OTL logfile created on: 17/10/2012 05:49:40 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = c:\users\jon\downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1013.57 Mb Total Physical Memory | 274.02 Mb Available Physical Memory | 27.04% Memory free 3.88 Gb Paging File | 2.74 Gb Available in Paging File | 70.53% Paging File free Paging file location(s): c:\pagefile.sys 3000 3000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 111.69 Gb Total Space | 42.74 Gb Free Space | 38.26% Space Free | Partition Type: NTFS Drive D: | 111.43 Gb Total Space | 107.37 Gb Free Space | 96.36% Space Free | Partition Type: NTFS Drive H: | 1.90 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: LIVINGROOM | User Name: jon | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012/10/17 05:37:46 | 015,943,512 | ---- | M] (Trusteer Ltd.) -- C:\ProgramData\Trusteer\Rapport\store\tmp\dn_00000450_0001895a\RapportSetup-Full.exe PRC - [2012/09/30 09:21:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- c:\Users\jon\Downloads\OTL (1).exe PRC - [2012/08/28 15:38:22 | 000,598,032 | ---- | M] (Soluto) -- C:\Program Files\Soluto\SolutoService.exe PRC - [2012/08/28 15:38:20 | 001,160,224 | ---- | M] (Soluto) -- C:\Program Files\Soluto\Soluto.exe PRC - [2012/08/27 05:21:12 | 026,924,984 | ---- | M] (Dropbox, Inc.) -- C:\Users\jon\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012/08/21 10:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2012/08/21 10:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2012/06/14 09:41:16 | 006,320,360 | ---- | M] () -- C:\Program Files\Auslogics\Auslogics Registry Fixer\RegistryFixer.exe PRC - [2012/03/12 10:57:20 | 000,133,280 | ---- | M] (Intel Corporation) -- C:\Windows\System32\IPROSetMonitor.exe PRC - [2011/06/14 17:35:02 | 000,201,080 | ---- | M] (Telefónica) -- C:\Program Files\O2\Connection Manager\ImpWiFiSvc.exe PRC - [2011/03/14 16:27:28 | 000,271,712 | ---- | M] () -- C:\ProgramData\DatacardService\HWDeviceService.exe PRC - [2011/03/14 16:27:28 | 000,236,384 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2007/07/03 19:40:10 | 000,053,248 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe PRC - [2007/04/17 02:48:12 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe PRC - [2007/04/06 23:10:56 | 000,223,704 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe PRC - [2007/02/12 19:46:34 | 000,208,896 | ---- | M] () -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012/08/28 20:33:37 | 000,656,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGPostBootResources\efe39f61d6dd888a85e2ec86e39d5cd8\PCGPostBootResources.ni.dll MOD - [2012/08/28 20:33:36 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGHIDProbe\ccfb4cebc04580c3edcb9789182ee232\PCGHIDProbe.ni.dll MOD - [2012/08/28 20:33:35 | 000,045,568 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGRSPProbe\0ba1c9030fba6e2b81c9d69569a29683\PCGRSPProbe.ni.dll MOD - [2012/08/28 20:33:34 | 002,327,552 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Community.CsharpSql#\802a202e8df9e1d146453a0211fdbe70\Community.CsharpSqlite.ni.dll MOD - [2012/08/28 20:33:32 | 000,202,240 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGWuInfo\4ffb43b0c377b8cb8c26922d2a4c39b7\PCGWuInfo.ni.dll MOD - [2012/08/28 20:33:32 | 000,100,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.IWshRuntime#\1e4138d450004582377fd9d806608f01\Interop.IWshRuntimeLibrary.ni.dll MOD - [2012/08/28 20:33:31 | 000,177,152 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGAppControlPlugin#\c0a6ee797c41dc935d55636894bf46d3\PCGAppControlPluginLoader.ni.dll MOD - [2012/08/28 20:33:31 | 000,067,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGUsersCenter\f1795d887f0185dd59414c6078c306ba\PCGUsersCenter.ni.dll MOD - [2012/08/28 20:33:29 | 004,272,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGClientCommon\471a357092fee00f619544937e35fc78\PCGClientCommon.ni.dll MOD - [2012/08/28 20:33:24 | 000,198,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGBootVisualizingC#\d33e3852d656062e10b1294f748e85b3\PCGBootVisualizingCommon.ni.dll MOD - [2012/08/28 20:33:23 | 000,259,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGDriverProbe\ef80df20c2ad7c1563a1aeee7e073dc0\PCGDriverProbe.ni.dll MOD - [2012/08/28 20:33:21 | 000,068,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGConfiguration\eddcfcfd2e05891ddfbe09339417fbfd\PCGConfiguration.ni.dll MOD - [2012/08/28 20:33:18 | 003,939,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGDatabase\b451dad50eeb1df1914c74a9d9e5992d\PCGDatabase.ni.dll MOD - [2012/08/28 20:33:13 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGAzureEntityFrame#\99d9d10153c86da23d161bbf1bad1212\PCGAzureEntityFramework.ni.dll MOD - [2012/08/28 20:33:11 | 001,507,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGAzureShared\2f35d0384b9a356e70ac56ca7b463414\PCGAzureShared.ni.dll MOD - [2012/08/28 20:33:09 | 001,299,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGCommunication\c50fb278ac4da3704b2bb0ad6239af31\PCGCommunication.ni.dll MOD - [2012/08/28 20:33:05 | 002,845,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGPreCompiled\6c7fff5331ab83d9f386ffd671c497ba\PCGPreCompiled.ni.dll MOD - [2012/08/28 20:33:02 | 000,259,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGPrestoSerializer\5c90829e8f143a6f8eee530f31e421f6\PCGPrestoSerializer.ni.dll MOD - [2012/08/28 20:33:01 | 000,596,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Ionic.Zip.Reduced\a2f4048baa0761e43e7954af9a4a68c1\Ionic.Zip.Reduced.ni.dll MOD - [2012/08/28 20:33:00 | 002,128,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Newtonsoft.Json.Net#\72cc440f22665be1f2e72b24731a8d99\Newtonsoft.Json.Net35.ni.dll MOD - [2012/08/28 20:32:57 | 002,743,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGFramework\36ee278911d03de772e0f10d374d42ce\PCGFramework.ni.dll MOD - [2012/08/28 20:32:50 | 001,584,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Soluto\d0ff23ca91a63ead98898cb2d7d4013d\Soluto.ni.exe MOD - [2012/08/28 15:33:08 | 000,093,184 | ---- | M] () -- C:\Program Files\Soluto\PCGDllExportInspector.dll MOD - [2012/06/18 11:30:34 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8bbcd31ecc8edc7d1f9cdd83ef2bb2d3\System.ServiceProcess.ni.dll MOD - [2012/06/18 10:33:23 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll MOD - [2012/06/18 10:31:07 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll MOD - [2012/06/14 09:41:16 | 006,320,360 | ---- | M] () -- C:\Program Files\Auslogics\Auslogics Registry Fixer\RegistryFixer.exe MOD - [2012/06/10 02:19:33 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\8455a2be044530a091b714f5a6415d6b\CustomMarshalers.ni.dll MOD - [2012/06/10 02:17:55 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll MOD - [2012/06/10 02:16:01 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll MOD - [2012/06/10 02:15:20 | 002,516,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\25cbbaeba2e4efdca4bee27760ffb36d\System.Data.Linq.ni.dll MOD - [2012/06/10 02:15:17 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\bfdd10e0a0aacf46bac557ffc5d55ba5\System.Data.ni.dll MOD - [2012/06/10 02:15:11 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\0f2b877ed16daa577f95be735a63d19c\System.Core.ni.dll MOD - [2012/06/10 02:14:28 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll MOD - [2012/06/10 02:14:20 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2009/03/30 05:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2009/03/30 05:42:11 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV - File not found [Auto | Stopped] -- C:\Windows\system32\nagasoft\vjocx.dll -- (vvdsvc) SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService) SRV - [2012/09/22 16:34:24 | 000,976,728 | ---- | M] (Trusteer Ltd.) [Auto | Start_Pending] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService) SRV - [2012/09/14 23:38:44 | 000,024,576 | ---- | M] (Realtek Semiconductor.) [Auto | Stopped] -- C:\Program Files\Realtek\Audio\SetupAfterRebootService.exe -- (SetupARService) SRV - [2012/08/28 15:38:22 | 000,598,032 | ---- | M] (Soluto) [Auto | Running] -- C:\Program Files\Soluto\SolutoService.exe -- (SolutoService) SRV - [2012/08/21 10:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2012/08/15 17:00:29 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/03/12 10:57:20 | 000,133,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\System32\IPROSetMonitor.exe -- (Intel(R) SRV - [2012/01/23 13:50:28 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc) SRV - [2011/10/21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate) SRV - [2011/06/14 17:35:02 | 000,201,080 | ---- | M] (Telefónica) [Auto | Running] -- C:\Program Files\O2\Connection Manager\ImpWiFiSvc.exe -- (TGCM_ImportWiFiSvc) SRV - [2011/03/14 16:27:28 | 000,271,712 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\HWDeviceService.exe -- (HWDeviceService.exe) SRV - [2010/06/25 18:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) SRV - [2010/02/19 20:31:44 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) SRV - [2009/09/22 22:31:56 | 000,856,064 | ---- | M] () [On_Demand | Stopped] -- C:\Users\jon\AppData\Local\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer) SRV - [2009/09/15 21:29:04 | 000,057,640 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService) SRV - [2009/09/15 21:28:52 | 000,204,848 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (HotspotShieldService) SRV - [2009/09/15 21:04:58 | 000,331,824 | ---- | M] (AnchorFree Inc.) [On_Demand | Stopped] -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv) SRV - [2009/05/25 11:41:40 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2008/01/19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008/01/19 08:36:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2008/01/19 08:36:15 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2007/07/03 19:40:10 | 000,053,248 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService) SRV - [2007/06/22 02:33:20 | 000,269,448 | ---- | M] (CyberLink) [On_Demand | Stopped] -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service) SRV - [2007/06/21 08:04:40 | 000,269,432 | ---- | M] (CyberLink) [On_Demand | Stopped] -- C:\Program Files\Acer Arcade Live\Acer TV Share\Kernel\DMSTV\CLMSServer.exe -- (Acer TV Share Service) SRV - [2007/04/26 00:34:30 | 000,457,512 | ---- | M] (HiTRSUT) [On_Demand | Stopped] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service) SRV - [2007/04/17 02:48:12 | 000,028,672 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService) SRV - [2007/04/06 23:10:56 | 000,223,704 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -- (AlertService) SRV - [2007/04/06 23:10:22 | 000,272,856 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\QualityManager.exe -- (QualityManager) SRV - [2007/04/06 23:10:08 | 000,449,496 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service) SRV - [2007/04/06 23:08:58 | 000,158,168 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL) SRV - [2007/04/06 23:08:36 | 000,036,312 | R--- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\tools\IntelDHSvcConf.exe -- (IntelDHSvcConf) SRV - [2007/04/06 23:08:24 | 000,039,896 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe -- (DHTRACE) SRV - [2007/04/06 23:08:14 | 000,059,352 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe -- (ISSM) SRV - [2007/04/06 23:07:46 | 000,313,816 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe -- (NMSCore) SRV - [2007/04/06 23:06:48 | 000,256,472 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server) SRV - [2007/02/12 19:46:34 | 000,208,896 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - File not found [File_System | On_Demand | Stopped] -- system32\DRIVERS\vproiah.sys -- (vproiah) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\splitcam.sys -- (SPLITCAM) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (pgfilter) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5) DRV - File not found [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0E0ED7A7-AAA9-4657-B0B1-904E89A391BE}\MpKsl5c79636f.sys -- (MpKsl5c79636f) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\massfilter.sys -- (massfilter) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\JakNDis.sys -- (JakNDisMP) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) DRV - File not found [Kernel | On_Demand | Running] -- C:\Windows\TEMP\cpuz135\cpuz135_x32.sys -- (cpuz135) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (cpuz130) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\jon\AppData\Local\Temp\catchme.sys -- (catchme) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - File not found [Kernel | On_Demand | Unknown] -- -- (az3arnj7) DRV - [2012/09/22 16:34:42 | 000,166,840 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG) DRV - [2012/09/22 16:34:42 | 000,071,480 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI) DRV - [2012/09/22 16:34:42 | 000,065,848 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\RapportKELL.sys -- (RapportKELL) DRV - [2012/08/28 15:32:58 | 000,051,144 | ---- | M] (Soluto LTD.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\Soluto.sys -- (Soluto) DRV - [2012/08/21 10:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2012/08/21 10:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2012/08/21 10:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2012/08/21 10:13:14 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2012/08/21 10:13:14 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (AswRdr) DRV - [2012/08/21 10:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2012/05/31 13:31:38 | 000,021,520 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- c:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\39624\RapportIaso.sys -- (RapportIaso) DRV - [2012/03/07 03:07:00 | 000,231,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) DRV - [2011/10/24 09:31:36 | 000,239,488 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet) DRV - [2011/09/09 04:50:10 | 000,073,984 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV - [2011/08/16 10:17:20 | 000,195,200 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2011/05/26 16:03:56 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50) DRV - [2011/05/26 16:03:50 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50) DRV - [2010/07/27 02:52:02 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev) DRV - [2010/06/25 18:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF) DRV - [2009/09/15 21:04:58 | 000,037,376 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hssdrv.sys -- (HssDrv) DRV - [2009/05/25 11:26:02 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2009/04/11 05:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb) DRV - [2009/02/24 19:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus) DRV - [2009/02/22 00:00:40 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2008/07/29 04:45:00 | 000,904,192 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athrusb.sys -- (athrusb) DRV - [2008/03/11 14:14:54 | 000,941,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CamthWDM.sys -- (CAMTHWDM) DRV - [2008/01/23 22:25:32 | 000,027,136 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tapvpn.sys -- (tapvpn) DRV - [2007/12/28 16:28:26 | 000,005,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntelDH.sys -- (IntelDH) DRV - [2007/09/24 00:09:34 | 000,272,216 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus32_43926.sys -- (RapportCerberus_43926) DRV - [2007/07/03 03:05:20 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15) DRV - [2007/04/06 23:10:40 | 000,014,808 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\tshwmdtcp.sys -- (TSHWMDTCP) DRV - [2007/02/19 05:34:50 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\nmsunidr.sys -- (nmsunidr) DRV - [2006/08/03 07:30:48 | 000,856,832 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\averm115s.sys -- (AVerM115S) DRV - [2006/06/27 09:56:50 | 000,031,872 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\superwebcam.sys -- (SUPERWEBCAM) DRV - [2005/08/17 08:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm) DRV - [2005/08/17 08:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl) DRV - [2005/08/17 08:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) DRV - [2000/01/01 01:00:00 | 000,407,552 | ---- | M] (YUAN High-Tech Development Co. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OmniTV.sys -- (OmniTV) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{86821B91-1D60-4582-A875-87E510152187}: "URL" = http://startsear.ch/?aff=1&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 80 36 DC C4 E1 51 CC 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll (Yahoo! Inc.) IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?FORM=VE3D01&q={searchTerms}&src={referrer:source?} IE - HKCU\..\SearchScopes\{2CB45D92-D064-48DC-8CA7-7AEBF8A1B1F2}: "URL" = http://uk.search.yahoo.com/search/video?ei=UTF-8&p={searchTerms}&fr=yessv IE - HKCU\..\SearchScopes\{4278BA6D-0392-40EA-B067-46DEC64791DC}: "URL" = http://delicious.com/search?p={searchTerms} IE - HKCU\..\SearchScopes\{5B0E33EE-E368-469E-9661-3F67908D046B}: "URL" = http://uk.search.yahoo.com/search/images?ei=UTF-8&p={searchTerms}&fr=yessv IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear IE - HKCU\..\SearchScopes\{6B720DE3-8DA1-4E00-82E6-6AF5B9385850}: "URL" = http://uk.search.yahoo.com/search/audio?ei=UTF-8&p={searchTerms}&fr=yessv IE - HKCU\..\SearchScopes\{7BAEEBC3-D399-4F1F-8D69-B3FDE26A7741}: "URL" = http://www.flickr.com/search/?q={searchTerms} IE - HKCU\..\SearchScopes\{7EBB6A63-2222-4B58-9F81-F758265B2FFB}: "URL" = http://uk.search.yahoo.com/search/dir?ei=UTF-8&p={searchTerms}&fr=yessv IE - HKCU\..\SearchScopes\{86821B91-1D60-4582-A875-87E510152187}: "URL" = http://startsear.ch/?aff=1&q={searchTerms} IE - HKCU\..\SearchScopes\{AC854C16-CA1E-43f1-8513-0D2F36C726ED}: "URL" = http://www.offos.com/search/?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t&rls=KaBnukC1 IE - HKCU\..\SearchScopes\{CA7583B9-2E6F-457A-8DBA-3B02EA2BD563}: "URL" = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=867034&p={searchTerms} IE - HKCU\..\SearchScopes\{D08C9D67-DE87-47E0-B49A-9DB43C843A9B}: "URL" = http://uk.news.search.yahoo.com/search/news?ei=UTF-8&p={searchTerms}&fr=yessv IE - HKCU\..\SearchScopes\{D40C110C-78CB-423E-B4F1-00AC67E8DF75}: "URL" = http://uk.local.yahoo.com/search.html?p={searchTerms}&ei=UTF-8&x=wrt&w=uctid,fw,belongto&type=GugiXML&cs=&fr=yessv IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&fr=yessv IE - HKCU\..\SearchScopes\{F69A7FE7-1AF5-45B1-9E25-BA546E3B1823}: "URL" = http://shopping.yahoo.co.uk/ctl/do/search?catId=100164013&siteSearchQuery={searchTerms}&fr=yessv IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=VE3D01&q=" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811" FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-" FF - prefs.js..browser.search.selectedEngine: "GoogIe" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "chrome://foxtab/content/homepage.html" FF - prefs.js..extensions.enabledAddons: {6e84150a-d526-41f1-a480-a67d3fed910d}:1.4.5.1 FF - prefs.js..extensions.enabledAddons: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.7.0.6 FF - prefs.js..extensions.enabledAddons: piclens@cooliris.com:1.12.3.50136 FF - prefs.js..extensions.enabledAddons: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9 FF - prefs.js..extensions.enabledAddons: foxyproxy@eric.h.jung:3.2 FF - prefs.js..extensions.enabledAddons: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.4 FF - prefs.js..extensions.enabledAddons: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3 FF - prefs.js..extensions.enabledAddons: wrc@avast.com:7.0.1466 FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.0.36605 FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.3 FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63 FF - prefs.js..extensions.enabledItems: {6e84150a-d526-41f1-a480-a67d3fed910d}:1.4.5.1 FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2b}:1.1.12 FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.22.1 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 5 FF - prefs.js..extensions.enabledItems: 2 FF - prefs.js..extensions.enabledItems: 2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0 FF - prefs.js..extensions.enabledItems: eafo3fflauncher@ea.com:1.1 FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:5.0.31.0 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3 FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.7 FF - prefs.js..keyword.URL: "http://www.offos.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=KaBnukC1&q=" FF - prefs.js..network.proxy.http: "localhost" FF - prefs.js..network.proxy.http_port: 9666 FF - prefs.js..network.proxy.socks: "localhost" FF - prefs.js..network.proxy.socks_port: 9050 FF - prefs.js..network.proxy.socks_remote_dns: true FF - prefs.js..network.proxy.ssl: "localhost" FF - prefs.js..network.proxy.ssl_port: 9666 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.) FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.666: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.666: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.666: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@rsj.de/prodown: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\jon\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( ) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\jon\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\jon\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\jon\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/07/13 06:04:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/08/26 19:13:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/24 13:02:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/30 18:27:55 | 000,000,000 | ---D | M] [2009/01/20 00:14:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jon\AppData\Roaming\Mozilla\Extensions [2012/09/30 18:27:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jon\AppData\Roaming\Mozilla\Firefox\Profiles\gsmm4g2r.default\extensions [2010/12/17 23:44:36 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\jon\AppData\Roaming\Mozilla\Firefox\Profiles\gsmm4g2r.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671} [2010/07/22 20:57:13 | 000,000,000 | ---D | M] (WindowsUpdate) -- C:\Users\jon\AppData\Roaming\Mozilla\Firefox\Profiles\gsmm4g2r.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2b} [2010/07/22 20:57:13 | 000,000,000 | ---D | M] (IE View) -- C:\Users\jon\AppData\Roaming\Mozilla\Firefox\Profiles\gsmm4g2r.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d} [2010/11/19 20:19:42 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\jon\AppData\Roaming\Mozilla\Firefox\Profiles\gsmm4g2r.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(9) [2010/07/22 20:57:13 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\jon\AppData\Roaming\Mozilla\Firefox\Profiles\gsmm4g2r.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2010/09/19 14:05:16 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\jon\AppData\Roaming\Mozilla\Firefox\Profiles\gsmm4g2r.default\extensions\battlefieldheroespatcher@ea.com [2010/09/04 12:07:50 | 000,000,000 | ---D | M] (FIFA Online Web Launcher) -- C:\Users\jon\AppData\Roaming\Mozilla\Firefox\Profiles\gsmm4g2r.default\extensions\eafo3fflauncher@ea.com [2011/10/18 20:43:59 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\jon\AppData\Roaming\Mozilla\Firefox\Profiles\gsmm4g2r.default\extensions\foxyproxy@eric.h.jung [2010/11/20 22:58:07 | 000,000,000 | ---D | M] (IE Tab Plus) -- C:\Users\jon\AppData\Roaming\Mozilla\Firefox\Profiles\gsmm4g2r.default\extensions\ietab@ip(8).cn [2011/10/18 20:43:15 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\jon\AppData\Roaming\Mozilla\Firefox\Profiles\gsmm4g2r.default\extensions\piclens@cooliris.com [2011/10/18 20:43:29 | 000,413,408 | ---- | M] () (No name found) -- C:\Users\jon\AppData\Roaming\Mozilla\Firefox\Profiles\gsmm4g2r.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2011/10/18 20:44:10 | 000,688,571 | ---- | M] () (No name found) -- C:\Users\jon\AppData\Roaming\Mozilla\Firefox\Profiles\gsmm4g2r.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi [2010/09/27 22:22:36 | 000,001,820 | ---- | M] () -- C:\Users\jon\AppData\Roaming\Mozilla\Firefox\Profiles\gsmm4g2r.default\searchplugins\bing.xml [2009/05/27 13:25:20 | 000,000,358 | ---- | M] () -- C:\Users\jon\AppData\Roaming\Mozilla\Firefox\Profiles\gsmm4g2r.default\searchplugins\winamp-search.xml [2012/08/27 12:39:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010/08/16 18:31:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2011/07/28 20:55:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2012/08/27 12:39:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012/08/26 19:13:06 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF [2012/07/13 06:04:42 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT File not found (No name found) -- C:\USERS\JON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GSMM4G2R.DEFAULT\EXTENSIONS\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} [2009/09/22 21:14:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2011/09/29 08:09:46 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010/08/24 10:31:30 | 000,773,120 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll [2009/08/27 21:25:26 | 000,308,096 | ---- | M] (British Telecommunications Plc) -- C:\Program Files\mozilla firefox\plugins\npBTEmailConfig.dll [2010/08/14 13:17:47 | 000,101,888 | ---- | M] (CounterPath Solutions, Inc.) -- C:\Program Files\mozilla firefox\plugins\NPEyeCheck.dll [2008/09/15 11:52:06 | 000,376,832 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsnapfish.dll [2011/09/29 02:30:22 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml [2011/09/29 02:16:42 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011/09/29 02:30:22 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml [2011/09/29 02:30:22 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml [2011/09/29 02:30:22 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml [color=#E56717]========== Chrome ==========[/color] CHR - homepage: CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR - homepage: CHR - plugin: Shockwave Flash (Enabled) = C:\Users\jon\AppData\Local\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\jon\AppData\Local\Google\Chrome\Application\22.0.1229.94\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\jon\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\jon\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll CHR - plugin: vShare.tv plug-in (Enabled) = C:\Users\jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\chvsharetvplg.dll CHR - plugin: vShare.tv plug-in (Disabled) = C:\Program Files\Mozilla Firefox\plugins\npvsharetvplg.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Disabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U29 (Disabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Disabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: BitCometAgent (Disabled) = C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll CHR - plugin: BT Broadband Support Tools (Disabled) = C:\Program Files\Mozilla Firefox\plugins\npBTEmailConfig.dll CHR - plugin: DivX Web Player (Disabled) = C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll CHR - plugin: eyeCheck Plugin (Disabled) = C:\Program Files\Mozilla Firefox\plugins\NPEyeCheck.dll CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Disabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Disabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Disabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Disabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Disabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Disabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Disabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Disabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Disabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Disabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: RealJukebox NS Plugin (Disabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll CHR - plugin: Snapfish Plugin for Firefox (Disabled) = C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll CHR - plugin: getPlusPlus for Adobe 16263 (Disabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll CHR - plugin: Motive Plugin (Disabled) = C:\Program Files\Common Files\Motive\npMotive.dll CHR - plugin: Picasa (Disabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll CHR - plugin: Google Update (Disabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Disabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Veetle TV Player (Disabled) = C:\Program Files\Veetle\Player\npvlc.dll CHR - plugin: Veetle Broadcaster Plugin (Disabled) = C:\Program Files\Veetle\VLCBroadcast\npvbp.dll CHR - plugin: Veetle TV Core (Disabled) = C:\Program Files\Veetle\plugins\npVeetle.dll CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Disabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Disabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Disabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: Unity Player (Disabled) = C:\Users\jon\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: Facebook Plugin (Disabled) = C:\Users\jon\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll CHR - plugin: Windows Presentation Foundation (Disabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Shockwave for Director (Disabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: TVU Web Player for FireFox (Disabled) = C:\Windows\system32\TVUAx\npTVUAx.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll CHR - plugin: Cooliris embedded in a tab (Disabled) = C:\Users\jon\AppData\Roaming\Mozilla\plugins\npcoolirisplugin.dll CHR - Extension: avast! WebRep = C:\Users\jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\ CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\ CHR - Extension: Select All for Facebook = C:\Users\jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofcnbnhefnmjancehemliplicihbcjjb\2.1_0\ O1 HOSTS File: ([2012/08/26 13:38:51 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (no name) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - No CLSID value found. O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll () O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - Startup: C:\Users\jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\jon\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} http://www.vexcast.com/download/vexcast.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3B094F50-6606-439C-9055-1F18A54AAFBE}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Program Files\Soluto\soluto.exe /userinit) - C:\Program Files\Soluto\soluto.exe (Soluto) O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll) - File not found O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - igfxdev.dll (Intel Corporation) O24 - Desktop WallPaper: C:\Users\jon\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O24 - Desktop BackupWallPaper: C:\Users\jon\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found. O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2011/10/31 15:16:33 | 000,000,069 | R--- | M] () - H:\autorun.inf -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012/10/16 09:06:42 | 000,000,000 | ---D | C] -- C:\Users\jon\Desktop\2012-10-16 holiday [2012/09/30 18:10:39 | 000,000,000 | ---D | C] -- C:\_OTL [2012/09/25 12:45:04 | 000,000,000 | ---D | C] -- C:\Users\jon\AppData\Roaming\Auslogics [2012/09/24 13:53:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyDefrag v4.3.1 [2012/09/24 13:53:52 | 001,061,888 | ---- | C] (J.C. Kessels) -- C:\Windows\System32\MyDefragScreenSaver_v4.3.1.exe [2012/09/24 13:53:51 | 000,475,648 | ---- | C] (J.C. Kessels) -- C:\Windows\System32\MyDefragScreenSaver_v4.3.1.scr [2012/09/24 13:53:50 | 000,000,000 | ---D | C] -- C:\Program Files\MyDefrag v4.3.1 [2012/09/22 16:34:42 | 000,065,848 | ---- | C] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys [2012/09/17 14:52:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012/09/17 14:50:01 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012/09/17 14:49:49 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2012/06/18 22:49:41 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\jon\AppData\Roaming\pcouffin.sys [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012/10/17 06:01:32 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012/10/17 06:01:31 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012/10/17 05:37:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/10/16 22:37:16 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1764936059-3530030765-371001843-1001UA.job [2012/10/16 21:37:15 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1764936059-3530030765-371001843-1001Core.job [2012/10/16 09:40:17 | 000,077,824 | ---- | M] () -- C:\Users\jon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/10/15 20:51:36 | 000,001,998 | ---- | M] () -- C:\Users\jon\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2012/09/30 18:51:39 | 000,001,032 | ---- | M] () -- C:\Users\jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012/09/28 20:16:27 | 000,171,202 | ---- | M] () -- C:\Users\jon\Desktop\screen.jpg [2012/09/25 21:05:12 | 000,000,870 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/09/24 13:53:56 | 000,000,819 | ---- | M] () -- C:\Users\Public\Desktop\MyDefrag.lnk [2012/09/22 16:34:42 | 000,065,848 | ---- | M] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys [2012/09/21 13:13:24 | 000,000,382 | ---- | M] () -- C:\Windows\tasks\SlimDrivers Startup.job [2012/09/17 14:18:53 | 000,000,628 | ---- | M] () -- C:\Windows\System32\mapisvc.inf [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012/09/30 18:51:39 | 000,001,032 | ---- | C] () -- C:\Users\jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012/09/28 20:16:24 | 000,171,202 | ---- | C] () -- C:\Users\jon\Desktop\screen.jpg [2012/09/24 13:53:56 | 000,000,819 | ---- | C] () -- C:\Users\Public\Desktop\MyDefrag.lnk [2012/09/24 13:25:42 | 000,000,684 | ---- | C] () -- C:\Users\Public\Desktop\FMRTE v5.lnk [2012/09/17 14:18:53 | 000,000,628 | ---- | C] () -- C:\Windows\System32\mapisvc.inf [2012/08/24 13:26:50 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2012/06/18 22:49:41 | 000,087,608 | ---- | C] () -- C:\Users\jon\AppData\Roaming\inst.exe [2012/06/18 22:49:41 | 000,007,887 | ---- | C] () -- C:\Users\jon\AppData\Roaming\pcouffin.cat [2012/06/18 22:49:41 | 000,001,144 | ---- | C] () -- C:\Users\jon\AppData\Roaming\pcouffin.inf [2011/10/22 14:49:57 | 000,032,256 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2011/10/17 19:10:57 | 000,000,228 | ---- | C] () -- C:\Users\jon\.swfinfo [2010/12/11 20:52:58 | 000,001,057 | ---- | C] () -- C:\Users\jon\AppData\Roaming\vso_ts_preview.xml [2010/11/17 20:18:03 | 000,002,048 | ---- | C] () -- C:\Users\jon\AppData\Roaming\All Say Cheese Photobook Creator Prefs [2010/09/04 12:02:33 | 000,139,152 | ---- | C] () -- C:\Users\jon\AppData\Roaming\PnkBstrK.sys [2010/06/17 00:25:35 | 000,001,864 | -H-- | C] () -- C:\Users\jon\.picasa.ini [2010/06/05 15:06:49 | 2306,415,061 | ---- | C] () -- C:\Users\jon\photos.rar [2010/04/04 21:16:49 | 000,834,560 | ---- | C] () -- C:\Users\jon\ehthumbs_vista.db [2010/02/28 17:23:03 | 000,017,408 | ---- | C] () -- C:\Users\jon\AppData\Local\WebpageIcons.db [2010/02/19 18:36:25 | 000,000,171 | ---- | C] () -- C:\Users\jon\AppData\Local\RAExpertHistory.xml [2010/02/18 12:53:12 | 000,000,171 | ---- | C] () -- C:\Users\jon\AppData\Local\rahistory.xml [2009/09/22 21:09:22 | 000,000,600 | ---- | C] () -- C:\Users\jon\PUTTY.RND [2009/07/06 12:29:59 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2009/04/12 15:37:12 | 000,017,089 | ---- | C] () -- C:\Users\jon\AppData\Roaming\UserTile.png [2009/04/02 22:10:23 | 000,005,892 | ---- | C] () -- C:\Users\jon\AppData\Local\d3d9caps.dat [2009/02/15 01:31:50 | 000,077,824 | ---- | C] () -- C:\Users\jon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/02/10 22:10:29 | 000,004,594 | ---- | C] () -- C:\Users\jon\AppData\Roaming\wklnhst.dat [2009/01/27 23:31:24 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [color=#E56717]========== ZeroAccess Check ==========[/color] [2006/11/02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [color=#E56717]========== LOP Check ==========[/color] [2009/04/28 23:11:15 | 000,000,000 | ---D | M] -- C:\Users\jon\AppData\Roaming\aerix [2010/11/17 20:16:57 | 000,000,000 | ---D | M] -- C:\Users\jon\AppData\Roaming\All Say Cheese Photobook Creator [2012/06/18 15:07:12 | 000,000,000 | ---D | M] -- C:\Users\jon\AppData\Roaming\Amazon [2011/08/13 19:04:20 | 000,000,000 | ---D | M] -- C:\Users\jon\AppData\Roaming\Apowersoft [2010/12/19 00:23:43 | 000,000,000 | ---D | M] -- C:\Users\jon\AppData\Roaming\Ashampoo [2012/09/25 15:01:44 | 000,000,000 | ---D | M] -- C:\Users\jon\AppData\Roaming\Auslogics [2012/08/27 15:04:44 | 000,000,000 | ---D | M] -- C:\Users\jon\AppData\Roaming\avidemux [2011/08/20 11:25:46 | 000,000,000 | ---D | M] -- C:\Users\jon\AppData\Roaming\Azureus [2011/12/23 14:40:36 | 000,000,000 | ---D | M] -- C:\Users\jon\AppData\Roaming\BitComet [2010/08/14 13:26:09 | 000,000,000 | ---D | M] -- C:\Users\jon\AppData\Roaming\BT [2012/03/18 18:09:04 | 000,000,000 | ---D | M] -- C:\Users\jon\AppData\Roaming\DAEMON Tools [2010/06/05 18:24:53 | 000,000,000 | ---D | M] -- C:\Users\jon\AppData\Roaming\Doctor Who [2009/07/20 13:34:51 | 000,000,000 | ---D | M] -- C:\Users\jon\AppData\Roaming\DonationCoder [2012/10/17 05:43:32 | 000,000,000 | ---D | M] -- C:\Users\jon\AppData\Roaming\Dropbox [2009/03/24 18:08:04 | 000,000,000 | ---D | M] -- C:\Users\jon\AppData\Roaming\eSobi [2009/08/03 15:53:40 | 000,000,000 | ---D | M] -- C:\Users\jon\AppData\Roaming\EuroTalk [2010/07/22 20:57:09 | 000,000,000 | ---D | M] -- C:\Users\jon\AppData\Roaming\Facebook [2010/04/22 11:32:01 | 000,000,000 | ---D | M] -- C:\Users\jon\AppData\Roaming\FlashGet [2010/10/14 14:31:07 | 000,000,000 | ---D | M] -- C:\Users\jon\AppData\Roaming\FreeAudioPack [2010/12/05 16:51:18 | 000,000,000 | ---D | M] -- C:\Users\jon\AppData\Roaming\FreeBurner [2011/11/29 12:36:58 | 000,000,000 | ---D | M] -- C:\Users\jon\AppData\Roaming\GetRightToGo [2010/02/23 17:42:52 | 000,000,000 | ---D | M] -- C:\Users\jon\AppData\Roaming\goalbit [2009/07/20 13:25:30 | 000,000,000 | ---D | M] -- C:\Users\jon\AppData\Roaming\GrabPro [2010/08/17 21:48:21 | 000,000,000 | ---D | M] -- C:\Users\jon\AppData\Roaming\Hensense.com [2010/11/09 21:48:37 | 000,000,000 | ---D | M] -- C:\Users\jon\AppData\Roaming\ImgBurn [2012/01/22 20:49:08 | 000,000,000 | ---D | M] -- C:\Users\jon\AppData\Roaming\IObit [2010/07/22 20:57:10 | 000,000,000 | ---D | M] -- C:\Users\jon\AppData\Roaming\IrfanView [2012/02/05 18:48:58 | 000,000,000 | ---D | M] -- C:\Users\jon\AppData\Roaming\Obvious Idea [2009/04/11 22:21:45 | 000,000,000 | ---D | M] -- C:\Users\jon\AppData\Roaming\OpenOffice.org [2009/02/04 00:09:09 | 000,000,000 | ---D | M] -- C:\Users\jon\AppData\Roaming\Opera [2012/03/26 19:46:50 | 000,000,000 | ---D | M] -- C:\Users\jon\AppData\Roaming\Orbit [2009/04/12 15:37:11 | 000,000,000 | ---D | M] -- C:\Users\jon\AppData\Roaming\PeerNetworking [2009/12/12 22:16:33 | 000,000,000 | ---D | M] -- C:\Users\jon\AppData\Roaming\Program Files [2011/08/14 12:05:02 | 000,000,000 | ---D | M] -- C:\Users\jon\AppData\Roaming\ProgSense [2012/03/02 14:30:58 | 000,000,000 | ---D | M] -- C:\Users\jon\AppData\Roaming\QuickScan [2011/08/08 18:32:09 | 000,000,000 | ---D | M] -- C:\Users\jon\AppData\Roaming\Samsung [2012/08/27 09:30:09 | 000,000,000 | ---D | M] -- C:\Users\jon\AppData\Roaming\Skinux [2009/06/20 18:11:30 | 000,000,000 | ---D | M] -- C:\Users\jon\AppData\Roaming\Snapfish [2009/05/14 13:23:31 | 000,000,000 | ---D | M] -- C:\Users\jon\AppData\Roaming\SolidDocuments [2012/08/27 11:08:52 | 000,000,000 | ---D | M] -- C:\Users\jon\AppData\Roaming\Soluto [2012/07/14 20:37:13 | 000,000,000 | ---D | M] -- C:\Users\jon\AppData\Roaming\Sports Interactive [2012/10/17 05:52:45 | 000,000,000 | ---D | M] -- C:\Users\jon\AppData\Roaming\Spotify [2009/04/04 14:31:57 | 000,000,000 | ---D | M] -- C:\Users\jon\AppData\Roaming\StreamTorrent [2010/07/22 20:57:15 | 000,000,000 | ---D | M] -- C:\Users\jon\AppData\Roaming\SystemRequirementsLab [2010/07/07 00:54:47 | 000,000,000 | ---D | M] -- C:\Users\jon\AppData\Roaming\Tatara Systems [2012/05/31 12:50:12 | 000,000,000 | ---D | M] -- C:\Users\jon\AppData\Roaming\Telefónica [2009/02/10 22:10:48 | 000,000,000 | ---D | M] -- C:\Users\jon\AppData\Roaming\Template [2012/05/31 12:50:10 | 000,000,000 | ---D | M] -- C:\Users\jon\AppData\Roaming\TGCMLog [2010/12/12 13:31:55 | 000,000,000 | ---D | M] -- C:\Users\jon\AppData\Roaming\Trusteer [2012/09/19 05:44:14 | 000,000,000 | ---D | M] -- C:\Users\jon\AppData\Roaming\TuneUp Software [2009/04/29 20:22:20 | 000,000,000 | ---D | M] -- C:\Users\jon\AppData\Roaming\TVCatchup.F47A58FCBDA0B1DF5636B554101AB5C0E8252CDC.1 [2011/12/05 00:17:45 | 000,000,000 | ---D | M] -- C:\Users\jon\AppData\Roaming\Uniblue [2011/07/28 21:01:50 | 000,000,000 | ---D | M] -- C:\Users\jon\AppData\Roaming\Unity [2012/07/26 05:55:54 | 000,000,000 | ---D | M] -- C:\Users\jon\AppData\Roaming\Vso [2012/02/22 11:32:35 | 000,000,000 | ---D | M] -- C:\Users\jon\AppData\Roaming\Vyoks [2010/07/22 20:57:15 | 000,000,000 | ---D | M] -- C:\Users\jon\AppData\Roaming\Webcammax [2010/08/17 21:43:08 | 000,000,000 | ---D | M] -- C:\Users\jon\AppData\Roaming\Wireshark [2012/02/23 03:56:45 | 000,000,000 | ---D | M] -- C:\Users\jon\AppData\Roaming\Woiv [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 55838 bytes -> C:\ProgramData\Sports Interactive:$ES_DESCRIPTOR_MVPUV1PKSVXJKX69UK1CWPP0DTVNYKM1UVXPJCEPP4DMJ3K1XYE7LRJEM53EPPJCFPLP45168LPSB5PL0EM6REGXHCTVVVVVVVVVVVVV @Alternate Data Stream - 162 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:9F683177 @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:B9C96218 @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0D31DA45 @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8 @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:1663E41B < End of report >