Here you go Juliet! Let me know if you want me to "remove selected" bad guys mbam detected!
MBAM Log
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2014.02.05.09
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
owner :: MARKHAM [administrator]
2/5/2014 2:31:02 PM
MBAM-log-2014-02-05 (14-49-25).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 217646
Time elapsed: 15 minute(s), 16 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Users\owner\AppData\Roaming\data.sec (Malware.Trace.E) -> No action taken.
(end)
FRST Log
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-02-2014
Ran by owner (administrator) on MARKHAM on 05-02-2014 15:03:30
Running from C:\Users\owner\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/down...an-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/down...an-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic...ery-scan-tool/
==================== Processes (Whitelisted) ===================
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgcsrvx.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
( ) C:\Windows\System32\lxbucoms.exe
(Microsoft Corporation) C:\Windows\System32\Locator.exe
(Absolute Software Corp.) C:\Windows\System32\rpcnet.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe
() C:\Program Files\AVG Secure Search\vprot.exe
(IDT, Inc.) C:\Windows\sttray.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [LXBUCATS] - C:\Windows\system32\spool\DRIVERS\W32X86\3\LXBUtime.dll [73728 2007-02-22] ()
HKLM\...\Run: [AVG_TRAY] - C:\Program Files\AVG\AVG2012\avgtray.exe [2596984 2012-07-31] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [vProt] - C:\Program Files\AVG Secure Search\vprot.exe [2486296 2014-01-10] ()
HKLM\...\Run: [SigmatelSysTrayApp] - C:\Windows\sttray.exe [405504 2007-09-06] (IDT, Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\RunOnce: [Launcher] - %WINDIR%\SMINST\launcher.exe [40072 2008-01-18] (soft thinks)
HKLM\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-614758702-3636996587-203661250-1000\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-614758702-3636996587-203661250-1000\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-02-19] (Google Inc.)
HKU\S-1-5-21-614758702-3636996587-203661250-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-614758702-3636996587-203661250-1000\...\MountPoints2: {54524285-dd5e-11e0-830b-00e0b8e80239} - G:\Biotal_Start_Here_For_PC.exe
HKU\S-1-5-21-614758702-3636996587-203661250-1000\...\MountPoints2: {c6f8e8f3-c7e6-11de-bd10-00e0b8e80239} - H:\LaunchU3.exe -a
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/gatewayr?hl=en
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.h...s=PTB&M=M-1625
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.h...s=PTB&M=M-1625
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.h...s=PTB&M=M-1625
URLSearchHook: HKCU - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
SearchScopes: HKLM - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
SearchScopes: HKCU - {8709D99A-F206-4344-970B-A3141782867F} URL = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20120835,17118,0,18,0
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={2A8CEC44-3CF0-40BA-A41D-3A85AAB92AA0}&mid=baeaa2b531dd401048f74bd85b8b2a0d-b602d594afd2b0b327e07a06f36ca6a7e42546d0&lang=en&ds=AVG&pr=fr&d=2012-06-06 08:54:03&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms}
BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: No Name - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\17.3.0.49\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll (Gateway Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKLM - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\17.3.0.49\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite....x/qtplugin.cab
DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll (AVG Secure Search)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
FireFox:
========
FF ProfilePath: C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\vqqkuexj.default
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0\\npsitesafety.dll (AVG Technologies)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files\AVG\AVG2012\Firefox4\
FF Extension: No Name - C:\Program Files\AVG\AVG2012\Firefox4\ []
FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\17.3.0.49
FF Extension: AVG Security Toolbar - C:\ProgramData\AVG Secure Search\FireFoxExt\17.3.0.49 [2014-01-10]
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\10.0.648.151\pdf.dll No File
CHR Plugin: (Google Gears 0.5.33.0) - C:\Program Files\Google\Chrome\Application\10.0.648.151\gears.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\10.0.648.151\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.230.5) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U23) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Updater) - C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (Entanglement) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2011-03-22]
CHR Extension: (Entanglement) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-09-18]
CHR Extension: (Poppit) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2011-03-22]
CHR Extension: (Poppit) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2013-01-31]
CHR Extension: (Poppit) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-18]
CHR HKLM\...\Chrome\Extension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:\Program Files\AVG\AVG2012\Chrome\safesearch.crx [2013-09-18]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-10-10]
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\17.3.0.49\avg.crx [2014-01-10]
========================== Services (Whitelisted) =================
S3 AVG Security Toolbar Service; C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [1025352 2011-09-01] ()
S2 AVGIDSAgent; C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe [5167736 2012-08-13] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
S2 gupdate1c992bc37ac1060; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-02-19] (Google Inc.)
R2 lxbu_device; C:\Windows\system32\lxbucoms.exe [537520 2007-04-17] ( )
R2 rpcnet; C:\Windows\system32\rpcnet.exe [58288 2012-06-14] (Absolute Software Corp.)
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 vToolbarUpdater17.3.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [1771544 2014-01-10] (AVG Secure Search)
==================== Drivers (Whitelisted) ====================
R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [139856 2011-12-23] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfilterx.sys [24144 2011-12-23] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [24896 2012-04-19] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [17232 2011-12-23] (AVG Technologies CZ, s.r.o. )
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [237408 2012-07-26] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [41040 2011-12-23] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [31952 2012-01-31] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [301920 2012-08-24] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-11-11] (AVG Technologies)
S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [9344 2009-04-17] (GARMIN Corp.)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2014-02-05] (Malwarebytes Corporation)
S3 NETw2v32; C:\Windows\System32\DRIVERS\NETw2v32.sys [2589184 2006-11-02] (Intel® Corporation)
R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [281088 2007-07-18] (Realtek Semiconductor Corporation )
S3 SSKBFD; C:\Windows\System32\Drivers\sskbfd.sys [23920 2008-01-04] (Webroot Software Inc (www.webroot.com))
R3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [11776 2007-05-23] (Chicony Electronics Co., Ltd.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 SymIM; system32\DRIVERS\SymIM.sys [X]
S3 SymIMMP; system32\DRIVERS\SymIM.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-02-05 15:03 - 2014-02-05 15:04 - 00018040 _____ () C:\Users\owner\Desktop\FRST.txt
2014-02-05 15:01 - 2014-02-05 15:03 - 00000000 ____D () C:\FRST
2014-02-05 15:00 - 2014-02-05 15:00 - 01139200 _____ (Farbar) C:\Users\owner\Desktop\FRST.exe
2014-02-05 14:50 - 2014-02-05 14:51 - 00000000 ____D () C:\Users\owner\Desktop\Repair
2014-02-05 14:29 - 2014-02-05 14:30 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2014-02-05 14:29 - 2014-02-05 14:29 - 00000866 _____ () C:\Users\Public\Desktop\MBAM.lnk
2014-02-05 14:29 - 2014-02-05 14:29 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Malwarebytes
2014-02-05 14:29 - 2014-02-05 14:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-05 14:29 - 2014-02-05 14:29 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-05 14:29 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-02 18:38 - 2014-02-02 19:11 - 00000512 _____ () C:\Users\owner\Desktop\MBR.dat
2014-02-02 17:29 - 2014-02-02 17:30 - 00000000 ____D () C:\Program Files\ERUNT
2014-02-02 11:28 - 2014-02-02 11:33 - 00002763 _____ () C:\ProgramData\connector.swf
2014-02-02 09:25 - 2014-02-02 09:25 - 00001962 _____ () C:\Users\owner\AppData\Roaming\data.sec
2014-01-23 09:38 - 2014-01-23 09:38 - 00000000 ____D () C:\Windows\Sun
2014-01-23 09:33 - 2013-12-18 21:10 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-01-23 09:33 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-23 09:33 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-01-23 09:33 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-01-23 09:31 - 2014-01-23 09:33 - 00005232 _____ () C:\Windows\system32\jupdate-1.7.0_51-b13.log
==================== One Month Modified Files and Folders =======
2014-02-05 16:28 - 2008-05-11 07:37 - 00000000 ____D () C:\Users\owner
2014-02-05 16:28 - 2006-11-02 05:22 - 44040192 _____ () C:\Windows\system32\config\software_previous
2014-02-05 16:28 - 2006-11-02 05:22 - 25690112 _____ () C:\Windows\system32\config\system_previous
2014-02-05 16:27 - 2011-09-23 07:33 - 00000000 ____D () C:\Program Files\Common Files\AVG Secure Search
2014-02-05 16:27 - 2009-02-02 11:17 - 00000000 ____D () C:\Program Files\lx_Cats
2014-02-05 16:27 - 2008-02-28 04:30 - 00000000 ____D () C:\Windows\SMINST
2014-02-05 16:27 - 2006-11-02 06:18 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-02-05 16:27 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\system32\spool
2014-02-05 16:27 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-02-05 16:27 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\registration
2014-02-05 16:19 - 2006-11-02 05:22 - 00262144 _____ () C:\Windows\system32\config\security_previous
2014-02-05 16:19 - 2006-11-02 05:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2014-02-05 15:04 - 2014-02-05 15:03 - 00018040 _____ () C:\Users\owner\Desktop\FRST.txt
2014-02-05 15:03 - 2014-02-05 15:01 - 00000000 ____D () C:\FRST
2014-02-05 15:00 - 2014-02-05 15:00 - 01139200 _____ (Farbar) C:\Users\owner\Desktop\FRST.exe
2014-02-05 14:51 - 2014-02-05 14:50 - 00000000 ____D () C:\Users\owner\Desktop\Repair
2014-02-05 14:51 - 2009-06-30 21:54 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-05 14:50 - 2013-10-08 18:36 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-05 14:41 - 2006-11-02 07:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-05 14:41 - 2006-11-02 07:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-05 14:30 - 2014-02-05 14:29 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2014-02-05 14:29 - 2014-02-05 14:29 - 00000866 _____ () C:\Users\Public\Desktop\MBAM.lnk
2014-02-05 14:29 - 2014-02-05 14:29 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Malwarebytes
2014-02-05 14:29 - 2014-02-05 14:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-05 14:29 - 2014-02-05 14:29 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-05 14:00 - 2006-11-02 05:33 - 00707392 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-05 13:59 - 2013-12-25 08:40 - 00001931 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-05 13:51 - 2009-06-30 21:54 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-05 13:50 - 2012-04-05 06:11 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-05 13:50 - 2011-10-13 06:08 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-05 13:42 - 2008-02-28 04:37 - 01775047 _____ () C:\Windows\WindowsUpdate.log
2014-02-05 13:33 - 2013-06-03 06:06 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2014-02-05 13:32 - 2006-11-02 08:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-05 13:32 - 2005-11-18 00:05 - 00058288 _____ (Absolute Software Corp.) C:\Windows\system32\rpcnet.dll
2014-02-05 13:32 - 2005-10-20 17:08 - 00017408 _____ () C:\Windows\system32\rpcnetp.exe
2014-02-05 13:09 - 2010-10-23 16:32 - 00001356 _____ () C:\Users\owner\AppData\Local\d3d9caps.dat
2014-02-05 13:01 - 2006-11-02 05:22 - 40370176 _____ () C:\Windows\system32\config\components_previous
2014-02-05 13:01 - 2006-11-02 05:22 - 00262144 _____ () C:\Windows\system32\config\default_previous
2014-02-02 19:11 - 2014-02-02 18:38 - 00000512 _____ () C:\Users\owner\Desktop\MBR.dat
2014-02-02 17:30 - 2014-02-02 17:29 - 00000000 ____D () C:\Program Files\ERUNT
2014-02-02 11:33 - 2014-02-02 11:28 - 00002763 _____ () C:\ProgramData\connector.swf
2014-02-02 09:25 - 2014-02-02 09:25 - 00001962 _____ () C:\Users\owner\AppData\Roaming\data.sec
2014-02-02 09:14 - 2009-02-02 17:52 - 00000000 ____D () C:\Users\owner\Desktop\Rennaissance
2014-02-02 08:08 - 2011-10-13 07:14 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-01-31 13:23 - 2008-05-11 07:46 - 00153600 _____ () C:\Users\owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-30 23:17 - 2006-11-02 08:01 - 00032648 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-26 11:59 - 2011-01-17 17:40 - 00000000 ____D () C:\Users\owner\AppData\Local\CutePDF Writer
2014-01-23 09:38 - 2014-01-23 09:38 - 00000000 ____D () C:\Windows\Sun
2014-01-23 09:37 - 2013-10-17 09:20 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-23 09:33 - 2014-01-23 09:31 - 00005232 _____ () C:\Windows\system32\jupdate-1.7.0_51-b13.log
2014-01-23 09:33 - 2008-02-28 05:07 - 00000000 ____D () C:\Program Files\Java
2014-01-22 11:13 - 2009-08-22 10:13 - 00000000 ____D () C:\Users\owner\Desktop\TAP
2014-01-15 20:58 - 2006-11-02 05:23 - 00000314 _____ () C:\Windows\win.ini
2014-01-15 20:57 - 2013-08-14 19:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-15 20:54 - 2006-11-02 05:24 - 83425928 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-01-10 07:57 - 2013-12-10 08:38 - 00003728 _____ () C:\Program Files\Mozilla Firefoxavg-secure-search.xml
2014-01-10 07:56 - 2011-09-23 07:33 - 00000000 ____D () C:\Program Files\AVG Secure Search
Files to move or delete:
====================
C:\Users\owner\spybotsd162.exe
Some content of TEMP:
====================
C:\Users\owner\AppData\Local\Temp\AdobeUpdater12345.exe
C:\Users\owner\AppData\Local\Temp\atl80.dll
C:\Users\owner\AppData\Local\Temp\avguidx.dll
C:\Users\owner\AppData\Local\Temp\CommonInstaller.exe
C:\Users\owner\AppData\Local\Temp\converter.exe
C:\Users\owner\AppData\Local\Temp\CPMStartInstall.exe
C:\Users\owner\AppData\Local\Temp\exec.exe
C:\Users\owner\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\owner\AppData\Local\Temp\FlashPlayerUpdate01.exe
C:\Users\owner\AppData\Local\Temp\G2MInstallerExtractor.exe
C:\Users\owner\AppData\Local\Temp\iGearedHelper.dll
C:\Users\owner\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\owner\AppData\Local\Temp\libexpat.dll
C:\Users\owner\AppData\Local\Temp\MachineIdCreator.exe
C:\Users\owner\AppData\Local\Temp\mfc80.dll
C:\Users\owner\AppData\Local\Temp\mfc80u.dll
C:\Users\owner\AppData\Local\Temp\mfcm80.dll
C:\Users\owner\AppData\Local\Temp\mfcm80u.dll
C:\Users\owner\AppData\Local\Temp\msvcm80.dll
C:\Users\owner\AppData\Local\Temp\msvcp80.dll
C:\Users\owner\AppData\Local\Temp\msvcr80.dll
C:\Users\owner\AppData\Local\Temp\NullsoftHelper.dll
C:\Users\owner\AppData\Local\Temp\oi_{207C71EE-15B6-404A-AB12-EAF54E73E9E1}.exe
C:\Users\owner\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\owner\AppData\Local\Temp\setup.exe
C:\Users\owner\AppData\Local\Temp\SkypeSetup.exe
C:\Users\owner\AppData\Local\Temp\TmDbg32.dll
C:\Users\owner\AppData\Local\Temp\ToolbarInstaller.exe
C:\Users\owner\AppData\Local\Temp\uires.dll
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-02-05 13:40
==================== End Of Log ============================
Addition Log
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 05-02-2014
Ran by owner at 2014-02-05 15:04:27
Running from C:\Users\owner\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: AVG Anti-Virus Free Edition 2012 (Disabled - Up to date) {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AS: AVG Anti-Virus Free Edition 2012 (Disabled - Up to date) {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
3D Home Architect 4.0 (Version: - )
Activation Assistant for the 2007 Microsoft Office suites (Version: - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe AIR (Version: 3.0.0.4080 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.0.0.4080 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Reader X (10.1.8) (Version: 10.1.8 - Adobe Systems Incorporated)
Agere Systems HDA Modem (Version: - Agere Systems)
Apple Application Support (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (Version: 3.0.648.0 - ATI Technologies, Inc.)
Audible Download Manager (Version: 6.6.0.15 - Audible, Inc.)
AudibleManager (Version: 4759644.48.2147340288.-1389429353 - Audible, Inc.)
AVG 2012 (Version: 12.0.2221 - AVG Technologies) Hidden
AVG 2012 (Version: 12.0.2441 - AVG Technologies) Hidden
AVG 2012 (Version: 2012.0.2221 - AVG Technologies)
AVG Security Toolbar (Version: 17.3.0.49 - AVG Technologies)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Browser Address Error Redirector (Version: - )
Camera Assistant Software for Gateway (Version: 1.7.050.1029 - Chicony Electronics Co.,Ltd.)
Catalyst Control Center Core Implementation (Version: 2007.1109.2138.38670 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2007.1109.2138.38670 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2007.1109.2138.38670 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2007.1109.2138.38670 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (Version: 2007.1109.2138.38670 - ATI) Hidden
Catalyst Control Center Localization Chinese Standard (Version: 2007.1109.2138.38670 - ATI) Hidden
Catalyst Control Center Localization Chinese Traditional (Version: 2007.1109.2138.38670 - ATI) Hidden
Catalyst Control Center Localization Czech (Version: 2007.1109.2138.38670 - ATI) Hidden
Catalyst Control Center Localization Danish (Version: 2007.1109.2138.38670 - ATI) Hidden
Catalyst Control Center Localization Dutch (Version: 2007.1109.2138.38670 - ATI) Hidden
Catalyst Control Center Localization Finnish (Version: 2007.1109.2138.38670 - ATI) Hidden
Catalyst Control Center Localization French (Version: 2007.1109.2138.38670 - ATI) Hidden
Catalyst Control Center Localization German (Version: 2007.1109.2138.38670 - ATI) Hidden
Catalyst Control Center Localization Greek (Version: 2007.1109.2138.38670 - ATI) Hidden
Catalyst Control Center Localization Hungarian (Version: 2007.1109.2138.38670 - ATI) Hidden
Catalyst Control Center Localization Italian (Version: 2007.1109.2138.38670 - ATI) Hidden
Catalyst Control Center Localization Japanese (Version: 2007.1109.2138.38670 - ATI) Hidden
Catalyst Control Center Localization Korean (Version: 2007.1109.2138.38670 - ATI) Hidden
Catalyst Control Center Localization Norwegian (Version: 2007.1109.2138.38670 - ATI) Hidden
Catalyst Control Center Localization Polish (Version: 2007.1109.2138.38670 - ATI) Hidden
Catalyst Control Center Localization Portuguese (Version: 2007.1109.2138.38670 - ATI) Hidden
Catalyst Control Center Localization Russian (Version: 2007.1109.2138.38670 - ATI) Hidden
Catalyst Control Center Localization Spanish (Version: 2007.1109.2138.38670 - ATI) Hidden
Catalyst Control Center Localization Swedish (Version: 2007.1109.2138.38670 - ATI) Hidden
Catalyst Control Center Localization Thai (Version: 2007.1109.2138.38670 - ATI) Hidden
Catalyst Control Center Localization Turkish (Version: 2007.1109.2138.38670 - ATI) Hidden
CCC Help Chinese Standard (Version: 2007.1109.2137.38670 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2007.1109.2137.38670 - ATI) Hidden
CCC Help Czech (Version: 2007.1109.2137.38670 - ATI) Hidden
CCC Help Danish (Version: 2007.1109.2137.38670 - ATI) Hidden
CCC Help Dutch (Version: 2007.1109.2137.38670 - ATI) Hidden
CCC Help English (Version: 2007.1109.2137.38670 - ATI) Hidden
CCC Help Finnish (Version: 2007.1109.2137.38670 - ATI) Hidden
CCC Help French (Version: 2007.1109.2137.38670 - ATI) Hidden
CCC Help German (Version: 2007.1109.2137.38670 - ATI) Hidden
CCC Help Greek (Version: 2007.1109.2137.38670 - ATI) Hidden
CCC Help Hungarian (Version: 2007.1109.2137.38670 - ATI) Hidden
CCC Help Italian (Version: 2007.1109.2137.38670 - ATI) Hidden
CCC Help Japanese (Version: 2007.1109.2137.38670 - ATI) Hidden
CCC Help Korean (Version: 2007.1109.2137.38670 - ATI) Hidden
CCC Help Norwegian (Version: 2007.1109.2137.38670 - ATI) Hidden
CCC Help Polish (Version: 2007.1109.2137.38670 - ATI) Hidden
CCC Help Portuguese (Version: 2007.1109.2137.38670 - ATI) Hidden
CCC Help Russian (Version: 2007.1109.2137.38670 - ATI) Hidden
CCC Help Spanish (Version: 2007.1109.2137.38670 - ATI) Hidden
CCC Help Swedish (Version: 2007.1109.2137.38670 - ATI) Hidden
CCC Help Thai (Version: 2007.1109.2137.38670 - ATI) Hidden
CCC Help Turkish (Version: 2007.1109.2137.38670 - ATI) Hidden
ccc-core-static (Version: 2007.1109.2138.38670 - ATI) Hidden
ccc-utility (Version: 2007.1109.2138.38670 - ATI) Hidden
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000 - Microsoft Corporation)
CPM-Dairy V3 with Permanent Registration (Version: 3.10.0002 - CPM-Dairy)
CutePDF Writer 2.8 (Version: - )
Digital Camera (Version: - )
DX-Ball 1.09 (Version: - )
Gateway Connect (Version: 1.1.0 - Acceller)
Gateway Recovery Center Installer (Version: 1.01.044 - Gateway)
Google Chrome (Version: 32.0.1700.107 - Google Inc.)
Google Earth (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (Version: 7.5.4805.320 - Google Inc.)
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
GoToMeeting 5.5.0.1132 (HKCU Version: 5.5.0.1132 - CitrixOnline)
Hoyle Classic Games (Version: - )
IDT Audio (Version: 5.10.5303.0 - IDT)
Image Resizer for Windows (Version: 3.0.4442.6002 - Brice Lambson)
Image Resizer for Windows (Version: 3.0.4442.6002 - Brice Lambson) Hidden
iTunes (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 51 (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
K-Lite Codec Pack 7.0.0 (Standard) (Version: 7.0.0 - )
LabelPrint (Version: 2.0.2212 - CyberLink Corp.)
Lexmark 6200 Series (Version: - Lexmark International, Inc.)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Money Essentials (Version: 16 - Microsoft)
Microsoft Money Shared Libraries (Version: 16.0.0.705 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Standard Edition 2003 (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 en-US) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (Version: 26.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 and SOAP Toolkit 3.0 (Version: 1.0.0.0 - Webroot Software, Inc.) Hidden
Open Freely (Version: 1.0 - Download Freely, LLC)
Power2Go 5.0 (Version: - )
QuickTime (Version: 7.69.80.9 - Apple Inc.)
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista (Version: 1.00.0000 - Realtek)
Realtek USB 2.0 Card Reader (Version: - Realtek Semiconductor Corp.)
REALTEK USB Wireless LAN Driver (Version: 1.00.0000 - Realtek)
Sierra Utilities (Version: - )
Skins (Version: 2007.1109.2138.38670 - ATI) Hidden
Skype Click to Call (Version: 5.6.8442 - Skype Technologies S.A.)
Skype™ 6.0 (Version: 6.0.126 - Skype Technologies S.A.)
Spybot - Search & Destroy (Version: 1.6.2 - Safer Networking Limited)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation)
==================== Restore Points =========================
12-01-2014 17:00:10 Scheduled Checkpoint
13-01-2014 14:31:26 Scheduled Checkpoint
14-01-2014 14:07:46 Scheduled Checkpoint
15-01-2014 15:23:24 Scheduled Checkpoint
16-01-2014 01:54:17 Windows Update
16-01-2014 14:31:29 Scheduled Checkpoint
17-01-2014 05:00:01 Scheduled Checkpoint
18-01-2014 05:00:05 Scheduled Checkpoint
19-01-2014 15:36:33 Scheduled Checkpoint
20-01-2014 05:00:04 Scheduled Checkpoint
20-01-2014 23:48:28 Scheduled Checkpoint
21-01-2014 21:52:47 Scheduled Checkpoint
22-01-2014 16:43:34 Scheduled Checkpoint
23-01-2014 14:30:43 Installed Java 7 Update 51
24-01-2014 15:11:40 Scheduled Checkpoint
25-01-2014 15:10:30 Scheduled Checkpoint
26-01-2014 14:47:34 Scheduled Checkpoint
27-01-2014 14:02:10 Scheduled Checkpoint
28-01-2014 14:47:00 Scheduled Checkpoint
29-01-2014 14:13:52 Scheduled Checkpoint
30-01-2014 14:08:48 Scheduled Checkpoint
31-01-2014 19:15:11 Scheduled Checkpoint
01-02-2014 15:50:27 Scheduled Checkpoint
==================== Hosts content: ==========================
2006-11-02 05:23 - 2010-03-03 10:34 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {422A74FD-8F10-4ED5-8EB7-A29BE212C7F8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-05] (Adobe Systems Incorporated)
Task: {436C3101-30FC-48D6-BCAE-90DD9D5D8FC5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-19] (Google Inc.)
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {45EA5D88-FA03-4759-A59F-7598B21E1C9B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-19] (Google Inc.)
Task: {6C68E400-0B84-4802-8C2C-0FC1F0C7DC83} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {6D28D553-29F1-46DF-B6B0-682FBC4FE1C5} - System32\Tasks\{80B1979C-6AF5-48F7-9F31-DBA1AF53054B} => C:\Program Files\Skype\\Phone\Skype.exe [2012-11-09] (Skype Technologies S.A.)
Task: {A728AE6B-5AB8-4223-AD3E-E6341441A01C} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries
Task: {BF73EF51-355B-4FDA-8B93-A06667AD2424} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - owner => C:\Program Files\Windows Calendar\wincal.exe [2009-04-11] (Microsoft Corporation)
Task: {D87C0851-A0C4-4682-8F51-1BD61523F87A} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{90802AA9-D081-4CF3-AC0C-2EE1CA77F3AB}.exe
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{90802AA9-D081-4CF3-AC0C-2EE1CA77F3AB}.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2008-02-28 04:21 - 2007-11-09 08:57 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2014-01-10 07:56 - 2014-01-10 07:55 - 00519704 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\log4cplusU.dll
2013-01-28 12:08 - 2013-01-28 12:08 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2013-01-28 12:08 - 2013-01-28 12:08 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2007-03-02 14:44 - 2007-03-02 14:44 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
2013-12-30 14:48 - 2013-12-30 14:48 - 03559024 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
Name: Microsoft ISATAP Adapter #12
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
Name: COM4
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (02/05/2014 02:21:21 PM) (Source: Application Hang) (User: )
Description: The program firefox.exe version 26.0.0.5087 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: d4
Start Time: 01cf22a5f248b850
Termination Time: 11
Error: (02/05/2014 02:07:59 PM) (Source: Application Hang) (User: )
Description: The program Explorer.EXE version 6.0.6002.18005 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: f8c
Start Time: 01cf22a0bb7fd542
Termination Time: 60000
Error: (02/05/2014 01:32:14 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/05/2014 00:52:29 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/05/2014 00:48:43 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/02/2014 02:37:22 PM) (Source: Application Hang) (User: )
Description: The program Explorer.EXE version 6.0.6002.18005 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: d74
Start Time: 01cf204dab9f6474
Termination Time: 21388
Error: (02/02/2014 02:33:09 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/02/2014 02:30:34 PM) (Source: Application Hang) (User: )
Description: The program Explorer.EXE version 6.0.6002.18005 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: ce8
Start Time: 01cf204bc3fccc99
Termination Time: 60000
Error: (02/02/2014 02:19:54 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/02/2014 02:11:13 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
System errors:
=============
Error: (02/05/2014 01:32:15 PM) (Source: Service Control Manager) (User: )
Description: AVGIDSAgent3758213659 (0xE001CA1B)
Error: (02/05/2014 01:32:15 PM) (Source: Service Control Manager) (User: )
Description: AVG WatchDog3758161981 (0xE001003D)
Error: (02/05/2014 01:32:15 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058
Error: (02/05/2014 00:57:20 PM) (Source: DCOM) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (02/05/2014 00:55:07 PM) (Source: DCOM) (User: )
Description: 1084wuauserv{E60687F7-01A1-40AA-86AC-DB1CBF673334}
Error: (02/05/2014 00:52:29 PM) (Source: Service Control Manager) (User: )
Description: AFD
Avgldx86
Avgmfx86
Avgtdix
DfsC
NetBIOS
netbt
nsiproxy
PSched
RasAcd
rdbss
Smb
spldr
tdx
Wanarpv6
Error: (02/05/2014 00:52:29 PM) (Source: Service Control Manager) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068
Error: (02/05/2014 00:52:29 PM) (Source: Service Control Manager) (User: )
Description: Network Location AwarenessNetwork Store Interface Service%%1068
Error: (02/05/2014 00:52:29 PM) (Source: Service Control Manager) (User: )
Description: IP HelperNetwork Store Interface Service%%1068
Error: (02/05/2014 00:52:29 PM) (Source: Service Control Manager) (User: )
Description: WebClientWebDav Client Redirector Driver%%1068
Microsoft Office Sessions:
=========================
Error: (02/05/2014 02:21:21 PM) (Source: Application Hang)(User: )
Description: firefox.exe26.0.0.5087d401cf22a5f248b85011
Error: (02/05/2014 02:07:59 PM) (Source: Application Hang)(User: )
Description: Explorer.EXE6.0.6002.18005f8c01cf22a0bb7fd54260000
Error: (02/05/2014 01:32:14 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/05/2014 00:52:29 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/05/2014 00:48:43 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/02/2014 02:37:22 PM) (Source: Application Hang)(User: )
Description: Explorer.EXE6.0.6002.18005d7401cf204dab9f647421388
Error: (02/02/2014 02:33:09 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/02/2014 02:30:34 PM) (Source: Application Hang)(User: )
Description: Explorer.EXE6.0.6002.18005ce801cf204bc3fccc9960000
Error: (02/02/2014 02:19:54 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/02/2014 02:11:13 PM) (Source: EventSystem)(User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
CodeIntegrity Errors:
===================================
Date: 2014-02-05 15:03:52.679
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-02-05 15:03:52.133
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-02-05 15:03:51.587
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-02-05 15:03:50.978
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-02-05 15:03:50.370
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-02-05 15:03:49.824
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-02-05 15:03:49.231
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-02-05 15:03:48.654
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-02-05 14:38:15.272
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-02-05 14:38:14.710
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Percentage of memory in use: 56%
Total physical RAM: 1917.38 MB
Available physical RAM: 841.85 MB
Total Pagefile: 4081.32 MB
Available Pagefile: 2883.56 MB
Total Virtual: 2047.88 MB
Available Virtual: 1917.84 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:221.84 GB) (Free:133.39 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:11.04 GB) (Free:5.21 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: 11F2341E)
Partition 1: (Not Active) - (Size=11 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=222 GB) - (Type=07 NTFS)
==================== End Of Log ============================