bulldog2772

Members
  • Content count

    18
  • Joined

  • Last visited

About bulldog2772

  • Rank
    New Member
  1. Everything is up to date. When i re-intalled IE9 I did a few updates. Maybe my computer is posessed. LOL
  2. Disabled and the uninstalled AVG. No change. This sounds crazy but it almost seems like after a certain number of mouse clicks while online is what does it. If you are doing something requiring alot of clicking it seems to make IE shut down. Very weird.
  3. Finally got IE9 re-installed. Computer didn't want to install IE9 the first five times I tried. Did some windows updates and I guess that allowed it to install. Once installed went to addictinggames.com and played a game to see if IE9 would close and restart and it did. It lasted longer than normal but still closed. Im wondering if my AVG anti virus is causing this because of cookies that it is not accepting. What do you think? Thanks again for all of your help.
  4. Reset IE it seemed to help for a few minutes. Then while running a program on the internet that requires alot of mouse clicking it closed and re-opened. It also seems to do this when more than one window is open. Sometimes it will close after a few minutes sometimes a little longer. Also my AVG anti-virus pops up alot notifying me of cookies asking me what I want to do. Most of the time if you try and click on allow and dont ask me again it will not execute and you just click ignore and keep on going. This also seems to affect the IE closing unexpectedly. Thanks for you help.
  5. Thanks. Start menu restored. Now back to having issues with IE closing unexpectedly and then re-opening. Its not a huge deal until you are in the middle of soemthing on the internet and it decides to close and re-open. Can't figure out what is causing this. Thanks
  6. Resetting IE settings seemed to help that issue. I have noticed something else though. Today I went to scan a document into my computer and my scanner wasnt working. Printer works but scanner side not recognized. Went to start menu to open up Brother program and all of the files in my Windows Start menu say they are empty as they did in the beginning. Is this malware still affecting my computer?? I ran MBAM scan and it did not find any threats.
  7. Dont seem to be having any issues virus related, which is great. Having an issue with Interent Explorer unexpectedly shutting down. I think it might have something to do with AVG Anti-virus blocking cookies or allowing too many? Any ideas??? Never had this issue before. Thanks for all of your help
  8. Kaspersky log as requested. 2 threats found Status: Deleted (events: 2) 7/3/2012 8:19:41 PM Deleted Trojan program Backdoor.Win32.ZAccess.mbs C:\Qoobox\Quarantine\C\Windows\Installer\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\000000cb.@.vir High 7/3/2012 9:01:27 PM Deleted Trojan program Backdoor.Win32.ZAccess.mbs C:\_OTL\MovedFiles\07012012_211132\C_Users\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\000000cb.@ High
  9. ESET Log as requested. I dont think this is the right log for some reason. There is no extended log on program files. This log is in x86 files. The ESET found 3 threats and deleted them on the first scan. I am running the scan again. ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK esets_scanner_update returned -1 esets_gle=53251
  10. ComboFix Log as requested ComboFix 12-07-02.01 - Georgia 07/02/2012 15:56:35.3.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3943.2709 [GMT -4:00] Running from: c:\users\Georgia\Desktop\ComboFix.exe AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-06-02 to 2012-07-02 ))))))))))))))))))))))))))))))) . . 2012-07-02 20:02 . 2012-07-02 20:02 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp 2012-07-02 20:02 . 2012-07-02 20:02 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-01 18:04 . 2012-07-01 18:04 -------- d-----w- C:\_OTL 2012-07-01 01:27 . 2012-07-01 01:27 -------- d-----w- c:\users\Georgia\AppData\Local\ElevatedDiagnostics 2012-06-30 23:21 . 2012-06-30 23:21 -------- d-----w- c:\program files\ESET 2012-06-30 22:42 . 2012-01-12 13:28 57976 ----a-r- c:\windows\system32\drivers\SBREDrv.sys 2012-06-30 21:43 . 2012-06-30 21:43 -------- d-----w- C:\$AVG 2012-06-25 23:39 . 2012-06-30 21:56 -------- d-----w- C:\sh4ldr 2012-06-25 23:39 . 2012-06-25 23:39 -------- d-----w- c:\program files\Enigma Software Group 2012-06-25 23:39 . 2012-06-25 23:39 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard 2012-06-25 22:06 . 2012-06-25 22:06 -------- d-----w- c:\users\Georgia\AppData\Local\Symantec 2012-06-25 20:33 . 2012-06-25 20:33 -------- d-----w- C:\e 2012-06-25 20:29 . 2012-06-25 20:29 -------- d-----w- c:\windows\SysWow64\%APPDATA% 2012-06-25 20:06 . 2012-06-18 07:12 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3BBC96EE-FA5E-42E7-87B5-8C6ADA3ACC60}\mpengine.dll 2012-06-25 20:06 . 2012-06-25 20:06 -------- d-----w- c:\users\Georgia\AppData\Roaming\Malwarebytes 2012-06-25 20:05 . 2012-06-25 20:05 -------- d-----w- c:\programdata\Malwarebytes 2012-06-25 20:05 . 2012-06-25 20:05 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-06-25 19:06 . 2012-06-25 19:06 -------- d-----w- c:\users\Georgia\AppData\Local\Macromedia 2012-06-24 02:10 . 2012-06-25 22:40 -------- d-----w- c:\program files (x86)\PC Tools 2012-06-24 02:03 . 2012-06-25 22:40 -------- d-----w- c:\program files (x86)\Common Files\PC Tools 2012-06-24 02:03 . 2012-05-11 15:14 251528 ----a-w- c:\windows\system32\drivers\PCTSD64.sys 2012-06-24 02:02 . 2012-06-25 22:23 -------- d-----w- c:\programdata\PC Tools 2012-06-24 02:02 . 2012-06-24 02:02 -------- d-----w- c:\users\Georgia\AppData\Roaming\TestApp 2012-06-21 20:18 . 2012-06-21 20:18 -------- d-----w- c:\users\Georgia\AppData\Roaming\AVG 2012-06-20 21:52 . 2012-06-20 21:52 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\f4ea5b291cd4f2e02\MeshBetaRemover.exe 2012-06-20 21:52 . 2012-06-20 21:52 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\f4a553411cd4f2e01\DSETUP.dll 2012-06-20 21:52 . 2012-06-20 21:52 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\f4a553411cd4f2e01\DXSETUP.exe 2012-06-20 21:52 . 2012-06-20 21:52 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\f4a553411cd4f2e01\dsetup32.dll 2012-06-15 03:57 . 2012-06-15 03:57 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll 2012-06-13 23:23 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-06-10 19:01 . 2012-06-10 19:01 -------- d-----w- c:\program files (x86)\NovaLogic 2012-06-10 02:34 . 2012-06-24 04:34 9815752 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2012-06-09 05:17 . 2012-06-09 05:17 -------- d-----w- c:\program files\DIFX 2012-06-09 05:16 . 2012-06-09 05:17 -------- d-----w- c:\program files (x86)\Garmin 2012-06-09 05:16 . 2012-06-09 05:27 -------- d-----w- c:\users\Georgia\AppData\Roaming\Garmin 2012-06-08 23:12 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-08 23:12 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-08 23:12 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-08 23:12 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-08 23:12 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-08 23:12 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-08 23:12 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-08 23:12 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-08 23:12 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-24 04:34 . 2012-04-17 03:11 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-06-24 04:34 . 2011-08-05 01:25 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-04-19 08:50 . 2012-04-19 08:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys . . ((((((((((((((((((((((((((((( SnapShot@2012-07-01_02.22.47 ))))))))))))))))))))))))))))))))))))))))) . + 2012-07-02 01:19 . 2012-07-02 02:30 32768 c:\windows\temp\Temporary Internet Files\Content.IE5\index.dat + 2012-07-02 01:19 . 2012-07-02 02:30 16384 c:\windows\temp\History\History.IE5\index.dat + 2012-07-02 01:19 . 2012-07-02 02:30 16384 c:\windows\temp\Cookies\index.dat + 2010-11-21 03:09 . 2012-07-02 01:15 59794 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-07-02 01:15 37050 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2011-08-04 19:26 . 2012-07-02 01:15 12986 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-372996367-75289682-3332733727-1005_UserData.bin + 2011-08-11 07:14 . 2012-07-02 01:13 3330 c:\windows\system32\wdi\ERCQueuedResolutions.dat - 2011-08-11 07:14 . 2012-06-29 16:33 3330 c:\windows\system32\wdi\ERCQueuedResolutions.dat + 2012-07-02 01:14 . 2012-07-02 01:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-07-01 02:10 . 2012-07-01 02:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-07-01 02:10 . 2012-07-01 02:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-07-02 01:14 . 2012-07-02 01:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2011-08-17 20:58 . 2012-07-02 19:52 286874 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin + 2011-08-05 03:05 . 2012-07-02 16:48 314386 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin + 2009-07-14 02:36 . 2012-07-02 01:19 660280 c:\windows\system32\perfh009.dat - 2009-07-14 02:36 . 2012-07-01 02:14 660280 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2012-07-02 01:19 121208 c:\windows\system32\perfc009.dat - 2009-07-14 02:36 . 2012-07-01 02:14 121208 c:\windows\system32\perfc009.dat + 2009-07-14 05:01 . 2012-07-02 01:13 343424 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2009-07-14 05:01 . 2012-07-01 02:09 343424 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2011-04-28 07:28 . 2012-07-01 02:09 1434712 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2011-04-28 07:28 . 2012-07-02 01:13 1434712 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2012-07-02 15:52 . 2012-07-02 15:52 8451584 c:\windows\Installer\324d2c2.msi + 2011-08-04 19:23 . 2012-07-02 01:13 18705832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-372996367-75289682-3332733727-1005-8192.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll" [2012-06-11 1524056] . [HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}] [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1] [HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}] [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Messenger (Yahoo!)"="c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe" [2012-02-23 6591800] "Facebook Update"="c:\users\Georgia\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-08-27 137536] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-13 283160] "PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-27 648032] "AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008] "BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168] "ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVXV1UtV0JEWEMtVllGTjMtUURKTUgtNDJBT0EtSzZIVTk&inst=NzctNzE0NzYyMDc3LVNUMTJGT0krMS1ERFQrMC1FVUxBKzEtU1QxMkZBUFArMQ∏=90&ver=2012.0.1809&mid=65defadbc97147d1af884149085e1d5b-6cd39ce697ea634205ecf7508910ed5189e641fe" [?] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-06-13 5161080] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-11 136176] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-24 250056] R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [2011-03-09 51872] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560] R3 DCDhcpService;DCDhcpService;c:\program files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [2011-07-19 104096] R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [2009-06-10 281088] R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-11 136176] R3 hidkmdf;Microsoft HID Class Shim for KMDF;c:\windows\system32\drivers\hidkmdf.sys [2011-02-12 14400] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-01 113120] R3 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2011-02-21 113824] R3 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2011-02-21 67232] R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-01-20 286936] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-01-20 887000] R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-05-24 652016] R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-02-19 385336] R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-02-19 99104] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-06 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944] S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872] S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696] S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-04-29 146592] S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-04-29 91296] S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-13 13336] S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2011-11-10 517632] S2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2012-02-09 53248] S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176] S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [2011-02-10 102400] S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsnxc64.sys [2011-02-10 98816] S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-02-23 105024] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-14 2656280] S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2011-02-15 550080] S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2011-08-12 971704] S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968] S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-04-29 36000] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776] S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-04-29 259232] S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2011-04-29 109216] S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-04-29 29344] S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-04-29 166048] S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-04-29 59040] S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-04-29 283296] S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-04-29 288416] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-04-01 317440] S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [2011-02-14 56344] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2010-12-10 80384] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2010-12-10 181248] S3 NWLowRider;NextWindow LowRider Touch Screen;c:\windows\system32\drivers\NWLowRider.sys [2011-02-12 26176] S3 NWWakeFilterLR;NextWindow Remote Wake Blocker;c:\windows\system32\drivers\NWWakeFilterLR.sys [2011-02-12 14400] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-02-13 413800] S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2010-04-26 12032] S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736] S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2012-01-13 1256040] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] . . Contents of the 'Scheduled Tasks' folder . 2012-07-02 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 04:34] . 2012-07-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-372996367-75289682-3332733727-1005Core.job - c:\users\Georgia\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-27 04:49] . 2012-07-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-372996367-75289682-3332733727-1005UA.job - c:\users\Georgia\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-27 04:49] . 2012-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-11 03:13] . 2012-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-11 03:13] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-03 11775592] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-03 2188904] "AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-04-29 790688] "AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-04-29 657568] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-21 168216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-21 391960] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-21 419096] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.yahoo.com/?fr=fp-yie9/ mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\users\Georgia\AppData\Roaming\Mozilla\Firefox\Profiles\ynhww6ck.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo Search FF - prefs.js: browser.startup.homepage - hxxp://yahoo.com/?ilc=10&fr=ydwnld-home FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-07-02 16:04:26 ComboFix-quarantined-files.txt 2012-07-02 20:04 ComboFix2.txt 2012-07-01 02:25 . Pre-Run: 443,097,640,960 bytes free Post-Run: 443,054,604,288 bytes free . - - End Of File - - 72C8398A601942DFBF96F6C800740CA5
  11. MBAM log as requested Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.07.01.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Georgia :: HOUSECOMPUTER [administrator] 7/1/2012 9:15:49 PM mbam-log-2012-07-01 (21-15-49).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 211721 Time elapsed: 3 minute(s), 20 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  12. OTL log as requested. All processes killed ========== OTL ========== C:\Users\Georgia\AppData\Roaming\Yrkeos folder moved successfully. C:\Users\Georgia\AppData\Roaming\Oqdu folder moved successfully. C:\Users\Georgia\AppData\Roaming\Iwovla folder moved successfully. C:\Users\Georgia\AppData\Roaming\Etixwa folder moved successfully. Folder C:\Users\Georgia\AppData\Roaming\Oqdu\ not found. C:\Users\Georgia\AppData\Roaming\Tific folder moved successfully. C:\Users\Georgia\AppData\Roaming\Udcuu folder moved successfully. Folder C:\Users\Georgia\AppData\Roaming\Yrkeos\ not found. C:\Users\Georgia\AppData\Roaming\Zonie folder moved successfully. C:\ProgramData\-X4V4pVXxJCY4NRr moved successfully. C:\ProgramData\-X4V4pVXxJCY4NR moved successfully. C:\Users\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\80000064.@ moved successfully. File C:\Users\Georgia\AppData\Local\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\80000064.@ not found. C:\Users\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\L\00000004.@ moved successfully. File C:\Users\Georgia\AppData\Local\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\L\00000004.@ not found. C:\Users\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\00000004.@ moved successfully. File C:\Users\Georgia\AppData\Local\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\00000004.@ not found. C:\Users\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\000000cb.@ moved successfully. File C:\Users\Georgia\AppData\Local\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\000000cb.@ not found. C:\Users\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\@ moved successfully. File C:\Users\Georgia\AppData\Local\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\@ not found. ========== FILES ========== C:\Users\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U folder moved successfully. C:\Users\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\L folder moved successfully. C:\Users\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2} folder moved successfully. File\Folder C:\Users\Georgia\AppData\Local\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2} not found. < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\Georgia\Desktop\cmd.bat deleted successfully. C:\Users\Georgia\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Georgia ->Temp folder emptied: 1355329 bytes ->Temporary Internet Files folder emptied: 8729589 bytes ->Java cache emptied: 1180862 bytes ->FireFox cache emptied: 61884517 bytes ->Flash cache emptied: 2438 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 1714045 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 69192 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 61679954 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 130.00 mb Restore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.53.1 log created on 07012012_211132 Files\Folders moved on Reboot... C:\Users\Georgia\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. C:\Users\Georgia\AppData\Local\Temp\~DFFB76382BF503C00D.TMP moved successfully. C:\Users\Georgia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully. C:\Users\Georgia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZM3QL3XN\fastbutton[10].htm moved successfully. C:\Users\Georgia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZM3QL3XN\gossip-us-fp[2].js moved successfully. C:\Users\Georgia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P2K8TZNG\EFpQQyG9GqCrobXxL-KRMWzklk6MJbhg7BmBP42CjCQ[1].eot moved successfully. C:\Users\Georgia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P2K8TZNG\index[2].htm moved successfully. C:\Users\Georgia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P2K8TZNG\rsa[1].htm moved successfully. C:\Users\Georgia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P2K8TZNG\s-BiyweUPV0v-yRb-cjciFQlYEbsez9cZjKsNMjLOwM[1].eot moved successfully. PendingFileRenameOperations files... File C:\Users\Georgia\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found! File C:\Users\Georgia\AppData\Local\Temp\~DFFB76382BF503C00D.TMP not found! File C:\Users\Georgia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat not found! File C:\Users\Georgia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZM3QL3XN\fastbutton[10].htm not found! File C:\Users\Georgia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZM3QL3XN\gossip-us-fp[2].js not found! File C:\Users\Georgia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P2K8TZNG\EFpQQyG9GqCrobXxL-KRMWzklk6MJbhg7BmBP42CjCQ[1].eot not found! File C:\Users\Georgia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P2K8TZNG\index[2].htm not found! File C:\Users\Georgia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P2K8TZNG\rsa[1].htm not found! File C:\Users\Georgia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P2K8TZNG\s-BiyweUPV0v-yRb-cjciFQlYEbsez9cZjKsNMjLOwM[1].eot not found! Registry entries deleted on Reboot...
  13. MBAM Log. Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.07.01.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Georgia :: HOUSECOMPUTER [administrator] 7/1/2012 2:08:22 PM mbam-log-2012-07-01 (14-08-22).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 212058 Time elapsed: 3 minute(s), 16 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  14. OTL Log after reboot. All processes killed Error: Unable to interpret <:OTL[2012/06/25 16:15:59 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Roaming\Yrkeos[2012/06/25 16:15:59 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Roaming\Oqdu[2012/06/25 16:15:59 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Roaming\Iwovla[2012/06/30 18:23:59 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\Etixwa[2012/06/30 16:58:16 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\Oqdu[2012/06/25 18:06:56 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\Tific[2011/10/24 00:09:30 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\Udcuu[2012/06/25 16:15:59 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\Yrkeos[2011/10/24 00:35:24 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\Zonie[2012/06/20 17:51:12 | 000,000,112 | ---- | M] () -- C:\ProgramData\-X4V4pVXxJCY4NRr[2012/06/20 17:51:12 | 000,000,000 | ---- | M] () -- C:\ProgramData\-X4V4pVXxJCY4NR[2012/06/27 18:27:32 | 000,080,896 | ---- | C] () -- C:\Use> in the current context! Error: Unable to interpret <rs\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\80000064.@[2012/06/27 18:27:32 | 000,080,896 | ---- | C] () -- C:\Users\Georgia\AppData\Local\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\80000064.@[2012/06/27 18:27:32 | 000,000,804 | ---- | C] () -- C:\Users\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\L\00000004.@[2012/06/27 18:27:32 | 000,000,804 | ---- | C] () -- C:\Users\Georgia\AppData\Local\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\L\00000004.@[2012/06/27 18:27:07 | 000,002,048 | ---- | C] () -- C:\Users\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\00000004.@[2012/06/27 18:27:07 | 000,002,048 | ---- | C] () -- C:\Users\Georgia\AppData\Local\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\00000004.@[2012/06/27 18:27:07 | 000,001,632 | ---- | C] () -- C:\Users\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\000000cb.@[2012/06/27 18:27:07 | 000,001,632 | ---- | C] () -- C:\Users\Georgia\AppData\Local\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\000000cb.> in the current context! Error: Unable to interpret <@[2012/01/11 21:11:28 | 000,002,048 | ---- | C] () -- C:\Users\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\@[2012/01/11 21:11:28 | 000,002,048 | ---- | C] () -- C:\Users\Georgia\AppData\Local\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\@:filesC:\Users\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}C:\Users\Georgia\AppData\Local\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}ipconfig /flushdns /c:Commands[emptytemp][clearallrestorepoints]> in the current context! OTL by OldTimer - Version 3.2.53.1 log created on 07012012_140452 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot...
  15. Here is OTL Log. Only got the one log??? OTL logfile created on: 7/1/2012 1:43:01 PM - Run 3 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Georgia\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.85 Gb Total Physical Memory | 2.20 Gb Available Physical Memory | 57.24% Memory free 7.70 Gb Paging File | 5.23 Gb Available in Paging File | 67.89% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 454.66 Gb Total Space | 412.61 Gb Free Space | 90.75% Space Free | Partition Type: NTFS Computer Name: HOUSECOMPUTER | User Name: Georgia | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/07/01 13:42:56 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Georgia\Desktop\OTL.exe PRC - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe PRC - [2012/03/08 00:10:34 | 001,320,392 | ---- | M] (Digital Delivery Networks, Inc.) -- C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe PRC - [2012/02/09 19:40:16 | 000,053,248 | ---- | M] (Digital Delivery Networks, Inc.) -- C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe PRC - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011/04/29 17:20:18 | 000,146,592 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe PRC - [2011/04/26 15:08:30 | 000,183,432 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe PRC - [2011/04/26 15:08:30 | 000,064,704 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe PRC - [2011/02/25 13:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE PRC - [2011/02/23 17:05:04 | 000,105,024 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe PRC - [2011/02/14 17:45:08 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe PRC - [2011/02/14 17:44:56 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe PRC - [2011/02/14 14:23:50 | 000,044,736 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Care\VCService.exe PRC - [2011/01/12 21:00:42 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011/01/12 21:00:38 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe PRC - [2010/11/27 03:55:42 | 000,648,032 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe PRC - [2010/11/27 03:55:42 | 000,398,176 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe PRC - [2009/02/24 16:47:06 | 000,143,360 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe ========== Modules (No Company Name) ========== MOD - [2012/02/22 20:49:56 | 000,921,600 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll MOD - [2009/02/27 17:38:20 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2012/01/13 10:55:10 | 001,256,040 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Update Common\VUAgent.exe -- (VUAgent) SRV:64bit: - [2011/08/12 17:35:30 | 000,971,704 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe -- (VSNService) SRV:64bit: - [2011/07/19 05:45:52 | 000,104,096 | ---- | M] (Atheros Communication Inc.) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe -- (DCDhcpService) SRV:64bit: - [2011/05/24 09:00:00 | 000,652,016 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr) SRV:64bit: - [2011/02/19 01:15:06 | 000,099,104 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper) SRV:64bit: - [2011/02/19 01:02:08 | 000,385,336 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr) SRV:64bit: - [2011/02/14 20:54:50 | 000,550,080 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management) SRV:64bit: - [2011/02/14 14:23:50 | 000,044,736 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Care\VCService.exe -- (VCService) SRV:64bit: - [2011/01/20 15:27:18 | 000,286,936 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe -- (SpfService) SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2012/06/24 00:34:23 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/06/01 11:39:50 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent) SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd) SRV - [2012/02/09 19:40:16 | 000,053,248 | ---- | M] (Digital Delivery Networks, Inc.) [Auto | Running] -- C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe -- (Oasis2Service) SRV - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011/04/29 17:20:18 | 000,146,592 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent) SRV - [2011/04/29 17:19:22 | 000,091,296 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc) SRV - [2011/04/26 15:08:30 | 000,064,704 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service) SRV - [2011/03/02 00:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011/02/25 13:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort) SRV - [2011/02/23 17:05:04 | 000,105,024 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor) SRV - [2011/02/21 15:55:08 | 000,113,824 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp) SRV - [2011/02/21 15:55:08 | 000,067,232 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs) SRV - [2011/02/14 17:45:08 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel® SRV - [2011/02/14 17:44:56 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel® SRV - [2011/01/20 15:16:26 | 000,887,000 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw) SRV - [2011/01/12 21:00:42 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel® SRV - [2010/11/27 03:55:42 | 000,398,176 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider) SRV - [2010/03/18 17:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/03/18 14:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) ========== Driver Services (SafeList) ========== DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard) DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA) DRV:64bit: - [2012/03/19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia) DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/02/22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64) DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64) DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64) DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter) DRV:64bit: - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver) DRV:64bit: - [2011/06/21 02:26:44 | 012,259,712 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011/06/21 02:03:42 | 002,753,536 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2011/04/29 17:19:36 | 000,288,416 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter) DRV:64bit: - [2011/04/29 17:19:36 | 000,283,296 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP) DRV:64bit: - [2011/04/29 17:19:36 | 000,166,048 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP) DRV:64bit: - [2011/04/29 17:19:36 | 000,109,216 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt) DRV:64bit: - [2011/04/29 17:19:36 | 000,059,040 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT) DRV:64bit: - [2011/04/29 17:19:36 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort) DRV:64bit: - [2011/04/29 17:19:36 | 000,029,344 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS) DRV:64bit: - [2011/04/29 17:19:34 | 000,259,232 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP) DRV:64bit: - [2011/04/01 16:10:18 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel® DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/03/10 08:47:16 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011/03/08 23:16:12 | 000,051,872 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AthDfu.sys -- (ATHDFU) DRV:64bit: - [2011/02/14 17:44:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel® DRV:64bit: - [2011/02/12 22:10:55 | 000,413,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011/02/12 16:19:28 | 000,014,400 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidkmdf.sys -- (hidkmdf) DRV:64bit: - [2011/02/12 16:19:25 | 000,026,176 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NWLowRider.sys -- (NWLowRider) DRV:64bit: - [2011/02/12 16:19:25 | 000,014,400 | ---- | M] (n/a) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NWWakeFilterLR.sys -- (NWWakeFilterLR) DRV:64bit: - [2011/02/10 03:41:47 | 000,102,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssne64.sys -- (rimspci) DRV:64bit: - [2011/02/10 03:41:45 | 000,098,816 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsnxc64.sys -- (risdsnpe) DRV:64bit: - [2010/12/10 16:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010/12/10 16:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/20 23:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010/04/26 16:20:29 | 000,012,032 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP) DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009/06/10 16:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress) Intel® DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/26 17:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter) DRV:64bit: - [2006/12/12 02:29:02 | 000,097,280 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerIf.sys -- (BrSerIf) DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SNYVDF&pc=MASA&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SNYVDF&pc=MASA&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-372996367-75289682-3332733727-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-372996367-75289682-3332733727-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie9/ IE - HKU\S-1-5-21-372996367-75289682-3332733727-1005\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.) IE - HKU\S-1-5-21-372996367-75289682-3332733727-1005\..\SearchScopes,DefaultScope = {99D2F1F7-1CF5-47D2-8B81-B47A2514F5E6} IE - HKU\S-1-5-21-372996367-75289682-3332733727-1005\..\SearchScopes\{1D1DE4DB-F69B-415B-9B37-DD7720CE8C6C}: "URL" = http://www.flickr.com/search/?q={searchTerms} IE - HKU\S-1-5-21-372996367-75289682-3332733727-1005\..\SearchScopes\{6EAFAC85-4814-41D9-8E37-5EE5A96113A4}: "URL" = http://search.yahoo.com/search?&q={searchTerms}&ei=utf-8&fr=w3is&type=W3i_IA,206,6484_00,Search,20110938,18175,0,0,6484 IE - HKU\S-1-5-21-372996367-75289682-3332733727-1005\..\SearchScopes\{99D2F1F7-1CF5-47D2-8B81-B47A2514F5E6}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie9 IE - HKU\S-1-5-21-372996367-75289682-3332733727-1005\..\SearchScopes\{D198D09C-96D5-4A6F-A3C1-75237DC665BF}: "URL" = http://delicious.com/search?p={searchTerms} IE - HKU\S-1-5-21-372996367-75289682-3332733727-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Yahoo Search" FF - prefs.js..browser.startup.homepage: "http://yahoo.com/?ilc=10&fr=ydwnld-home" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2011/04/28 03:43:30 | 000,000,000 | ---D | M] FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2011/04/28 03:43:30 | 000,000,000 | ---D | M] FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Georgia\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Georgia\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/06/30 17:44:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/05/15 14:38:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/25 15:03:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/25 15:03:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Georgia\AppData\Roaming\Mozilla\Extensions [2012/06/27 18:51:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Georgia\AppData\Roaming\Mozilla\Firefox\Profiles\ynhww6ck.default\extensions [2012/06/25 15:03:33 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Georgia\AppData\Roaming\Mozilla\Firefox\Profiles\ynhww6ck.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2012/06/30 22:59:45 | 000,000,942 | ---- | M] () -- C:\Users\Georgia\AppData\Roaming\Mozilla\Firefox\Profiles\ynhww6ck.default\searchplugins\yahoo.xml [2012/06/25 15:03:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/06/25 15:03:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions [2012/06/25 15:03:14 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2012/06/01 11:40:25 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/06/01 11:39:16 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/06/01 11:39:16 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2012/06/30 22:22:44 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.) O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.) O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.) O3 - HKU\S-1-5-21-372996367-75289682-3332733727-1005\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations) O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation) O4 - HKU\S-1-5-21-372996367-75289682-3332733727-1005..\Run: [Facebook Update] C:\Users\Georgia\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKU\S-1-5-21-372996367-75289682-3332733727-1005..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-21-372996367-75289682-3332733727-1005\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKU\S-1-5-21-372996367-75289682-3332733727-1005\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-21-372996367-75289682-3332733727-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.) O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3F747C83-41C4-47E8-9CF0-8BBA4962DDBC}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EB1B8362-52EB-4CE4-8682-12BD09942A38}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/07/01 13:42:47 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Georgia\Desktop\OTL.exe [2012/06/30 22:38:32 | 000,000,000 | R--D | C] -- C:\Users\Georgia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices [2012/06/30 22:25:47 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012/06/30 22:22:45 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2012/06/30 21:36:04 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012/06/30 21:36:04 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012/06/30 21:36:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012/06/30 21:33:57 | 004,567,958 | R--- | C] (Swearware) -- C:\Users\Georgia\Desktop\ComboFix.exe [2012/06/30 21:27:08 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\ElevatedDiagnostics [2012/06/30 21:15:18 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{DD35D6C9-E818-47FC-A3E5-5ED2A015020B} [2012/06/30 21:15:06 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{99AF37E3-F247-4DD5-B7C4-C43095AC0D0D} [2012/06/30 20:15:38 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{B17272A4-1910-43A3-A08E-6197DDBF8F2E} [2012/06/30 20:15:17 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{8C5569CA-52AB-4154-86F6-0B93B9AEBF8E} [2012/06/30 20:07:32 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{A206F70F-2782-428F-8D42-40196D514901} [2012/06/30 20:07:21 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{B440D4AE-39F0-4E45-9896-0B8F5CC46464} [2012/06/30 19:26:32 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/06/30 19:26:22 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012/06/30 19:21:03 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET [2012/06/30 19:21:03 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012/06/30 18:48:08 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{B88508F5-ACCF-41B1-AE52-7EBEA54B6E32} [2012/06/30 18:47:57 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{C140465A-581E-4887-A690-0EF014ED1F2C} [2012/06/30 18:42:26 | 000,057,976 | R--- | C] (GFI Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys [2012/06/30 18:31:07 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{42C71202-B1C7-43A0-984E-9F53E8385AAA} [2012/06/30 18:30:57 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{B41E90D0-6ABD-4966-8D1F-18C0E92B97F3} [2012/06/30 17:43:55 | 000,000,000 | ---D | C] -- C:\$AVG [2012/06/30 17:28:59 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{B9F4775E-37A2-4DEC-9399-7BA10522C53B} [2012/06/30 17:28:49 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{30B824A1-26BD-4CF1-A886-64B6B35A779E} [2012/06/30 17:19:09 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{97FDD83A-6C08-4990-8B74-C8EAAB591085} [2012/06/30 17:18:58 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{C2041F5C-3B1F-4DB3-80ED-47ADEB186F7E} [2012/06/30 17:08:11 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{D553BE55-BF39-4D80-8DA1-9B915F6B99E1} [2012/06/30 17:08:01 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{67B31042-C7EF-46BA-A1C5-E5A831A1AF7F} [2012/06/30 16:58:49 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{487224C1-A5D9-4970-98DE-E1961A64067F} [2012/06/30 16:58:40 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{39913C38-5A63-4001-A417-FAF68539402C} [2012/06/30 16:39:15 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{A0760D26-FE35-4FFB-9229-154999A245CD} [2012/06/30 16:39:05 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{A2AB4E60-A285-4B24-8D8A-B070BBD79B50} [2012/06/30 16:37:39 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2012/06/30 16:28:09 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{608E690E-623E-4F8D-9A76-795B67737F95} [2012/06/30 16:27:59 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{C2D9B6F1-D038-4BFF-9171-772E54773EC7} [2012/06/30 16:11:36 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{C409BA3C-0EA8-47CF-BCC2-12F15A034323} [2012/06/30 16:11:24 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{72EC475C-4931-4B9C-BDE5-1B21CBE2B4C3} [2012/06/30 14:49:42 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{A6A0472F-C213-4E9F-8C5F-C708080CF43B} [2012/06/30 14:49:32 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{2756344B-945F-4FF9-A3E9-04F3682DED7F} [2012/06/30 12:04:16 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{0CF98CF1-5D92-4C12-A1AB-6DE35CD8FB9E} [2012/06/30 12:04:06 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{DA219C1F-C850-4B44-AB05-61B1246FAB63} [2012/06/29 12:35:17 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{EDC74718-DC08-46F0-8793-5CEE2758FFF1} [2012/06/29 12:35:06 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{2A25F897-20DB-439A-AFCB-AEF796E9B357} [2012/06/27 18:26:14 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{65163763-309F-4E62-B37B-900781AABB37} [2012/06/27 18:26:04 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{7365B2DD-9D77-46BC-B523-AE60F9FF087C} [2012/06/25 20:40:25 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{E48E48DE-1A34-40B4-82D8-3072928C9D5D} [2012/06/25 20:40:12 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{3437557B-DE80-49CF-8F41-35769E32671D} [2012/06/25 20:10:44 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{2834282B-14A5-4C60-BD05-33846E44DA2B} [2012/06/25 20:10:32 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{D2173043-718C-4930-ADC7-2A0C42F0C5A9} [2012/06/25 20:03:47 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Roaming\AVG2012 [2012/06/25 19:39:56 | 000,000,000 | ---D | C] -- C:\sh4ldr [2012/06/25 19:39:56 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2012/06/25 19:39:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard [2012/06/25 19:29:34 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{0485867A-9EF7-4A45-A1F1-3316D226CE89} [2012/06/25 19:29:24 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{0B3BFFBB-246D-4E49-BE1A-481E1041C89E} [2012/06/25 19:27:38 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Roaming\Etixwa [2012/06/25 18:47:06 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{DE202C5E-253F-4354-8DC8-C49C01BDCF7A} [2012/06/25 18:46:56 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{0254B1CC-58C5-47E7-85FF-07AE4B0F43C3} [2012/06/25 18:22:48 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{621552B7-1466-4050-955D-73137457008B} [2012/06/25 18:22:38 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{05C45DBF-CC73-42F2-83F5-B34F3E57EC55} [2012/06/25 18:06:56 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Roaming\Tific [2012/06/25 18:06:54 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\Symantec [2012/06/25 17:47:37 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{FB965743-37E8-4BA8-981C-D157BAD0C0D7} [2012/06/25 17:47:27 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{EADAD49B-F55C-4C50-8C06-CFC42F44C756} [2012/06/25 16:57:56 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{1CCF73F8-3622-4480-8082-2D59E31EB4D7} [2012/06/25 16:57:44 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{F13AC287-9ED8-429F-A715-B5A5E6E20F0D} [2012/06/25 16:33:52 | 000,000,000 | ---D | C] -- C:\e [2012/06/25 16:29:08 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\%APPDATA% [2012/06/25 16:15:59 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Roaming\Yrkeos [2012/06/25 16:15:59 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Roaming\Oqdu [2012/06/25 16:15:59 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Roaming\Iwovla [2012/06/25 16:06:03 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Roaming\Malwarebytes [2012/06/25 16:05:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/06/25 16:05:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/06/25 16:05:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/06/25 16:01:43 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{D75E117F-C593-4A86-863C-1C1959AFD0CD} [2012/06/25 16:01:33 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{53CBE0F6-8002-4CF5-8168-B08878E7F151} [2012/06/25 15:25:40 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{E75EEA4A-F11D-442E-9537-B31C286B190F} [2012/06/25 15:25:30 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{F1E27BF4-774C-485D-9196-6BFB4221A5C4} [2012/06/25 15:06:44 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\Macromedia [2012/06/25 15:03:28 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Roaming\Mozilla [2012/06/25 15:03:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2012/06/25 14:51:52 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{F280C57E-3992-4680-A7AF-ADE521520DB5} [2012/06/25 14:50:09 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{A3140AA2-FDF5-42CE-B533-ADE27B603557} [2012/06/24 20:57:40 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{58736806-88B5-4909-9BDF-F8BB3CC43563} [2012/06/24 20:57:30 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{BB3BEDB7-8337-408C-9C18-8DDB6C8198D6} [2012/06/24 18:54:47 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{D62F7BDD-4EDF-4EBB-8B42-BFE650261F78} [2012/06/24 18:54:37 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{48E76DB1-B07E-44F2-8E56-6F62EA856862} [2012/06/24 00:39:23 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{7821C117-5711-4444-9BE3-5998A43E9918} [2012/06/24 00:39:14 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{429DA954-13D1-4D4C-A109-3EC58450BD47} [2012/06/23 22:46:19 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{3721BA9C-48E7-4822-9295-88744B7EBB73} [2012/06/23 22:46:09 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{466CD0F5-21C2-40C7-9090-0B1AF6DF8A59} [2012/06/23 22:28:34 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{C7DCADBD-4853-464D-9D8F-29E31DC97CAB} [2012/06/23 22:28:23 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{2813E064-0DE2-433D-A49D-9734700F83CB} [2012/06/23 22:10:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools [2012/06/23 22:03:53 | 000,251,528 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys [2012/06/23 22:03:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools [2012/06/23 22:02:58 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools [2012/06/23 22:02:57 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Roaming\TestApp [2012/06/23 21:55:09 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{AA0896D2-6D2D-427C-B598-FC9C0689586C} [2012/06/23 21:54:59 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{0D8E4ADC-8FD8-4798-8C4F-7F5DF150511D} [2012/06/21 16:47:01 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{6FD9EB6B-644C-454E-A88B-2ACA9C043A51} [2012/06/21 16:46:51 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{6A43593B-CD73-4ABB-A598-EB56A762B467} [2012/06/21 16:18:25 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Roaming\AVG [2012/06/21 16:17:45 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2012/06/21 16:17:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011 [2012/06/21 16:09:30 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{C7B5DFEB-27C7-4622-A617-83300704CAEC} [2012/06/21 16:09:20 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{9BDF31BF-ABC6-49B8-B095-78F9B8C24372} [2012/06/21 15:46:30 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{F3ABFEEE-FB7D-4023-94D9-11480FECBB50} [2012/06/21 15:45:46 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{EB0E3716-AA87-405A-922F-E14A9E0E249D} [2012/06/20 20:13:16 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{3BB46D06-D76B-4B95-8CE8-9A01742BC39B} [2012/06/20 20:13:07 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{C9456345-7CBE-4899-9164-506B1CCF0CE7} [2012/06/20 19:49:55 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{FE4CAE30-42C4-4221-A620-EBF1EB025810} [2012/06/20 19:49:43 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{49B236A5-CA3E-4707-82A6-99E600762E69} [2012/06/20 18:23:17 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{42A2101A-5D18-4E82-B03F-B92C8F1D2B82} [2012/06/20 18:23:05 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{F5189B83-75E0-463B-AB33-5A29F0E67ECF} [2012/06/20 17:50:34 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{065C42CA-F192-4519-AAB0-846B2BC62404} [2012/06/20 17:50:24 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{2F37B95A-990E-495E-8F5E-F7B44D29701D} [2012/06/19 21:35:33 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{A30F0356-39FB-4958-A621-D23439A9E6EF} [2012/06/19 21:35:23 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{B40CEEF0-DF4C-43FE-961C-BD1407971E95} [2012/06/19 10:35:56 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{A1AD6097-DDB2-4DF1-B8C2-17CCAF619A29} [2012/06/19 10:35:40 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{DECE9A8C-357A-40A1-B978-A5EE1349CF3D} [2012/06/15 01:25:19 | 000,000,000 | ---D | C] -- C:\Users\Georgia\Documents\virtualfieldtripinternetrubrickformummificationprocess_files [2012/06/14 23:56:12 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{5314EFC4-FB13-4C1E-8ACF-D5D667A24F88} [2012/06/14 16:45:39 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{242733BB-732E-4E0B-A75B-494DD79C5712} [2012/06/14 16:45:30 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{9D87F153-1876-4F44-8665-4EC26FBE1748} [2012/06/14 14:11:30 | 000,000,000 | ---D | C] -- C:\Users\Georgia\Documents\Ancient Chinese Dynasties - Free Powerpoints, Games, Activities_files [2012/06/14 14:11:16 | 000,000,000 | ---D | C] -- C:\Users\Georgia\Documents\Great Wall of China, China Great Wall Facts, Maps, Tours_files [2012/06/14 14:09:03 | 000,000,000 | ---D | C] -- C:\Users\Georgia\Documents\The Badaling Great Wall, Beijing, Great Wall, Badaling Section, Information and Tours_files [2012/06/14 11:37:51 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{0E957ED2-2219-4895-ADAB-BC7CDDD83BE6} [2012/06/14 11:37:40 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{804E7D8D-AAB2-4A62-8A55-B2B848917F8D} [2012/06/13 17:42:53 | 000,000,000 | ---D | C] -- C:\Users\Georgia\Documents\Egyptvoyager_com The Pyramid of Khafre at the Giza Plateau - Egypt_files [2012/06/13 11:56:04 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{08E006C9-2F17-482F-B711-033E5BD901AF} [2012/06/11 14:54:21 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{5F30AD1E-9B03-48EC-909F-0B35BAD7C503} [2012/06/10 15:01:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NovaLogic [2012/06/09 13:06:21 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{1DF829F0-760E-4A9E-B18A-3DB35080853B} [2012/06/09 13:06:11 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{65F32C56-94FA-48F2-80BA-9D57D73C382C} [2012/06/09 01:17:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin [2012/06/09 01:17:05 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX [2012/06/09 01:16:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Garmin [2012/06/09 01:16:35 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Roaming\Garmin [2012/06/04 19:07:40 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{C5ABA278-C382-4175-AB7B-67B907EDED83} [2012/06/04 19:07:31 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{10564C20-C19E-45F1-9F75-12CB5B6FC717} [2012/06/01 16:28:00 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{07DFEBC7-D300-4BA4-96E6-2946BA184FDA} [2012/06/01 16:27:49 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{C2F52875-38A1-4A9E-BB82-26C4BA863EFE} [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/07/01 13:42:56 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Georgia\Desktop\OTL.exe [2012/07/01 13:34:00 | 100,891,471 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm [2012/07/01 13:34:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/07/01 13:28:56 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/07/01 13:28:55 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/07/01 13:28:39 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-372996367-75289682-3332733727-1005UA.job [2012/07/01 13:28:12 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat [2012/07/01 07:14:34 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-372996367-75289682-3332733727-1005Core.job [2012/06/30 22:45:38 | 000,020,928 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/06/30 22:45:38 | 000,020,928 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/06/30 22:42:34 | 000,779,266 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/06/30 22:42:34 | 000,660,280 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/06/30 22:42:34 | 000,121,208 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/06/30 22:38:19 | 3101,081,600 | -HS- | M] () -- C:\hiberfil.sys [2012/06/30 22:22:44 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012/06/30 21:34:03 | 004,567,958 | R--- | M] (Swearware) -- C:\Users\Georgia\Desktop\ComboFix.exe [2012/06/30 21:17:34 | 000,001,544 | ---- | M] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg [2012/06/30 17:44:11 | 000,000,925 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk [2012/06/25 20:33:22 | 000,000,074 | ---- | M] () -- C:\Users\Georgia\AppData\Roaming\mbam.context.scan [2012/06/25 20:27:53 | 000,001,399 | ---- | M] () -- C:\Users\Georgia\Desktop\Internet Explorer.lnk [2012/06/25 16:05:46 | 000,001,065 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/06/25 15:03:24 | 000,001,086 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012/06/23 22:04:18 | 001,635,777 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB [2012/06/20 17:51:12 | 000,000,112 | ---- | M] () -- C:\ProgramData\-X4V4pVXxJCY4NRr [2012/06/20 17:51:12 | 000,000,000 | ---- | M] () -- C:\ProgramData\-X4V4pVXxJCY4NR [2012/06/20 17:05:16 | 000,359,081 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm [2012/06/17 13:57:24 | 001,499,130 | ---- | M] () -- C:\Users\Georgia\Documents\1 Bedroom Apt_ - Condo Rental in Holmes Beach, Florida, USA - Holmes Beach Condo.mht [2012/06/15 01:26:39 | 000,023,880 | ---- | M] () -- C:\Users\Georgia\Documents\rubric for Egyptian Mummification process using Virtual Field Trip_php.mht [2012/06/15 01:25:57 | 000,023,880 | ---- | M] () -- C:\Users\Georgia\Documents\Your Rubric Collaborative Work Skills Egyptian Mummification process using Virtual Field Trip_php.mht [2012/06/15 01:25:19 | 000,010,177 | ---- | M] () -- C:\Users\Georgia\Documents\virtualfieldtripinternetrubrickformummificationprocess.htm [2012/06/15 01:02:41 | 000,014,522 | ---- | M] () -- C:\Users\Georgia\Documents\Learning Log Rubric.htm [2012/06/14 16:43:08 | 000,000,419 | ---- | M] () -- C:\Windows\BRWMARK.INI [2012/06/14 16:43:08 | 000,000,027 | ---- | M] () -- C:\Windows\BRPP2KA.INI [2012/06/14 14:11:31 | 000,012,428 | ---- | M] () -- C:\Users\Georgia\Documents\Ancient Chinese Dynasties - Free Powerpoints, Games, Activities.html [2012/06/14 14:11:17 | 000,026,025 | ---- | M] () -- C:\Users\Georgia\Documents\Great Wall of China, China Great Wall Facts, Maps, Tours.htm [2012/06/14 14:09:06 | 000,028,083 | ---- | M] () -- C:\Users\Georgia\Documents\The Badaling Great Wall, Beijing, Great Wall, Badaling Section, Information and Tours.htm [2012/06/14 11:36:48 | 000,370,400 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/06/13 19:26:12 | 000,103,306 | ---- | M] () -- C:\Users\Georgia\Documents\china-complete.pdf [2012/06/13 17:42:53 | 000,017,869 | ---- | M] () -- C:\Users\Georgia\Documents\Egyptvoyager_com The Pyramid of Khafre at the Giza Plateau - Egypt.htm [2012/06/11 15:59:16 | 000,001,884 | ---- | M] () -- C:\test.xml [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/06/30 21:36:04 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/06/30 21:16:06 | 000,001,544 | ---- | C] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg [2012/06/30 19:30:57 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/06/30 19:30:57 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/06/30 19:30:57 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/06/30 19:30:57 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012/06/30 17:44:11 | 000,000,925 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk [2012/06/27 18:27:32 | 000,080,896 | ---- | C] () -- C:\Users\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\80000064.@ [2012/06/27 18:27:32 | 000,080,896 | ---- | C] () -- C:\Users\Georgia\AppData\Local\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\80000064.@ [2012/06/27 18:27:32 | 000,000,804 | ---- | C] () -- C:\Users\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\L\00000004.@ [2012/06/27 18:27:32 | 000,000,804 | ---- | C] () -- C:\Users\Georgia\AppData\Local\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\L\00000004.@ [2012/06/27 18:27:07 | 000,002,048 | ---- | C] () -- C:\Users\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\00000004.@ [2012/06/27 18:27:07 | 000,002,048 | ---- | C] () -- C:\Users\Georgia\AppData\Local\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\00000004.@ [2012/06/27 18:27:07 | 000,001,632 | ---- | C] () -- C:\Users\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\000000cb.@ [2012/06/27 18:27:07 | 000,001,632 | ---- | C] () -- C:\Users\Georgia\AppData\Local\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\000000cb.@ [2012/06/25 20:27:53 | 000,001,399 | ---- | C] () -- C:\Users\Georgia\Desktop\Internet Explorer.lnk [2012/06/25 20:01:41 | 000,000,074 | ---- | C] () -- C:\Users\Georgia\AppData\Roaming\mbam.context.scan [2012/06/25 16:05:46 | 000,001,065 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/06/25 15:03:24 | 000,001,086 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012/06/25 15:03:23 | 000,001,098 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012/06/23 22:04:01 | 001,635,777 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB [2012/06/20 17:47:35 | 000,000,112 | ---- | C] () -- C:\ProgramData\-X4V4pVXxJCY4NRr [2012/06/20 17:47:35 | 000,000,000 | ---- | C] () -- C:\ProgramData\-X4V4pVXxJCY4NR [2012/06/17 13:57:22 | 001,499,130 | ---- | C] () -- C:\Users\Georgia\Documents\1 Bedroom Apt_ - Condo Rental in Holmes Beach, Florida, USA - Holmes Beach Condo.mht [2012/06/15 01:26:38 | 000,023,880 | ---- | C] () -- C:\Users\Georgia\Documents\rubric for Egyptian Mummification process using Virtual Field Trip_php.mht [2012/06/15 01:25:57 | 000,023,880 | ---- | C] () -- C:\Users\Georgia\Documents\Your Rubric Collaborative Work Skills Egyptian Mummification process using Virtual Field Trip_php.mht [2012/06/15 01:25:12 | 000,010,177 | ---- | C] () -- C:\Users\Georgia\Documents\virtualfieldtripinternetrubrickformummificationprocess.htm [2012/06/15 01:02:41 | 000,014,522 | ---- | C] () -- C:\Users\Georgia\Documents\Learning Log Rubric.htm [2012/06/14 14:11:30 | 000,012,428 | ---- | C] () -- C:\Users\Georgia\Documents\Ancient Chinese Dynasties - Free Powerpoints, Games, Activities.html [2012/06/14 14:11:16 | 000,026,025 | ---- | C] () -- C:\Users\Georgia\Documents\Great Wall of China, China Great Wall Facts, Maps, Tours.htm [2012/06/14 14:09:06 | 000,028,083 | ---- | C] () -- C:\Users\Georgia\Documents\The Badaling Great Wall, Beijing, Great Wall, Badaling Section, Information and Tours.htm [2012/06/13 19:26:07 | 000,103,306 | ---- | C] () -- C:\Users\Georgia\Documents\china-complete.pdf [2012/06/13 17:42:53 | 000,017,869 | ---- | C] () -- C:\Users\Georgia\Documents\Egyptvoyager_com The Pyramid of Khafre at the Giza Plateau - Egypt.htm [2012/05/12 15:03:11 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat [2012/01/11 21:11:28 | 000,002,048 | ---- | C] () -- C:\Users\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\@ [2012/01/11 21:11:28 | 000,002,048 | ---- | C] () -- C:\Users\Georgia\AppData\Local\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\@ [2011/10/27 19:06:13 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI [2011/10/27 19:06:13 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2011/10/27 19:00:45 | 000,000,255 | ---- | C] () -- C:\Windows\Brpfx04a.ini [2011/10/27 19:00:45 | 000,000,094 | ---- | C] () -- C:\Windows\brpcfx.ini [2011/10/27 19:00:10 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll [2011/10/27 19:00:10 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini [2011/10/27 19:00:10 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat [2011/10/24 00:54:45 | 000,007,610 | ---- | C] () -- C:\Users\Georgia\AppData\Local\Resmon.ResmonCfg [2011/06/21 02:26:46 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011/06/21 02:26:44 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011/04/28 03:31:59 | 000,333,824 | ---- | C] () -- C:\Windows\SysWow64\SonyVideoProcessor.dll [2011/04/28 02:52:13 | 000,000,226 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2011/04/01 21:19:02 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011/02/10 19:03:27 | 000,772,990 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== LOP Check ========== [2011/12/26 19:24:18 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\Avery [2012/06/21 16:18:45 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\AVG [2012/06/25 20:03:47 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\AVG2012 [2012/05/12 15:47:40 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\Clip Art Collection [2012/06/30 18:23:59 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\Etixwa [2012/06/09 01:27:20 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\Garmin [2012/06/30 16:11:24 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\Iwovla [2012/06/30 16:58:16 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\Oqdu [2012/06/23 22:02:57 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\TestApp [2012/06/25 18:06:56 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\Tific [2011/10/24 00:09:30 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\Udcuu [2011/10/24 01:53:48 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\Windows Live Writer [2012/06/25 16:15:59 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\Yrkeos [2011/10/24 00:35:24 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\Zonie [2012/07/01 07:14:34 | 000,000,914 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-372996367-75289682-3332733727-1005Core.job [2012/07/01 13:28:39 | 000,000,936 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-372996367-75289682-3332733727-1005UA.job [2012/06/23 21:54:41 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4 @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84 @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:DFC5A2B2 < End of report >