zebracar

That is such good news. I am now up and running again without those rediculous popups! Thanks so much for your help - really appreciated. Regards

Hi, Thanks for your help. The error message in the popups reads ' The beta testing period has ended and Malwarebytes anti-exploit is not protecting you anymore. Please contact us to obtain a newer version.' The popup comes eveytime I attempt to open a new browser window, either Firefox or Chrome. I have uninstalled WebRoot folder, although I was not aware that it was on the system and it did not appear to be running. I am unable to attach the CheckFile as I get an 'upload skipped error' Below is a copy Many thanks Zebracar mbam-check result log version: 2.1.0.0002 ======================================== User Account type: Administrator OS: Windows XP Service Pack 3 Service Pack 3 32 bit Operating System Current Build Number: 2600 Current Version Number: 5.1 Current CSDVersion: Service Pack 3 OS Product Info: Professional Malwarebytes Anti-Malware: 2.0.2.1012 Installed On: 2014/10/02 Malware Database: 2014.07.03.06 Rootkit Database: 2014.07.03.01 Remediation Database: 2013.10.16.01 IP Database: 0000.00.00.00 Domain Database: 0000.00.00.00 License: Premium Malware Protection: 4 (The service is running.) Malicious Website Protection: 0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMWebAccessControl Chameleon: 0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon Log Created: 2014/10/03 22:29:36 Compatibility Flag Settings: ================================= HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers C:\WINDOWS\system32\svchost.exeREG_SZ EnableNXShowUI C:\Program Files\Google\Chrome\Application\chrome.exeREG_SZ EnableNXShowUI C:\WINDOWS\system32\spoolsv.exeREG_SZ EnableNXShowUI C:\Documents and Settings\Simon\My Documents\Downloads\FRST.exeREG_SZ EnableNXShowUI HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers Malwarebytes Anti-Malware Shell Extension Block Check: ====================================================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked MBAM Startup Entries: ===================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Malwarebytes Anti-Malware Service and Driver Status: ======================================================= --------------Driver File Info:-------------- C:\WINDOWS\system32\drivers\mbam.sys File Size: 23256 BYTES FileVersion: 0.1.13.0 MD5: [8683c1b450f4b3872839308d836e0f92] C:\WINDOWS\system32\drivers\mbamswissarmy.sys File Size: 110296 BYTES FileVersion: 0.1.7.0 MD5: [12e71da845d76665b56753ad149e32b3] C:\WINDOWS\system32\drivers\mbamchameleon.sys File Size: 53208 BYTES FileVersion: 1.0.4.0 MD5: [aed25cdb09fb4e56f45daf6c9a1d3ed3] --------------MBAMProtector:-------------- Type: 2 State: 4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE: 0 SERVICE_EXIT_CODE: 0 CHECKPOINT: 0 WAIT_HINT: 0 --------------MBAMService:-------------- Type: 16 State: 4 (The service is running.) WIN32_EXIT_CODE: 0 SERVICE_EXIT_CODE: 0 CHECKPOINT: 0 WAIT_HINT: 0 --------------MBAMScheduler:-------------- Type: 16 State: 4 (The service is running.) WIN32_EXIT_CODE: 0 SERVICE_EXIT_CODE: 0 CHECKPOINT: 0 WAIT_HINT: 0 --------------MBAMChameleon:-------------- Type: N/A State: 0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon WIN32_EXIT_CODE: N/A SERVICE_EXIT_CODE: N/A CHECKPOINT: N/A WAIT_HINT: N/A --------------MBAMWebAccessControl:-------------- Type: N/A State: 0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MbamWebAccessControl WIN32_EXIT_CODE: N/A SERVICE_EXIT_CODE: N/A CHECKPOINT: N/A WAIT_HINT: N/A Required Dependencies: ====================== --------------fltmgr:-------------- Type: 2 State: 4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE: 0 SERVICE_EXIT_CODE: 0 CHECKPOINT: 0 WAIT_HINT: 0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr Type REG_DWORD 2 Start REG_DWORD 0 ErrorControl REG_DWORD 1 Tag REG_DWORD 1 ImagePath REG_EXPAND_SZ system32\drivers\fltmgr.sys DisplayName REG_SZ FltMgr Group REG_SZ FSFilter Infrastructure Description REG_SZ File System Filter Manager Driver AttachWhenLoaded REG_DWORD 0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr\Security Security REG_BINARY Binary Data HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr\Enum 0 REG_SZ Root\LEGACY_FLTMGR\0000 Count REG_DWORD 1 NextInstance REG_DWORD 1 C:\WINDOWS\system32\drivers\fltmgr.sys File Size: 129792 BYTES FileVersion: 5.1.2600.5512 MD5: [b2cf4b0786f8212cb92ed2b50c6db6b0] C:\WINDOWS\system32\comctl32.ocx File Size: 608448 BYTES FileVersion: 6.0.81.5 MD5: [eb5f811c1f78005b3c147599a0cccf51] C:\WINDOWS\system32\mscomctl.ocx File Size: 1077336 BYTES FileVersion: 6.1.95.45 MD5: [f7bbb7d79adb9e3adc13f3b3c33d3d4d] C:\WINDOWS\system32\olepro32.dll File Size: 84992 BYTES FileVersion: 5.1.2600.5512 MD5: [5652f6ce1d9e9d8068b9d29bc21b5409] MBAM Registry Settings and License Info: ======================================== --------------Settings:-------------- Advanced: AutomaticQuarantine: true AutostartProtection: true LimitedMode: false StartSilentMode: false StartupDelay: 0 ApplicationState: First-Run-After-Installation: false General: DaysUntilNotifyExpiration: 5 Language: en RightClickAccess: false SilentErrors: false Logging: ExportLog: true Notification: ProtectionTray: DisplayMilliseconds: 7000 ScanHistory: Duration_Driver: 0 Duration_Filesystem: 96000 Duration_Heuristics: 8000 Duration_Loading: 0 Duration_MasterBootRecord: 0 Duration_Memory: 40000 Duration_PreScan: 44000 Duration_Registry: 3000 Duration_Sector: 0 Duration_Startup: 7000 ItemCount_Driver: 0 ItemCount_Filesystem: 6890 ItemCount_Heuristics: 108509 ItemCount_Loading: 0 ItemCount_MasterBootRecord: 0 ItemCount_Memory: 2797 ItemCount_PreScan: 0 ItemCount_Registry: 38948 ItemCount_Sector: 0 ItemCount_Startup: 447 LastScanDateEpoch: 0 LastScanType: 0 (No Previous Scans) Update: LastUpdate: 2014-10-03T20:42:10 NotifyInstallReady: true NotifyOutdatedDatabase: 1 ProxyPassword: ProxyPort: 0 ProxyServer: ProxyUsername: UseProxy: false UseProxyAuthentication: false --------------Account:-------------- Account Status: Premium Expiration Time: 2034/10/02 21:25:59 Activation Time: 2014/10/02 21:25:59 Trial Used: false --------------Access Policies:-------------- Scheduler Queue: ================ tasks: 10e681f4-8a7a-465e-a36d-7250db32e486: parameters: NotifyWhenUpdateCompletes: true TaskType: 3 triggers: f78aed9d-47e1-429e-871e-92c0aa8de8e4: dateinterval: 0:0:0 lastscheduled: Fri, 03 Oct 2014 21:41:57.281250 +0100 lasttriggered: Fri, 03 Oct 2014 21:41:57.281250 +0100 nextscheduled: Fri, 03 Oct 2014 22:35:25.281250 +0100 recovery: 00:00:00 start: Thu, 02 Oct 2014 21:51:59.250000 +0100 timeinterval: 01:00:00 type: 3 uuid: f78aed9d-47e1-429e-871e-92c0aa8de8e4 type: update uuid: 10e681f4-8a7a-465e-a36d-7250db32e486 1ebe7331-af55-463d-bfab-176255db9fa7: parameters: CheckForUpdatesBeforeScanStart: true ProcessLaunchedFromScheduler: true ScanConfig: ExitWhenNoMalwareDetected: false ExportLog: true FileSystemOption: true RebootSystemWhenMalwareDetected: false RemoveMalwareAutomaticallyWhenScanEnds: false ScanArchives: true ScanExtra: true ScanHeuristic: true ScanMemoryObjects: true ScanPUM: 2 ScanPUP: 2 ScanRegistry: true ScanRootkits: false ScanStartup: true ScanTargets: ScanType: 1 (Threat Scan) Silent: true TerminateExplorerWhenMalwareIsRemoved: false StartTaskFromSystemAccount: false TaskType: 0 triggers: e7ce58f7-9b15-4c83-a777-d32dc454e522: dateinterval: 1:0:0 lastscheduled: Fri, 03 Oct 2014 19:12:56.343750 +0100 lasttriggered: Fri, 03 Oct 2014 19:12:56.343750 +0100 nextscheduled: Sat, 04 Oct 2014 19:08:41.343750 +0100 recovery: 23:00:00 start: Fri, 03 Oct 2014 02:19:32 +0100 timeinterval: 00:00:00 type: 4 uuid: e7ce58f7-9b15-4c83-a777-d32dc454e522 type: scan uuid: 1ebe7331-af55-463d-bfab-176255db9fa7 Pending File Rename Operations: ================================ If any Malwarebytes Anti-Malware items are listed below, the user must reboot to complete a Malwarebytes Anti-Malware upgrade installation. MBAMProtector Registry Values: ============================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector Type REG_DWORD 2 Start REG_DWORD 3 ErrorControl REG_DWORD 1 ImagePath REG_EXPAND_SZ \??\C:\WINDOWS\system32\drivers\mbam.sys Group REG_SZ FSFilter Anti-Virus DependOnService REG_MULTI_SZ FltMgr DependOnGroup REG_DWORD 0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Instances DefaultInstance REG_SZ MBAMProtector Instance HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Instances\MBAMProtector Instance Altitude REG_SZ 328800 Flags REG_DWORD 0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Parameters PassThruFile REG_SZ mbampt.exe ProductPath REG_SZ C:\Program Files\Malwarebytes Anti-Malware HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Security Security REG_BINARY Binary Data HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Enum 0 REG_SZ Root\LEGACY_MBAMPROTECTOR\0000 Count REG_DWORD 1 NextInstance REG_DWORD 1 MBAMService Registry Values: ============================ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMService Type REG_DWORD 16 Start REG_DWORD 2 ErrorControl REG_DWORD 1 ImagePath REG_EXPAND_SZ "C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe" DependOnService REG_MULTI_SZ MBAMProtector DependOnGroup REG_DWORD 0 ObjectName REG_SZ LocalSystem Description REG_SZ Malwarebytes Anti-Malware service HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMService\Security Security REG_BINARY Binary Data HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMService\Enum 0 REG_SZ Root\LEGACY_MBAMSERVICE\0000 Count REG_DWORD 1 NextInstance REG_DWORD 1 MBAMScheduler Registry Values: ============================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMScheduler Type REG_DWORD 16 Start REG_DWORD 2 ErrorControl REG_DWORD 1 ImagePath REG_EXPAND_SZ "C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe" ObjectName REG_SZ LocalSystem Description REG_SZ Malwarebytes Anti-Malware scheduler HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMScheduler\Security Security REG_BINARY Binary Data HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMScheduler\Enum 0 REG_SZ Root\LEGACY_MBAMSCHEDULER\0000 Count REG_DWORD 1 NextInstance REG_DWORD 1 Terminal Services Status for (null) entries in PM logs and GetUserToken errors: =============================================================================== --------------TERMService:-------------- Type: 32 State: 4 (The service is running.) (State is stopped) WIN32_EXIT_CODE: 0 SERVICE_EXIT_CODE: 0 CHECKPOINT: 0 WAIT_HINT: 0 TermService Start is set to: 3 (Manual Startup) Proxy Status: No proxy is Set LAN Settings: ============= No Settings are Set <--NOT DETECTING SETTING AUTOMATICALLY SystemPartition: ================ HKEY_LOCAL_MACHINE\SYSTEM\Setup\ SystemPartition REG_SZ \Device\HarddiskVolume2 Balloon Tips Status: ==================== Enabled Time Format Settings: ===================== Should be: h:mm:ss tt AM PM : Currently: REG_SZ HH:mm:ss REG_SZ AM REG_SZ PM REG_SZ : Language and Regional Settings: =============================== ACP: Language is English (United States) MACCP: Language is English (United States) OEMCP: 850 Please refer to this link for details: Here Startup Folders for Error_Expanding_Variables Check: ==================================================== All Users Startup Folder Exists. Current User's startup Folder Exists. Context Menu Entries: ===================== List of MBAM Related Directories: ================================= C:\Program Files\Malwarebytes Anti-Malware\ 7z.dll File Size: 920888 BYTES FileVersion: 9.20.0.0 MD5: [9f522b2708cab181c0f137abbcd1de2e] changes.txt File Size: 2261 BYTES FileVersion: N/A MD5: [af70267bdf9a37a96f1a79a5c3720ae6] license.rtf File Size: 39478 BYTES FileVersion: N/A MD5: [8627b31943a534aad30d154c2b2c1aaf] master.conf File Size: 1258 BYTES FileVersion: N/A MD5: [9702ca5e82d3756c6d8af34a2ababaea] mbam.dll File Size: 579896 BYTES FileVersion: 1.0.7.0 MD5: [d32c2a98859cb22d57a665f15f351e7d] mbam.exe File Size: 6970168 BYTES FileVersion: 1.0.0.532 MD5: [4fbc630768570e6ac35c3de8f6ec79f5] mbamcore.dll File Size: 1680696 BYTES FileVersion: 1.0.11.0 MD5: [f722fa26739eafcbd8d5f3829b632cd7] mbamdor.exe File Size: 54072 BYTES FileVersion: 1.0.1.0 MD5: [4da2f2da54a92850f56c0db712058188] mbamext.dll File Size: 157496 BYTES FileVersion: 3.0.4.0 MD5: [1be09650974c36d9b2a890eea0c338c3] mbampt.exe File Size: 39736 BYTES FileVersion: 1.0.0.0 MD5: [9acd7583584c93ee542c273df8e91dc1] mbamscheduler.exe File Size: 1809720 BYTES FileVersion: 3.0.2.0 MD5: [d84aea3f3329d622dfc1297dddf6163b] mbamservice.exe File Size: 860472 BYTES FileVersion: 3.0.2.0 MD5: [4f45ed469906494f9bf754e476390dbd] mbamsrv.dll File Size: 4437816 BYTES FileVersion: 1.1.0.0 MD5: [9b48e38c35f08fa831b387a0b27c40aa] msvcp100.dll File Size: 421688 BYTES FileVersion: 10.0.40219.325 MD5: [e4b829081e639e42985853bae754a53d] msvcr100.dll File Size: 774456 BYTES FileVersion: 10.0.40219.325 MD5: [80fcedbe920e9cbe30d9d3665bd6efed] QtCore4.dll File Size: 2732856 BYTES FileVersion: 4.8.4.0 MD5: [30490eed6a1e20e8259c0b9c58f488fe] QtGui4.dll File Size: 8575288 BYTES FileVersion: 4.8.4.0 MD5: [15e21aa7d0c0c994cd565eeb96d13c20] QtNetwork4.dll File Size: 909112 BYTES FileVersion: 4.8.4.0 MD5: [d7588d42e29080c32a003bee465160d8] unins000.dat File Size: 22964 BYTES FileVersion: N/A MD5: [ff8a99c79ae824ead47a5c402acb321e] unins000.exe File Size: 718037 BYTES FileVersion: 51.52.0.0 MD5: [d2796ecf50731e696f0c065d24c0827a] C:\Program Files\Malwarebytes Anti-Malware\\Chameleon C:\Program Files\Malwarebytes Anti-Malware\\Chameleon\Windows chameleon.chm File Size: 235882 BYTES FileVersion: N/A MD5: [c4190b71f037714aa77aba294434ba5b] firefox.com File Size: 750392 BYTES FileVersion: 3.0.4.0 MD5: [09882e8edd1144e6ef1af6d1f98305ee] firefox.exe File Size: 750392 BYTES FileVersion: 3.0.4.0 MD5: [09882e8edd1144e6ef1af6d1f98305ee] firefox.pif File Size: 750392 BYTES FileVersion: 3.0.4.0 MD5: [09882e8edd1144e6ef1af6d1f98305ee] firefox.scr File Size: 750392 BYTES FileVersion: 3.0.4.0 MD5: [09882e8edd1144e6ef1af6d1f98305ee] iexplore.exe File Size: 750392 BYTES FileVersion: 3.0.4.0 MD5: [09882e8edd1144e6ef1af6d1f98305ee] mbam-chameleon.com File Size: 750392 BYTES FileVersion: 3.0.4.0 MD5: [09882e8edd1144e6ef1af6d1f98305ee] mbam-chameleon.exe File Size: 750392 BYTES FileVersion: 3.0.4.0 MD5: [09882e8edd1144e6ef1af6d1f98305ee] mbam-chameleon.pif File Size: 750392 BYTES FileVersion: 3.0.4.0 MD5: [09882e8edd1144e6ef1af6d1f98305ee] mbam-chameleon.scr File Size: 750392 BYTES FileVersion: 3.0.4.0 MD5: [09882e8edd1144e6ef1af6d1f98305ee] mbam-killer.exe File Size: 1181496 BYTES FileVersion: N/A MD5: [c6927fd8f7e9105b64db5d5a08b53731] rundll32.exe File Size: 750392 BYTES FileVersion: 3.0.4.0 MD5: [09882e8edd1144e6ef1af6d1f98305ee] svchost.exe File Size: 750392 BYTES FileVersion: 3.0.4.0 MD5: [09882e8edd1144e6ef1af6d1f98305ee] windows.exe File Size: 750392 BYTES FileVersion: 3.0.4.0 MD5: [09882e8edd1144e6ef1af6d1f98305ee] winlogon.exe File Size: 750392 BYTES FileVersion: 3.0.4.0 MD5: [09882e8edd1144e6ef1af6d1f98305ee] C:\Program Files\Malwarebytes Anti-Malware\\imageformats qgif4.dll File Size: 32568 BYTES FileVersion: 4.8.4.0 MD5: [e59f533c26c8375cd120b4791482217e] C:\Program Files\Malwarebytes Anti-Malware\\Languages lang_bg.qm File Size: 144048 BYTES FileVersion: N/A MD5: [9ccb79999432d56b9843a3e2b2c90325] lang_bs.qm File Size: 145523 BYTES FileVersion: N/A MD5: [6ab7a6274d4f9f7553c944f5c66201ba] lang_ca.qm File Size: 132254 BYTES FileVersion: N/A MD5: [68a83ec63b6e7bc5dbdd412bcc49c6ce] lang_cs.qm File Size: 141243 BYTES FileVersion: N/A MD5: [6b8acee7f461fa69b83d2c45c3725427] lang_da.qm File Size: 130101 BYTES FileVersion: N/A MD5: [8539796784746218b229419e99ab308d] lang_de.qm File Size: 149462 BYTES FileVersion: N/A MD5: [fcd3bc376ad219396e8c7d3c87cd8864] lang_el.qm File Size: 149912 BYTES FileVersion: N/A MD5: [74f13f95f63fe96c08e571598df052d6] lang_en.qm File Size: 115961 BYTES FileVersion: N/A MD5: [8c9da1c0ce06b89f8d323bf948bfba4e] lang_es.qm File Size: 130487 BYTES FileVersion: N/A MD5: [33e1c6d40b841cc2e783ec8d8102e66f] lang_et.qm File Size: 138126 BYTES FileVersion: N/A MD5: [aa215b5f37a72a69854c9163ac543b51] lang_fi.qm File Size: 144256 BYTES FileVersion: N/A MD5: [18912c339939c3a6629004ec900f4fe4] lang_fr.qm File Size: 149253 BYTES FileVersion: N/A MD5: [ec2bf2f431c4273f151b8c8a7b84c387] lang_he.qm File Size: 116101 BYTES FileVersion: N/A MD5: [9e692744e77051c6ce14df32f9b71920] lang_hr.qm File Size: 139841 BYTES FileVersion: N/A MD5: [3e3737fe86eb595c5f6817eebf731aa7] lang_hu.qm File Size: 145621 BYTES FileVersion: N/A MD5: [52d3d7fcf8c8db071ef0573a1357c2fd] lang_id.qm File Size: 143102 BYTES FileVersion: N/A MD5: [80473d2c73d2f54f2b23c9316f2d0ceb] lang_it.qm File Size: 146851 BYTES FileVersion: N/A MD5: [7e7aea7d0b433d7e912ed9f0887684a7] lang_ja.qm File Size: 121282 BYTES FileVersion: N/A MD5: [19ac79b7a5e05d665e417c2dd75afc94] lang_ko.qm File Size: 118033 BYTES FileVersion: N/A MD5: [de213178c14490bf452ea45278d3442d] lang_nl.qm File Size: 146325 BYTES FileVersion: N/A MD5: [5aec6f6bdc5e6c28744e6ef374709eeb] lang_no.qm File Size: 142918 BYTES FileVersion: N/A MD5: [4388c08217618af2e24173af6f5d3f97] lang_pl.qm File Size: 145434 BYTES FileVersion: N/A MD5: [699700c889447d1f9b607c04f07fff67] lang_pt_BR.qm File Size: 131739 BYTES FileVersion: N/A MD5: [a3430222223d59da8ec6ea1edae5ee2f] lang_pt_PT.qm File Size: 149128 BYTES FileVersion: N/A MD5: [afdf1907af4c95f9af510d5fc1bb9067] lang_ro.qm File Size: 121166 BYTES FileVersion: N/A MD5: [1672a2b3a9807a1497fe43824c0026c0] lang_ru.qm File Size: 122186 BYTES FileVersion: N/A MD5: [d4dd1eea2b0f52aba2fca4d159c387f7] lang_sk.qm File Size: 119827 BYTES FileVersion: N/A MD5: [8b200d162e8028843e41aa1a927cfd84] lang_sl.qm File Size: 143191 BYTES FileVersion: N/A MD5: [1760a6aa6990b2f0c4c71ec04b25ac9c] lang_sr.qm File Size: 143261 BYTES FileVersion: N/A MD5: [377d15c0da0249f4a7a58978b6307d81] lang_sv.qm File Size: 142525 BYTES FileVersion: N/A MD5: [2587ead21967296fefdd0ee0684fe8b4] lang_tr.qm File Size: 142194 BYTES FileVersion: N/A MD5: [880fcbe97ec6f13ec094f7371b5b295f] lang_vi.qm File Size: 126874 BYTES FileVersion: N/A MD5: [c61281786b5bfec68afc742a19f6abd9] lang_zh_tr.qm File Size: 110870 BYTES FileVersion: N/A MD5: [f223d83580b1ee35edea13293cb2c80d] C:\Program Files\Malwarebytes Anti-Malware\\Plugins fixdamage.exe File Size: 821560 BYTES FileVersion: 1.1.0.1010 MD5: [3a4dcd021d9f3a5305a22e5e309da305] C:\Documents and Settings\Simon\Application Data\Malwarebytes\Malwarebytes Anti-Malware C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes Anti-Malware actions.ref File Size: 314 BYTES FileVersion: N/A MD5: [b26a36c0696e299fdfebe180c09c2737] exclusions.dat File Size: 0 BYTES FileVersion: N/A MD5: [d41d8cd98f00b204e9800998ecf8427e] rules.ref File Size: 8706305 BYTES FileVersion: N/A MD5: [2c0e83b10d2d38498ae31b5ea6887e2d] swissarmy.ref File Size: 21891 BYTES FileVersion: N/A MD5: [6213d4017bb6dc68b54e98dddd8ab5d5] C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Configuration build.conf File Size: 4543 BYTES FileVersion: N/A MD5: [7170e911ab8425a826f58e0406107d84] database.conf File Size: 4 BYTES FileVersion: N/A MD5: [2261e7eca4cd0615a97263c0ad5045c2] gatekeeper.conf File Size: 4 BYTES FileVersion: N/A MD5: [2261e7eca4cd0615a97263c0ad5045c2] license.conf File Size: 578 BYTES FileVersion: N/A MD5: [14d9308ff4ec5c6143a37fc37a10449c] manifest.conf File Size: 2247 BYTES FileVersion: N/A MD5: [027bdd2050c7a532edf3b2d82d7643bd] marketing.conf File Size: 1434 BYTES FileVersion: N/A MD5: [19533c40d9c9778b2ab423dbcf063d80] net.conf File Size: 6191 BYTES FileVersion: N/A MD5: [bbb242ae1f86506305e00d8ead3d2c22] notifications.conf File Size: 4 BYTES FileVersion: N/A MD5: [2261e7eca4cd0615a97263c0ad5045c2] scheduler.conf File Size: 2279 BYTES FileVersion: N/A MD5: [3cac031df87d0dc4a00956cf15796a85] settings.conf File Size: 1938 BYTES FileVersion: N/A MD5: [96f358cc3745eca902e8393c038aab11] statistics.conf File Size: 385 BYTES FileVersion: N/A MD5: [be7bf9d75ee8dc385bfb8568aa57956a] C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Logs protection-log-2014-10-02.xml File Size: 3948 BYTES FileVersion: N/A MD5: [bc8833168b16ccbb0a06fdcf22bd8a83] protection-log-2014-10-03.xml File Size: 8696 BYTES FileVersion: N/A MD5: [303272e02749f1850e18969ee6c0d4e2] C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Quarantine Malware Exclusions: =================== Web Exclusions: ================ Quarantined Items: =================== =============================================================== END OF FILE

Hi, I have uninstalled Malwarebytes using the designated removal tool and I am still having problems with pop ups. I have attached a copy of FRST and addition. Canany one help me - this ereror is driving me nuts and impacting upon the functionality of my computer. I am running malwarebytes Pro ona Windows XP OS on a Sony Vaio VGN AR11M Hope someone can help, Many thanks Simon Banks Now I can not add the files - I receive an 'Upload skipped (Error IO)' message. Pasted them instead. Many thanks Additional scan result of Farbar Recovery Scan Tool (x86) Version:01-07-2014 Ran by Simon at 2014-10-02 22:25:53 Running from C:\Documents and Settings\Simon\My Documents\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D} AV: Webroot SecureAnywhere (Disabled - Up to date) {D486329C-1488-4CEB-9CC8-D662B732D904} FW: Norton Internet Worm Protection (Disabled) {990F9400-4CEE-43EA-A83A-D013ADD8EA6E} ==================== Installed Programs ====================== µTorrent (HKLM\...\uTorrent) (Version: 3.1.3 - ) Adobe Acrobat 7.0 Elements (HKLM\...\Adobe Acrobat 7.0 Elements) (Version: 7.0.0 - Adobe Systems) Adobe Acrobat 7.0 Elements (Version: 7.0.0 - Adobe Systems) Hidden Adobe Common File Installer (Version: 1.00.002 - Adobe System Incorporated) Hidden Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.125 - Adobe Systems Incorporated) Adobe Help Center 2.0 (Version: 2.0.0 - Adobe Systems) Hidden Adobe Photoshop Elements 4.0 (HKLM\...\Adobe Photoshop Elements 4) (Version: 4.0 - Adobe Systems Inc.) Adobe Photoshop Elements 4.0 (Version: 4.0 - Adobe Systems Inc.) Hidden Adobe Premiere Elements 2.0 (HKLM\...\PremElem20) (Version: 2.0.0 - Adobe Systems Incorporated) Adobe Premiere Elements 2.0 (Version: 2.0.0 - Adobe Systems Incorporated) Hidden Adobe Reader X (10.1.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated) aioprnt (Version: 5.3.1.0 - Eastman Kodak Company) Hidden aioscnnr (Version: 5.7.5.30 - Your Company Name) Hidden aioscnnr (Version: 7.6.13.10 - Your Company Name) Hidden All My Books 3.9 (HKLM\...\{3A9FE5C3-799E-4E41-AF4E-943F9BC4C4BD}_is1) (Version: 3.9 - Bolide Software) Apple Application Support (HKLM\...\{EE6097DD-05F4-4178-9719-D3170BF098E8}) (Version: 1.4.1 - Apple Inc.) Apple Software Update (HKLM\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.) AppMon Utility (HKLM\...\InstallShield_{8C44C027-7B9F-46F1-8FD8-5767403A7CA5}) (Version: 1.0.00.03150 - Sony Corporation) AppMon Utility (Version: 1.0.00.03150 - Sony Corporation) Hidden AV Mode Button Utility (HKLM\...\{1C70BE80-35E0-46DA-B81D-5BF5652F8D80}) (Version: 1.1.00.03020 - Sony Corporation) avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2021 - AVAST Software) AviSynth 2.5 (HKLM\...\AviSynth) (Version: - ) BBC iPlayer Desktop (Version: 3.2.13 - British Broadcasting Corp.) Hidden BlackBerry Desktop Software 6.0.1 (Version: 6.0.1.18 - Research In Motion Ltd.) Hidden Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v4.00.31(SO) - ) C4USelfUpdater (Version: 1.00.0000 - Your Company Name) Hidden Canon Auto Update Service (HKLM\...\Auto Update Service) (Version: 1.1.2.18 - Canon Inc.) Canon Digital Camera USB WIA Driver (HKLM\...\Canon Digital Camera USB WIA Driver) (Version: - ) Canon LBP2900 (HKLM\...\Canon LBP2900) (Version: - ) Canon MOV Decoder (HKLM\...\Canon MOV Decoder) (Version: 1.9.0.8 - Canon Inc.) Canon MOV Encoder (HKLM\...\Canon MOV Encoder) (Version: 1.8.0.1 - Canon Inc.) Canon MovieEdit Task for ZoomBrowser EX (HKLM\...\MovieEditTask) (Version: 3.9.0.6 - Canon Inc.) Canon PhotoRecord (HKLM\...\PhotoRecord) (Version: - ) Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX (HKLM\...\EOS Video Snapshot Task) (Version: 1.0.0.10 - Canon Inc.) Canon Utilities MyCamera (HKLM\...\MyCamera) (Version: 7.3.0.5 - Canon Inc.) Canon Utilities PhotoStitch 3.1 (HKLM\...\Canon PhotoStitch 3.1) (Version: - ) Canon Utilities RAW Image Converter (HKLM\...\Canon Utilities RAW Image Converter) (Version: - ) Canon Utilities RemoteCapture 2.2 (HKLM\...\RemoteCapture) (Version: - ) Canon Utilities ZoomBrowser EX (HKLM\...\ZoomBrowser EX) (Version: 6.9.0.1 - Canon Inc.) Canon ZoomBrowser EX Memory Card Utility (HKLM\...\ZoomBrowser EX Memory Card Utility) (Version: 1.6.0.15 - Canon Inc.) CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform) Click to DVD 2.0.03 Menu Data (HKLM\...\{9E407618-D9CD-4F39-9490-9ED45294073D}) (Version: 2.0.03 - Sony Corporation) Click to DVD 2.5.32 (HKLM\...\{E809063C-51A3-4269-8984-D1EB742F2151}) (Version: 2.5.32 - Sony Corporation) Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Dashlane (HKCU\...\Dashlane) (Version: 2.4.1.63897 - Dashlane SAS) DriverPack Solution Updater (HKCU\...\DRPSu Updater) (Version: 0.0.25 - DriverPack Solution) Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.) DSD Direct (HKLM\...\{C27BF761-C499-488D-A964-A3718BC6EC3E}) (Version: 1.0.02 - Sony Corporation) Elevated Installer (Version: 2.3.17.0 - Garmin Ltd or its subsidiaries) Hidden essentials (Version: 6.0.14.0 - Eastman Kodak Company) Hidden Garmin Express (HKLM\...\{d6f59919-3fd4-48c5-8404-def6f92d8422}) (Version: 2.3.17.0 - Garmin Ltd or its subsidiaries) Garmin Express (Version: 2.3.17.0 - Garmin Ltd or its subsidiaries) Hidden Garmin Express Tray (Version: 2.3.17.0 - Garmin Ltd or its subsidiaries) Hidden Google AFE (HKLM\...\{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}) (Version: - ) Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.) Google Chrome Frame (HKLM\...\Google Chrome Frame) (Version: 32.0.1700.107 - Google Inc.) Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Talk Plugin (HKLM\...\{2A83AD05-56E6-3FBD-8752-B4143162EF59}) (Version: 4.9.1.16010 - Google) Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden HDAUDIO SoftV92 Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200) (Version: - ) HDAUDIO SoftV92 Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_20030003) (Version: - ) High Definition Audio Driver Package - KB835221 (HKLM\...\KB835221WXP) (Version: 20040219.000000 - Microsoft Corporation) HiJackThis (HKLM\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro) HP Memories Disc (HKLM\...\{B376402D-58EA-45EA-BD50-DD924EB67A70}) (Version: 1.0.4.805 - Hewlett-Packard Company) HP Photo and Imaging 2.0 - Scanners (HKLM\...\{6CC93102-135E-49E2-99A4-C431E671C12A}) (Version: 2.0.0000 - {&Tahoma8}Hewlett-Packard) HTC BMP USB Driver (HKLM\...\{31A559C1-9E4D-423B-9DD3-34A6C5398752}) (Version: 1.0.5375 - HTC) HTC Driver Installer (HKLM\...\{6D6664A9-3342-4948-9B7E-034EFE366F0F}) (Version: 3.0.0.021 - HTC Corporation) HTC Sync (HKLM\...\{AB77DFDE-9949-4AEF-B180-BE322C3E65D0}) (Version: 3.2.20 - HTC Corporation) Image Converter 2 Plus (HKLM\...\{63B8FB69-A1B6-425D-B67D-5257B7A1F663}) (Version: 2.2.04 - Sony Corporation) Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: - ) Intel® PROSet/Wireless Software (HKLM\...\ProInst) (Version: - Intel Corporation) InterVideo WinDVD for VAIO (HKLM\...\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}) (Version: 5.0-B11.784 - InterVideo Inc.) J2SE Runtime Environment 5.0 Update 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0150060}) (Version: 1.5.0.60 - Sun Microsystems, Inc.) Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle) Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation) K-Lite Codec Pack 7.5.0 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 7.5.0 - ) Kodak AIO Printer (Version: 7.7.2.0 - Eastman Kodak Company) Hidden LoiLoScope Download (HKLM\...\{C2A254F4-AC74-482F-8F09-DB2843AC2AAE}_is1) (Version: 2.0 - LoiLo inc) Malwarebytes Anti-Exploit version 0.09.5.1000 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 0.09.5.1000 - Malwarebytes) Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) MapSource - Atlantic BlueChart v4.00 (HKLM\...\{664BCF28-C038-4F06-8BF4-A0F2D24C44EE}) (Version: - ) mCore (Version: 5.40.0000 - Intel Corporation) Hidden mDriver (Version: 5.40.0000 - Intel) Hidden Microsoft .NET Framework 1.0 Hotfix (KB2572066) (HKLM\...\KB2572066) (Version: - Microsoft Corporation) Microsoft .NET Framework 1.0 Hotfix (KB2604042) (HKLM\...\KB2604042) (Version: - Microsoft Corporation) Microsoft .NET Framework 1.0 Hotfix (KB2656378) (HKLM\...\KB2656378) (Version: - Microsoft Corporation) Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - ) Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - ) Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - ) Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - ) Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version: - Microsoft Corporation) Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 (Version: - Microsoft Corporation) Hidden Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office XP Media Content (HKLM\...\{90300409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2619.0 - Microsoft Corporation) Microsoft Office XP Small Business (HKLM\...\{91130409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft SQL Server Desktop Engine (VAIO_VEDB) (HKLM\...\{E09B48B5-E141-427A-AB0C-D3605127224A}) (Version: 8.00.761 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Works (HKLM\...\{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}) (Version: 08.04.0623 - Microsoft Corporation) mMHouse (Version: 5.40.0000 - Intel Corporation) Hidden Mozilla Firefox 30.0 (x86 en-US) (HKLM\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla) mPfMgr (Version: 5.40.0000 - Intel Corporation) Hidden mProSafe (Version: 9.00.0000 - Intel) Hidden MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation) MSXML 6 Service Pack 2 (KB973686) (HKLM\...\{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}) (Version: 6.20.2003.0 - Microsoft Corporation) mWlsSafe (Version: 9.00.0000 - Intel) Hidden mXML (Version: 5.40.0000 - Intel Corporation) Hidden NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.54.32 - NVIDIA Corporation) ocr (Version: 6.2.3.50 - Eastman Kodak Company) Hidden OpenCPN 3.2.2 (HKLM\...\OpenCPN 3.2.2) (Version: 3.2.2 - opencpn.org) OpenMG Limited Patch 4.4-06-13-19-01 (HKLM\...\OpenMG HotFix4.4-05-12-06-01) (Version: - ) OpenMG Secure Module 4.4.00 (HKLM\...\InstallShield_{CFB17307-B244-4EAD-AE8E-CDAF440477C2}) (Version: 4.4.00.11241 - Sony Corporation) OpenMG Secure Module 4.4.00 (Version: 4.4.00.11241 - Sony Corporation) Hidden PHOTOfunSTUDIO 9.3 PE (HKLM\...\{E33B3B6C-5712-4A39-B30D-1391918D920D}) (Version: 9.03.703 - Panasonic Corporation) Picasa 3 (HKLM\...\Picasa 3) (Version: 3.8 - Google, Inc.) PreReq (Version: 6.2.4.0 - Eastman Kodak Company) Hidden QuickTime (HKLM\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.) Rapport (Version: 3.5.1307.93 - Trusteer) Hidden RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden RealPlayer (HKLM\...\RealPlayer 12.0) (Version: - RealNetworks) RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden Roxio DigitalMedia Audio (HKLM\...\{AB708C9B-97C8-4AC9-899B-DBF226AC9382}) (Version: 2.0.7 - Roxio) Roxio DigitalMedia Copy (HKLM\...\{B12665F4-4E93-4AB4-B7FC-37053B524629}) (Version: 2.0.7 - Roxio) Roxio DigitalMedia Data (HKLM\...\{075473F5-846A-448B-BCB3-104AA1760205}) (Version: 2.0.7 - Roxio) RulesMaster Pro (HKLM\...\RulesMaster Pro) (Version: - ) Setting Utility Series (HKLM\...\{59452470-A902-477F-9338-9B88101681BD}) (Version: - ) SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.4802.0 - SigmaTel) Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.) SonicStage 3.4 (HKLM\...\{A0EB195B-5876-48E6-879D-33D4B2102610}) (Version: 3.4 - Sony Corporation) SonicStage Mastering Studio 2.2 (HKLM\...\{BF3B304B-8A18-452D-A19F-6012CA8418D7}) (Version: - ) SonicStage Mastering Studio Audio Filter (HKLM\...\{AB467B85-4F52-48C2-AEED-0673D00417B0}) (Version: - ) SonicStage Mastering Studio Audio Filter Custom Preset (HKLM\...\{013E1BA8-C815-4E27-BCB9-D6B1B2E24094}) (Version: - ) SonicStage Mastering Studio Plugins (HKLM\...\{EE7EB179-5AA2-4B28-AC92-5CBAAF82BA7F}) (Version: - ) Sony MP4 Shared Library (HKLM\...\{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}) (Version: 2.0 - Sony Corporation) Sony USB Mouse (HKLM\...\MouseSuite98) (Version: - ) Sony Utilities DLL (HKLM\...\{EF3D45BB-2260-4008-88EA-492E7744A9DF}) (Version: - ) Sony Video Shared Library (HKLM\...\{BE56FEF0-1A0F-4719-B3AD-34B5087AFA6D}) (Version: 2.0.01 - Sony Corporation) SSH Secure Shell (HKLM\...\{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}) (Version: - ) Trend Micro RUBotted 2.0 Beta (HKLM\...\{54D4EAF5-4C80-4878-B4AC-5AE454A02E3C}_is1) (Version: 2.0.0.1030 - Trend Micro, Inc.) Trusteer Endpoint Protection (HKLM\...\Rapport_msi) (Version: 3.5.1307.93 - Trusteer) Ugrib RC1 (HKLM\...\Ugrib_is1) (Version: Release Candidate 0.2.4 - GRIB.US) Update 4.0.3 for Microsoft .NET Framework 4 Client Profile (KB2600211) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600211) (Version: 1 - Microsoft Corporation) Update 4.0.3 for Microsoft .NET Framework 4 Extended (KB2600211) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2600211) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation) Update for Windows Media Player 10 (KB910393) (HKLM\...\KB910393) (Version: - Microsoft Corporation) Update for Windows Media Player 10 (KB913800) (HKLM\...\KB913800) (Version: - Microsoft Corporation) Update for Windows Media Player 10 (KB926251) (HKLM\...\KB926251) (Version: - Microsoft Corporation) Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB951978) (HKLM\...\KB951978) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB961503) (HKLM\...\KB961503) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation) Update Rollup 2 for Windows XP Media Center Edition 2005 (HKLM\...\KB900325) (Version: - Microsoft Corporation) VAIO Camera Utility (HKLM\...\{1417F599-1DBD-4499-9375-B2813E9F890C}) (Version: - ) VAIO Control Center (HKLM\...\{FC37C108-821D-4EDE-8F40-D5B497586805}) (Version: - ) VAIO Edit Components (Version: 6.6 - Sony Corporation) Hidden VAIO Edit Components 6.6 (HKLM\...\{B7C03E84-AF46-42F4-809D-D4127D9086D0}) (Version: 6.6 - Sony Corporation) VAIO Entertainment Platform (HKLM\...\{6B1F20F2-6321-4669-A58C-33DF8E7517FF}) (Version: 1.3.30.11290 - Sony Corporation) VAIO Event Service (HKLM\...\{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}) (Version: 2.3.00.03300 - Sony Corporation) VAIO Hardware Diagnostics (HKLM\...\{A947C2B3-7445-42C4-9063-EE704CACCB22}) (Version: - ) VAIO Information FLOW (HKLM\...\{24960AC2-C413-4A86-B1C1-E4CCADCA44D3}) (Version: 1.2.00.13160 - Sony Corporation) VAIO Media 5.0 (HKLM\...\{560F6B2E-F0DF-44E5-8190-A4A161F0E205}) (Version: 5.0.10 - Sony Corporation) VAIO Media AC3 Decoder 1.0 (HKLM\...\{2063C2E8-3812-4BBD-9998-6610F80C1DD4}) (Version: - ) VAIO Media Integrated Server 5.0 (HKLM\...\{785EB1D4-ECEC-4195-99B4-73C47E187721}) (Version: - Sony Corporation) VAIO Media Redistribution 5.0 (HKLM\...\{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}) (Version: 5.0.10 - Sony Corporation) VAIO Media Registration Tool 5.0 (HKLM\...\{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}) (Version: 5.0.00 - Sony Corporation) VAIO Online Registration (English) (HKLM\...\InstallShield_{668B1BD6-4593-4959-970E-249AFFE6F35C}) (Version: 4.6.0.0 - Sony Corporation) VAIO Original Screen Saver (HKLM\...\{1BEF9285-5530-426B-A5F1-5836B95C7EB1}) (Version: - ) VAIO Original Screen Saver VAIO Cozy Screen SD Wide Contents (HKLM\...\{FB714F13-10C9-48DB-91C9-DDBCCCBF9370}) (Version: - ) VAIO Power Management (HKLM\...\{9E319E96-ED8E-4B01-9775-C521A1869A25}) (Version: 1.8.01.03310 - Sony Corporation) VAIO Product Survey (HKLM\...\InstallShield_{9080C5D2-82FA-452A-87FA-CBB4B05D67A5}) (Version: 1.1.2.1 - Sony Corporation) VAIO Update (HKLM\...\{5BEE8F1F-BD32-4553-8107-500439E43BD7}) (Version: 5.6.1.02150 - Sony Corporation) VAIO Update Merge Module x86 (Version: 5.6.10270 - Sony Corporation) Hidden VAIO Update Merge Module x86 (Version: 5.7.13130 - Sony Corporation) Hidden VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN) VOR (Version: 4.6.0.0 - Sony Corporation) Hidden VPS (Version: 1.1.2.1 - Sony Corporation) Hidden VU5x86 (Version: 1.0.0 - Sony Corporation ) Hidden WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation) Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (HKLM\...\KB952011) (Version: 1.0 - Microsoft Corporation) Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation) Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation) Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation) Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation) Windows Management Framework Core (HKLM\...\KB968930) (Version: - Microsoft Corporation) Windows Media Format Runtime (HKLM\...\Windows Media Format Runtime) (Version: - ) Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp) Windows XP Media Center Edition 2005 KB2502898 (HKLM\...\KB2502898) (Version: - Microsoft Corporation) Windows XP Media Center Edition 2005 KB2619340 (HKLM\...\KB2619340) (Version: - Microsoft Corporation) Windows XP Media Center Edition 2005 KB2628259 (HKLM\...\KB2628259) (Version: - Microsoft Corporation) Windows XP Media Center Edition 2005 KB973768 (HKLM\...\KB973768) (Version: - Microsoft Corporation) Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation) WinRAR 4.11 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH) Wireless LAN Starter (HKLM\...\{61D6E4FB-1A62-4EB1-BE56-929B00C155CF}) (Version: - ) Wireless Switch Setting Utility (HKLM\...\{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}) (Version: - ) Zip Extractor Packages (HKCU\...\Zip Extractor Packages) (Version: - ) <==== ATTENTION ==================== Restore Points ========================= 01-10-2014 18:34:44 System Checkpoint 02-10-2014 19:34:40 System Checkpoint 02-10-2014 20:14:48 avast! antivirus system restore point ==================== Hosts content: ========================== 2006-03-24 09:26 - 2013-10-20 18:27 - 00000019 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\At1.job => C:\DOCUME~1\Simon\APPLIC~1\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-391862387-3288958817-4000765809-1006Core.job => C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-391862387-3288958817-4000765809-1006UA.job => C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job => C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe Task: C:\WINDOWS\Tasks\Malwarebytes Anti-Exploit.job => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-391862387-3288958817-4000765809-1006.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-391862387-3288958817-4000765809-1006.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe ==================== Loaded Modules (whitelisted) ============= 2012-05-03 23:27 - 2014-06-30 19:23 - 01404120 _____ () C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll 2005-11-28 12:59 - 2005-11-28 12:59 - 00876544 ____N () C:\Program Files\Intel\Wireless\Bin\LIBEAY32.dll 2005-11-28 12:59 - 2005-11-28 12:59 - 00053322 ____N () C:\Program Files\Intel\Wireless\Bin\IntStngs.dll 2005-11-28 12:59 - 2005-11-28 12:59 - 00208965 ____N () C:\Program Files\Intel\Wireless\Bin\IWMSPROV.DLL 2014-10-02 17:29 - 2014-10-02 17:29 - 02789888 _____ () C:\Program Files\AVAST Software\Avast\defs\14070200\algo.dll 2014-10-02 21:24 - 2014-10-02 21:24 - 02789888 _____ () C:\Program Files\AVAST Software\Avast\defs\14070201\algo.dll 2004-07-20 17:04 - 2004-07-20 17:04 - 00094208 ____N () C:\WINDOWS\system32\TosBtHcrpAPI.dll 2005-09-09 03:24 - 2005-09-09 03:24 - 00102400 ____N () C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe 2006-03-24 09:26 - 2011-02-04 18:48 - 00291840 _____ () C:\WINDOWS\system32\sbe.dll 2006-03-24 09:26 - 2013-01-02 07:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll 2006-03-24 09:26 - 2008-04-14 01:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll 2006-03-24 09:26 - 2008-04-14 01:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll 2005-08-05 14:05 - 2005-08-05 14:05 - 00064512 ____N () C:\WINDOWS\system32\MSNP.ax 2006-03-24 09:26 - 2005-08-05 14:06 - 00165376 _____ () C:\WINDOWS\system32\mpg2splt.ax 2005-08-05 15:02 - 2006-10-09 17:12 - 00224256 _____ () C:\WINDOWS\system32\PsisRndr.ax 2006-03-24 09:27 - 2005-08-05 15:01 - 00167936 _____ () C:\WINDOWS\system32\WSTPager.ax 2006-03-24 09:26 - 2005-08-05 15:01 - 00159744 _____ () C:\WINDOWS\system32\VBICodec.ax 2006-03-24 09:26 - 2011-10-14 18:38 - 00456192 _____ () C:\WINDOWS\system32\encdec.dll 2005-08-05 15:01 - 2006-10-09 17:12 - 00235008 _____ () C:\WINDOWS\system32\PsisDecd.dll 2006-03-24 09:26 - 2005-08-05 15:01 - 00062976 _____ () C:\WINDOWS\system32\Mpeg2Data.ax 2011-11-05 22:03 - 2011-07-22 09:00 - 03576320 ____N () C:\Program Files\K-Lite Codec Pack\ffdshow\ffdshow.ax 2011-11-05 22:03 - 2011-07-22 16:00 - 00736644 ____N () C:\Program Files\K-Lite Codec Pack\Filters\LAV\avformat-53.dll 2011-11-05 22:03 - 2011-07-22 16:00 - 05270754 ____N () C:\Program Files\K-Lite Codec Pack\Filters\LAV\avcodec-53.dll 2011-11-05 22:03 - 2011-07-22 16:00 - 00213337 ____N () C:\Program Files\K-Lite Codec Pack\Filters\LAV\avutil-51.dll 2014-03-23 17:04 - 2014-03-23 17:04 - 00557056 _____ () C:\Program Files\Trusteer\Rapport\bin\js32.dll 2006-04-11 10:06 - 2005-05-20 17:42 - 00010752 ____N () C:\Program Files\Sony\VAIO Event Service\VESBasePS.dll 2006-03-24 09:26 - 2007-04-02 13:49 - 00355112 _____ () C:\WINDOWS\system32\msjetoledb40.dll 2010-07-14 08:26 - 2006-01-07 02:36 - 00081920 ____N () C:\Program Files\Sony\SonicStage\SSAAD.exe 2014-03-03 21:42 - 2014-03-03 21:42 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2014-10-02 20:09 - 2014-10-02 20:09 - 00043008 _____ () c:\Documents and Settings\Simon\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvoaehy.dll 2013-08-23 20:01 - 2013-08-23 20:01 - 25100288 _____ () C:\Documents and Settings\Simon\Application Data\Dropbox\bin\libcef.dll 2014-05-09 22:02 - 2014-06-18 23:05 - 03852912 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll 2014-05-27 15:37 - 2014-05-27 15:37 - 00224952 _____ () C:\Documents and Settings\Simon\Application Data\Dashlane\2.4.1.63897\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\Dashlanef_300.2.4.1.63897.dll 2014-05-27 15:38 - 2014-05-27 15:38 - 04805304 _____ () C:\Documents and Settings\Simon\Application Data\Dashlane\2.4.1.63897\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWData.2.4.1.63897.dll 2014-05-27 15:38 - 2014-05-27 15:38 - 00423608 _____ () C:\Documents and Settings\Simon\Application Data\Dashlane\2.4.1.63897\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWUtils.2.4.1.63897.dll 2014-05-27 15:38 - 2014-05-27 15:38 - 00255160 _____ () C:\Documents and Settings\Simon\Application Data\Dashlane\2.4.1.63897\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebugDll_win32.2.4.1.63897.dll 2014-05-27 15:38 - 2014-05-27 15:38 - 00363704 _____ () C:\Documents and Settings\Simon\Application Data\Dashlane\2.4.1.63897\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebug.2.4.1.63897.dll 2014-05-27 15:38 - 2014-05-27 15:38 - 28239544 _____ () C:\Documents and Settings\Simon\Application Data\Dashlane\2.4.1.63897\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWExternLib.2.4.1.63897.dll 2014-05-27 15:38 - 2014-05-27 15:38 - 12154040 _____ () C:\Documents and Settings\Simon\Application Data\Dashlane\2.4.1.63897\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib.2.4.1.63897.dll 2014-05-27 15:38 - 2014-05-27 15:38 - 00263352 _____ () C:\Documents and Settings\Simon\Application Data\Dashlane\2.4.1.63897\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib_win.2.4.1.63897.dll 2014-05-27 15:38 - 2014-05-27 15:38 - 02041528 _____ () C:\Documents and Settings\Simon\Application Data\Dashlane\2.4.1.63897\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLibData.2.4.1.63897.dll 2013-10-13 21:39 - 2014-05-27 15:38 - 00219832 _____ () C:\Documents and Settings\Simon\Application Data\Dashlane\Dashlane.exe 2014-05-27 15:37 - 2014-05-27 15:37 - 04319416 _____ () C:\Documents and Settings\Simon\Application Data\Dashlane\2.4.1.63897\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWApplication.2.4.1.63897.dll 2002-04-17 10:49 - 2002-04-17 10:49 - 00024576 ____N () c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnfps.dll 2002-04-17 10:49 - 2002-04-17 10:49 - 00077824 ____N () c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9 ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service" ==================== EXE Association (whitelisted) ============= HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION! HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION! HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION! HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION! HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION! HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION! HKU\S-1-5-21-391862387-3288958817-4000765809-1006\Software\Classes\exefile: <===== ATTENTION! ==================== MSCONFIG/TASK MANAGER disabled items ========= MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BeoPlayer.lnk => C:\WINDOWS\pss\BeoPlayer.lnkCommon Startup MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk => C:\WINDOWS\pss\Bluetooth Manager.lnkCommon Startup MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup MSCONFIG\startupfolder: C:^Documents and Settings^Simon^Start Menu^Programs^Startup^Dropbox.lnk => C:\WINDOWS\pss\Dropbox.lnkStartup MSCONFIG\startupfolder: C:^Documents and Settings^Simon^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk => C:\WINDOWS\pss\OpenOffice.org 3.3.lnkStartup MSCONFIG\startupreg: Acrobat Assistant 7.0 => "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: Anti-phishing Domain Advisor => "C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe" MSCONFIG\startupreg: Apoint => C:\Program Files\Apoint\Apoint.exe MSCONFIG\startupreg: AppMon Utility => C:\Program Files\Sony\AppMonUtil\AppMonUtility.exe @@@Start MSCONFIG\startupreg: Beoplayertray => C:\Program Files\Bang & Olufsen\BeoPlayer\Beotray.exe MSCONFIG\startupreg: chromium => C:\Program Files\Google\Chrome\Application\chrome.exe --no-startup-window MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe MSCONFIG\startupreg: DrvUpdater => C:\Documents and Settings\Simon\Application Data\DRPSu\DrvUpdater.exe MSCONFIG\startupreg: ehTray => C:\WINDOWS\ehome\ehtray.exe MSCONFIG\startupreg: EKIJ5000StatusMonitor => C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe MSCONFIG\startupreg: F44BE43CC11D91D3DC25D5C54CC07C7B74D7AEB3._service_run => "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=service MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files\Garmin\Express Tray\ExpressTray.exe" MSCONFIG\startupreg: Google Update => "C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c MSCONFIG\startupreg: HTC Sync Loader => "C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup MSCONFIG\startupreg: ISBMgr.exe => C:\Program Files\Sony\ISB Utility\ISBMgr.exe MSCONFIG\startupreg: KernelFaultCheck => MSCONFIG\startupreg: Mouse Suite 98 Daemon => ICO.EXE MSCONFIG\startupreg: NBAgent => "C:\Program Files\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart MSCONFIG\startupreg: NvCplDaemon => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup MSCONFIG\startupreg: PDService.exe => C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: Share-to-Web Namespace Daemon => c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe MSCONFIG\startupreg: SonyPowerCfg => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe MSCONFIG\startupreg: SsAAD.exe => C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: Switcher.exe => C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe MSCONFIG\startupreg: TkBellExe => "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot MSCONFIG\startupreg: Trend Micro RUBotted V2.0 Beta => C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe MSCONFIG\startupreg: VAIO Update 5 => "C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe" /Stationary MSCONFIG\startupreg: VAIOCameraUtility => "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe" ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (10/02/2014 10:24:09 PM) (Source: crypt32) (EventID: 11) (User: ) Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error: (10/02/2014 10:24:09 PM) (Source: crypt32) (EventID: 11) (User: ) Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error: (10/02/2014 08:07:59 PM) (Source: VzCdbSvc) (EventID: 7) (User: ) Description: Failed to load the plug-in module. (GUID = {F508055A-CDBF-4D4D-BC8F-4D8E0D9B9E81})(Error code = 0x80040e14) Error: (10/02/2014 08:07:42 PM) (Source: STacSV) (EventID: 32767) (User: NT AUTHORITY) Description: Connection to BassMgrHDA COM interface failed Error: (10/02/2014 07:43:22 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application avastui.exe, version 9.0.2018.401, faulting module libcef.dll, version 1.1453.1255.0, fault address 0x00848379. Processing media-specific event for [avastui.exe!ws!] Error: (10/02/2014 07:38:17 PM) (Source: VzCdbSvc) (EventID: 7) (User: ) Description: Failed to load the plug-in module. (GUID = {F508055A-CDBF-4D4D-BC8F-4D8E0D9B9E81})(Error code = 0x80040e14) Error: (10/02/2014 07:38:00 PM) (Source: STacSV) (EventID: 32767) (User: NT AUTHORITY) Description: Connection to BassMgrHDA COM interface failed Error: (10/02/2014 05:26:29 PM) (Source: VzCdbSvc) (EventID: 7) (User: ) Description: Failed to load the plug-in module. (GUID = {F508055A-CDBF-4D4D-BC8F-4D8E0D9B9E81})(Error code = 0x80040e14) Error: (10/02/2014 05:26:14 PM) (Source: STacSV) (EventID: 32767) (User: NT AUTHORITY) Description: Connection to BassMgrHDA COM interface failed Error: (10/02/2014 08:33:33 AM) (Source: VzCdbSvc) (EventID: 7) (User: ) Description: Failed to load the plug-in module. (GUID = {F508055A-CDBF-4D4D-BC8F-4D8E0D9B9E81})(Error code = 0x80040e14) System errors: ============= Error: (10/02/2014 09:57:00 PM) (Source: Schedule) (EventID: 7901) (User: ) Description: The At1.job command failed to start due to the following error: %%2147942403 Error: (10/02/2014 08:57:00 PM) (Source: Schedule) (EventID: 7901) (User: ) Description: The At1.job command failed to start due to the following error: %%2147942403 Error: (10/02/2014 08:08:03 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: AVGIDSHX AVGIDSShim Error: (10/02/2014 08:07:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The XAudioService service failed to start due to the following error: %%193 Error: (10/02/2014 08:07:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Trend Micro RUBotted Service service failed to start due to the following error: %%1053 Error: (10/02/2014 08:07:59 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Timeout (30000 milliseconds) waiting for the Trend Micro RUBotted Service service to connect. Error: (10/02/2014 07:57:00 PM) (Source: Schedule) (EventID: 7901) (User: ) Description: The At1.job command failed to start due to the following error: %%2147942403 Error: (10/02/2014 07:38:22 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: AVGIDSHX AVGIDSShim Error: (10/02/2014 07:38:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The XAudioService service failed to start due to the following error: %%193 Error: (10/02/2014 07:38:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Trend Micro RUBotted Service service failed to start due to the following error: %%1053 Microsoft Office Sessions: ========================= Error: (10/02/2014 10:24:09 PM) (Source: crypt32) (EventID: 11) (User: ) Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error: (10/02/2014 10:24:09 PM) (Source: crypt32) (EventID: 11) (User: ) Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error: (10/02/2014 08:07:59 PM) (Source: VzCdbSvc) (EventID: 7) (User: ) Description: {F508055A-CDBF-4D4D-BC8F-4D8E0D9B9E81}0x80040e14 Error: (10/02/2014 08:07:42 PM) (Source: STacSV) (EventID: 32767) (User: NT AUTHORITY) Description: Connection to BassMgrHDA COM interface failed Error: (10/02/2014 07:43:22 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: avastui.exe9.0.2018.401libcef.dll1.1453.1255.000848379 Error: (10/02/2014 07:38:17 PM) (Source: VzCdbSvc) (EventID: 7) (User: ) Description: {F508055A-CDBF-4D4D-BC8F-4D8E0D9B9E81}0x80040e14 Error: (10/02/2014 07:38:00 PM) (Source: STacSV) (EventID: 32767) (User: NT AUTHORITY) Description: Connection to BassMgrHDA COM interface failed Error: (10/02/2014 05:26:29 PM) (Source: VzCdbSvc) (EventID: 7) (User: ) Description: {F508055A-CDBF-4D4D-BC8F-4D8E0D9B9E81}0x80040e14 Error: (10/02/2014 05:26:14 PM) (Source: STacSV) (EventID: 32767) (User: NT AUTHORITY) Description: Connection to BassMgrHDA COM interface failed Error: (10/02/2014 08:33:33 AM) (Source: VzCdbSvc) (EventID: 7) (User: ) Description: {F508055A-CDBF-4D4D-BC8F-4D8E0D9B9E81}0x80040e14 ==================== Memory info =========================== Percentage of memory in use: 83% Total physical RAM: 2046.11 MB Available physical RAM: 337.72 MB Total Pagefile: 3935.82 MB Available Pagefile: 2214.57 MB Total Virtual: 2047.88 MB Available Virtual: 1958.04 MB ==================== Drives ================================ Drive c: (VAIO) (Fixed) (Total:46.84 GB) (Free:15.18 GB) NTFS ==>[Drive with boot components (Windows XP)] Drive d: (VAIO) (Fixed) (Total:32.61 GB) (Free:17.53 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 149 GB) (Disk ID: F9FBF7AC) Partition 1: (Not Active) - (Size=7 GB) - (Type=12) Partition 2: (Active) - (Size=47 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=95 GB) - (Type=OF Extended) ==================== End Of Log ============================ Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:01-07-2014 Ran by Simon (administrator) on YOUR-187FDF43C9 on 02-10-2014 22:23:33 Running from C:\Documents and Settings\Simon\My Documents\Downloads Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States) Internet Explorer Version 6 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Trusteer Ltd.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Intel Corporation) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation ) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe () C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe (Microsoft Corporation) C:\WINDOWS\ehome\ehrecvr.exe (Microsoft Corporation) C:\WINDOWS\ehome\ehSched.exe (Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe (Eastman Kodak Company) C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe (Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe (Eastman Kodak Company) C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe (Trusteer Ltd.) C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe (CANON INC.) C:\WINDOWS\system32\CNAB4RPK.EXE (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe (Intel Corporation) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (SigmaTel, Inc.) C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe (Sony Corporation) C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Microsoft Corporation) C:\WINDOWS\ehome\mcrdsvc.exe (Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe (Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe () C:\PROGRA~1\Sony\SONICS~1\SSAAD.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe (Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe (Dropbox, Inc.) C:\Documents and Settings\Simon\Application Data\Dropbox\bin\Dropbox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe () C:\DOCUME~1\Simon\APPLIC~1\Dashlane\Dashlane.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office10\WINWORD.EXE (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Speech\sapisvr.exe () C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [ssAAD.exe] => C:\Program Files\Sony\SonicStage\SSAAD.exe [81920 2006-01-07] () HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-06-06] (AVAST Software) HKLM\...\Run: [NvCplDaemon] => C:\WINDOWS\system32\NvCpl.dll [13590528 2011-12-17] (NVIDIA Corporation) HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [273544 2011-06-02] (RealNetworks, Inc.) Winlogon\Notify\VESWinlogon: C:\WINDOWS\system32\VESWinlogon.dll (Sony Corporation) HKLM\...\Policies\Explorer: [NoCDBurning] 0 HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0 HKLM\...\Policies\Explorer: [NoDeletePrinter] 0 HKLM\...\Policies\Explorer: [NoDFSTab] 0 HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0 HKLM\...\Policies\Explorer: [NoLogoff] 0 HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0 HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0 HKLM\...\Policies\Explorer: [NoResolveSearch] 0 HKLM\...\Policies\Explorer: [NoHardwareTab] 0 HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0 HKU\.DEFAULT\...\Run: [GoogleChromeAutoLaunch_BB7E6CE705E9E15ABCB72D3060D30B1F] => C:\Program Files\Google\Chrome\Application\chrome.exe [860488 2014-06-05] (Google Inc.) HKU\.DEFAULT\...\Policies\Explorer: [DisableLocalMachineRun] 0 HKU\.DEFAULT\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0 HKU\.DEFAULT\...\Policies\Explorer: [DisableCurrentUserRun] 0 HKU\.DEFAULT\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0 HKU\.DEFAULT\...\Policies\Explorer: [NoShellSearchButton] 0 HKU\.DEFAULT\...\Policies\Explorer: [NoFile] 0 HKU\.DEFAULT\...\Policies\Explorer: [HideClock] 0 HKU\.DEFAULT\...\Policies\Explorer: [NoTrayItemsDisplay] 0 HKU\.DEFAULT\...\Policies\Explorer: [NoSetFolders] 0 HKU\.DEFAULT\...\Policies\Explorer: [NoDevMgrUpdate] 0 HKU\.DEFAULT\...\Policies\Explorer: [NoDeletePrinter] 0 HKU\.DEFAULT\...\Policies\Explorer: [NoDFSTab] 0 HKU\.DEFAULT\...\Policies\Explorer: [NoChangeStartMenu] 0 HKU\.DEFAULT\...\Policies\Explorer: [NoLogoff] 0 HKU\.DEFAULT\...\Policies\Explorer: [NoEncryptOnMove] 0 HKU\.DEFAULT\...\Policies\Explorer: [NoRunasInstallPrompt] 0 HKU\.DEFAULT\...\Policies\Explorer: [NoResolveSearch] 0 HKU\.DEFAULT\...\Policies\Explorer: [NoSaveSettings] 0 HKU\.DEFAULT\...\Policies\Explorer: [NoHardwareTab] 0 HKU\.DEFAULT\...\Policies\Explorer: [NoStartMenuSubFolders] 0 HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0 HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0 HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0 HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0 HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0 HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0 HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0 HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0 HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0 HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0 HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0 HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0 HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0 HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0 HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0 HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0 HKU\S-1-5-21-391862387-3288958817-4000765809-1006\...\Policies\Explorer: [NoDevMgrUpdate] 0 HKU\S-1-5-21-391862387-3288958817-4000765809-1006\...\Policies\Explorer: [NoDeletePrinter] 0 HKU\S-1-5-21-391862387-3288958817-4000765809-1006\...\Policies\Explorer: [NoDFSTab] 0 HKU\S-1-5-21-391862387-3288958817-4000765809-1006\...\Policies\Explorer: [NoChangeStartMenu] 0 HKU\S-1-5-21-391862387-3288958817-4000765809-1006\...\Policies\Explorer: [NoLogoff] 0 HKU\S-1-5-21-391862387-3288958817-4000765809-1006\...\Policies\Explorer: [NoEncryptOnMove] 0 HKU\S-1-5-21-391862387-3288958817-4000765809-1006\...\Policies\Explorer: [NoRunasInstallPrompt] 0 HKU\S-1-5-21-391862387-3288958817-4000765809-1006\...\Policies\Explorer: [NoResolveSearch] 0 HKU\S-1-5-21-391862387-3288958817-4000765809-1006\...\Policies\Explorer: [NoHardwareTab] 0 HKU\S-1-5-21-391862387-3288958817-4000765809-1006\...\Policies\Explorer: [NoStartMenuSubFolders] 0 HKU\S-1-5-21-391862387-3288958817-4000765809-1006\...\Policies\Explorer: [NoInstrumentation] 0 Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PHOTOfunSTUDIO 9.3 PE.lnk ShortcutTarget: PHOTOfunSTUDIO 9.3 PE.lnk -> C:\Program Files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation) Startup: C:\Documents and Settings\Simon\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\Simon\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software) ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File BootExecute: ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - {E88E0043-C9D4-4e33-8555-FEE4F5B63060} URL = http://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google AFE\GoogleAFE.dll (Google) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll (Google Inc.) Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll (Google Inc.) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\Profiles\9s7ntazu.default FF Homepage: https://www.google.co.uk/ FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_125.dll () FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.) FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @real.com/nppl3260;version=12.0.1.647 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprjplug;version=12.0.1.647 - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpchromebrowserrecordext;version=12.0.1.652 - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprphtml5videoshim;version=12.0.1.652 - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=12.0.1.647 - c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF Plugin: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Documents and Settings\Simon\Application Data\Mozilla\plugins\npgoogletalk.dll (Google) FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Documents and Settings\Simon\Application Data\Mozilla\plugins\npo1d.dll (Google) FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Documents and Settings\Simon\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll () FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll (BitComet) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Simon\Application Data\mozilla\plugins\npgoogletalk.dll (Google) FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Simon\Application Data\mozilla\plugins\npgtpo3dautoplugin.dll () FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Simon\Application Data\mozilla\plugins\npo1d.dll (Google) FF SearchPlugin: C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\Profiles\9s7ntazu.default\searchplugins\dogpile.xml FF SearchPlugin: C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\Profiles\9s7ntazu.default\searchplugins\duckduckgo.xml FF SearchPlugin: C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\Profiles\9s7ntazu.default\searchplugins\mailru---.xml FF Extension: British English Dictionary - C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\Profiles\9s7ntazu.default\Extensions\en-GB@dictionaries.addons.mozilla.org [2012-07-29] FF Extension: British English Dictionary (Updated) - C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\Profiles\9s7ntazu.default\Extensions\en-gb@flyingtophat.co.uk [2014-03-14] FF Extension: Autofill Forms - C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\Profiles\9s7ntazu.default\Extensions\autofillForms@blueimp.net.xpi [2011-06-11] FF Extension: FoxBleed - C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\Profiles\9s7ntazu.default\Extensions\jid1-Ni8A2ixlGmYBiw@jetpack.xpi [2014-04-11] FF Extension: English (GB) Language Pack - C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\Profiles\9s7ntazu.default\Extensions\langpack-en-GB@firefox.mozilla.org.xpi [2014-03-14] FF Extension: Open Link in New Tab - C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\Profiles\9s7ntazu.default\Extensions\openlinkintab@piro.sakura.ne.jp.xpi [2013-08-11] FF Extension: New Tab Homepage - C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\Profiles\9s7ntazu.default\Extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi [2011-04-10] FF Extension: Shorten URL (bit.ly) - C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\Profiles\9s7ntazu.default\Extensions\{a1109c2a-1187-4027-901d-13097b755625}.xpi [2011-06-29] FF Extension: avast! Ad Blocker - C:\Program Files\Mozilla Firefox\extensions\adblocker@avast.com.xpi [2014-05-09] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-10-31] FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-03-03] FF HKCU\...\Firefox\Extensions: [{442718d9-475e-452a-b3e1-fb1ee16b8e9f}] - C:\Documents and Settings\Simon\Application Data\Dashlane\2.4.1.63897\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f} FF Extension: Dashlane - C:\Documents and Settings\Simon\Application Data\Dashlane\2.4.1.63897\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f} [2014-05-30] Chrome: ======= CHR HomePage: hxxp://www.google.com CHR StartupUrls: "hxxp://www.google.co.uk/" CHR DefaultSearchKeyword: google.co.uk CHR Plugin: (Widevine Content Decryption Module) - C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\WidevineCDM\1.4.1.377\_platform_specific\win_x86\widevinecdmadapter.dll No File CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\35.0.1916.153\pdf.dll () CHR Plugin: (Dashlane) - C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mkjojgglmmcghgaiknnpgjgldgaocjfd\2.3.3.52783_0\npDashlane.dll No File CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation) CHR Plugin: (BitCometAgent) - C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll (BitComet) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.) CHR Plugin: (RealNetworks RealPlayer Chrome Background Extension Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer HTML5VideoShim Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) CHR Plugin: (Google Talk Plugin) - C:\Documents and Settings\Simon\Application Data\Mozilla\plugins\npgoogletalk.dll (Google) CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Documents and Settings\Simon\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll () CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Documents and Settings\Simon\Application Data\Mozilla\plugins\npo1d.dll (Google) CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (RIM Handheld Application Loader) - C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll No File CHR Plugin: (Java Deployment Toolkit 7.0.510.13) - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) CHR Plugin: (Java Platform SE 7 U51) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll No File CHR Plugin: (Picasa) - C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.) CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_43.dll No File CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) CHR Plugin: (RealJukebox NS Plugin) - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer Version Plugin) - c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) CHR Extension: (Google Docs) - C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-16] CHR Extension: (Google Drive) - C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-16] CHR Extension: (YouTube) - C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-16] CHR Extension: (Google Search) - C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-16] CHR Extension: (MaskMe) - C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dpkiidbpeijnaaacjlfnijncdlkicejg [2013-10-07] CHR Extension: (Dashlane) - C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg [2014-02-24] CHR Extension: (avast! Online Security) - C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-03-03] CHR Extension: (Google Wallet) - C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-14] CHR Extension: (Gmail) - C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-16] CHR HKLM\...\Chrome\Extension: [bejbohlohkkgompgecdcbbglkpjfjgdj] - C:\DOCUME~1\Simon\LOCALS~1\Temp\crx40.tmp [2013-07-16] CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-10-02] ========================== Services (Whitelisted) ================= R2 AdobeActiveFileMonitor4.0; C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe [102400 2005-09-09] () [File not signed] R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-23] (AVAST Software) R2 EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [114753 2005-11-28] (Intel Corporation) [File not signed] R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250712 2013-12-13] (Garmin Ltd or its subsidiaries) S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed] S3 Image Converter video recording monitor for VAIO Entertainment; C:\Program Files\Sony\Image Converter 2\IcVzMon.exe [32768 2005-07-14] (Sony Corporation) [File not signed] R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-12-18] (Oracle Corporation) R2 Kodak AiO Network Discovery Service; C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe [395200 2012-10-19] (Eastman Kodak Company) R2 Kodak AiO Status Monitor Service; C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [779200 2012-10-15] (Eastman Kodak Company) R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation) S3 MHN; C:\WINDOWS\System32\mhn.dll [85504 2004-08-10] (Microsoft Corporation) [File not signed] S3 MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [53337 2005-11-24] (Sony Corporation) [File not signed] R2 MSSQL$VAIO_VEDB; C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe [7520337 2002-12-17] (Microsoft Corporation) [File not signed] S3 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [66112 2002-12-17] (Microsoft Corporation) [File not signed] S3 PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [53337 2005-11-24] (Sony Corporation) [File not signed] R2 RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [217164 2005-11-28] (Intel Corporation) [File not signed] S2 RUBotSrv; C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe [439632 2010-12-17] (Trend Micro Inc.) R2 S24EventMonitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [540745 2005-11-28] (Intel Corporation ) [File not signed] S3 SPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [69718 2005-11-24] (Sony Corporation) [File not signed] S3 SQLAgent$VAIO_VEDB; C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE [311872 2002-12-17] (Microsoft Corporation) [File not signed] S3 SSScsiSV; C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe [69632 2006-01-06] (Sony Corporation) [File not signed] R2 STacSV; C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe [86016 2006-03-31] (SigmaTel, Inc.) [File not signed] S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe [73728 2005-11-25] (Sony Corporation) [File not signed] R2 VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [160256 2006-03-19] (Sony Corporation) [File not signed] S3 VAIOMediaPlatform-IntegratedServer-AppServer; C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe [2084864 2006-01-16] (Sony Corporation) [File not signed] S3 VAIOMediaPlatform-IntegratedServer-HTTP; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [57344 2005-10-11] (Sony Corporation) [File not signed] S3 VAIOMediaPlatform-IntegratedServer-UPnP; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [770048 2005-10-11] (Sony Corporation) [File not signed] S3 VAIOMediaPlatform-Mobile-Gateway; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe [155648 2005-12-21] (Sony Corporation) [File not signed] R3 Vcsw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [270336 2005-11-28] (Sony Corporation) [File not signed] S3 VUAgent; C:\Program Files\Sony\VAIO Update Common\VUAgent.exe [939624 2012-01-13] (Sony Corporation) R2 VzCdbSvc; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [167936 2005-11-28] (Sony Corporation) [File not signed] R2 VzFw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe [135168 2005-11-28] (Sony Corporation) [File not signed] S2 XAudioService; C:\WINDOWS\system32\DRIVERS\xaudio.exe [386560 2007-01-10] (Conexant Systems, Inc.) [File not signed] S2 RoxLiveShare9; "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [X] ==================== Drivers (Whitelisted) ==================== R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21275 2006-03-24] (Meetinghouse Data Communications) [File not signed] R1 AFS2K; C:\WINDOWS\system32\Drivers\AFS2K.sys [35840 2004-10-08] (Oak Technology Inc.) R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-10-02] () R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-10-02] (AVAST Software) R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55112 2014-10-02] (AVAST Software) R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-10-02] () R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [779536 2014-10-02] (AVAST Software) R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [414392 2014-10-02] (AVAST Software) R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57800 2014-10-02] (AVAST Software) R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [192352 2014-10-02] () R3 AVerM115S; C:\WINDOWS\System32\DRIVERS\AVerM115S.sys [741376 2006-04-11] (AVerMedia Technologies, Inc.) R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [177376 2012-09-21] (AVG Technologies CZ, s.r.o.) S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation) R1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\MBAE.sys [44632 2014-01-16] () S3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [202112 2005-10-18] (Conexant Systems, Inc.) R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSX_DPV.sys [986624 2007-01-10] (Conexant Systems, Inc.) [File not signed] R3 HSXHWAZL; C:\WINDOWS\System32\DRIVERS\HSXHWAZL.sys [206848 2007-01-10] (Conexant Systems, Inc.) [File not signed] R3 IrBus; C:\WINDOWS\System32\DRIVERS\IrBus.sys [46848 2013-07-17] (Microsoft Corporation) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [110296 2014-10-02] (Malwarebytes Corporation) R2 mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [12672 2007-01-10] (Conexant) [File not signed] S3 MHNDRV; C:\WINDOWS\System32\DRIVERS\mhndrv.sys [11008 2004-08-10] (Microsoft Corporation) [File not signed] S3 MPE; C:\WINDOWS\System32\DRIVERS\MPE.sys [15232 2008-04-13] (Microsoft Corporation) R3 Mvc25U870_VID_1262&PID_25FD; C:\WINDOWS\System32\Drivers\Mvc25U870.sys [52992 2006-04-05] (Micro Vision Co.,Ltd) S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation) S3 NETw5x32; C:\WINDOWS\System32\DRIVERS\NETw5x32.sys [4221952 2009-10-26] (Intel Corporation) R3 NETwLx32; C:\WINDOWS\System32\DRIVERS\NETwLx32.sys [6609920 2010-10-07] (Intel Corporation) R3 Pcouffin; C:\WINDOWS\System32\Drivers\Pcouffin.sys [39264 2012-04-01] (VSO Software) [File not signed] R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [45744 2011-10-04] (Rovi Corporation) R1 RapportCerberus_69108; C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_69108.sys [358040 2014-06-30] () R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [13568 2005-11-28] (Intel Corporation) [File not signed] R0 SI3132; C:\WINDOWS\System32\DRIVERS\SI3132.sys [67456 2005-09-21] (Silicon Image, Inc.) R0 SiFilter; C:\WINDOWS\System32\DRIVERS\SiWinAcc.sys [10368 2004-11-01] (Silicon Image, Inc.) R0 SiRemFil; C:\WINDOWS\System32\DRIVERS\SiRemFil.sys [5248 2005-09-20] (Silicon Image, Inc.) R3 SonyImgF; C:\WINDOWS\System32\DRIVERS\SonyImgF.sys [29184 2005-12-27] (Sony Corporation) [File not signed] R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1155672 2006-03-31] (SigmaTel, Inc.) R3 ti21sony; C:\WINDOWS\System32\drivers\ti21sony.sys [812544 2007-04-23] (Texas Instruments) S3 toshidpt; C:\WINDOWS\System32\drivers\Toshidpt.sys [3712 2005-07-11] (TOSHIBA Corporation.) [File not signed] R3 tosporte; C:\WINDOWS\System32\DRIVERS\tosporte.sys [47104 2005-11-24] (TOSHIBA Corporation) [File not signed] R3 Tosrfbd; C:\WINDOWS\System32\Drivers\tosrfbd.sys [108928 2006-02-02] (TOSHIBA CORPORATION) [File not signed] R3 Tosrfbnp; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [37632 2005-12-14] (TOSHIBA Corporation) [File not signed] R3 Tosrfhid; C:\WINDOWS\System32\DRIVERS\Tosrfhid.sys [62848 2006-02-08] (TOSHIBA Corporation.) [File not signed] R3 tosrfnds; C:\WINDOWS\System32\DRIVERS\tosrfnds.sys [18612 2005-01-06] (TOSHIBA Corporation.) [File not signed] S3 TosRfSnd; C:\WINDOWS\System32\drivers\TosRfSnd.sys [52864 2005-11-11] (TOSHIBA Corporation) [File not signed] R3 Tosrfusb; C:\WINDOWS\System32\Drivers\tosrfusb.sys [39808 2006-01-31] (TOSHIBA CORPORATION) [File not signed] S3 w39n51; C:\WINDOWS\System32\DRIVERS\w39n51.sys [1428096 2005-12-05] (Intel® Corporation) R3 winachsf; C:\WINDOWS\System32\DRIVERS\HSX_CNXT.sys [659968 2007-01-10] (Conexant Systems, Inc.) [File not signed] R2 XAudio; C:\WINDOWS\System32\DRIVERS\xaudio.sys [8192 2007-01-10] (Conexant Systems, Inc.) [File not signed] S0 AVGIDSHX; system32\DRIVERS\avgidshx.sys [X] S1 AVGIDSShim; system32\DRIVERS\avgidsshimx.sys [X] S3 RimUsb; System32\Drivers\RimUsb.sys [X] U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) S3 SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20101029.001\symidsco.sys [X] ==================== NetSvcs (Whitelisted) =================== NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation) ==================== One Month Created Files and Folders ======== 2014-10-02 22:23 - 2014-10-02 22:23 - 00000000 ____D () C:\FRST 2014-10-02 21:24 - 2014-10-02 21:24 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-10-02 21:23 - 2014-10-02 21:23 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-10-02 21:23 - 2014-10-02 21:23 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware 2014-10-02 21:23 - 2014-10-02 21:23 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes 2014-10-02 21:23 - 2014-05-12 07:26 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-10-02 21:23 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2014-10-02 21:15 - 2014-10-02 21:15 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr 2014-10-02 21:15 - 2014-10-02 21:15 - 00001737 _____ () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk 2014-10-02 19:28 - 2014-10-02 19:42 - 00001105 _____ () C:\WINDOWS\setupapi.log 2014-10-02 08:04 - 2014-10-02 08:04 - 00341832 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-10-02 07:59 - 2014-10-02 07:59 - 00081448 _____ () C:\Documents and Settings\Simon\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2014-10-02 05:58 - 2014-10-02 05:58 - 00014912 _____ () C:\Documents and Settings\Simon\My Documents\cc_20141002_055823.reg ==================== One Month Modified Files and Folders ======= 2014-10-02 22:24 - 2014-02-28 23:46 - 01440638 _____ () C:\WINDOWS\pfirewall.log 2014-10-02 22:24 - 2010-11-14 23:17 - 00000000 ____D () C:\Documents and Settings\Simon\Local Settings\Temp 2014-10-02 22:23 - 2014-10-02 22:23 - 00000000 ____D () C:\FRST 2014-10-02 22:21 - 2006-03-24 09:27 - 00001158 _____ () C:\WINDOWS\system32\wpa.dbl 2014-10-02 21:57 - 2013-10-13 20:57 - 00000414 _____ () C:\WINDOWS\Tasks\At1.job 2014-10-02 21:51 - 2014-02-01 22:03 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-10-02 21:24 - 2014-10-02 21:24 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-10-02 21:23 - 2014-10-02 21:23 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-10-02 21:23 - 2014-10-02 21:23 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware 2014-10-02 21:23 - 2014-10-02 21:23 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes 2014-10-02 21:15 - 2014-10-02 21:15 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr 2014-10-02 21:15 - 2014-10-02 21:15 - 00001737 _____ () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk 2014-10-02 21:15 - 2014-04-23 22:19 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys 2014-10-02 21:15 - 2014-03-03 21:43 - 00000316 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job 2014-10-02 21:15 - 2014-03-03 21:42 - 00779536 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys 2014-10-02 21:15 - 2014-03-03 21:42 - 00414392 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys 2014-10-02 21:15 - 2014-03-03 21:42 - 00276432 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2014-10-02 21:15 - 2014-03-03 21:42 - 00192352 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys 2014-10-02 21:15 - 2014-03-03 21:42 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys 2014-10-02 21:15 - 2014-03-03 21:42 - 00057800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys 2014-10-02 21:15 - 2014-03-03 21:42 - 00055112 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswrdr.sys 2014-10-02 21:15 - 2014-03-03 21:42 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys 2014-10-02 20:10 - 2014-05-03 19:09 - 00000000 ____D () C:\Documents and Settings\Simon\Application Data\DropboxMaster 2014-10-02 20:10 - 2012-12-14 22:56 - 00000000 ___RD () C:\Documents and Settings\Simon\Desktop\Dropbox 2014-10-02 20:10 - 2011-06-08 22:07 - 00000000 ____D () C:\Documents and Settings\Simon\Application Data\Dropbox 2014-10-02 20:09 - 2006-04-26 03:38 - 00196974 _____ () C:\WINDOWS\system32\nvapps.xml 2014-10-02 20:09 - 2006-03-24 09:42 - 01095156 _____ () C:\WINDOWS\WindowsUpdate.log 2014-10-02 20:08 - 2014-03-04 20:37 - 00000470 _____ () C:\WINDOWS\Tasks\Malwarebytes Anti-Exploit.job 2014-10-02 20:08 - 2006-03-24 09:39 - 00000000 ____D () C:\WINDOWS\Registration 2014-10-02 20:07 - 2013-03-04 23:41 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Kodak 2014-10-02 20:07 - 2012-10-25 17:20 - 00000159 _____ () C:\WINDOWS\wiadebug.log 2014-10-02 20:07 - 2012-10-25 17:20 - 00000050 _____ () C:\WINDOWS\wiaservc.log 2014-10-02 20:07 - 2011-02-02 20:21 - 00000278 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-391862387-3288958817-4000765809-1006.job 2014-10-02 20:07 - 2006-03-24 09:48 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-10-02 20:04 - 2012-10-25 17:20 - 00032618 _____ () C:\WINDOWS\SchedLgU.Txt 2014-10-02 19:42 - 2014-10-02 19:28 - 00001105 _____ () C:\WINDOWS\setupapi.log 2014-10-02 08:30 - 2013-04-05 19:32 - 00000000 ____D () C:\WINDOWS\system32\LogFiles 2014-10-02 08:04 - 2014-10-02 08:04 - 00341832 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-10-02 07:59 - 2014-10-02 07:59 - 00081448 _____ () C:\Documents and Settings\Simon\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2014-10-02 05:58 - 2014-10-02 05:58 - 00014912 _____ () C:\Documents and Settings\Simon\My Documents\cc_20141002_055823.reg 2014-10-02 05:57 - 2010-07-14 08:20 - 00000000 ____D () C:\Documents and Settings\Simon 2014-10-01 22:45 - 2014-02-28 23:46 - 03996133 _____ () C:\WINDOWS\pfirewall.log.old 2014-09-30 23:17 - 2012-04-01 23:52 - 00359642 ____C () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat Files to move or delete: ==================== C:\Windows\Tasks\At1.job Some content of TEMP: ==================== C:\Documents and Settings\Simon\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvoaehy.dll ==================== Bamital & volsnap Check ================= C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================