128-513E68C7ACDE} - System32\Tasks\VAIO Care Support => C:\Program Files\Sony\VAIO Care\VCSpt.exe [2010-08-12] (Sony Corporation) Task: {031E4203-07AF-4D1F-B155-83DDB3DEC793} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\schtasks.exe [2008-01-20] (Microsoft Corporation) Task: {11E3F85D-9BEB-4A8F-98A1-9E5C1B936733} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12] (Adobe Systems Incorporated) Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI Task: {32626449-8DB1-480E-A4C8-4CD093C4BEBB} - System32\Tasks\SONY\VAIO Update\VAIO Update 5 => C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe [2010-06-09] (Sony Corporation) Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages Task: {41A9805C-F604-41E7-B980-73C3F4C64578} - System32\Tasks\VAIO Care => C:\Program Files\Sony\VAIO Care\VCsystray.exe [2010-09-02] (Sony Corporation) Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation) Task: {519172E8-6360-48C2-9502-178914441B86} - System32\Tasks\VCOneClick => C:\Program Files\Sony\VAIO Care\VCOneClick.exe [2010-08-12] () Task: {5D749D15-4D8A-44EC-A05A-B8B611AA1786} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-29] (Google Inc.) Task: {65436B24-9567-43A9-BEFD-ED76BA323001} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2012-07-03] () Task: {7B215E48-F202-482C-8EBD-0069D4B7B9DA} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-17] () Task: {8D3C644E-9C72-4FE5-B7B3-031B8443AE50} - System32\Tasks\SONY\VAIO Update\Launch Application => C:\Program Files\Sony\VAIO Update 5\ShellExeProxy.exe [2010-06-09] (Sony Corporation) Task: {97BB35E4-8AD1-4317-9763-074DAA4173F7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {A61555D3-7840-45C1-A5A9-0D49851DE37A} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-20] (Microsoft Corporation) Task: {A728AE6B-5AB8-4223-AD3E-E6341441A01C} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => C:\Windows\system32\rundll32.exe [2006-11-02] (Microsoft Corporation) Task: {C48E3409-2D6F-4CF8-B2EA-F735BE0FF28B} - System32\Tasks\User_Feed_Synchronization-{671E8E62-204A-41F9-AE57-08095BBA8C6C} => C:\Windows\system32\msfeedssync.exe [2012-02-23] (Microsoft Corporation) Task: {C5271F4F-5B80-49E2-AFAB-DB048BF49D9F} - System32\Tasks\HPCustParticipation HP Deskjet 3050 J610 series => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-06-14] (Hewlett-Packard Co.) Task: {C7BEA7C7-EC19-4819-A2D2-B2F696619408} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-29] (Google Inc.) Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] () Task: {F4631F43-33BF-47AF-9628-31B7B9F8D7AC} - System32\Tasks\Microsoft\Windows\Defrag\ManualDefrag => C:\Windows\system32\defrag.exe [2008-01-20] (Microsoft Corp.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (07/07/2013 06:40:32 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1". Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (07/07/2013 06:40:32 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1". Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (07/07/2013 06:40:32 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1". Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (07/07/2013 06:40:32 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1". Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (07/07/2013 06:40:32 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1". Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (07/07/2013 06:40:32 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1". Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (07/07/2013 06:40:32 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1". Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (07/07/2013 06:40:06 PM) (Source: VzCdbSvc) (User: ) Description: Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error code = 0x80042019) Error: (07/07/2013 06:40:00 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/07/2013 06:33:30 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 669119 System errors: ============= Error: (07/07/2013 06:38:14 PM) (Source: Service Control Manager) (User: ) Description: ScRegSetValueExWFailureActions%%5 Error: (07/07/2013 04:57:54 PM) (Source: Service Control Manager) (User: ) Description: ScRegSetValueExWFailureActions%%5 Error: (07/07/2013 04:09:05 PM) (Source: Service Control Manager) (User: ) Description: ScRegSetValueExWFailureActions%%5 Error: (07/07/2013 03:11:42 PM) (Source: Service Control Manager) (User: ) Description: AVGIDSAgent3758213666 (0xE001CA22) Error: (07/07/2013 03:11:32 PM) (Source: Service Control Manager) (User: ) Description: AVGIDSAgent3758213666 (0xE001CA22) Error: (07/07/2013 03:11:31 PM) (Source: Service Control Manager) (User: ) Description: AVGIDSAgent3758213666 (0xE001CA22) Error: (07/07/2013 03:11:30 PM) (Source: Service Control Manager) (User: ) Description: AVGIDSAgent3758213666 (0xE001CA22) Error: (07/07/2013 03:11:29 PM) (Source: Service Control Manager) (User: ) Description: AVGIDSAgent3758213666 (0xE001CA22) Error: (07/07/2013 03:11:28 PM) (Source: Service Control Manager) (User: ) Description: AVGIDSAgent3758213666 (0xE001CA22) Error: (07/07/2013 03:11:26 PM) (Source: Service Control Manager) (User: ) Description: AVGIDSAgent3758213666 (0xE001CA22) Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2013-07-07 18:50:00.290 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system. Date: 2013-07-07 18:50:00.056 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system. Date: 2013-07-07 18:49:59.822 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system. Date: 2013-07-07 18:49:59.557 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system. Date: 2013-07-07 17:15:10.985 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system. Date: 2013-07-07 17:15:10.751 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system. Date: 2013-07-07 17:15:10.502 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system. Date: 2013-07-07 17:15:10.283 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system. Date: 2013-07-07 17:15:10.034 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system. Date: 2013-07-07 17:15:09.800 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Percentage of memory in use: 43% Total physical RAM: 2938.24 MB Available physical RAM: 1655.64 MB Total Pagefile: 6088.77 MB Available Pagefile: 4667.84 MB Total Virtual: 2047.88 MB Available Virtual: 1910.74 MB ==================== Drives ================================ Drive c: (VISTA) (Fixed) (Total:224.98 GB) (Free:129.73 GB) NTFS ==>[Drive with boot components (obtained from BCD)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: 3718206B) Partition 1: (Not Active) - (Size=8 GB) - (Type=27) Partition 2: (Active) - (Size=225 GB) - (Type=07 NTFS) ==================== End Of Log ============================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.