Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Wndows XP Pro infected [Closed]

Wn32 AVAST.EXE CTF Loader

  • This topic is locked This topic is locked

#1
KCD86

KCD86

    Member

  • Member
  • PipPip
  • 93 posts

 I have windows XP Professional and are running AVAST for a long time then AVAST.exe would not open, lost ability to use WiFi says no iP address,  computer extremely slow the only thing that allows me is Safemode with networking.I recieve prompts, Win32,exe, CTF Loader, AVAST.exe all say cant run. I have used via safemode the following: RKill, Malaware bytes, SpyBot, Superantispyware and AVG will run but stops scan on its own all to no avail. 

I ran OTL:OTL logfile created on: 9/12/2014 1:08:45 PM - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\User\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1014.11 Mb Total Physical Memory | 634.50 Mb Available Physical Memory | 62.57% Memory free
2.39 Gb Paging File | 2.12 Gb Available in Paging File | 88.82% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.53 Gb Total Space | 44.66 Gb Free Space | 64.23% Space Free | Partition Type: NTFS
 
Computer Name: D88CFA77634F40F | User Name: User | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/09/12 13:07:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\My Documents\Downloads\OTL.exe
PRC - [2014/08/06 23:20:57 | 000,860,488 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2014/07/22 19:47:10 | 000,142,648 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/08/06 23:20:55 | 000,353,096 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\36.0.1985.143\ppgooglenaclpluginchrome.dll
MOD - [2014/08/06 23:20:53 | 008,537,928 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\36.0.1985.143\pdf.dll
MOD - [2014/08/06 23:20:46 | 001,732,936 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\36.0.1985.143\ffmpegsumo.dll
MOD - [2008/04/13 20:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 20:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SDWSCService)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SDUpdateService)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SDScannerService)
SRV - [2014/08/25 11:42:20 | 003,242,000 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2014/08/25 11:38:58 | 000,289,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2014/08/06 09:53:53 | 000,050,344 | ---- | M] (AVAST Software) [Disabled | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2014/07/22 19:47:10 | 000,142,648 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2014/05/18 13:15:54 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2011/10/11 05:19:14 | 000,670,792 | ---- | M] (Juniper Networks) [Auto | Stopped] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2011/09/07 21:10:34 | 000,198,520 | ---- | M] (Juniper Networks, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe -- (JuniperAccessService)
SRV - [2006/12/14 02:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 02:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 01:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) [On_Demand | Stopped] -- C:\Program Files\Common Files\AOL\acs\AOLacsd.exe -- (AOL ACS)
SRV - [2006/06/12 13:40:14 | 002,072,576 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2006/05/17 17:43:34 | 000,770,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP)
SRV - [2006/05/17 17:19:26 | 000,155,648 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2006/02/07 20:29:04 | 000,094,208 | ---- | M] (Sony Electronics, Inc) [Auto | Stopped] -- C:\Program Files\Sony\SmartWi Connection Utility\SmartWiService.exe -- (SmartWiService)
SRV - [2005/10/11 15:02:02 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP)
SRV - [2005/10/06 18:21:06 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2005/09/01 15:46:48 | 000,118,784 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2005/09/01 15:46:46 | 000,131,072 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2005/09/01 15:46:42 | 000,270,336 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2005/05/20 21:41:42 | 000,153,600 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2004/08/11 04:46:56 | 000,483,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Windows Media Connect\mswmccds.exe -- (WmcCds)
SRV - [2004/08/11 01:50:42 | 000,028,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect\mswmcls.exe -- (WmcCdsLs)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCTINDIS5.SYS -- (PCTINDIS5)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2014/09/12 12:30:36 | 000,110,296 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV - [2014/09/06 23:12:24 | 000,414,520 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\aswsp.sys -- (aswSP)
DRV - [2014/08/06 10:49:48 | 000,098,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2014/08/06 09:54:02 | 000,779,536 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2014/08/06 09:54:02 | 000,192,352 | ---- | M] () [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2014/08/06 09:54:02 | 000,067,824 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\aswmonflt.sys -- (aswMonFlt)
DRV - [2014/08/06 09:54:02 | 000,057,800 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2014/08/06 09:54:02 | 000,055,112 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2014/08/06 09:54:02 | 000,049,944 | ---- | M] () [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2014/08/06 09:54:02 | 000,024,184 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\aswHwid.sys -- (aswHwid)
DRV - [2014/07/21 21:03:50 | 000,191,256 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\avgidsdriverlx.sys -- (AVGIDSDriverl)
DRV - [2014/06/30 12:43:12 | 000,121,624 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\avgdiskx.sys -- (Avgdiskx)
DRV - [2014/06/17 16:22:02 | 000,188,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2014/06/17 16:21:22 | 000,197,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2014/06/17 16:18:00 | 000,241,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)
DRV - [2014/06/17 16:17:58 | 000,147,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2014/06/17 16:06:22 | 000,027,416 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2014/06/17 16:06:20 | 000,021,272 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2014/05/12 07:25:54 | 000,023,256 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/10/11 05:33:20 | 000,085,064 | ---- | M] (Juniper Networks) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NEOFLTR_710_19525.SYS -- (NEOFLTR_710_19525)
DRV - [2011/10/11 04:46:38 | 000,026,624 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/05/06 09:03:03 | 000,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZDPSp50.sys -- (ZDPSp50)
DRV - [2007/04/23 13:29:00 | 000,812,544 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2006/08/02 01:27:48 | 000,012,544 | ---- | M] (Intel Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/06/29 19:49:38 | 002,206,720 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51)
DRV - [2006/03/16 13:24:00 | 004,249,088 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService)
DRV - [2005/11/16 01:36:20 | 000,036,736 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2005/10/08 00:50:48 | 000,108,672 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (Tosrfbd)
DRV - [2005/10/08 00:30:00 | 000,062,848 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfhid.sys -- (Tosrfhid)
DRV - [2005/09/16 19:35:58 | 000,046,592 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2005/09/15 21:06:08 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2005/08/01 19:45:08 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005/05/23 09:31:46 | 001,034,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/05/23 09:30:48 | 000,178,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/05/23 09:30:42 | 000,716,288 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/01/06 16:42:42 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2005/01/03 03:32:42 | 000,114,944 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\GCXX.sys -- (SEMWModem)
DRV - [2005/01/03 03:32:42 | 000,053,248 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\GCXXNet.sys -- (SEMWWNIC)
DRV - [2004/11/22 12:31:00 | 000,108,767 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2003/06/18 20:12:50 | 000,071,961 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyPI.sys -- (SPI)
DRV - [2003/01/10 17:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw)
DRV - [2000/12/05 16:18:02 | 000,003,952 | ---- | M] (Sony Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)
DRV - [2000/11/09 19:15:08 | 000,048,896 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyNC.sys -- (SNC)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{1571676D-ABBE-4806-8241-2E582F6D28FE}: "URL" = http://search.aol.co...ionType=msie70a
IE - HKCU\..\SearchScopes\Google: "URL" = http://start.mysearc...=1969990305&ir=
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/09/06 23:09:43 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - homepage: 
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\36.0.1985.143\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\36.0.1985.143\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft® DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft® DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
 
O1 HOSTS File: ([2004/08/04 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 8
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKLM\..Trusted Domains: lij.edu ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: northshorelij.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: nshs.edu ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: nslij.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: nslijhs.net ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range -  5)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1273170796421 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://juniper.net/...perSetupSP1.cab (JuniperSetupControlXP Class)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/...SetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3044C156-B525-4B0A-878F-969A5321717F}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F85A551A-7841-4508-B630-2762D35C32FC}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/11/30 08:14:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/09/12 12:23:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2014/09/12 11:56:55 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\WINDOWS\System32\sqlite3.dll
[2014/09/12 11:55:31 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/09/07 11:45:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\AVG2014
[2014/09/07 11:43:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\TuneUp Software
[2014/09/07 11:43:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2014/09/07 11:41:03 | 000,000,000 | -H-D | C] -- C:\$AVG
[2014/09/07 11:41:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2014
[2014/09/07 11:38:08 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2014/09/07 11:32:52 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2014/09/07 11:32:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\MFAData
[2014/09/07 11:32:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2014/09/07 11:32:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Avg2014
[2014/09/07 11:30:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2
[2014/09/07 11:29:14 | 000,018,968 | ---- | C] (Safer Networking Limited) -- C:\WINDOWS\System32\sdnclean.exe
[2014/09/07 11:27:35 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2014/09/06 23:51:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Start Menu\Programs\Dropbox
[2014/09/06 23:43:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Dropbox
[2014/09/06 21:38:07 | 000,000,000 | ---D | C] -- C:\SUPERDelete
[2014/09/06 21:36:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\SUPERAntiSpyware.com
[2014/09/06 21:35:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2014/09/06 21:34:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2014/09/06 21:34:33 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2014/09/06 15:00:47 | 000,110,296 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/09/06 15:00:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/09/06 15:00:19 | 000,053,208 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/09/06 15:00:19 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2014/09/06 15:00:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2014/09/06 15:00:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2014/09/06 14:38:34 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2014/08/30 10:01:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2014/08/20 15:46:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\jumpshot.com
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/09/12 13:02:05 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/09/12 12:57:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/09/12 12:30:36 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/09/12 12:15:43 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/09/12 12:12:03 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/09/12 12:12:00 | 000,000,644 | ---- | M] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2014/09/12 12:12:00 | 000,000,312 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2014/09/11 14:36:23 | 000,000,216 | RHS- | M] () -- C:\boot.ini
[2014/09/07 11:52:04 | 000,000,616 | ---- | M] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2014/09/07 11:52:04 | 000,000,446 | ---- | M] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2014/09/07 11:43:46 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk
[2014/09/07 11:30:12 | 000,001,836 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
[2014/09/06 23:12:53 | 000,001,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2014/09/06 23:12:24 | 000,414,520 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswsp.sys
[2014/09/06 21:35:07 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2014/09/06 15:00:26 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/08/31 11:37:43 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/08/25 23:30:00 | 000,000,258 | ---- | M] () -- C:\WINDOWS\tasks\Disk Cleanup.job
[2014/08/20 16:44:56 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/09/07 11:43:46 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk
[2014/09/07 11:30:35 | 000,000,644 | ---- | C] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2014/09/07 11:30:35 | 000,000,616 | ---- | C] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2014/09/07 11:30:35 | 000,000,446 | ---- | C] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2014/09/07 11:30:12 | 000,001,842 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2014/09/07 11:30:12 | 000,001,836 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
[2014/09/06 21:35:07 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2014/09/06 15:00:26 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/08/06 09:54:22 | 000,024,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswHwid.sys
[2014/01/02 23:39:01 | 000,192,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2014/01/02 23:39:00 | 000,049,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2012/10/04 07:05:34 | 000,000,078 | ---- | C] () -- C:\WINDOWS\init.ini
[2012/09/14 16:55:38 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/05 23:29:20 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/05 23:29:20 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2005/11/30 10:50:55 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 20:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2010/05/07 10:05:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2014/01/02 23:28:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2014/09/07 11:44:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2014
[2014/07/15 15:16:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Battle.net
[2014/09/07 11:32:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/10/04 07:25:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2014/09/12 12:36:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2014/01/02 23:52:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\AVAST Software
[2014/09/07 11:45:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\AVG2014
[2014/07/15 16:14:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Battle.net
[2014/09/06 23:49:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Dropbox
[2010/06/18 10:35:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\InterVideo
[2012/10/25 13:26:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Juniper Networks
[2014/01/25 14:38:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\OpenOffice
[2014/09/07 11:43:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\TuneUp Software
 
========== Purity Check ==========
 
 
 
< End of report >

OTL Extras logfile created on: 9/12/2014 1:08:45 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\User\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1014.11 Mb Total Physical Memory | 634.50 Mb Available Physical Memory | 62.57% Memory free
2.39 Gb Paging File | 2.12 Gb Available in Paging File | 88.82% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.53 Gb Total Space | 44.66 Gb Free Space | 64.23% Space Free | Partition Type: NTFS
 
Computer Name: D88CFA77634F40F | User Name: User | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\acs\AOLDial.exe" = C:\Program Files\Common Files\AOL\acs\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialer -- (America Online)
"C:\Program Files\Common Files\AOL\acs\AOLacsd.exe" = C:\Program Files\Common Files\AOL\acs\AOLacsd.exe:*:Enabled:AOL Connectivity Service -- (AOL LLC)
"C:\Program Files\Common Files\AOL\1329685558\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1329685558\ee\aolsoftware.exe:*:Enabled:AOL Shared Components -- (AOL Inc.)
"C:\Program Files\AOL Desktop 9.6\waol.exe" = C:\Program Files\AOL Desktop 9.6\waol.exe:*:Enabled:AOL -- (AOL Inc.)
"C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe" = C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed -- (AOL Inc.)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL Inc.)
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL System Information -- (AOL Inc.)
"C:\Program Files\AOL Desktop 9.6\AOLBrowser\aolbrowser.exe" = C:\Program Files\AOL Desktop 9.6\AOLBrowser\aolbrowser.exe:*:Enabled:AOL Browser -- (AOL Inc.)
"C:\Program Files\Juniper Networks\Secure Application Manager\dsSamProxy.exe" = C:\Program Files\Juniper Networks\Secure Application Manager\dsSamProxy.exe:*:Enabled:Secure Application Manager Proxy -- (Juniper Networks)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.3147\Agent.exe" = C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.3147\Agent.exe:*:Enabled:Battle.net Update Agent -- (Blizzard Entertainment)
"C:\Program Files\Battle.net\Battle.net.exe" = C:\Program Files\Battle.net\Battle.net.exe:*:Enabled:Battle.net -- (Blizzard Entertainment)
"C:\Program Files\Google\Chrome\Application\chrome.exe" = C:\Program Files\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome -- (Google Inc.)
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony MP4 Shared Library
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio DigitalMedia Data
"{0DF00135-D5A7-476A-BFB3-EDFF2840076A}" = VAIO Wireless LAN Setup Utility
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{11B569C2-4BF6-4ED0-9D17-A4273943CB24}" = Adobe Photoshop Album 2.0 Starter Edition
"{1BEF9285-5530-426B-A5F1-5836B95C7EB1}" = VAIO Original Screen Saver
"{1C70BE80-35E0-46DA-B81D-5BF5652F8D80}" = AV Mode Button Utility
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{27337663-2619-11D4-99DC-0000F49094C7}" = Memory Stick Formatter
"{2EA7CF7E-0C76-44A5-B0CF-A1D171476E42}" = VAIO Breeze Wallpaper
"{315BA29D-2644-4760-B5FD-5AC04A52B8C5}" = VAIO Registration
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3AAE5EBB-4CA1-442A-9F64-FF813F694A2D}" = Juniper Installer Service
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}" = OpenOffice 4.0.1
"{4E993095-28F2-4060-9101-99C1FD1195C0}" = VAIO Central
"{4F79EDDE-2F37-4360-9662-933986FA2A50}" = Centricity Enterprise Web 3.0 Client   (SPa05)
"{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 5.0
"{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 5.0
"{59452470-A902-477F-9338-9B88101681BD}" = Setting Utility Series
"{59C51498-BEDE-4033-BBEE-16908F1EFB47}" = AVG 2014
"{639BB4D3-AA30-4A7B-8CB5-6DE681AD6659}" = VAIO Light Flo Wallpaper
"{66563AD8-637B-407F-BCA7-0233A16891AB}" = Business Contact Manager for Outlook 2003
"{685BCC47-B8EC-45EC-BBCE-77DF2451502C}" = DVgate Plus
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 5.0
"{80EE18E6-F16C-11D4-8BE8-006097C9A3ED}" = ISScript
"{82081533-F045-469E-BD53-F16839E445C3}" = VAIO Support Central
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver for Mobile
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{90CC4231-94AC-45CD-991A-0253BFAC0650}" = mDrWiFi
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for VAIO
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B5F85CA-90D4-4AFC-BB37-32477FD0D2B9}" = SmartWi Connection Utility
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9E158BB9-37B9-464B-837E-CC1D5766291B}" = VAIO Update 3
"{9E407618-D9CD-4F39-9490-9ED45294073D}" = Click to DVD 2.0.03 Menu Data
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A29C4047-4731-4F0D-86B8-FA6A301BFDD6}" = Centricity Enterprise Web 3.0 Client  (SPa10)
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA027AE9-DD20-4677-AA72-D760A358320B}" = Microsoft VC9 runtime libraries
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio DigitalMedia Audio
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.10)
"{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 5.0
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio DigitalMedia Copy
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{BA46CCF2-2C59-4DEB-93DC-7000B7C53B4E}" = VAIOSurveySA
"{BE56FEF0-1A0F-4719-B3AD-34B5087AFA6D}" = Sony Video Shared Library
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D0448678-1203-4158-A58F-B3D0B616BF9E}" = Sony Certificate PCH
"{E6707034-D7A4-49B1-94D0-F5AACE46F06C}" = Instant Mode
"{E809063C-51A3-4269-8984-D1EB742F2151}" = Click to DVD 2.5.32
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{E89956F9-5B89-470E-818D-BD46102D0A01}" = Citrix Presentation Server Client
"{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F37413EB-9B55-4764-AC88-90BCBB3D4695}" = AVG 2014
"{F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}" = Windows Media Connect
"{F9270D69-C715-4E1E-BFDD-03060438D181}" = Miracle C
"{FB714F13-10C9-48DB-91C9-DDBCCCBF9370}" = VAIO Original Screen Saver VAIO Cozy Screen SD Wide Contents
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FE3BF611-9B8B-44DC-A424-F8C4BA122A1D}" = VAIO Security Center
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"474492506B458A0013C8197612FA45B887DF7B06" = Windows Driver Package - Sony Corporation (SPI) HIDCLASS  (08/20/2002 7.0.3.820)
"6228B4FE0926AA3D873E8209B97FB99D06CC1DD8" = Windows Driver Package - Sony Corporation (SNC) HIDClass  (06/04/2002 6.0.0.2)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 14 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"Avast" = avast! Free Antivirus
"AVG" = AVG 2014
"Battle.net" = Battle.net
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_20030003" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ie8" = Windows Internet Explorer 8
"InstallShield_{315BA29D-2644-4760-B5FD-5AC04A52B8C5}" = VAIO Registration
"InstallShield_{BA46CCF2-2C59-4DEB-93DC-7000B7C53B4E}" = VAIOSurveySA
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"Juniper Network Connect 7.1.0" = Juniper Networks Network Connect 7.1.0
"Juniper_Setup_Client Activex Control" = Juniper Networks, Inc. Setup Client Activex Control
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MouseSuite98" = Sony USB Mouse
"Neoteris_Secure_Application_Manager" = Juniper Networks Secure Application Manager
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-14-05-01
"ProInst" = Intel® PROSet/Wireless Software
"PROSet" = Intel® PRO Network Connections Drivers
"Sony Ericsson Wireless Modem" = Sony Ericsson Wireless Modem
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Connect" = Windows Media Connect
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WirelessAdapterManager" = Wireless Adapter Manager 1.3
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Aff Packages" = Aff Packages
"Dropbox" = Dropbox
"Juniper_Setup_Client" = Juniper Networks, Inc. Setup Client
"Neoteris_Host_Checker" = Juniper Networks Host Checker
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 9/12/2014 11:20:27 AM | Computer Name = D88CFA77634F40F | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting 
module srsvc.dll, version 5.1.2600.5512, fault address 0x0001777e.
 
Error - 9/12/2014 11:25:53 AM | Computer Name = D88CFA77634F40F | Source = Application Error | ID = 1005
Description = Windows cannot access the file C:\WINDOWS\system32\rasmans.dll for
 one of the following reasons:   there is a problem with the network connection, the
 disk that the file is stored on, or the storage   drivers installed on this computer;
 or the disk is missing.   Windows closed the program Remote Access Connection Manager
 because of this error.    Program: Remote Access Connection Manager  File: C:\WINDOWS\system32\rasmans.dll
 
The
 error value is listed in the Additional Data section.  User Action  1. Open the file
 again.   This situation might be a temporary problem that corrects itself when the
 program runs again.  2.   If the file still cannot be accessed and   - It is on the network,
   your network administrator should verify that there is not a problem with the network
 and that the server can be contacted.   - It is on a removable disk, for example, 
a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3.
 Check and repair the file system by running CHKDSK. To run CHKDSK, click Start,
 click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, 
and then press ENTER.  4. If the problem persists, restore the file from a backup 
copy.  5. Determine whether other files on the same disk can be opened. If not, the
 disk might be damaged. If it is a hard disk, contact your administrator or computer
 hardware vendor for   further assistance.  Additional Data  Error value: C000009C  Disk
 type: 3
 
Error - 9/12/2014 12:13:21 PM | Computer Name = D88CFA77634F40F | Source = Application Error | ID = 1005
Description = Windows cannot access the file C:\WINDOWS\ime\sptip.dll for one of
 the following reasons:   there is a problem with the network connection, the disk
 that the file is stored on, or the storage   drivers installed on this computer; 
or the disk is missing.   Windows closed the program SAPI5.0/CTF layer DLL because
 of this error.    Program: SAPI5.0/CTF layer DLL  File: C:\WINDOWS\ime\sptip.dll    The error
 value is listed in the Additional Data section.  User Action  1. Open the file again.
   This situation might be a temporary problem that corrects itself when the program
 runs again.  2.   If the file still cannot be accessed and   - It is on the network,   your
 network administrator should verify that there is not a problem with the network
 and that the server can be contacted.   - It is on a removable disk, for example, 
a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3.
 Check and repair the file system by running CHKDSK. To run CHKDSK, click Start,
 click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, 
and then press ENTER.  4. If the problem persists, restore the file from a backup 
copy.  5. Determine whether other files on the same disk can be opened. If not, the
 disk might be damaged. If it is a hard disk, contact your administrator or computer
 hardware vendor for   further assistance.  Additional Data  Error value: C000009C  Disk
 type: 3
 
Error - 9/12/2014 12:13:52 PM | Computer Name = D88CFA77634F40F | Source = Application Error | ID = 1000
Description = Faulting application ctfmon.exe, version 5.1.2600.5512, faulting module
 sptip.dll, version 5.1.2600.5512, fault address 0x00012dfe.
 
Error - 9/12/2014 12:14:13 PM | Computer Name = D88CFA77634F40F | Source = Application Error | ID = 1005
Description = Windows cannot access the file C:\WINDOWS\system32\srsvc.dll for one
 of the following reasons:   there is a problem with the network connection, the disk
 that the file is stored on, or the storage   drivers installed on this computer; 
or the disk is missing.   Windows closed the program System Restore Service because
 of this error.    Program: System Restore Service  File: C:\WINDOWS\system32\srsvc.dll
 
The
 error value is listed in the Additional Data section.  User Action  1. Open the file
 again.   This situation might be a temporary problem that corrects itself when the
 program runs again.  2.   If the file still cannot be accessed and   - It is on the network,
   your network administrator should verify that there is not a problem with the network
 and that the server can be contacted.   - It is on a removable disk, for example, 
a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3.
 Check and repair the file system by running CHKDSK. To run CHKDSK, click Start,
 click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, 
and then press ENTER.  4. If the problem persists, restore the file from a backup 
copy.  5. Determine whether other files on the same disk can be opened. If not, the
 disk might be damaged. If it is a hard disk, contact your administrator or computer
 hardware vendor for   further assistance.  Additional Data  Error value: C000009C  Disk
 type: 3
 
Error - 9/12/2014 12:15:22 PM | Computer Name = D88CFA77634F40F | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting 
module srsvc.dll, version 5.1.2600.5512, fault address 0x0001777e.
 
Error - 9/12/2014 12:19:10 PM | Computer Name = D88CFA77634F40F | Source = Application Error | ID = 1005
Description = Windows cannot access the file C:\Program Files\Common Files\Sony 
Shared\VAIO Entertainment Platform\VCSW\VCSW.exe for one of the following reasons:
   there is a problem with the network connection, the disk that the file is stored
 on, or the storage   drivers installed on this computer; or the disk is missing. 
  Windows closed the program VCSW.exe because of this error.    Program: VCSW.exe  File:
 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
 
The
 error value is listed in the Additional Data section.  User Action  1. Open the file
 again.   This situation might be a temporary problem that corrects itself when the
 program runs again.  2.   If the file still cannot be accessed and   - It is on the network,
   your network administrator should verify that there is not a problem with the network
 and that the server can be contacted.   - It is on a removable disk, for example, 
a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3.
 Check and repair the file system by running CHKDSK. To run CHKDSK, click Start,
 click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, 
and then press ENTER.  4. If the problem persists, restore the file from a backup 
copy.  5. Determine whether other files on the same disk can be opened. If not, the
 disk might be damaged. If it is a hard disk, contact your administrator or computer
 hardware vendor for   further assistance.  Additional Data  Error value: C000009C  Disk
 type: 3
 
Error - 9/12/2014 12:23:29 PM | Computer Name = D88CFA77634F40F | Source = Application Error | ID = 1005
Description = Windows cannot access the file C:\WINDOWS\system32\rasmans.dll for
 one of the following reasons:   there is a problem with the network connection, the
 disk that the file is stored on, or the storage   drivers installed on this computer;
 or the disk is missing.   Windows closed the program Remote Access Connection Manager
 because of this error.    Program: Remote Access Connection Manager  File: C:\WINDOWS\system32\rasmans.dll
 
The
 error value is listed in the Additional Data section.  User Action  1. Open the file
 again.   This situation might be a temporary problem that corrects itself when the
 program runs again.  2.   If the file still cannot be accessed and   - It is on the network,
   your network administrator should verify that there is not a problem with the network
 and that the server can be contacted.   - It is on a removable disk, for example, 
a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3.
 Check and repair the file system by running CHKDSK. To run CHKDSK, click Start,
 click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, 
and then press ENTER.  4. If the problem persists, restore the file from a backup 
copy.  5. Determine whether other files on the same disk can be opened. If not, the
 disk might be damaged. If it is a hard disk, contact your administrator or computer
 hardware vendor for   further assistance.  Additional Data  Error value: C000009C  Disk
 type: 3
 
Error - 9/12/2014 12:46:54 PM | Computer Name = D88CFA77634F40F | Source = Application Error | ID = 1005
Description = Windows cannot access the file C:\WINDOWS\ime\sptip.dll for one of
 the following reasons:   there is a problem with the network connection, the disk
 that the file is stored on, or the storage   drivers installed on this computer; 
or the disk is missing.   Windows closed the program SAPI5.0/CTF layer DLL because
 of this error.    Program: SAPI5.0/CTF layer DLL  File: C:\WINDOWS\ime\sptip.dll    The error
 value is listed in the Additional Data section.  User Action  1. Open the file again.
   This situation might be a temporary problem that corrects itself when the program
 runs again.  2.   If the file still cannot be accessed and   - It is on the network,   your
 network administrator should verify that there is not a problem with the network
 and that the server can be contacted.   - It is on a removable disk, for example, 
a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3.
 Check and repair the file system by running CHKDSK. To run CHKDSK, click Start,
 click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, 
and then press ENTER.  4. If the problem persists, restore the file from a backup 
copy.  5. Determine whether other files on the same disk can be opened. If not, the
 disk might be damaged. If it is a hard disk, contact your administrator or computer
 hardware vendor for   further assistance.  Additional Data  Error value: C000009C  Disk
 type: 3
 
Error - 9/12/2014 12:47:01 PM | Computer Name = D88CFA77634F40F | Source = Application Error | ID = 1000
Description = Faulting application ctfmon.exe, version 5.1.2600.5512, faulting module
 sptip.dll, version 5.1.2600.5512, fault address 0x00012dfe.
 
[ System Events ]
Error - 9/7/2014 10:30:01 AM | Computer Name = D88CFA77634F40F | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
 
Error - 9/7/2014 10:30:10 AM | Computer Name = D88CFA77634F40F | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
 
Error - 9/7/2014 10:30:19 AM | Computer Name = D88CFA77634F40F | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
 
Error - 9/7/2014 10:30:27 AM | Computer Name = D88CFA77634F40F | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
 
Error - 9/7/2014 10:30:36 AM | Computer Name = D88CFA77634F40F | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
 
Error - 9/7/2014 10:30:54 AM | Computer Name = D88CFA77634F40F | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
 
Error - 9/7/2014 10:31:02 AM | Computer Name = D88CFA77634F40F | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
 
Error - 9/7/2014 10:31:28 AM | Computer Name = D88CFA77634F40F | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
 
Error - 9/7/2014 10:31:37 AM | Computer Name = D88CFA77634F40F | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
 
Error - 9/7/2014 10:31:45 AM | Computer Name = D88CFA77634F40F | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
 
 
< End of report >
 
 

 

 


  • 0

Advertisements


#2
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Hi. My name is Brian, and I would be happy to look at this for you.

 

I am currently in training and my posts will need to be reviewed by an expert, so expect a slight delay between posts.
 



- General Instructions -

  • Please read all instructions and fixes thoroughly. Read the ENTIRE post BEFORE performing any steps so you understand all that needs to be done.
  • I would advise printing any instructions for easy reference as some of the fixes may require you to boot in Safe mode. Access to these instructions may not be available in Safe Mode.
  • Any fixes provided by myself are for this log file only and should not be used on any other systems.
  • Do not run any other removal software or perform updates other than the ones I provide, as it will complicate the cleaning process.
  • You have 4 days to reply to each post or the topic will be closed. You will be able to request that the topic be re-opened by sending me a PM (Personal Message) or PM a moderator.
  • Please feel free to ask any questions, especially if you are having problems with my instructions.


- Save ALL Tools to your Desktop-

 

All tools that I have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.

 

Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.

Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.Settings.JPG Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.

IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.

NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

 


- Finally Before We Start-

 

Removing malware is a complicated multiple step process, Please stay with me until I have declared your system clean. I strongly recommend you backup your personal files and folders. Although rare, attempting to remove malware can render your machine unbootable or cause data loss. Having backups of your data is your responsibility. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

 

 

 

I'll review your logs now and get back to you within 24 hours.


  • 0

#3
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

After reviewing your logs I believe it may be more of a hardware issue than a malware issue as bad blocks are being reported on your disk drive. Let's see if we can resolve.

 

Step#1 - ChkDsk Scan

1. Click your Start button and choose Run.

2. Type cmd in the Run box and hit enter on the keyboard.

3. You should now have a black window open that you can type in to.

4. Please type chkdsk /R and then press enter.

5. You may get a message that says the volume is locked and that you need to reboot for this to work. Type Y on your keyboard and then reboot your computer.

    Note: This may take awhile to run. Let it finish.

6. If your machine boots back up in to Normal mode please keep it this way. If not then boot back into Safe mode With Networking.

7. Download ListChkdskResult.exe by SleepyDude and save it on your desktop.

8. Double-click this file and a text file will open (and also be saved on the desktop as ListChkdskResult.txt). Please copy the contents of this file and paste into your next post.

 

 

Step#2 - Fresh Set of Logs Needed
 1. Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the 32-bit Version so please ensure you download that one.

2. Double-Click to open. When the tool opens click Yes to disclaimer.

3. Press Scan button.

4. It will produce a log called FRST.txt in the same directory the tool is run from (which should be the desktop)

5. Please copy and paste log back here.

6. The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe). Please also paste that along with the FRST.txt into your reply.

 

  

 

Items for your next Post

1. ChkDsk Results

2. FRST and Addition logs


  • 0

#4
KCD86

KCD86

    Member

  • Topic Starter
  • Member
  • PipPip
  • 93 posts

Hi. My name is Brian, and I would be happy to look at this for you.

 

I am currently in training and my posts will need to be reviewed by an expert, so expect a slight delay between posts.
 



- General Instructions -

  • Please read all instructions and fixes thoroughly. Read the ENTIRE post BEFORE performing any steps so you understand all that needs to be done.
  • I would advise printing any instructions for easy reference as some of the fixes may require you to boot in Safe mode. Access to these instructions may not be available in Safe Mode.
  • Any fixes provided by myself are for this log file only and should not be used on any other systems.
  • Do not run any other removal software or perform updates other than the ones I provide, as it will complicate the cleaning process.
  • You have 4 days to reply to each post or the topic will be closed. You will be able to request that the topic be re-opened by sending me a PM (Personal Message) or PM a moderator.
  • Please feel free to ask any questions, especially if you are having problems with my instructions.


- Save ALL Tools to your Desktop-

 

All tools that I have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.

 

Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.

Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.Settings.JPG Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.

IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.

NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

 


- Finally Before We Start-

 

Removing malware is a complicated multiple step process, Please stay with me until I have declared your system clean. I strongly recommend you backup your personal files and folders. Although rare, attempting to remove malware can render your machine unbootable or cause data loss. Having backups of your data is your responsibility. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

 

 

 

I'll review your logs now and get back to you within 24 hours.

thank you I will get started


  • 0

#5
KCD86

KCD86

    Member

  • Topic Starter
  • Member
  • PipPip
  • 93 posts

After reviewing your logs I believe it may be more of a hardware issue than a malware issue as bad blocks are being reported on your disk drive. Let's see if we can resolve.

 

Step#1 - ChkDsk Scan

1. Click your Start button and choose Run.

2. Type cmd in the Run box and hit enter on the keyboard.

3. You should now have a black window open that you can type in to.

4. Please type chkdsk /R and then press enter.

5. You may get a message that says the volume is locked and that you need to reboot for this to work. Type Y on your keyboard and then reboot your computer.

    Note: This may take awhile to run. Let it finish.

6. If your machine boots back up in to Normal mode please keep it this way. If not then boot back into Safe mode With Networking.

7. Download ListChkdskResult.exe by SleepyDude and save it on your desktop.

8. Double-click this file and a text file will open (and also be saved on the desktop as ListChkdskResult.txt). Please copy the contents of this file and paste into your next post.

 

 

Step#2 - Fresh Set of Logs Needed
 1. Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the 32-bit Version so please ensure you download that one.

2. Double-Click to open. When the tool opens click Yes to disclaimer.

3. Press Scan button.

4. It will produce a log called FRST.txt in the same directory the tool is run from (which should be the desktop)

5. Please copy and paste log back here.

6. The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe). Please also paste that along with the FRST.txt into your reply.

 

  

 

Items for your next Post

1. ChkDsk Results

2. FRST and Addition logs

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014
Ran by User (administrator) on D88CFA77634F40F on 14-09-2014 13:53:23
Running from C:\Documents and Settings\User\Desktop
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IntelZeroConfig] => C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [802816 2006-08-02] (Intel Corporation)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [696320 2006-08-02] (Intel Corporation)
HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe [118784 2006-03-23] (Intel Corporation)
HKLM\...\Run: [UserFaultCheck] => %systemroot%\system32\dumprep 0 -u
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
Winlogon\Notify\VESWinlogon: C:\WINDOWS\system32\VESWinlogon.dll (Sony Corporation)
HKLM\...99B7938DA9E4}\LocalServer32: [Default-wmiprvse]  <==== ATTENTION!
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
BootExecute: autocheck autochk * sdnclean.exeC:\PROGRA~1\AVG\AVG2014\avgrsx.exe /sync /restart
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
SearchScopes: HKCU - Google URL = http://start.mysearc...=1969990305&ir=
SearchScopes: HKCU - {1571676D-ABBE-4806-8241-2E582F6D28FE} URL = http://search.aol.co...ionType=msie70a
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} -  No File
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1273170796421
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://juniper.net/...perSetupSP1.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/...SetupClient.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-03-08]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-01-02]
 
Chrome: 
=======
CHR HomePage: Default -> 
CHR DefaultSearchKeyword: Default -> mysearchdial.com
CHR DefaultSearchProvider: Default -> Mysearchdial
CHR DefaultSearchURL: Default -> http://start.mysearc...=1969990305&ir=
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\36.0.1985.143\gcswf32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\36.0.1985.143\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (RIM Handheld Application Loader) - C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll No File
CHR Plugin: (Shockwave for Director) - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR CustomProfile: C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-30]
CHR Extension: (Google Wallet) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-14]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-06]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
ATTENTION: => Could not perform signature verification. Cryptographic Service is not running.
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com)
S3 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [46640 2006-10-23] (AOL LLC)
S4 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-06] (AVAST Software)
S2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.)
S2 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [670792 2011-10-11] (Juniper Networks)
S2 JuniperAccessService; C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [198520 2011-09-07] (Juniper Networks, Inc.)
S2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S2 MSSQL$MICROSOFTBCM; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe [7544916 2003-05-31] (Microsoft Corporation)
S3 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [66112 2002-12-17] (Microsoft Corporation)
S3 PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [57344 2006-12-14] ()
S2 S24EventMonitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [937984 2006-08-02] (Intel Corporation )
S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S2 SmartWiService; C:\Program Files\Sony\SmartWi Connection Utility\SmartWiService.exe [94208 2006-02-07] (Sony Electronics, Inc)
S3 SPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [69632 2006-12-14] (Sony Corporation)
S3 SQLAgent$MICROSOFTBCM; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlagent.EXE [311872 2002-12-17] (Microsoft Corporation)
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe [73728 2005-10-06] (Sony Corporation)
S2 VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [153600 2005-05-20] (Sony Corporation)
S3 VAIOMediaPlatform-IntegratedServer-AppServer; C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe [2072576 2006-06-12] (Sony Corporation)
S3 VAIOMediaPlatform-IntegratedServer-HTTP; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [57344 2005-10-11] (Sony Corporation)
S3 VAIOMediaPlatform-IntegratedServer-UPnP; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [770048 2006-05-17] (Sony Corporation)
S3 VAIOMediaPlatform-Mobile-Gateway; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe [155648 2006-05-17] (Sony Corporation)
S3 Vcsw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [270336 2005-09-01] (Sony Corporation)
S2 VzCdbSvc; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [131072 2005-09-01] (Sony Corporation)
S2 VzFw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe [118784 2005-09-01] (Sony Corporation)
S3 WmcCds; c:\program files\windows media connect\mswmccds.exe [483328 2004-08-11] (Microsoft Corporation)
S3 WmcCdsLs; C:\Program Files\Windows Media Connect\mswmcls.exe [28160 2004-08-11] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21419 2010-05-13] (Meetinghouse Data Communications)
S2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-08-06] ()
S2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-08-06] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55112 2014-08-06] (AVAST Software)
S0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-08-06] ()
S1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [779536 2014-08-06] (AVAST Software)
S1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [414520 2014-09-06] (AVAST Software)
S1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57800 2014-08-06] (AVAST Software)
S0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [192352 2014-08-06] ()
S1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [121624 2014-06-30] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [191256 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-17] (AVG Technologies CZ, s.r.o.)
S1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [188696 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [98584 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [197400 2014-06-17] (AVG Technologies CZ, s.r.o.)
R3 dsNcAdpt; C:\WINDOWS\System32\DRIVERS\dsNcAdpt.sys [26624 2011-10-11] (Juniper Networks)
S3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [178048 2005-05-23] (Conexant Systems, Inc.)
S3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [1034752 2005-05-23] (Conexant Systems, Inc.)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [110296 2014-09-14] (Malwarebytes Corporation)
R1 NEOFLTR_710_19525; C:\WINDOWS\system32\Drivers\NEOFLTR_710_19525.SYS [85064 2011-10-11] (Juniper Networks)
S2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [12544 2006-08-02] (Intel Corporation)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SEMWModem; C:\WINDOWS\System32\DRIVERS\GCXX.sys [114944 2005-01-03] (Broadcom Corporation)
S3 SEMWWNIC; C:\WINDOWS\System32\DRIVERS\GCXXNet.sys [53248 2005-01-03] (Broadcom Corporation)
R3 SPI; C:\WINDOWS\System32\DRIVERS\SonyPI.sys [71961 2003-06-18] (Sony Corporation)
S3 ti21sony; C:\WINDOWS\System32\drivers\ti21sony.sys [812544 2007-04-23] (Texas Instruments)
R3 w29n51; C:\WINDOWS\System32\DRIVERS\w29n51.sys [2206720 2006-06-29] (Intel® Corporation)
R3 wanatw; C:\WINDOWS\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
S3 ZDPSp50; C:\WINDOWS\System32\Drivers\ZDPSp50.sys [17664 2010-05-06] (Printing Communications Assoc., Inc. (PCAUSA))
S3 PCTINDIS5; \??\C:\WINDOWS\system32\PCTINDIS5.SYS [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U1 WS2IFSL; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-14 13:01 - 2014-09-14 13:54 - 00017148 _____ () C:\Documents and Settings\User\Desktop\FRST.txt
2014-09-14 12:55 - 2014-09-14 13:53 - 00000000 ____D () C:\FRST
2014-09-14 12:33 - 2014-09-14 12:34 - 01097728 _____ (Farbar) C:\Documents and Settings\User\Desktop\FRST.exe
2014-09-14 12:31 - 2014-09-14 12:32 - 00000330 _____ () C:\Documents and Settings\User\Desktop\ListChkdskResult.txt
2014-09-14 12:25 - 2014-09-14 12:29 - 00197679 _____ () C:\Documents and Settings\User\Desktop\ListChkdskResult.exe
2014-09-12 12:23 - 2014-09-12 12:23 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2014-09-12 11:56 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\system32\sqlite3.dll
2014-09-12 11:55 - 2014-09-12 12:04 - 00000000 ____D () C:\AdwCleaner
2014-09-12 11:44 - 2014-09-12 11:48 - 00004862 _____ () C:\Documents and Settings\User\Desktop\Rkill.txt
2014-09-11 18:13 - 2014-09-11 18:13 - 00000453 _____ () C:\Documents and Settings\Administrator\Desktop\Shortcut to iExplore.lnk
2014-09-11 18:12 - 2012-05-09 20:30 - 01012656 _____ () C:\Documents and Settings\Administrator\Desktop\WiNlOgOn.exe
2014-09-11 18:12 - 2012-05-09 20:29 - 01012656 _____ () C:\Documents and Settings\Administrator\Desktop\eXplorer.exe
2014-09-11 16:32 - 2014-09-11 18:14 - 00000394 _____ () C:\rkill.log
2014-09-07 11:45 - 2014-09-07 11:45 - 00000000 ____D () C:\Documents and Settings\User\Application Data\AVG2014
2014-09-07 11:43 - 2014-09-07 11:43 - 00000702 _____ () C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk
2014-09-07 11:43 - 2014-09-07 11:43 - 00000000 ____D () C:\Documents and Settings\User\Application Data\TuneUp Software
2014-09-07 11:43 - 2014-09-07 11:43 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2014-09-07 11:41 - 2014-09-07 11:44 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG2014
2014-09-07 11:41 - 2014-09-07 11:41 - 00000000 ___HD () C:\$AVG
2014-09-07 11:38 - 2014-09-07 11:38 - 00000000 ____D () C:\Program Files\AVG
2014-09-07 11:32 - 2014-09-14 12:50 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2014-09-07 11:32 - 2014-09-07 11:44 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Application Data\Avg2014
2014-09-07 11:32 - 2014-09-07 11:32 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Application Data\MFAData
2014-09-07 11:30 - 2014-09-14 12:04 - 00000644 _____ () C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-09-07 11:30 - 2014-09-07 11:52 - 00000616 _____ () C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-09-07 11:30 - 2014-09-07 11:52 - 00000446 _____ () C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-09-07 11:30 - 2014-09-07 11:45 - 00065536 _____ () C:\WINDOWS\system32\config\SpybotSD.evt
2014-09-07 11:30 - 2014-09-07 11:30 - 00001842 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-09-07 11:30 - 2014-09-07 11:30 - 00001836 _____ () C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
2014-09-07 11:30 - 2014-09-07 11:30 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2
2014-09-07 11:29 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean.exe
2014-09-07 11:27 - 2014-09-07 11:31 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-09-06 23:51 - 2014-09-06 23:51 - 00000000 ____D () C:\Documents and Settings\User\Start Menu\Programs\Dropbox
2014-09-06 23:43 - 2014-09-06 23:49 - 00000000 ____D () C:\Documents and Settings\User\Application Data\Dropbox
2014-09-06 21:38 - 2014-09-06 21:38 - 00000000 ____D () C:\SUPERDelete
2014-09-06 21:36 - 2014-09-06 21:36 - 00000000 ____D () C:\Documents and Settings\User\Application Data\SUPERAntiSpyware.com
2014-09-06 21:35 - 2014-09-06 21:35 - 00001678 _____ () C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-09-06 21:35 - 2014-09-06 21:35 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
2014-09-06 21:34 - 2014-09-06 21:45 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-09-06 21:34 - 2014-09-06 21:34 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2014-09-06 15:00 - 2014-09-14 12:33 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-09-06 15:00 - 2014-09-06 15:00 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-06 15:00 - 2014-09-06 15:00 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-09-06 15:00 - 2014-09-06 15:00 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-06 15:00 - 2014-09-06 15:00 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-09-06 15:00 - 2014-05-12 07:26 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-09-06 15:00 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-09-06 14:51 - 2014-09-06 14:53 - 00004862 _____ () C:\Documents and Settings\Administrator\Desktop\Rkill.txt
2014-09-06 14:48 - 2014-09-06 14:48 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache
2014-09-06 14:38 - 2014-09-14 11:43 - 00000000 __SHD () C:\WINDOWS\CSC
2014-08-30 10:01 - 2014-08-30 10:01 - 00090112 _____ () C:\WINDOWS\Minidump\Mini083014-01.dmp
2014-08-30 10:01 - 2014-08-30 10:01 - 00000000 ____D () C:\WINDOWS\Minidump
2014-08-20 15:46 - 2014-08-20 15:46 - 00000000 ____D () C:\WINDOWS\jumpshot.com
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-14 13:54 - 2014-09-14 13:01 - 00017148 _____ () C:\Documents and Settings\User\Desktop\FRST.txt
2014-09-14 13:54 - 2010-05-05 23:29 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Temp
2014-09-14 13:53 - 2014-09-14 12:55 - 00000000 ____D () C:\FRST
2014-09-14 13:48 - 2005-11-30 06:55 - 00001158 _____ () C:\WINDOWS\system32\wpa.dbl
2014-09-14 12:50 - 2014-09-07 11:32 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2014-09-14 12:34 - 2014-09-14 12:33 - 01097728 _____ (Farbar) C:\Documents and Settings\User\Desktop\FRST.exe
2014-09-14 12:33 - 2014-09-06 15:00 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-09-14 12:32 - 2014-09-14 12:31 - 00000330 _____ () C:\Documents and Settings\User\Desktop\ListChkdskResult.txt
2014-09-14 12:29 - 2014-09-14 12:25 - 00197679 _____ () C:\Documents and Settings\User\Desktop\ListChkdskResult.exe
2014-09-14 12:24 - 2005-11-30 08:19 - 00032524 _____ () C:\WINDOWS\SchedLgU.Txt
2014-09-14 12:19 - 2005-11-30 08:19 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-09-14 12:14 - 2012-07-24 08:57 - 00000878 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-14 12:13 - 2005-11-30 08:13 - 01758886 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-14 12:07 - 2005-11-30 00:09 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-09-14 12:06 - 2005-11-30 00:09 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-09-14 12:04 - 2014-09-07 11:30 - 00000644 _____ () C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-09-14 12:04 - 2014-01-02 23:49 - 00000312 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-09-14 11:57 - 2010-05-05 23:29 - 00000178 ___SH () C:\Documents and Settings\User\ntuser.ini
2014-09-14 11:43 - 2014-09-06 14:38 - 00000000 __SHD () C:\WINDOWS\CSC
2014-09-12 12:23 - 2014-09-12 12:23 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2014-09-12 12:15 - 2012-06-14 10:51 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-09-12 12:04 - 2014-09-12 11:55 - 00000000 ____D () C:\AdwCleaner
2014-09-12 11:48 - 2014-09-12 11:44 - 00004862 _____ () C:\Documents and Settings\User\Desktop\Rkill.txt
2014-09-11 18:16 - 2005-11-30 08:21 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-09-11 18:14 - 2014-09-11 16:32 - 00000394 _____ () C:\rkill.log
2014-09-11 18:14 - 2005-11-30 08:21 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Temp
2014-09-11 18:13 - 2014-09-11 18:13 - 00000453 _____ () C:\Documents and Settings\Administrator\Desktop\Shortcut to iExplore.lnk
2014-09-11 14:58 - 2005-11-30 00:03 - 00696592 _____ () C:\WINDOWS\setupapi.log
2014-09-11 14:36 - 2005-11-30 06:56 - 00000216 __RSH () C:\boot.ini
2014-09-11 14:36 - 2005-11-30 06:55 - 00000656 _____ () C:\WINDOWS\win.ini
2014-09-11 14:36 - 2005-11-30 06:55 - 00000227 _____ () C:\WINDOWS\system.ini
2014-09-07 11:52 - 2014-09-07 11:30 - 00000616 _____ () C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-09-07 11:52 - 2014-09-07 11:30 - 00000446 _____ () C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-09-07 11:45 - 2014-09-07 11:45 - 00000000 ____D () C:\Documents and Settings\User\Application Data\AVG2014
2014-09-07 11:45 - 2014-09-07 11:30 - 00065536 _____ () C:\WINDOWS\system32\config\SpybotSD.evt
2014-09-07 11:44 - 2014-09-07 11:41 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG2014
2014-09-07 11:44 - 2014-09-07 11:32 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Application Data\Avg2014
2014-09-07 11:43 - 2014-09-07 11:43 - 00000702 _____ () C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk
2014-09-07 11:43 - 2014-09-07 11:43 - 00000000 ____D () C:\Documents and Settings\User\Application Data\TuneUp Software
2014-09-07 11:43 - 2014-09-07 11:43 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2014-09-07 11:41 - 2014-09-07 11:41 - 00000000 ___HD () C:\$AVG
2014-09-07 11:38 - 2014-09-07 11:38 - 00000000 ____D () C:\Program Files\AVG
2014-09-07 11:32 - 2014-09-07 11:32 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Application Data\MFAData
2014-09-07 11:31 - 2014-09-07 11:27 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-09-07 11:30 - 2014-09-07 11:30 - 00001842 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-09-07 11:30 - 2014-09-07 11:30 - 00001836 _____ () C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
2014-09-07 11:30 - 2014-09-07 11:30 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2
2014-09-07 11:28 - 2010-05-07 11:47 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2014-09-07 10:08 - 2014-02-26 10:46 - 00010047 _____ () C:\Documents and Settings\User\reset.log
2014-09-06 23:51 - 2014-09-06 23:51 - 00000000 ____D () C:\Documents and Settings\User\Start Menu\Programs\Dropbox
2014-09-06 23:49 - 2014-09-06 23:43 - 00000000 ____D () C:\Documents and Settings\User\Application Data\Dropbox
2014-09-06 23:12 - 2014-01-02 23:50 - 00001733 _____ () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2014-09-06 23:12 - 2014-01-02 23:39 - 00414520 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2014-09-06 21:45 - 2014-09-06 21:34 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-09-06 21:38 - 2014-09-06 21:38 - 00000000 ____D () C:\SUPERDelete
2014-09-06 21:36 - 2014-09-06 21:36 - 00000000 ____D () C:\Documents and Settings\User\Application Data\SUPERAntiSpyware.com
2014-09-06 21:35 - 2014-09-06 21:35 - 00001678 _____ () C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-09-06 21:35 - 2014-09-06 21:35 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
2014-09-06 21:34 - 2014-09-06 21:34 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2014-09-06 18:26 - 2005-11-30 09:04 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB905749$
2014-09-06 15:00 - 2014-09-06 15:00 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-06 15:00 - 2014-09-06 15:00 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-09-06 15:00 - 2014-09-06 15:00 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-06 15:00 - 2014-09-06 15:00 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-09-06 14:53 - 2014-09-06 14:51 - 00004862 _____ () C:\Documents and Settings\Administrator\Desktop\Rkill.txt
2014-09-06 14:49 - 2005-11-29 21:57 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
2014-09-06 14:48 - 2014-09-06 14:48 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache
2014-09-06 14:48 - 2005-11-30 08:21 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-08-31 11:37 - 2012-07-24 08:57 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-30 13:17 - 2010-05-13 16:56 - 00000000 ____D () C:\WINDOWS\pss
2014-08-30 10:01 - 2014-08-30 10:01 - 00090112 _____ () C:\WINDOWS\Minidump\Mini083014-01.dmp
2014-08-30 10:01 - 2014-08-30 10:01 - 00000000 ____D () C:\WINDOWS\Minidump
2014-08-30 07:49 - 2012-10-03 17:42 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Application Data\Temp
2014-08-25 23:30 - 2012-03-10 16:31 - 00000258 _____ () C:\WINDOWS\Tasks\Disk Cleanup.job
2014-08-21 03:12 - 2014-06-01 10:04 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2014-08-21 03:10 - 2013-08-08 03:00 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-08-20 16:44 - 2012-07-24 09:00 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-08-20 15:46 - 2014-08-20 15:46 - 00000000 ____D () C:\WINDOWS\jumpshot.com
 
Some content of TEMP:
====================
C:\Documents and Settings\User\Local Settings\Temp\ose00000.exe
C:\Documents and Settings\User\Local Settings\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit
 
==================== End Of Log ============================Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-09-2014
Ran by User at 2014-09-14 13:55:47
Running from C:\Documents and Settings\User\Desktop
Boot Mode: Safe Mode (with Networking)
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG AntiVirus 2014 (Disabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe AIR (Version: 1.5.3.9130 - Adobe Systems Inc.) Hidden
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Photoshop Album 2.0 Starter Edition (HKLM\...\{11B569C2-4BF6-4ED0-9D17-A4273943CB24}) (Version: 2.00.100 - Adobe Systems, Inc.)
Adobe Reader X (10.1.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.6.606 - Adobe Systems, Inc.)
Aff Packages (HKCU\...\Aff Packages) (Version:  - ) <==== ATTENTION
AOL Uninstaller (Choose which Products to Remove) (HKLM\...\AOL Uninstaller) (Version:  - AOL Inc.)
AV Mode Button Utility (HKLM\...\{1C70BE80-35E0-46DA-B81D-5BF5652F8D80}) (Version: 1.0.00.10070 - Sony Corporation)
avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2021 - AVAST Software)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4765 - AVG Technologies)
AVG 2014 (Version: 14.0.4015 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4765 - AVG Technologies) Hidden
Battle.net (HKLM\...\Battle.net) (Version:  - Blizzard Entertainment)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v4.00.20(SO) - )
Business Contact Manager for Outlook 2003 (HKLM\...\{66563AD8-637B-407F-BCA7-0233A16891AB}) (Version: 1.0.2002.1 - Microsoft Corporation)
Centricity Enterprise Web 3.0 Client   (SPa05) (HKLM\...\{4F79EDDE-2F37-4360-9662-933986FA2A50}) (Version: 1.0.0 - GE Medical Systems IT)
Centricity Enterprise Web 3.0 Client  (SPa10) (HKLM\...\{A29C4047-4731-4F0D-86B8-FA6A301BFDD6}) (Version: 1.0.0 - GE Healthcare)
Citrix Presentation Server Client (HKLM\...\{E89956F9-5B89-470E-818D-BD46102D0A01}) (Version: 10.100.55836 - Citrix Systems, Inc.)
Click to DVD 2.0.03 Menu Data (HKLM\...\{9E407618-D9CD-4F39-9490-9ED45294073D}) (Version: 2.0.03 - Sony Corporation)
Click to DVD 2.5.32 (HKLM\...\{E809063C-51A3-4269-8984-D1EB742F2151}) (Version: 2.5.32 - Sony Corporation)
Dropbox (HKCU\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
DVgate Plus (HKLM\...\{685BCC47-B8EC-45EC-BBCE-77DF2451502C}) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
HDAUDIO SoftV92 Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_20030003) (Version:  - )
High Definition Audio Driver Package - KB835221 (HKLM\...\KB835221WXP) (Version: 20040219.000000 - Microsoft Corporation)
Instant Mode (HKLM\...\{E6707034-D7A4-49B1-94D0-F5AACE46F06C}) (Version:  - )
Intel® Graphics Media Accelerator Driver for Mobile (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4543 - )
Intel® PRO Network Connections Drivers (HKLM\...\PROSet) (Version:  - )
Intel® PROSet/Wireless Software (HKLM\...\ProInst) (Version: 10.50.0000 - Intel Corporation)
InterVideo WinDVD for VAIO (HKLM\...\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}) (Version: 5.0-B11.739 - InterVideo Inc.)
ISScript (Version: 3.00.185 - InstallShield Software Corp.) Hidden
J2SE Runtime Environment 5.0 Update 5 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0150050}) (Version: 1.5.0.50 - Sun Microsystems, Inc.)
Juniper Installer Service (HKLM\...\{3AAE5EBB-4CA1-442A-9F64-FF813F694A2D}) (Version: 7.1.0.19525 - Juniper Networks)
Juniper Networks Host Checker (HKCU\...\Neoteris_Host_Checker) (Version: 6.5.0.16789 - Juniper Networks)
Juniper Networks Network Connect 7.1.0 (HKLM\...\Juniper Network Connect 7.1.0) (Version: 7.1.0.19525 - Juniper Networks)
Juniper Networks Secure Application Manager (HKLM\...\Neoteris_Secure_Application_Manager) (Version: 7.1.0.19525 - Juniper Networks)
Juniper Networks, Inc. Setup Client (HKCU\...\Juniper_Setup_Client) (Version: 7.1.4.13103 - Juniper Networks, Inc.)
Juniper Networks, Inc. Setup Client Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
mCore (Version: 7.05.0000 - Intel Corporation) Hidden
mDriver (Version: 7.05.0000 - Intel) Hidden
mDrWiFi (Version: 7.05.0000 - Intel Corporation) Hidden
Memory Stick Formatter (HKLM\...\{27337663-2619-11D4-99DC-0000F49094C7}) (Version:  - )
mHelp (Version: 7.05.0000 - Intel) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Data Access Components KB870669 (HKLM\...\KB870669) (Version:  - Microsoft Corporation)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 (Version:  - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Software Update for Web Folders  (English) 12 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft VC9 runtime libraries (Version: 1.0.0 - AOL Inc.) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
Miracle C (HKLM\...\{F9270D69-C715-4E1E-BFDD-03060438D181}) (Version: 4.1 - Tadeusz Szocik)
mIWA (Version: 7.05.0000 - Intel Corporation) Hidden
mLogView (Version: 7.05.0000 - Intel Corporation) Hidden
mMHouse (Version: 7.05.0000 - Intel Corporation) Hidden
mPfMgr (Version: 7.05.0000 - Intel Corporation) Hidden
mPfWiz (Version: 7.05.0000 - Intel Corporation) Hidden
mProSafe (Version: 9.00.0000 - Intel) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
mWlsSafe (Version: 7.05.0000 - Intel) Hidden
mXML (Version: 7.05.0000 - Intel Corporation) Hidden
mZConfig (Version: 7.05.0000 - Intel Corporation) Hidden
Office 2003 Trial Assistant (HKLM\...\{47D2103B-FD51-4017-9C20-DD408B17D726}) (Version: 1.0.0 - Microsoft)
OpenMG Limited Patch 4.7-07-14-05-01 (HKLM\...\OpenMG HotFix4.7-07-13-22-01) (Version:  - )
OpenMG Secure Module 4.7.00 (HKLM\...\InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}) (Version: 4.7.00.12140 - Sony Corporation)
OpenMG Secure Module 4.7.00 (Version: 4.7.00.12140 - Sony Corporation) Hidden
OpenOffice 4.0.1 (HKLM\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 2.06 - Realtek Semiconductor Corp.)
Roxio DigitalMedia Audio (HKLM\...\{AB708C9B-97C8-4AC9-899B-DBF226AC9382}) (Version: 2.0.4 - Roxio)
Roxio DigitalMedia Copy (HKLM\...\{B12665F4-4E93-4AB4-B7FC-37053B524629}) (Version: 2.0.4 - Roxio)
Roxio DigitalMedia Data (HKLM\...\{075473F5-846A-448B-BCB3-104AA1760205}) (Version: 2.0.4 - Roxio)
Setting Utility Series (HKLM\...\{59452470-A902-477F-9338-9B88101681BD}) (Version:  - )
SmartWi Connection Utility (HKLM\...\{9B5F85CA-90D4-4AFC-BB37-32477FD0D2B9}) (Version:  - )
Sony Certificate PCH (HKLM\...\{D0448678-1203-4158-A58F-B3D0B616BF9E}) (Version:  - )
Sony Ericsson Wireless Modem (HKLM\...\Sony Ericsson Wireless Modem) (Version:  - )
Sony MP4 Shared Library (HKLM\...\{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}) (Version: 2.0 - Sony Corporation)
Sony USB Mouse (HKLM\...\MouseSuite98) (Version:  - )
Sony Utilities DLL (HKLM\...\{EF3D45BB-2260-4008-88EA-492E7744A9DF}) (Version:  - )
Sony Video Shared Library (HKLM\...\{BE56FEF0-1A0F-4719-B3AD-34B5087AFA6D}) (Version: 2.0.01 - Sony Corporation)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB980182) (HKLM\...\KB980182-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB980302) (HKLM\...\KB980302-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2141007) (HKLM\...\KB2141007) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2607712) (HKLM\...\KB2607712) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (HKLM\...\KB951978) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB980182) (HKLM\...\KB980182) (Version: 1 - Microsoft Corporation)
VAIO Breeze Wallpaper (HKLM\...\{2EA7CF7E-0C76-44A5-B0CF-A1D171476E42}) (Version:  - )
VAIO Central (HKLM\...\{4E993095-28F2-4060-9101-99C1FD1195C0}) (Version: 1.1.02.071205 - Sony Corporation)
VAIO Entertainment Platform (HKLM\...\{6B1F20F2-6321-4669-A58C-33DF8E7517FF}) (Version: 1.2.20.10060 - Sony Corporation)
VAIO Event Service (HKLM\...\{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}) (Version: 2.2.00.06130 - Sony Corporation)
VAIO Light Flo Wallpaper (HKLM\...\{639BB4D3-AA30-4A7B-8CB5-6DE681AD6659}) (Version:  - )
VAIO Media 5.0 (HKLM\...\{560F6B2E-F0DF-44E5-8190-A4A161F0E205}) (Version: 5.0.00 - Sony Corporation)
VAIO Media AC3 Decoder 1.0 (HKLM\...\{2063C2E8-3812-4BBD-9998-6610F80C1DD4}) (Version:  - )
VAIO Media Integrated Server 5.0 (HKLM\...\{785EB1D4-ECEC-4195-99B4-73C47E187721}) (Version:  - Sony Corporation)
VAIO Media Redistribution 5.0 (HKLM\...\{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}) (Version: 5.0.00 - Sony Corporation)
VAIO Media Registration Tool 5.0 (HKLM\...\{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}) (Version: 5.0.00 - Sony Corporation)
VAIO Original Screen Saver (HKLM\...\{1BEF9285-5530-426B-A5F1-5836B95C7EB1}) (Version:  - )
VAIO Original Screen Saver VAIO Cozy Screen SD Wide Contents (HKLM\...\{FB714F13-10C9-48DB-91C9-DDBCCCBF9370}) (Version:  - )
VAIO Registration (HKLM\...\InstallShield_{315BA29D-2644-4760-B5FD-5AC04A52B8C5}) (Version: 15.1.0 - Sony Electronics)
VAIO Registration (Version: 15.1.0 - Sony Electronics) Hidden
VAIO Security Center (HKLM\...\{FE3BF611-9B8B-44DC-A424-F8C4BA122A1D}) (Version: 1.02.1202 - Sony)
VAIO Support Central (HKLM\...\{82081533-F045-469E-BD53-F16839E445C3}) (Version: 1.1.0.051121 - Sony Corporation)
VAIO Update 3 (HKLM\...\{9E158BB9-37B9-464B-837E-CC1D5766291B}) (Version: 3.0.02.05090 - Sony Corporation)
VAIO Wireless LAN Setup Utility (HKLM\...\{0DF00135-D5A7-476A-BFB3-EDFF2840076A}) (Version:  - )
VAIOSurveySA (HKLM\...\InstallShield_{BA46CCF2-2C59-4DEB-93DC-7000B7C53B4E}) (Version: 4.02 - Sony Electronics)
VAIOSurveySA (Version: 4.02 - Sony Electronics) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Driver Package - Sony Corporation (SNC) HIDClass  (06/04/2002 6.0.0.2) (HKLM\...\6228B4FE0926AA3D873E8209B97FB99D06CC1DD8) (Version: 06/04/2002 6.0.0.2 - Sony Corporation)
Windows Driver Package - Sony Corporation (SPI) HIDCLASS  (08/20/2002 7.0.3.820) (HKLM\...\474492506B458A0013C8197612FA45B887DF7B06) (Version: 08/20/2002 7.0.3.820 - Sony Corporation)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Connect (HKLM\...\Windows Media Connect) (Version:  - )
Windows Media Connect (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Windows Media Format Runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 10 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player 10 Hotfix [See KB886612 for more information] (HKLM\...\KB886612) (Version:  - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
Wireless Adapter Manager 1.3 (HKLM\...\WirelessAdapterManager) (Version: 1.3 - Sony Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
03-06-2014 11:24:29 Software Distribution Service 3.0
04-06-2014 07:00:27 Software Distribution Service 3.0
07-06-2014 16:32:15 System Checkpoint
08-06-2014 17:29:49 System Checkpoint
09-06-2014 17:54:48 System Checkpoint
10-06-2014 19:58:44 System Checkpoint
11-06-2014 20:45:45 System Checkpoint
12-06-2014 07:00:59 Software Distribution Service 3.0
13-06-2014 08:11:05 System Checkpoint
14-06-2014 15:46:38 System Checkpoint
15-06-2014 17:03:45 System Checkpoint
16-06-2014 17:18:54 System Checkpoint
17-06-2014 18:18:54 System Checkpoint
18-06-2014 19:18:54 System Checkpoint
19-06-2014 20:52:36 System Checkpoint
20-06-2014 20:57:18 System Checkpoint
21-06-2014 20:57:44 System Checkpoint
22-06-2014 20:58:44 System Checkpoint
24-06-2014 14:23:37 System Checkpoint
25-06-2014 14:57:41 System Checkpoint
26-06-2014 15:57:45 System Checkpoint
27-06-2014 16:57:38 System Checkpoint
28-06-2014 17:15:36 System Checkpoint
29-06-2014 17:57:03 System Checkpoint
30-06-2014 18:57:03 System Checkpoint
01-07-2014 19:57:04 System Checkpoint
02-07-2014 23:59:39 System Checkpoint
04-07-2014 00:57:06 System Checkpoint
10-07-2014 04:28:20 System Checkpoint
10-07-2014 07:00:21 Software Distribution Service 3.0
11-07-2014 07:21:48 System Checkpoint
14-07-2014 02:30:28 System Checkpoint
15-07-2014 21:46:17 System Checkpoint
17-07-2014 01:51:55 System Checkpoint
18-07-2014 04:31:25 System Checkpoint
19-07-2014 07:57:23 System Checkpoint
20-07-2014 08:53:51 System Checkpoint
21-07-2014 09:14:48 System Checkpoint
22-07-2014 15:05:59 System Checkpoint
23-07-2014 16:07:19 System Checkpoint
24-07-2014 16:55:21 System Checkpoint
25-07-2014 16:55:51 System Checkpoint
26-07-2014 17:55:48 System Checkpoint
28-07-2014 17:07:10 System Checkpoint
29-07-2014 17:08:45 System Checkpoint
30-07-2014 17:43:46 System Checkpoint
31-07-2014 18:43:44 System Checkpoint
01-08-2014 18:44:14 System Checkpoint
03-08-2014 04:06:45 System Checkpoint
04-08-2014 06:47:14 System Checkpoint
05-08-2014 07:44:13 System Checkpoint
06-08-2014 08:44:14 System Checkpoint
06-08-2014 13:52:17 avast! antivirus system restore point
20-08-2014 21:03:03 System Checkpoint
21-08-2014 07:00:48 Software Distribution Service 3.0
22-08-2014 14:21:44 System Checkpoint
23-08-2014 16:51:45 System Checkpoint
24-08-2014 20:38:02 System Checkpoint
26-08-2014 02:43:43 System Checkpoint
27-08-2014 03:08:53 System Checkpoint
28-08-2014 04:08:56 System Checkpoint
29-08-2014 04:09:26 System Checkpoint
30-08-2014 05:09:26 System Checkpoint
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2005-11-30 06:55 - 2004-08-04 08:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\WINDOWS\Tasks\Disk Cleanup.job => C:\WINDOWS\system32\cleanmgr.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-04-18 23:51 - 2011-04-18 23:51 - 00569680 _____ () C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\MSVCP90.dll
2014-08-20 16:44 - 2014-08-06 23:20 - 08537928 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.143\pdf.dll
2014-08-20 16:44 - 2014-08-06 23:20 - 00353096 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll
2014-08-20 16:44 - 2014-08-06 23:20 - 01732936 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.143\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk => C:\WINDOWS\pss\Bluetooth Manager.lnkCommon Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Alcmtr => ALCMTR.EXE
MSCONFIG\startupreg: AOL Fast Start => "C:\Program Files\AOL Desktop 9.6\AOL.EXE" -b
MSCONFIG\startupreg: Apoint => C:\Program Files\Apoint\Apoint.exe
MSCONFIG\startupreg: AutoEJCD_0ACE20FF => C:\Program Files\AutoInstall\ZD1211B_Auto_Install_CD_Only_Gen_0ACE20FF\AutoEJCD.EXE /VID=0ACE /PID=20FF
MSCONFIG\startupreg: AvastUI.exe => "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
MSCONFIG\startupreg: AVG_UI => "C:\Program Files\AVG\AVG2014\avgui.exe" /TRAYONLY
MSCONFIG\startupreg: AzMixerSel => C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
MSCONFIG\startupreg: HostManager => C:\Program Files\Common Files\AOL\1329685558\ee\AOLSoftware.exe
MSCONFIG\startupreg: igfxhkcmd => C:\WINDOWS\system32\hkcmd.exe
MSCONFIG\startupreg: ISBMgr.exe => C:\Program Files\Sony\ISB Utility\ISBMgr.exe
MSCONFIG\startupreg: KernelFaultCheck => %systemroot%\system32\dumprep 0 -k
MSCONFIG\startupreg: Mouse Suite 98 Daemon => ICO.EXE
MSCONFIG\startupreg: PartSeal => C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
MSCONFIG\startupreg: SDTray => "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: SonyPowerCfg => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
MSCONFIG\startupreg: SpybotSD TeaTimer => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
MSCONFIG\startupreg: SunJavaUpdateSched => C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
MSCONFIG\startupreg: VAIO Recovery => C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
MSCONFIG\startupreg: VAIO Update 3 => "C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe"  /Stationary
MSCONFIG\startupreg: WCULauncher => C:\Program Files\Sony\SmartWi Connection Utility\WCULauncher.exe
MSCONFIG\startupreg: Wireless Adapter Manager => C:\Program Files\sony\Wireless adapter\ZDWLan.EXE -minisize
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/14/2014 00:55:28 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\WINDOWS\system32\rasmans.dll for one of the following reasons: 
there is a problem with the network connection, the disk that the file is stored on, or the storage 
drivers installed on this computer; or the disk is missing. 
Windows closed the program Remote Access Connection Manager because of this error.
 
Program: Remote Access Connection Manager
File: C:\WINDOWS\system32\rasmans.dll
 
The error value is listed in the Additional Data section.
User Action
1. Open the file again. 
This situation might be a temporary problem that corrects itself when the program runs again.
2. 
If the file still cannot be accessed and
- It is on the network, 
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for 
further assistance.
Additional Data
Error value: C000009C
Disk type: 3
 
Error: (09/14/2014 00:51:21 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\WINDOWS\system32\rasmans.dll for one of the following reasons: 
there is a problem with the network connection, the disk that the file is stored on, or the storage 
drivers installed on this computer; or the disk is missing. 
Windows closed the program Remote Access Connection Manager because of this error.
 
Program: Remote Access Connection Manager
File: C:\WINDOWS\system32\rasmans.dll
 
The error value is listed in the Additional Data section.
User Action
1. Open the file again. 
This situation might be a temporary problem that corrects itself when the program runs again.
2. 
If the file still cannot be accessed and
- It is on the network, 
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for 
further assistance.
Additional Data
Error value: C000009C
Disk type: 3
 
Error: (09/14/2014 00:46:54 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\WINDOWS\system32\rasmans.dll for one of the following reasons: 
there is a problem with the network connection, the disk that the file is stored on, or the storage 
drivers installed on this computer; or the disk is missing. 
Windows closed the program Remote Access Connection Manager because of this error.
 
Program: Remote Access Connection Manager
File: C:\WINDOWS\system32\rasmans.dll
 
The error value is listed in the Additional Data section.
User Action
1. Open the file again. 
This situation might be a temporary problem that corrects itself when the program runs again.
2. 
If the file still cannot be accessed and
- It is on the network, 
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for 
further assistance.
Additional Data
Error value: C000009C
Disk type: 3
 
Error: (09/14/2014 00:43:01 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\WINDOWS\system32\rasmans.dll for one of the following reasons: 
there is a problem with the network connection, the disk that the file is stored on, or the storage 
drivers installed on this computer; or the disk is missing. 
Windows closed the program Remote Access Connection Manager because of this error.
 
Program: Remote Access Connection Manager
File: C:\WINDOWS\system32\rasmans.dll
 
The error value is listed in the Additional Data section.
User Action
1. Open the file again. 
This situation might be a temporary problem that corrects itself when the program runs again.
2. 
If the file still cannot be accessed and
- It is on the network, 
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for 
further assistance.
Additional Data
Error value: C000009C
Disk type: 3
 
Error: (09/14/2014 00:37:24 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\WINDOWS\system32\rasmans.dll for one of the following reasons: 
there is a problem with the network connection, the disk that the file is stored on, or the storage 
drivers installed on this computer; or the disk is missing. 
Windows closed the program Remote Access Connection Manager because of this error.
 
Program: Remote Access Connection Manager
File: C:\WINDOWS\system32\rasmans.dll
 
The error value is listed in the Additional Data section.
User Action
1. Open the file again. 
This situation might be a temporary problem that corrects itself when the program runs again.
2. 
If the file still cannot be accessed and
- It is on the network, 
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for 
further assistance.
Additional Data
Error value: C000009C
Disk type: 3
 
Error: (09/14/2014 00:26:03 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\WINDOWS\system32\rasmans.dll for one of the following reasons: 
there is a problem with the network connection, the disk that the file is stored on, or the storage 
drivers installed on this computer; or the disk is missing. 
Windows closed the program Remote Access Connection Manager because of this error.
 
Program: Remote Access Connection Manager
File: C:\WINDOWS\system32\rasmans.dll
 
The error value is listed in the Additional Data section.
User Action
1. Open the file again. 
This situation might be a temporary problem that corrects itself when the program runs again.
2. 
If the file still cannot be accessed and
- It is on the network, 
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for 
further assistance.
Additional Data
Error value: C000009C
Disk type: 3
 
Error: (09/14/2014 00:20:55 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\WINDOWS\system32\rasmans.dll for one of the following reasons: 
there is a problem with the network connection, the disk that the file is stored on, or the storage 
drivers installed on this computer; or the disk is missing. 
Windows closed the program Remote Access Connection Manager because of this error.
 
Program: Remote Access Connection Manager
File: C:\WINDOWS\system32\rasmans.dll
 
The error value is listed in the Additional Data section.
User Action
1. Open the file again. 
This situation might be a temporary problem that corrects itself when the program runs again.
2. 
If the file still cannot be accessed and
- It is on the network, 
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for 
further assistance.
Additional Data
Error value: C000009C
Disk type: 3
 
Error: (09/14/2014 00:14:33 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\WINDOWS\system32\rasmans.dll for one of the following reasons: 
there is a problem with the network connection, the disk that the file is stored on, or the storage 
drivers installed on this computer; or the disk is missing. 
Windows closed the program Remote Access Connection Manager because of this error.
 
Program: Remote Access Connection Manager
File: C:\WINDOWS\system32\rasmans.dll
 
The error value is listed in the Additional Data section.
User Action
1. Open the file again. 
This situation might be a temporary problem that corrects itself when the program runs again.
2. 
If the file still cannot be accessed and
- It is on the network, 
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for 
further assistance.
Additional Data
Error value: C000009C
Disk type: 3
 
Error: (09/14/2014 00:07:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application svchost.exe, version 5.1.2600.5512, faulting module srsvc.dll, version 5.1.2600.5512, fault address 0x0001777e.
Processing media-specific event for [svchost.exe!ws!]
 
Error: (09/14/2014 00:06:36 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\WINDOWS\system32\srsvc.dll for one of the following reasons: 
there is a problem with the network connection, the disk that the file is stored on, or the storage 
drivers installed on this computer; or the disk is missing. 
Windows closed the program System Restore Service because of this error.
 
Program: System Restore Service
File: C:\WINDOWS\system32\srsvc.dll
 
The error value is listed in the Additional Data section.
User Action
1. Open the file again. 
This situation might be a temporary problem that corrects itself when the program runs again.
2. 
If the file still cannot be accessed and
- It is on the network, 
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for 
further assistance.
Additional Data
Error value: C000009C
Disk type: 3
 
 
System errors:
=============
Error: (09/14/2014 01:56:12 PM) (Source: 0) (EventID: 7) (User: )
Description: \Device\Harddisk0\D
 
Error: (09/14/2014 01:56:04 PM) (Source: 0) (EventID: 7) (User: )
Description: \Device\Harddisk0\D
 
Error: (09/14/2014 01:50:55 PM) (Source: 0) (EventID: 7) (User: )
Description: \Device\Harddisk0\D
 
Error: (09/14/2014 01:50:46 PM) (Source: 0) (EventID: 7) (User: )
Description: \Device\Harddisk0\D
 
Error: (09/14/2014 01:50:38 PM) (Source: 0) (EventID: 7) (User: )
Description: \Device\Harddisk0\D
 
Error: (09/14/2014 01:49:52 PM) (Source: 0) (EventID: 7) (User: )
Description: \Device\Harddisk0\D
 
Error: (09/14/2014 01:49:39 PM) (Source: 0) (EventID: 7) (User: )
Description: \Device\Harddisk0\D
 
Error: (09/14/2014 01:49:29 PM) (Source: 0) (EventID: 7) (User: )
Description: \Device\Harddisk0\D
 
Error: (09/14/2014 01:49:21 PM) (Source: 0) (EventID: 7) (User: )
Description: \Device\Harddisk0\D
 
Error: (09/14/2014 01:49:09 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: 
%%1056
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Processor:  Intel® Pentium® M processor 1.30GHz
Percentage of memory in use: 30%
Total physical RAM: 1014.11 MB
Available physical RAM: 701.57 MB
Total Pagefile: 2443.45 MB
Available Pagefile: 2199.44 MB
Total Virtual: 2047.88 MB
Available Virtual: 1950.73 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:69.53 GB) (Free:44.49 GB) NTFS ==>[Drive with boot components (Windows XP)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: FC5FAE0C)
Partition 1: (Not Active) - (Size=5 GB) - (Type=12)
Partition 2: (Active) - (Size=69.5 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================ListChkdskResult by SleepyDude v0.1.7 Beta | 21-09-2013
 
------< Log generate on 9/14/2014 1:58:27 PM >------
No Events found for Winlogon, Chkdsk or Wininit!

  • 0

#6
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts
No Events found for Winlogon, Chkdsk or Wininit!

 

 

Thanks. That likely means that ChkDsk didn't actually run. Did it actually take awhile to run when you attempted it? Any errors? Let's try this again. Make sure on bullet#3 below that you type chkdsk followed by a space and then the forward slash and R (i.e. chkdsk /R)

 

Step#1 - ChkDsk Scan

1. Click your Start button and choose Run.

2. Type cmd in the Run box and hit enter on the keyboard.

3. You should now have a black window open that you can type in to.

4. Please type chkdsk /R and then press enter.

5. You may get a message that says the volume is locked and that you need to reboot for this to work. Type Y on your keyboard and then reboot your computer.

    Note: This may take awhile to run. Let it finish.

6. If your machine boots back up in to Normal mode please keep it this way. If not then boot back into Safe mode With Networking.

7. Download ListChkdskResult.exe by SleepyDude and save it on your desktop.

8. Double-click this file and a text file will open (and also be saved on the desktop as ListChkdskResult.txt). Please copy the contents of this file and paste into your next post.

 

Let me know what happens at each step of the way. After bullet#4 you should get that message asking you to reboot.

 

Thanks.


  • 0

#7
KCD86

KCD86

    Member

  • Topic Starter
  • Member
  • PipPip
  • 93 posts

 

No Events found for Winlogon, Chkdsk or Wininit!

 

 

Thanks. That likely means that ChkDsk didn't actually run. Did it actually take awhile to run when you attempted it? Any errors? Let's try this again. Make sure on bullet#3 below that you type chkdsk followed by a space and then the forward slash and R (i.e. chkdsk /R)

 

Step#1 - ChkDsk Scan

1. Click your Start button and choose Run.

2. Type cmd in the Run box and hit enter on the keyboard.

3. You should now have a black window open that you can type in to.

4. Please type chkdsk /R and then press enter.

5. You may get a message that says the volume is locked and that you need to reboot for this to work. Type Y on your keyboard and then reboot your computer.

    Note: This may take awhile to run. Let it finish.

6. If your machine boots back up in to Normal mode please keep it this way. If not then boot back into Safe mode With Networking.

7. Download ListChkdskResult.exe by SleepyDude and save it on your desktop.

8. Double-click this file and a text file will open (and also be saved on the desktop as ListChkdskResult.txt). Please copy the contents of this file and paste into your next post.

 

Let me know what happens at each step of the way. After bullet#4 you should get that message asking you to reboot.

 

Thanks.

 

Just re-did it and again it gave me the prompt File is NTF and is locked...... I typed Y and just re-booted


  • 0

#8
KCD86

KCD86

    Member

  • Topic Starter
  • Member
  • PipPip
  • 93 posts

 

 

No Events found for Winlogon, Chkdsk or Wininit!

 

 

Thanks. That likely means that ChkDsk didn't actually run. Did it actually take awhile to run when you attempted it? Any errors? Let's try this again. Make sure on bullet#3 below that you type chkdsk followed by a space and then the forward slash and R (i.e. chkdsk /R)

 

Step#1 - ChkDsk Scan

1. Click your Start button and choose Run.

2. Type cmd in the Run box and hit enter on the keyboard.

3. You should now have a black window open that you can type in to.

4. Please type chkdsk /R and then press enter.

5. You may get a message that says the volume is locked and that you need to reboot for this to work. Type Y on your keyboard and then reboot your computer.

    Note: This may take awhile to run. Let it finish.

6. If your machine boots back up in to Normal mode please keep it this way. If not then boot back into Safe mode With Networking.

7. Download ListChkdskResult.exe by SleepyDude and save it on your desktop.

8. Double-click this file and a text file will open (and also be saved on the desktop as ListChkdskResult.txt). Please copy the contents of this file and paste into your next post.

 

Let me know what happens at each step of the way. After bullet#4 you should get that message asking you to reboot.

 

Thanks.

 

Just re-did it and again it gave me the prompt File is NTF and is locked...... I typed Y and just re-booted

 

Disk check is running this time I wil post results


  • 0

#9
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Excellent!


  • 0

#10
KCD86

KCD86

    Member

  • Topic Starter
  • Member
  • PipPip
  • 93 posts

Excellent!

running CHKDSK since11:30, Windows replaced a whole bunch of bad clusters in certain file numbers. It seems stuck on -CHKDSK is verifying free pace (stage 5 of 5 ) 38 percent completed


  • 0

Advertisements


#11
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

I've seen this take a very long time...sometimes even over 24 hours. Let it continue to run for a little while. See if it gets past 38 percent. As expected however I believe you may have a failing disk drive. We'll need to see the results of this when done however.

 

Thanks for keeping me updated.


  • 0

#12
KCD86

KCD86

    Member

  • Topic Starter
  • Member
  • PipPip
  • 93 posts

I've seen this take a very long time...sometimes even over 24 hours. Let it continue to run for a little while. See if it gets past 38 percent. As expected however I believe you may have a failing disk drive. We'll need to see the results of this when done however.

 

Thanks for keeping me updated.

ok and thank you


  • 0

#13
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Are you able to take a screen shot or transcribe what chkdsk found so far?


  • 0

#14
KCD86

KCD86

    Member

  • Topic Starter
  • Member
  • PipPip
  • 93 posts

Are you able to take a screen shot or transcribe what chkdsk found so far?

Brian CHKDSK finished last night and rebooted itself, I made the file to send but it wouldnt allow me to get on the internet so I rebooted the computer and now it continuously reboots itself in regular and safe modes it attempts to reboot but halway thru its process it just reboots to safe mode. nothing works  Start windows normally, safe mode, safemode with networking  it just keeps cycling


  • 0

#15
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Does the computer boot when select Safe Mode Command Prompt only? Does it boot to the command-prompt?


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP